From Orgwiki

Also see Biometric passport

I highly recommend you read Biometrics on Wikipedia first as it covers the subject well.

Contents 1 Executive Summary 2 Background 3 Problems and Concerns 3.1 Accuracy 3.2 Identity Theft 3.3 Data Protection 3.3.1 Sharing of Data 3.4 Surveillance 4 Examples of Use 5 Links 5.1 Organisations 5.2 Documents 5.3 News

[edit] Executive Summary

[edit] Background

The fingerprint and footprint are the two oldest forms of Biometric Authentication (BA).

[edit] Problems and Concerns

[edit] Accuracy

Like alarm systems, most biometric systems have a trade-off between false accept and false reject rates, often referred to in the banking industry as the fraud and insult rates, and in the biometric literature as type 1 and type 2 errors. Many systems can be tuned to favor one over the other. U.K. banks set a target for biometrics of a fraud rate of 1% and an insult rate of 0.01%, which is beyond the current state of the art. In general, biometric mechanisms tend to be much more robust in attended operations, where they assist a guard rather than replacing him. The false alarm rate may then actually help by keeping the guard alert. [1]

Humans are very bad at recognising if a person they do not know is the same as their photo id. Identity cards often include a photograph of the bearer in an attempt to prevent fraudulent use or impersonation. In the U.K. some credit card companies have recently introduced photo-credit cards and the government is currently considering the introduction of a new driving licence including the bearer's photograph. However, the widely held belief that the inclusion of photographs will reduce or prevent fraudulent use has rarely been tested. In a study designed to examine the utility of photo-credit cards by assessing the accuracy with which supermarket cashiers could identify whether the photographs on credit cards depicted the person tendering them. The results demonstrate that the task of matching the photograph to the shopper is much more difficult than might be expected, and that even under optimized conditions, performance is poor. It is concluded that the introduction of photographs on credit cards would have little effect on the detection of fraud at the point of sale. [2] In government trials of computer facial recognition for the id card the success rates were 69 per cent, falling to 48 per cent for disabled participants. Changes in a participant's appearance also caused verification to fail. [3]

At present, biometric equipment sales are dominated by fingerprint readers. They are widely used overseas by welfare agencies, as they cut claims dramatically. This is partly because they make impersonation more difficult, but there is also a strong placebo effect. Many people are scared off claiming welfare benefits when they have to undergo regular fingerprint scanning in order to claim. This includes some people who have legal claims to benefit, as well as some who do not. [4]. In goverment trails for the id card participants achieved successful verification on just 81 per cent of occasions, and 80 per cent for disabled participants. [5]

In government trials for the id card iris recognition achieved a 96 per cent success rate. Asian and white participants had higher success rates than black participants. [6]

[edit] Identity Theft

Many problems with biometric authentication are in relation to the lack of adequate safeguards for personal information gathered about individuals, not the concept of BA. If a thief steals your credit card number it is a problem but you can get a new one and cancel your old one. If a thief can obtain you biometric data and use it you are in a lot of trouble.

As it proves reasonably simple to obtain the biometric data of an individual the problem comes with producing a system that is very hard to fool.

[edit] Data Protection

There is the standard problem that all authentication techniques suffer from of storing the data securely and preventing modification and interception of communication to and from the data store.

[edit] Sharing of Data

In a written answer to Parliament, Joan Ryan MP, Parliamentary Under-Secretary, Home Office, has stated that:

The Home Office does share biometric information with foreign agencies on a case by case basis where this is necessary for the prevention or detection of crime, the apprehension or prosecution of offenders or for immigration purposes, and this includes:

• immigration and law enforcement agencies within the 26 member states of the EU;

• Australian, Canadian and US authorities;

• any other foreign government where it is necessary to secure the removal of a foreign individual.

The Home Office shares fingerprints with European member states through EuroDac, the European Asylum Fingerprint system.

[edit] Surveillance

There is a possible civil liberty concern with certain types of BA as it could be used to track individuals continuously and automatically, for example through video cameras.

[edit] Examples of Use

• Immigration Control
• Identity Cards
• In school libraries
• Social security

[edit] Links

[edit] Organisations

UK Biometrics Working Group run by CESG/GCHQ experts and the Office of the e-Envoy advises the UK Government on Biometrics issues feasibility.

[edit] Documents

• Biometrics On Wikipedia
• Biometric passport on Wikipedia

[edit] News

2008-06-20 - Kable - Fingerprints may fail elderly, warn experts

Summary: A government expert group has warned of a 'large impact' on the National Identity Scheme from those who cannot use fingerprinting, such as many elderly people. The Biometrics Assurance Group (BAG), in its annual report for 2007, recommends more funding for the handling of people who cannot provide usable biometrics. The report describes the more than 4m people over the age of 75 in Britain as "a group for which it is hard to obtain good quality fingerprints".

2007-11-29 - New Statesman - It could happen again

Author: Becky Hogge

Summary: Biometrics are definitely not the answer to the HMRC debacle. For technologists, the most chilling development since HMRC's data debacle has been ministers' attempts to use it as an excuse to push for the roll-out of biometrics as a means to "secure" identity. The logic, one imagines, is that spoofing someone's fingerprints is much harder than typing a stolen National Insurance number into a computer. But the facts tell a different story. As biometric experts wrote to the Commons joint committee on human rights on 26 November, the government holds "a fairy-tale view of the capabilities of [biometric] technology". ... So how do you design a system that is safe from insider breach? Well, if you want to aggregate data about the population centrally, then the short answer is, "You don't." As Professor Ross Anderson, the UK's leading computer security expert, explained on BBC2's Newsnight: "If you take 50 million medical records and make them available to 300,000 people there's no way you can create procedures that will protect that. It's too valuable an asset to which too many people have access."

2007-11-26 - Daily Mail - Lost disc fiasco could scupper ID card scheme

Author: James Slack

Summary: Leading academics have rounded on the Government's "fairytale view" of the technology needed to make the scheme work on its introduction in 2009. In a letter to MPs, Professor Ross Anderson and Dr Richard Clayton warned lives would be ruined if information from the ID database went missing. The Cambridge computer experts said that if iris or fingerprint scans fell into the wrong hands the victim would suffer a lifetime of fraud. Unlike with bank accounts, the individual would have no way of changing their details. Ministers claim the biometric data will protect against fraud, crime and terrorism.

2007-11-24 - The Guardian - Now for ID cards - and the biometric blues

Author: Ben Goldacre

Summary: Tsutomu Matsumoto is a Japanese mathematician, a cryptographer who works on security, and he decided to see if he could fool the machines which identify you by your fingerprint. This home science project costs about £20. Take a finger and make a cast with the moulding plastic sold in hobby shops. Then pour some liquid gelatin (ordinary food gelatin) into that mould and let it harden. Stick this over your finger pad: it fools fingerprint detectors about 80% of the time. The joy is, once you've fooled the machine, your fake fingerprint is made of the same stuff as fruit pastilles, so you can simply eat the evidence.

2007-11-23 - Silicon - Can biometrics secure the public's data?

Author: Paul Bentham

Summary: With the furore over 25 million missing child benefit records, the public sector's use of personal data has never been under greater scrutiny. Biometrics may be hailed as the ultimate security measure - but the technology is not without hazards. ... If an individual's biometric information is compromised or stolen, that individual could no longer use those biometrics to prove his or her identity. Therefore, unless stringent security measures are put in place, the digital storage of biometric data could present a real security risk for facilitating identity theft. The use of biometric systems must comply with the European Convention on Human Rights and the Data Protection Directive. The relevant legislation in the UK is the Human Rights Act and the Data Protection Act (DPA). Under the Human Rights Act each of us is entitled to respect in our private life, including our life at the workplace. Under the DPA personal data is required to be processed fairly and for specific limited purposes. Two key principles come into play. First, the principle of proportionality, which means the interference with the private life of the individual must be justifiable by the benefits. Second, the principle of transparency - which means it must be clear how and why information is being used and it must not be used beyond this without prior agreement.

2006 - Linux User & Developer - Oh, what big eyes you have!

Author: Suw Charman

Summary: If someone steals my money, my bank gives me a refund. If they steal my PIN number, I get a new one. If someone steals my biometric data, who will give me my refund? Who will give me my new fingerprints?

2005-05-25 - ePolitix - Trial raises questions over biometric technology

Summary: The government has published the results of a major trial of its biometric technology, showing significant failure rates and particular problems for disabled people in registering their identity. And there are also doubts over the accuracy of the scheme, with figures showing that even the most effective technology failed to match a person to their recorded identities in four per cent of cases.