We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

Biometrics Bandwagon Outpacing Privacy Safeguards

Jay Cline writes for ComputerWorld:

Governments and corporations increasingly see biometrics as the primary way they’ll identify people in the future. In an age of terrorism and fraud, they hope fingerprint and eye scanning will become the cheapest and most reliable means of verifying that people are who they say they are. But are we ready for this convergence of computers with our flesh and bones? I don’t think so. This significant intrusion into our personal space needs a heightened level of privacy protection that most organizations have only just started to envision.

I have a deeper misgiving about biometrics. Because they promise to be much more cost-effective and reliable than traditional authentication methods, I expect businesses will want to adopt biometrics-only authentication, discarding expensive traditional methods.

Three types of system failures could make your life miserable: a failed match, a mistaken match and stolen biometrics… Biometric ID theft victims may never fully clear their names.

Cline goes on to give a checklist of the top controls customers and citizens should demand before cooperating with biometric systems. Since I think that should be never, if you want to know, you’ll have to go and read it yourself…

US, Belgian biometric passports give lie to UK ID scheme

Belgium is to begin issuing biometric passports before the end of the year, while in the US (which could be said to have started all this), the State Department is to begin a trial run this autumn, with full production hoped for next year. Register speculates:

The apparent ease with which these countries appear to be switching passport standards does raise just the odd question about the UK’s very own ID card scheme, which proposes to ship its first biometric passports not soon, but in three years. Regular readers will recall that Home Secretary David Blunkett justifies the ID card scheme on the basis that most of the cost is money we’d have to spend anyway, because we need to upgrade our passports to meet US and ICAO (International Civil Aviation Organisation) standards, and that by making this investment the UK will be putting itself ahead of the game, technology-wise, and that we shall all therefore be technology leaders and rich.

The biometric passport system the US intends to use simply seems to be an addition of the necessary machine readable capabilities to the existing system. Passport applications, including photograph, will still be accepted via mail, and the picture will then be encoded, added to the database and put onto the chip that goes in the passport. As you may note, a picture is in these terms a biometric, while a camera is a biometric reader, which they are. But don’t noise it around, or you’ll screw the revenues of an awful lot of snake-oil salesmen.

Back in the UK, we are of course rather more rigorous in our interpretation of the matter, and the system and its schedule will be priced accordingly. But should we worry about losing our lead? No, not exactly. We should worry about spending a great deal of money on a system which will largely police ourselves, and which – in the event of it actually working – will probably turn out to be a huge white elephant.

Long lashes thwart ID scan trial

Long eyelashes and watery eyes could thwart iris scanning technology used for the government’s ID card trial. An MP who volunteered to take part in the trial at the UK Passport Service headquarters in London complained the scanning was uncomfortable.

Home Affairs Select Committee member Bob Russell, who suffers from an eye complaint, said his eyes watered and staff were unable to scan his iris. Project director Roland Sables told MPs:

The pundits tell us that we should expect 7% across the board to fail with iris recognition, mainly due to positioning in front of the camera. Others are due to eye malformations, watery eyes and long eyelashes in a small percentage.

Hard contact lenses could also prove problematic. Mr Russell expressed concern about the scanning after his experience.

I think this is going to cause serious problems for people who suffer with bright lights and people with epilepsy. I think it will be necessary at every machine to have at least one member of staff who is a qualified first aider to a high level. I can see people keeling over with epileptic fits.

People with faint fingerprints would also be unable to register on the system, as would manual labourers, particularly those who work with cement or shuffle paper regularly, Mr Sables told the MPs.

The Plan is that by 2013, 80% of the population are expected to have a biometric passport or driving licence, at which point the government will decide whether to make the ID cards compulsory. The remaining 20% are presumably construction workers with long eyelashes, wearing hard contact lenses and suffering from epileptic fits…

Biometric ID card bill on its way ‘in a month’

David Blunkett said (on April 7) that he was pushing on with plan for an ID card, with a draft bill to hit Parliament within months. The ID cards will contain biometrics and may be in the wallets of UK citizens by 2007 at the earliest. Blunkett told Radio Five Live that the introduction is necessary to give the government better control over immigration and prevent terrorists using multiple identities.

Blunkett, however, acknowledged that getting compulsory ID cards into law wouldn’t be an easy process. “It would be very surprising if there were not misgivings,” he said. A number of high-profile Cabinet colleagues have expressed objections to the scheme, including Home Secretary Jack Straw and Trade and Industry Minister Patricia Hewitt.

He also admitted there were practical issues to be overcome before the cards were made compulsory. Among them, that Parliament could only vote on the issue of making the cards compulsory when 80 per cent of UK citizens carried them anyway and that estimates of how much the introduction would cost the taxpayer differ wildly – from around £1bn to around £3bn.

While biometrics are high on the UK government’s love list, the rest of the Europe is taking a step back from the idea.

The civil liberties wing of the European Parliament has delayed proposals for biometric passports until the tail end of this year, after elections to the parliament have taken place. MEP Ole Sørensen said

The European Parliament is [currently] not in a position to endorse the proposals… We need proper democratic scrutiny of this far-reaching legislation, which in the worst case scenario could represent a step towards systematic registration of EU citizens’ personal data.

DNA Database By Stealth

Unpersons alerted us to the news that from today British police may legally and against the will of any law-abiding subject, take DNA samples and fingerprints from any arrested person without that person having even been charged with committing a criminal act.

We can but echo the good Unpersons concerns:

The law now leaves British police officers free to help Blunkett establish one of the most ambitious and truly disturbing elements of the British police state that he has slowly but surely been working to create over the last few years. In a country where the state can take over half of your income, charge you expenses when it wrongly imprisons you – yet fail to defend you after it has crushed the right to self-defence, send parents to jail for not sending their children to state day-care centres schools, steal your property because ‘you couldn’t possibly have earned that much money without selling illegal drugs’ whilst slowly handing over control to a foreign power, attempt to dictate what you eat ‘for your own good’ and generally treat its citizens as its troublesome children one has to wonder to what extent we already live in a police state.

This has not been a good week.

The Register on false certainty

John Lettice writes for The Register on the difficulties associated with relying on biometrics.

It will all be very costly, he says, and the pseudo-certainty that it supplies may actually cause mistakes to be made, when the ID checks out but the surrounding facts look dodgy.

If you do not check for duplicates, for example, then the system is not going to tell you that Fred Bloggs of Sollihul is in fact Osama bin Laden. A silly example? Yes and no – obviously, it is not very likely that our current entry systems are going to let someone called Fred Bloggs walk through when they look strangely like Osama bin Laden. However, if he checks out as Fred Bloggs, UK citizen, with no record under our future automated systems, then general appearance is rather less likely to be challenged, or even noticed. So the assumed reliability of the systems could actually increase the security of fugitives in the event of their having successfully obtained clean, genuine ID.

There is much more.

Passport Safety, Privacy Face Off

More on the ICAO story first noted by Trevor. An international aviation group is completing new passport standards this week, setting the groundwork for all passports issued worldwide to include digitized photographs that a computer can read remotely and compare to the face of the traveler or to a database of mug shots.

Supporters hope the system will banish fake passports and help fight terrorism. But critics say the standards will enable a global infrastructure for surveillance and lead to a host of national biometric databases, including ones run by countries with troubling human rights records.

The ICAO has already settled on facial recognition as the standard biometric identifier, though countries may add fingerprints or iris scans if they wish. The standards body will vote on Friday whether to adopt radio-frequency ID chips, such as those used in Fast Pass toll systems, as the standard method of storing and transmitting the digitized information.

Simon Davies, director of human rights group Privacy International, said the ICAO hasn’t consulted with human rights groups and shouldn’t be involved at all.

The most troubling aspect of international standard setting is that it often occurs without any national dialogue through the diplomatic process. Governments merely use the standards bodies as a convenient means of implementing controversial policy.

Privacy International suggested that the ICAO should have adopted a standard that would allow computers at a border to match the traveler to the digital photo on a passport, but that did not permit any government to keep a central database of photos.

The group argued that facial recognition is not the most accurate identification benchmark, and that matching a person to an old photograph is problematic.

Blunkett raises spectre of fingerprinting entire EU population!

Mentioned en passant in another alarming article in which David Blunkett threatens yet further abridgements of civil liberties under the guise of ‘fighting terrorism’, it is noted he and the European Commission advocated the idea of…

Joining forces with the Commission, Mr Blunkett backed proposals for a fingerprint data base of all EU citizens and tougher measures to tackle terrorist funding.

Oh wonderful.

U.S. Urged To Take Lead In issuing Biometric Passports

Information Week reports that the State Department plans to begin issuing passports with chips containing biographic information later in the year. Maura Harty, testified at a Congressional hearing Thursday that the United States needs to take the lead in issuing the new passports to encourage other nations to do likewise. Doing so, she says, will help secure our borders against terrorists and other potential troublemakers. Harty told member of the House Government Reform Committee’s hearings on the government’s US-Visit program, which requires many foreigners entering and leaving the United States to have their fingerprints and face electronically scanned.

We recognize that convincing other nations to improve their passport requires U.S. leadership both at the International Civil Aviation Organization and by taking such steps with the U.S. passport. Embedding biometrics into U.S. passports to establish a clear link between the person issued the passport and the user is an important step forward in the international effort to strengthen border security.

Of course, biometrics is foolproof and fingerprinting your citizens is going to improve border security how exactly?! Another example of a fallacy typical of the statists that if only we had total surveillance, then no crime, threat or terrorism would be possible. Balls, balls, balls.

Sorry for the outburst, it is just one stupid statement by a state official too many… Sadly, I am sure there are many more to come.

Biometrics Enters Third Dimension

A three-dimensional mug shot may soon be the only ID you’ll ever need Wired reports.

DuPont Authentication Systems and A4Vision, a company that sells facial-imaging products, have developed a biometric security device that generates in-depth, three-dimensional facial portraits similar to holograms and secure enough to be embedded in documents.

Using A4Vision’s Enrollment Station, people can have their 3-D facial image embedded in a film called Izon and registered as digital data in a database in less than 10 seconds. The device outputs both a 3-D biometric template and a standard color image of the person.

The image in the biometric template carries enough detail to view a subject’s head from ear to ear. The template can be affixed to cards or passports; once the image is embedded, users need only be scanned to see whether their facial characteristics match. The biometric data obtained is more comprehensive than 2-D imagery since it contains information along three axes instead of two. Donald P. D’Amato, a biometrics expert at Mitretek Systems, a nonprofit research organization says:

I believe that the matching of 3-D images can probably be made more accurate than that of conventional face recognition using 2-D imagery. However, the set of 3-D and 2-D features that are chosen will be crucial to the level of accuracy achieved.

Right now the device is said to be accurate enough to distinguish between identical twins. Working with SRI International’s twin registry, the company has tested the device with 36 twin sets, and it was able to distinguish one twin from the other.

Accuracy is a big concern. Identity theft appears to be the fastest-growing crime in America, with identity-related crimes projected to rob the global economy of $24 billion this year. If not well-protected, biometrics may cause even more spectacular cases of ID theft, such as the gummy bear fiasco. Evans says 3-D facial identification is secure, however, because the facial image is only stored with the holder of the biometrics data.

It takes the card or 3-D facial image, the holder and the database to match before security can be breached. So just swiping a card won’t allow me to use someone’s credit card anymore, for example. Or just breaking into a database will not supply me with sufficient data to construct a 3-D facial image.

The issue here is: Can someone not be recognized? Yes … but can someone fool the system into thinking it is someone else? No.

US takes fingerprints and photos of foreign visitors

Telegraph reports that America began a strict new regime of border controls yesterday, scanning fingerprints and taking photographs of arriving foreigners to track down potential terrorists.

The only exceptions will be visitors from 28 countries, mostly European states, including Britain, whose citizens can visit America for 90 days without a visa.

The tough measure was ordered by Congress after it emerged that two September 11 hijackers had violated the terms of their visas. Tom Ridge, the homeland security secretary, defended the scheme at its launch at the international airport in Atlanta, saying it would make borders “open to travellers but closed to terrorists”.

Yeah, right.

Arizona school installs facial scan system

USA Today reports that face-scanning technology designed to recognize registered sex offenders and missing children has been installed in a Phoenix school in a pilot project that some law enforcement and education officials hope to expand.
Two cameras, which are expected to be operational next week, will scan faces of people who enter the office at Royal Palm Middle School. They are linked to state and national databases of sex offenders, missing children and alleged abductors.

Maricopa County Sheriff Joe Arpaio, a tough-talking sheriff who has previously gained notoriety for his chain gangs and prison-issued pink underwear said:

If it works one time, locates one missing child or saves a child from a sexual attack, I feel it’s worth it.

Civil libertarians have raised red flags about the idea, pointing to potential privacy violations, and biometrics experts say facial recognition programs are not foolproof.