back to article Collar the lot of us! The biometric delusion

Until the 16th century, educated opinion, as codified by Ptolemy, held that the Earth is at the centre of the universe. Then along came Copernicus. On 29 June 2009, the Identity & Passport Service (IPS) published their latest paper on the National Identity Service (NIS). According to Safeguarding Identity (pdf), "the vision …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Why do politicians like biometrics?

    Easy - they don't understand it in the slightest and are easily reeled in by lobbyists. When you throw in a Home Office that's been gagging to introduce ID cards since the early 1970s, you have an unequalled opportunity for companies to sell snake oil.

    Biometrics is one of those technologies politicians can't help but embrace no matter what - along with 'fast breeder reactor', 'supersonic', and worst of all 'computerised'.

    Now if you excuse me, I'm coming up to the ramp for the Concept Boulevard.

  2. Onoria
    FAIL

    Bringing down those odds

    I agree with the above figures regarding the number of false positives. However, it is possible to mitigate these. Say for example you use 3 different forms of biometric id (eye, face & fingerprint). It is then possible to compare the returned (possibly) false positive to one or both of the other forms of bio id.

    I am totally against the whole idea of the ID's. Im just saying that there is a way around the issue of false positives. Of course this would involve a much larger database and taking more civil liberties away from people. But what the hell. How can we stop them.....?

    Vote for the Pirate Party :)

  3. MarcF
    Pint

    A title is required, and must contain letters and/or digits.

    Fascinating read, thanks for that.

    I fail to see how facial recognition systems could work for something as important as National Security. The human brain is the best facial recognition system in existence and yet I sometimes fail to see how I could have spotted the girl I woke up to after a night on the lash and recognised her as being worthy of taking home.

    Mine's a pale stout girl...I mean ale...

  4. Anonymous Coward
    Anonymous Coward

    I wonder.......

    what would happen if I just stopped identifying myself full stop and only used cash for any transaction I might make?

    Apart from the obvious times when it might be necessary to identify myself using official means (mortgage, bank account) Would my life be better or worse? Perhaps better methinks.

    If they wanted to tie biometrics into monetary transactions, that is probably what I would do.

  5. John G Imrie
    Big Brother

    Mobile phones as IT

    Well you can use them as a travel document on National Express coaches so why not.

    The only problem being that you don't have to prove who you are to get one / get another one in the first place

    BB Icon for obvious reasons

  6. Nomen Publicus
    FAIL

    hope over experience?

    Of course none of this disaster is of any use in the first place. A suicide bomber may well pass even 100% accurate detection systems because s/he has no previous criminal record.

    The 9/11 and 7/7 participants all had valid IDs or were home grown terrorists and no amount of biometrics would have prevented their actions.

    .

  7. Pete 2 Silver badge

    Talk of biometrics is irrelevant

    Turning their quote back on them

    >underpinning interactions and transactions between individuals, public services and businesses and supporting people to protect their identity"

    Now, unless each individual whose transaction is being "underpinned" just happens to have a gizmo capable of reading a card's biometric data, all you have is a laminated piece of card with a photo on it. Even if (somehow) a private citizen is capable of - or allowed to - read the information about someone else's fizzog, they still have to decide if what the card tells them actually looks like the person holding it.

    What will then happen is baddies will start carrying an ID-card "lite", which is just the laminated card - sans biometrics, with whoever's name and details they choose. These can be used to exploit the trusting nature of the general population, while allowing them a full getaway as any of their victims will be able to recount to the cops (if they are even the slightest bit interested, or turn up at all), the identity as was written on the bogus card. Having been lulled in to a false sense of security, that "it's a government issued ID card - it must be all right".

    So the only people who might, just, be able to use all this wonderful tech. are government agencies, including the police. I would hazard a guess that very soon, failure to produce an ID card will become an offence with a fixed penaly attached - say £50. Which is enough to make it worth collecting, but too little for victims to risk the costs of asking for proper justice through the courts.

  8. Anonymous Coward
    Anonymous Coward

    It's moronic

    “Biometric methods do not offer 100% certainty of authentication of individuals”

    Nobody will put people through a biometric scan every time they ask for an ID, so the biometric stuff is nonsense. not 30% nonsense, 100% nonsense. They don't even look at the picture on the card now, FFS! Do you think we're going to do a biometric check each time? Especially when the biometric has such a high fail rate that it doesn't actually tell you much with any reliability. Computer says 'maybe'.

    So even if you had 100% perfect test, it is 100% imperfect at detecting fraud.

    Worse still, the data can be accessed, so before you had a physical card and to clone it you needed to make an electronic version of that physical card. For example you have to scan the image on the card, which was difficult at best given the nature of printing colour. Then after having the electronic form, you needed to make the new fake card.

    But they added some ill conceived biometric chip full of easy to copy, NAPSTER friendly data, making the first part of the cloning process a lot easier. That International standard they refer to has a scan of the picture on it, not one way biometrics!

  9. Anonymous Coward
    Megaphone

    Politicians

    Would it be too much trouble to assemble the House of Commons and present this to them (in single syllable words if necessary)?

    Perhaps the final PowerPoint slide could simply read "THIS WILL NOT WORK. EVER."

  10. Stuart Catt

    Good article but...

    you need to reduce it to word of one syllable so the politicians can understand

  11. Julian I-Do-Stuff
    FAIL

    Too much egg?

    "To prove that each [of 60 million people] is represented by a unique electronic identity on the population register, each biometric would have to be compared with all the rest. That would involve making 1.8 x 10^15 comparisons.

    Bollocks - I think - except in the most improbable worst case. Hash the identity and do a sort, then look for consecutive duplicates. Quicksort is O(nlogn)... do the math.

  12. Maria Helm

    current technology is not mature enough

    It sounds to me like the problem is not that it would be impossible to use biometrics, but that the current technology for it is not mature enough. It is the reliability of the technology used to record and to check the biometrics that poses the problem. Perhaps it is a problem that could be fixed by making it record more points, or be more sensitive. Or maybe we find ways to measure multiple biometrics, or different biometrics, to obtain more reliable results. Then the assertion that you could use biometrics for a national identity system becomes more likely.

    However, the issue of scale, as mentioned in the beginning of the article, is still problematic. And the problem is not just that so many people would need to be loaded into the system, but also that so many "individuals, public services and businesses" would be using the system constantly for so many transactions. We're either talking about one massive supercomputer, or one huge network. It's not going to be something that one could download and run onsite. And if you're not connected for some reason (ie local power/network outage), then it ceases to work completely, and you either stop making money or go back to the old system.

    The author asks "do politicians and civil servants all over the world continue to advocate the use of biometrics when the evidence simply doesn’t support them?" The answer is because your biometrics are very, very much harder to fake or steal than a passport, driver license, or any other current ID method. Even if you consider that someone could potentially hack into the system and swap your data with theirs to assume your identity, this is still a lot harder to do. But even then, we have to get the security right on multiple levels to prevent hacks and abuses.

    The bottom line is not that it is impossible, but simply that the current technology is not mature enough.

  13. janimal
    Black Helicopters

    Media collusion

    You know this, I know this, many statisticians, mathematicians, techies and geeks know this. What we actually need is some trusted (ha!) media organisation, like say the beeb, to explain it to the rest.

    It's not enough for newsnight or channel 4 news to ask a few questions. It's not enough for it to be discussed on sites only read by those who already have no faith in the system.

    It needs to be broadcast on 'The One Show' (I can't believe people actually watch that crap) or watchdog.

    Spending billions on this whole useless system is surely scandalous enough for some primetime TV coverage?

    They're all in it together I tell you!

  14. Fred 1

    Creepy

    My stepson works in cafe nero. Recently he was telling me that in order to serve alcohol he has to ID anyone who looks under 25, which was previously 21. Obviously there is no attempt in progress to drum up demand for useless ID cards.

  15. Anomalous Cowherd Silver badge

    Portugal

    Is using fully automated facial biometrics already. Flew in there the other day and was surprised to see an unmanned booth as an option. It worked, so obviously on the way out I tried to scrunch my face up as much as possible to defeat it. It still worked.

    Next time I go I'll trade passports "acciedentally" with a friend on the plane and try it again :-)

  16. Paul 4

    But what can they be used for?

    I have seen 3 major reasos they say you could use an ID card

    1) Crossing a border. Woop. Thats what a passport is for. Yes they want to stick biometrics in these, but if it was just in these people woul dhave less of a problem, but they still don't work. Personaly I refuse to fly now. Id rather overland unless I realy cant avoid flying.

    2) Proving your ID for work. Again a pasport works well for this, and how is biometrics going to help with this? Are they giving every company in the country a card reader? I realy can't see how this will make any diffrence. Illigal workers will stil get the same work they do now.

    3) So you dont have to carry several forms of ID with you. The only time I know of when you have to do this is for credit agrements, which require (Under the consumer credit act) 2 forms of ID, and somthing to prove your address (3 is best practice). One should be photo ID (Passport or driving licence is normal) and the other should be somthing that proves your address I.E. a bill. An ID card dose not prove this, just as a driving licence dose not, as they may not be up to date, but you can be sure someone is not paying for gas at a property they do not live at.

    Please tell me what use they are.

  17. RichardB
    Grenade

    @MariaHelm

    "The answer is because your biometrics are very, very much harder to fake or steal than a passport, driver license, or any other current ID method."

    Except that your biometrics are going to be collected and stored by - and the card issued by - a high st retailer.

    Given that at this point you can purchase an almost legit passport/driving license from sources in the agencies (according to various reports and court cases), how will you establish your initial identification to the card retailer?

    On top of that - how will they prevent you obtaining more than one Id card?

    Who do you want to be today?

  18. Trevor Pearson

    Sorted....

    All we need to do is tattoo a bar code on peoples forehead, barcodes are much easier to read using available technology, and you can spot if they've been tampered with. As a backup we could repeat the tattoo on the right hand.

  19. Jason Bloomberg Silver badge
    Happy

    But ...

    Pragmatically, I think, as a government and society, we'll be better off with letting it go ahead than having it aborted.

    We should stop complaining, suck it up, put aside it costing us all a small fortune, that it will be an unmitigated fiasco and disaster, buy "told you so" T-shirts, wait for roll-out, bask in the glory of epic failure when it looms large, and reflect on how Poll Tax played its part in bringing down Thatcher.

  20. Anonymous Coward
    Anonymous Coward

    @Julian I-Do-Stuff

    But the main point is about the false match and false reject rate, not the processing method. That still stands, huh?

  21. mmiied

    2 or more fingers

    call me sill but how dose taking the prints of more fingers make it more likley to give corect readings eather you have to only match 1 or the majority (3/5) in witch case you make it more likley for faules positives or you have to match all in witch case you make it more likley to be rejected

  22. Richard 12 Silver badge

    @Julian

    You've missed the point.

    They aren't talking about the computational difficulty of doing the comparisons, they're talking about the probability of any two records having the same value.

    For the system to prove identity, not only must every single record be unique (they won't be), but every comparison with the data read from an individual must *also* *always* match their record *and others*

    Which makes the whole concept a terrible farce. It would be funny if they hadn't already wasted more than £5,000,000,000 on it.

  23. Mike 61
    Troll

    I thought

    That we were all supposed to get tattoos on our hands or foreheads to identify us. End of days and all that trite.

  24. Anonymous Coward
    Stop

    @Anonymous Coward 12:57

    sadly we will soon see the demise of cash. It has long been argued by banks et. al. that cash is very expensive to print, store, transport and recount etc. "expensive" as in "eats into our profit margins" and "reduces bonus potential". So, when the lobbyists apply preasure in that area we won't see good 'ol cash any more and will each carry 'digital credits' about our person, on phones and other devices. Don't worry, it will all be perfectly safe, cos we'll have biometric ID cards to prove who we is, init. So start hoarding beans and other sundry tokens now !

  25. Anonymous Coward
    Pint

    @Talk of biometrics is irrelevant

    You are, of course, 100% right which means that it your point will just be ignored unless we send each MP and each candidate in the next election his personal copy. In words of 4 letters or less.

  26. tobyo
    FAIL

    Re: Too much egg?

    Yeah, I thought the same at first but I think in suggesting a hash, you're assuming that the biometric will generate the same one each tiime --- and this is the problem --- our physical characteristics change enough over time that if you record too much information (and generate a hash based on it), then the hash is different each time your biometric is scanned, but if you take less information, then different individual's biometrics generate the same hash and you get collisions... and this is yet another reason why the whole thing can't work.

  27. Michael H.F. Wilkinson Silver badge
    Boffin

    @Too much egg: I actually do pattern recognition

    I am afraid Julian might do stuff, but he does not understand how matching works. Almost all biometrics encode a series of spatial relationships between features. These relationships are rarely completely rotation or scale invariant (i.e. they depend on pose, camera angle etc.), therefore, you cannot map each set of parameters to a single number which you then sort. Instead, you need to match the multivariate data using some distance measure. If the distance is too large, we have a mismatch.

    Iris patterns are a good example. Rather than coding to a unique number, you need to verify that the hamming distance between the two sets of bit patterns fails a test for statistical independence. Because the iris might be recorded in a slightly different orientation each time, you need to compute the hamming distances for a series of shifted combinations, and take the smallest distance to indicate the correlation.

    Thus 1.8 x 10^15 is correct.

    I agree with the author: the scheme is doomed to failure

    There is an explanation for the politicians' and civil servants' behaviour: the usual inability for managerial types to admit they are WRONG. They consider every u-turn as loss of face. Difficult for good scientists to fathom (hallmark of bad scientist: not admitting you are wrong!), but true nonetheless.

  28. Dan Sheppard
    Paris Hilton

    Good figures

    This kind of failure rate isn't nearly as worrying as a lower one. At this level, if the state insist on being moronic and we've done our duty and informed them of the problems, we can all sit back at a reasonable distance and watch the fireworks.

    It would be much worse with better performance: in that case some unlucky sods would end up triggering the false-positives/negatives and be imprisoned or whatever, and no one really care.

    At such a high rate, there's a fair chance that someone who people care about, like Ferne Cotton, or Piers Morgan, or whats-his-face from /Cash in the Attic/, get hit, and then it's skipping straight along the "chaos strikes British Airports" road on any slow news day.

  29. MinionZero
    Big Brother

    A little knowledge is a dangerous thing

    NuLabour seems to be divided between the gullible and the manipulatively deceitful. Or are they all deceitful and they just hope enough of us are the gullible, to keep believing what they keep saying.

    Either way, the end result is the same, so the more they keep forcing ever more monitoring and control on us, the more its time to play them at their own game and force open monitoring on them. They work for us and we pay for them.

    What's even more scary, is if they actually believe their own PR that its 100% certainty of authentication of individuals. Because as soon as stolen or forged cards are used in crimes, they will be coming knocking on our doors and dragging us away to lock us up!

    So yet another day and yet another step towards the nightmare world we are all being dragged into. :(

  30. Anonymous Coward
    FAIL

    re : Alan Johnson photo

    I note that the card he is brandishing is only a specimen.

    What's the matter Alan, don't you carry a real one?

  31. Jon Axtell
    FAIL

    Sample

    Look closely at Alan Johnson's ID card in the photo on the first page. It has SAMPLE written on it. So he is NOT an early adopter.

  32. Knowledge
    Black Helicopters

    Their behaviour is inexplicable.

    What if politicians all over the world are so keen because they've all been told that this level of control WILL happen; and that they'd better get the public used to the idea, whether the technology is there or not??

    Would that explain it?

  33. J. Cook Silver badge
    Stop

    My take on biometrics...

    I used to work in a place that had a handprint scanner with a PIN code along with the more traditional proximity card/picture badge for access control into a secured area. (a true three-factor system)

    One day I was amused to see two co-workers of mine (identical twins) go up to the door. One put his hand in the reader and put in his brother's PIN code for the scanner, and the other one badged the door open. All four of us (myself, the twins, and the dude in the security booth) were surprised that it worked.

    I don't see biometrics being anything but a secondary verification method- Too high of a failure rate. Fingerprint readers are notoriously finicky, retinal scanners are an unknown (I've yet to run across one, so my only assumption is that they have a worse success rate then fingerprint scanners or disgustingly expensive), and DNA scanners are still a figment of the Sci-fi writer's imagination.

  34. /dev/me

    €50,-

    Pete2: "I would hazard a guess that very soon, failure to produce an ID card will become an offence with a fixed penaly attached - say £50."

    Nothing new in the Netherlands. I live a life of crime because I sometimes don't carry my wallet when I go out for a walk. One of these days I might bring myself in. I've never been asked for my ID though; I look boring ;-)

    ---

    Well, anyway, BIG government projects NEVER get pulled. They may know it's a bad idea wasting billions decades before fruition, but politicians never back out.

  35. Rolf Howarth

    I'm no fan of ID cards but...

    there seem to be a few flaws with this argument. Not being 100% accurate doesn't prevent automatic biometric matching being useful:

    1. Automatic recognition won't be used to search a user's biometric details against the ENTIRE database but will be used to validate it against a specific ID card... an almost infinitely easier problem.

    2. At places like passport control, the system will presumably be set up to allow 99.5% of people for whom there's a good enough match against their ID card through automatically. The others won't be arrested but will involve a passport officer manually checking their details.

    3. Likewise, if the system flags up one person's biometrics as being suspiciously close to an existing record, that will just be flagged up for manual inspection.

    Still no fan of ID cards though. A huge waste of public money and ever more encroachment of my civil liberties.

    -Rolf

  36. Martin 6 Silver badge

    Biometrics could work

    The problem with biometrics is using silly things like iris or fingerprints. What you really need to use is the gene sequence - thats pretty much unique for everyone except twins.

    You can now sequence a human genome in about a month on a machine that only costs $1M. Ok so it might mean a bit of wait at the bar everytime you need to prove your age or at the tube when you use your oyster card - but this is necessary to stop terrorism/child pornography/aligators in the high st/ etc.

  37. John Sager

    @Michael Wilkinson

    Your last comment hits the nail squarely on the head, and the problem is as much ours as the politicians. We shout 'yah-boo-sucks' when they get it wrong, and the tabloids amplify that shout by about 130dB. That's hard for even the most egoless nerd to take, and our decision-makers are not generally noted for a lack of ego.

    Having said that though, the attitude of the IPS and the government generally cannot entirely be put down to loss of face concerns. I suspect they don't actually care what the statistics look like. They assume putative terrorists don't read this stuff and will be scared off by the Security Theatre, as Bruce Schneier so aptly calls it.

  38. Anonymous Coward
    Anonymous Coward

    @Portugal, try a carrot

    "It worked, so obviously on the way out I tried to scrunch my face up as much as possible to defeat it. It still worked."

    I have an open door, it works 100% of the time, I scrunch my face up as much as possible, but the door was still open! The door works!

    My point being, to work, the Portuguese unit has to reject the fakes and accept the real ones. I reckon from it's method of working it is using height + distance between eyes as the main two biometrics. Which means false positives are the most likely outcome.

    On the early trials it failed repeatedly which was blamed on calibration, so I reckon they loosened up the tolerances a lot to let a lot more people through. False negatives complain, but false positives, they tend to you walk through and try not to make a fuss!

    With the new card cloning, it will make faking this machine a lot easier, even if you tightened it up completely.

    As ever the test for security is to put it out for proper challenge and proper security testing. Just like voting machine vendors claimed their voting machines are perfect..... and shock-horror it turns out to be trivial to change the vote. Just like every single piece of software in the world goes out perfect and gets ripped full of security holes when under close public scrutiny.

    But hey, THIS time it will be different and it will work first time without the scruitiny. Yet they won't let it out of the airport, so nobody can show how easy it is to defeat legally.

    You still see politicians claiming that a stock chinese touch panel can tell the difference between a dead finger cut off a body and a live finger.....they don't know about capacitance screens even! (Try operating your iPod with a plastic pen, doesn't work, now try with a carrot... works, that's a capacitive screen, the juicy carrot and your body form one plate of a capacitor).

    It's like Government is full of rubes and having been sold a dud they have to pretend its great!

  39. Anonymous Coward
    Anonymous Coward

    Amateur

    I can only comment from experience of the US fingerprint verifying system. So far it has worked for me. However, my wife failed easily at O'Hare, the reason given was, dirt on the reading screen! She was one of many! We have a friend who has no fingerprints---genetic anomaly. She creates havoc going through US immigration, don't get into her queue! The concept looks good, but it's difficult to beat the effiency of the standard passport for the normal passenger. The reality of detecting the random unwanted person seems difficult to achieve at official border entry points, they'll simply go for the quiet unauthorised entry via a sea/land route, which seem to be easily achievable. I understand that some airlines now verify their repeat passengers identity before flying. This seems a logical step forward.

  40. Dennis
    Boffin

    Re: @Too much egg: I actually do pattern recognition

    I agree it's doomed to fail. And the tests continue to confirm this.

    However, it may be possible to reduce the 1.8 x 10^15 comparisons figure.

    This assumes that it is necessary to compare every biometric with every other. If the chosen biometric has different groups that don't overlap then you only need to compare within the one group. If fingerprints could be unambiguously assigned the classification "arch", "loop" or "whorl" then you would only need to compare within the same classification. There would be no point in making a comparison between a "whorl" and anything in the "arch" or "loop" sets.

    But the scanning technology doesn't work reliably (yet). And I doubt if it's possible to unambiguously assign fingerprints to a classification. When does an "arch" become a "loop"?

  41. D Moss Esq

    Maria Helm Posted Friday 14th August 2009 13:35 GMT

    Ms Helm, you say:

    "... maybe we find ways to measure multiple biometrics, or different biometrics, to obtain more reliable results. Then the assertion that you could use biometrics for a national identity system becomes more likely ... The bottom line is not that it is impossible, but simply that the current technology is not mature enough."

    I think that is correct. No single, practical biometric suitable for mass consumer use is known. The "hope" is that some combination of biometrics might deliver usable reliability. So far, there is no known composite biometric either, please see http://dematerialisedid.com/BCSL/Fantasy.html.

    That is the "bottom line". Schemes like the National Identity Service and eBorders are proceeding in the full knowledge that the biometrics they depend on are not available. Call it "delusion" or "fantasy", whatever, it isn't rational, scientific, businesslike or responsible.

  42. D Moss Esq

    Julian I-Do-Stuff Posted Friday 14th August 2009 13:36 GMT

    Julian

    Uou say:

    "To prove that each [of 60 million people] is represented by a unique electronic identity on the population register, each biometric would have to be compared with all the rest. That would involve making 1.8 x 10^15 comparisons.

    Bollocks - I think - except in the most improbable worst case. Hash the identity and do a sort, then look for consecutive duplicates. Quicksort is O(nlogn)... do the math.

    ----------

    What you outline is an algorithm for finding matches. It may be a jolly good algorithm. But it says nothing about the number of matches you will find, nor does it help to distinguish the genuine matches from the false ones.

    Professor Daugman's argument lives, therefore, to fight another day. The number of false matches is so great that it is not feasible to say that everyone has one and only one identity recorded on the population register. Not with populations like the 60 million of us in the UK, 600 million in the EU and 6 billion in the world.

    NIST had a lot of trouble proving uniqueness in a population of 6 million, please see http://dematerialisedid.com/PDFs/ir_7110.pdf. You might approach them with your hashing function, they could be grateful ...

  43. Anonymous Coward
    Anonymous Coward

    A title is required, and must contain letters and/or digits.

    Whether ID cards actually work (in the technical sense) or not, they are still really useful for power crazed bureaucrats with an inflated sense of their own importance.

    I predict some unpleasant times ahead..

  44. Keith T
    FAIL

    This guy doesn't seem to know about programming or the efficiency of algorithms

    "Suppose that there were 60 million UK ID cardholders. To prove that each person is represented by a unique electronic identity on the population register, each biometric would have to be compared with all the rest. That would involve making 1.8 x 1015 comparisons."

    There are algorithms that are far far more efficient than that. Here are two examples:

    1. You could categorize the individual sample and only compare it with other samples in the same categories. For example, brown eyes wide nose. You'd only compare a face like that with other faces in the same categories.

    2. Create a hash key from each sample and store the keys in sorted order. Compare the individual sample only to samples with the same hash key.

  45. Keith T
    WTF?

    The question is whether biometric is better than what we've got

    The question is not whether biometric identification is perfect or politicians and sales people make stupid claims. We know the answer to those questions are false and true.

    The question is whether biometric is better than what we've got: (1) Security guards looking at tiny photos; (2) Bank clerks looking at signatures; (3) Typed in computer passwords; (4) ID cards with chips in wallets or on lanyards around necks.

    We can add a second LED to the finger print scanner and collect the finger prints in 3D.

    With faster CPU chips than we had in 2004, we can use more complex matching algorithms.

    ----

    How were these techniques ever regarded as adequate?

    (1) Security guards looking at tiny photos; (2) Bank clerks looking at signatures; (3) Typed in computer passwords; (4) ID cards with chips in wallets or on lanyards around necks.

    They were adequate because we do not actually need 100% accuracy in ID.

    A person may find a photo ID card, but will they look like the ID on the card they find? probably not. Signatures are not perfect, so banks just refund the money when an error occurs. ID cards can be lost, but they are seldom found by malicious people.

  46. Lou Gosselin

    Diagrams not very readable.

    I couldn't make out the words in many of the figures in this article. Even when I looked very closely it was difficult to discern most of the text.

    Of course I see that the register's horizontally squashed layout doesn't allow for larger diagrams, but it would be appropriate to add a link to display the image in a proper size.

    While I'm at it, I'd like to point out to the register's web design team that while the article text is 580px wide, 1100px remain as unused whitespace (at least on my 1680x1050 wide screen monitor).

    Even on a 1024x800 monitor (which seems to be optimal for your website), the article only displays on 57% of the screen. So it's not that there isn't enough room, it's that the current layout is fundamentally problematic.

  47. Keith T
    Alert

    This 3 month ordeal in Kenya is why we need biometrics

    This is why we need biometrics:

    http://www.cbc.ca/world/story/2009/08/14/kenya-canadian-passport-mohamud857.html

    "... Suaad Hagi Mohamud, 31, had been unable to leave Kenya since May, when authorities said her lips did not look the way they did in her four-year-old passport photo. ..."

    The question is, who to make biometrics better than what we have now, which is a single 1 inch photo taken up to 10 years ago.

    In the USA, the fact that their DHS uses names to filter terrorism suspects means thousands of people with similar names are pointlessly hassled for hours each year.

    How many false positives do you get matching names in the UK? Probably tens of thousands in Wales alone.

    @Richard 12: Take another look at page 2 of the article.

    Julian is correct. The article is talking about the number of comparisons and using the worst possible algorithm to make the calculation..

    If your premise were true that he was trying to calculate the minimum number of digits to hold unique values for each resident of the UK the article would be even more inaccurate. The size of number required to hold 65,000,000 distinct values is only 8 decimal digits.

    @RichardB, MariaHelm makes valid points.

    The article assumes technology never advances and it assumes if perfection cannot be attained there is no point in making an improvement.

    What we need for now is something better than what we have now. Achieving perfection is always something for the future.

  48. Julian I-Do-Stuff
    FAIL

    Egg on face

    Points nicely taken...

    Self fail

  49. Columbus
    Big Brother

    SC clearance = RFID

    Simple - what will happen is SC or Military people will have RFID chips, then Police, doctors etc, without the chip they don't work, other biometrics are set to high level of accuracy, people will then want the RFID to ease access to the NHS, or benefits, Prisoners have the chip automatically, removal of the chip is an imprisonable offence etc

    Big Brother - of course

  50. Julian I-Do-Stuff

    Still dripping...

    Post 1 - Not enough caffeine

    Post 2 - Too much wine?

    3rd time lucky?

    @Michael H.F. Wilkinson - Re matching, granted. But I was limiting my point to the determination of uniqueness of records... whatever initial set of biometrics are obtained (as opposed to subsequent measurements for *identification*) it's just data, so uniqueness surely could be determined as suggested?

    @the rest, not so much missing the point as not bothering to get to it - the arguments against - in my opinion - are much stronger than those for, but when I thought I saw an astronomical misstatement ... the point was really about the author missing the point and introducing spuriously supportive detail.

    Still a bit eggy, but I thought at the time I was possibly making an omelette...

  51. Anonymous Coward
    FAIL

    A few replies

    @Onoria

    You've obviously not been following this one that well. El Reg reported a while back some research that showed that daisy-chaining multiple biometrics actually make things as bad as the worst biometric. The reason for this is the offset between false positive and false negative. Check out the article if you want full details.

    @Julian I-Do-Stuff

    You are thinking like a computer scientist. But remember that all biometrics (with the exception of DNA) are measurements. For example on fingerprints the measurement of the relative position of certain identifiable points on a finger. Measurements have a particular accuracy. Unless your measurements are EXACTLY the same (to the given precision you are using) then your hash fails and you fail to match your subject. This is true on a fingerprint for all 10 or 12 points that you use for ID. This puts an even higher standard of preventing false positives than you need; and in return throws your false negative rate through the roof. Furthermore you can't tune false positive to false negative rates. The only way to use a hashing system currently is with DNA profiles which are gene sequences and therefore effectively a specific value rather than a measurement. Here your only problem is the probability of a matched sequence which is higher than most people think.

  52. Frumious Bandersnatch

    @Bringing down those odds

    Short answer: no.

    Slightly longer answer, courtesy of The Register:

    http://www.theregister.co.uk/2005/10/19/daugman_multi_biometrics/

  53. Charles 9

    @A few replies

    Concerning measurements---so what if those measurements can be made MORE ACCURATELY? Or is there some inherent accuracy ceiling that no amount of technology can compensate?

  54. Anonymous Coward
    Black Helicopters

    @ Keith T, 19:45

    The US no-fly list is ridiculous, and as you said, thousands of people end up spending hours at the airport without ever having set a foot wrong.

    However, biometrics is not the answer to that. These problems need to be addressed individually: the no-fly list's system needs to be changed dramatically (or abolished). The people responsible for holding up the person in Kenya need to be sacked, re-educated or "cured" Room 101-style.

    Adding another layer with its own faults (false positives etc), on top of an already faulty layer, just to try and correct the bottom layer's mistakes is silly. It is a massive waste of time, money and infrastructure; and will ultimately solve very little, if anything at all.

    Of course, in our overlords' views, adding another layer is "making something _better_". Drastically changing a system, or abolishing it, is admitting the government was wrong. And that, as has been pointed out, they will never do.

    However, I cannot help but hope that inside those black helicopters there's one person with a heart (or a calculator and a sense of how much the taxpayer is coughing up this time). Either that or a revolution with funky masks.

  55. Anonymous Coward
    Black Helicopters

    @AC - A few replies...

    "The only way to use a hashing system currently is with DNA profiles"

    Can you see where this is all going yet?!

  56. Anonymous Coward
    Stop

    @Categorisation comments

    If you were categorised automatically and that included hair colour- not an unreasonable attribute on the face of it- you'd have to remember that this changes weekly with some people.

    You can't do it based on skin colour- imagine if someone who wasn't quite "black" enough was described as "white" or "coloured" or "non-white" or if the opposite happenned to a white guy- it'd be even worse for those genuinely in this category as their category could swing either way. And remember that their skin colour could be changed by lighting, camera settings, make-up worn, etc.

    Suddenly you've got a system that could lead to lawsuits- and huge numbers of false-negatives; say the police pulled over a girl who'd worn a little dark make-up on photo-day. They're classified as "non-white" on their card but due to a lack of make-up on the day of this pulling-over are very definately white. Suddenly you've got a fraudulent looking ID. If they'd died their hair that day they'd probably end up being tazered as a suspected terrorist...

    And this is to say nothing of the havoc facial tattoos (genuine or temporary) could cause- if you were halfway through a tattoo when you were legally forced to renew your photo you'd potentially not match it after another session at the tattooist.

    Also, what're the effects of facial glitter in modifying the average skin colour found?

    Eye colour would be a possibility but this could be screwed up with coloured contacts if you were a terrorist.

    Given that the eye is a big lens, wouldn't the "read" eye blood vessel pattern appear to change over time? Especially with kids and the elderly? Not a huge amount, but enough to cause problems if you tried to match it too exactly?

    So we're down to fingerprints which aren't proved to be individual and which are read by a method below what the already-fallible police currently use. These can't be automatically checked- as Mythbusters demonstrated some of these automated fingerprint-reading systems can be gotten through with as little as a photograph of a fingerprint. So to use fingerprint recognition with any actual confidence that they're the real person you need a person. Kinda limits their use.

    Biometric cards are really going to suck, aren't they?

  57. Julian I-Do-Stuff
    Coat

    Mea Culpa

    I plead temporary insanity due to a week of Hungarian in-laws.

    IF - as is NOT the case - the issue is the uniqueness of data, then my answer was not incorrect

    IF - as IS the case - the issue is the uniqueness of the identities of people as defined by biometric data, then I was indeed so far off the point as to be positively retrograde. 1.8 x 10^15, etc. etc. all accepted.

    Apologies to author et al. Doing stuff includes making a complete twat of myself - I'm good at that.

    (Rarely in the field of iconry has this been more appropriate)

  58. Richard 12 Silver badge

    @Keith - Please re-read statement.

    He is *not* talking about how the data is processed.

    He is *not* talking about how the data is stored.

    The purpose of the statement is to calculate the *probability* that there will be false matches - thus, the chance that *any* two individuals on the register will match *each other*.

    His statement is basically that given infinite computing power and infinite storage space, it still *cannot work* because of the data capture systems available.

    Furthermore, it is quite likely (though as yet unproven) that the data subjects themselves (you, me and everyone else in the world) prevent the system from working, as we're all much more than 99.99% identical. If we weren't, we couldn't breed.

    (I'm not sure of the exact number of decimal places, but it's much more than two)

  59. D Moss Esq

    janimal Posted Friday 14th August 2009 13:57 GMT

    Mr Animal

    You say:

    "You know this, I know this, many statisticians, mathematicians, techies and geeks know this. What we actually need is some trusted (ha!) media organisation, like say the beeb, to explain it to the rest ..."

    Quite right. Editors in the print media and broadcast should be lobbied to insert the word "alleged" into any of their reports on the reliability of biometrics. Biometrics are guilty until proven innocent -- normal scientific scepticism.

    As for your joking assertion that "they're all in it together I tell you!", you know and I know that that's not quite it. There's just a general assumption that biometrics work infallibly, a forgivable mistake, people can't be expected to question everything, there isn't time, how many false beliefs do you and I hold?

    We just need to indicate to politicians, civil servants, journalists and others that this is an area where it's worth putting in a bit of effort to question the received wisdom, otherwise we'll waste a fortune and there will be a lot of disappointment when all those raised hopes for security and efficiency are dashed.

  60. D Moss Esq

    Anomalous Cowherd Posted Friday 14th August 2009 14:07 GMT

    Mr Cowherd

    You say:

    "Portugal ... is using fully automated facial biometrics already."

    Correct. Ditto Australia, please see letter from Home Office Scientific Development Branch (HOSDB), http://dematerialisedid.com/BCSL/Rejman-Greene.html:

    "Operational testing, e.g. in Australia and in Portugal, has confirmed the improvements which the NIST technology tests have identified."

    That is HOSDB's assertion. I can find no references to the success of the technology in Portugal. As to Australia, please see http://www.australianit.news.com.au/story/0,,23502567-5013040,00.html?from=public_rss:

    "Customs refused to disclose the rates at which the system inaccurately identified people ..."

    This is not how science is normally conducted, is it? Normally, the emphasis is on openness, which promotes confidence. The Australian Customs are depressing confidence, their secrecy looks suspicious, what have they got to hide?

  61. D Moss Esq

    Michael H.F. Wilkinson Posted Friday 14th August 2009 15:15 GMT

    Mr Wilkinson

    Thank you for your contribution, especially valued coming from a practitioner.

    I did propose a plan to John Reid when he was Home Secretary how to get off the hook while saving face, http://dematerialisedid.com/Open.html. The plan is unused and remains available to any future Home Secretary and, indeed, to the Interior Minister of any country in the world. Interior Ministers, or Prime Ministers, http://dematerialisedid.com/OffTheHook.html.

  62. Ed

    Actually possible?

    We, as humans, can mistake one person for another. I can't believe computers are going to get better at recognizing us than we can each other in the near future.

  63. Robert Forsyth

    It must work, I've seen it on films

    along with faster than light travel, teleport, ...

    Some of this is bluff, like TV detector vans to 'encourage' people to get TV licences. The fingerprint to get your school dinner, it doesn't really matter if it works, so long as it appears to work.

    All these biometric testing devices seem like they can be bypassed, say a mask for face recognition, false fingerprints covers, whatever. What you need is a secret (like your PIN), shared between you and the ID office, and something like a credit card to hold your ID and the shared secret verifies it. Trying to use biometrics for the shared secret, has the problem that it is not secret (or not fixed and not unique ).

  64. Michael H.F. Wilkinson Silver badge
    Boffin

    @Keith T; @AC: A few replies; + "Authentication + , Identification -"

    @Keith T : see my earlier comment on why this does not work, also the AC mentioned below

    @AC: A few replies: No computer scientist dealing with computer vision or other pattern recognition tasks would think the way you suggest computer scientists think.

    Finally: I do think biometircs, in particular iris scans can help in authentication, though more research is needed to reduce the failures in enrolement. I remember John Daugman complaining he had studied more eyelashes (especially Asian ones, which do not curl up as much, and therefore occlude the iris) than anybody in the world.

    In identification I have severe doubts

  65. D Moss Esq

    Anonymous Coward Posted Friday 14th August 2009 20:48 GMT

    Mr Coward

    You say:

    "The only way to use a hashing system currently is with DNA profiles which are gene sequences and therefore effectively a specific value rather than a measurement. Here your only problem is the probability of a matched sequence which is higher than most people think."

    Correct.

    Professor Sir Alec Jeffreys, the man who invented DNA profiling, so he should know, had this to say way back in 2004, http://www.guardian.co.uk/science/2004/sep/09/sciencenews.crime:

    "Genetic profiles stored by police normally record the details of 10 specific parts of the long chain of molecules that make up a person's DNA. The chances of two unrelated people having the same details for all these 10 markers - and hence the chance of a false identification - is said to be about one in a billion. This method has traditionally been regarded as highly efficient at identifying suspects from DNA traces left at crime scenes.

    "However, Prof Jeffreys said the increasing number of records being held on the police database - currently about 2.5m - meant that having only 10 markers per person was no longer foolproof."

  66. D Moss Esq

    Julian I-Do-Stuff Posted Saturday 15th August 2009 06:16 GMT

    Absolutely no need to apologise.

    Your Hungarian experience reminds me.

    One of the arguments used for the introduction of biometrics into the UK is that other countries use them. That doesn't make biometrics reliable, of course. It simply suggests that we in the UK should do what other people do.

    In Hungary, they speak Hungarian. Do the Home Office suggest that we all speak Hungarian?

    No. They do not follow their own rule.

    Just as well. After all, they speak Portuguese in Brazil. So we should speak Portuguese.

    The rule implies both that we should speak Hungarian and that we shouldn't, because we should speak Portuguese.

    Reductio ad absurdum.

  67. D Moss Esq

    Ed Posted Sunday 16th August 2009 00:25 GMT

    Ed

    You say:

    "We, as humans, can mistake one person for another. I can't believe computers are going to get better at recognizing us than we can each other in the near future."

    According to the US National Institute of Standards and Technology (NIST), http://www.frvt.org/FRVT2006/docs/FRVT2006andICE2006LargeScaleReport.pdf:

    "In an experiment comparing human and algorithm performance, the best-performing face recognition algorithms were more accurate than humans."

    That was the result of a laboratory-based experiment. It has never been repeated in the field. Quite the opposite.

    NIST's methodology for predicting outcome in the field is utterly discredited.

  68. D Moss Esq

    Anon @ 17 August 2009 10:16

    A reader who wishes to remain anonymous emails:

    "Hi David - I'm confused because <countryname> is using fingerprint-based identity verification (not identification as you define it, because it is matching my flat-fingerprint read against a smartcard that stores a copy or some hashed representation), and this system has worked quite reliably for me over the last few years since they started using it in all their automated immigration kiosks.

    "I use it myself several times per month and occasionally it can't read my fingerprint but it tells me this and I try it again and it goes through. I don't see evidence of the 15-30% failure rates you are mentioning. Are they using a better technology?

    "Personally I always thought the bigger concern about biometric security was the impossibility of revoking a stolen key. If someone is able to compromise the reader infrastructure then presumably they can capture the hash of my digital retina, for example. Now they could submit this through any hacked interface, and I can never recall it as stolen. Of course this requires that they hack both sides, but we know that even ATMs are hacked -- good, send me a new debit card. But a new retina?

    "Curious to hear your thoughts.

    "Cheers, -<readername>"

    ----------

    1. It is possible that this country is using more reliable technology than others. Could you try to find out who supplies it?

    2. I would be surprised if they have found a supplier with an infallible product. We would have heard about it by now, if that was the case, and we would all know the failure to enroll rate (FTE), and the matching false match and false non-match rates (FMR and FNMR). Nobody with a light like that would hide it under a bushel.

    3. You are only a sample of one. You cannot draw much of a conclusion from so small a sample.

    4. Can you find out how the fingerprint equipment has been set. It may be that the authorities have deliberately opted for a low FNMR. In that case, they are likely to experience a high FMR -- you may find that hundreds of people could pass through the gates using your ID card.

    5. Scanning your iris is supposed to be risk-free. Scanning your retina isn't. I asked my optician. She said it was a bad idea to have your retina repeatedly scanned. Only a sample of one, admittedly.

    6. You're confused? Nothing like as confused as the politicians and civil servants here in the UK, http://dematerialisedid.com/BCSL/Tulipmania.html.

    Best wishes

    dm

  69. D Moss Esq

    Anon @ 17 August 2009 16:13

    The reader who wishes to remain anonymous replies:

    "Fair enough - I would actually expect it is as you suggest - they are probably configured to be somewhat lax -- you know the numbers better than I do, but if the probability of another person being able to pass through on my credentials is 1/10000 then presumably they figure this 0.01% chance is acceptable to prevent brute force attack. I would spend a long time to find one of the compatible 700 people. But they aren't claiming it offers fool proof identification, either.

    "If I am able to find any information about the manufacturer I will send it along.

    "Cheers,

    "-<reader name>"

    ----------

    I believe that most people think the biometrics being offered in the National Identity Scheme (NIS) and in the UK Border Agency's eBorders scheme are 100% reliable, binay, yes/no, that's you/that's not you. That causes most people to look on these schemes in a certain way.

    If and when they realise that the identity ascribed to a person by today's mass consumer biometric technology is only probabilistic, I believe that people will look on it in a different way. The technology will provide acceptable value for money if the error rate is small.

    But what is "small"? 0.5%? 1%? Those would probably count as small, and people would grudgingly think the money is well spent. But 20%? That will come as a shock. Nothing in the utterances and press releases of politicians and civil servants has prepared people for that sort of error rate. But that's what the FNMR is, apparently, for flat print fingerprinting, with a low FMR.

    Not having been prepared, people will feel cheated, the money will feel wasted and the instigators of the NIS and eBorders will be lucky if the worst they suffer is derision.

    ----------

    You would have trouble finding 700 people in <countryname> with similar flat print fingerprints to yours. I would, too. We're both nice people.

    But consider a newspaper editor. He or she is used to retaining private investigators (PIs) to discover secrets about people. The PIs, in turn, have contacts in the police or at credit card companies who will supply information for money. This doesn't happen at The Register, I imagine, and we all know it doesn't happen at the News of the World. But it happens. Someone is keeping those PIs in business.

    A newspaper editor, or organised criminal, could ask his contacts to get him the name and address of the top 100 people with closest matching flat print fingerprints, all neatly categorised by post code. Henchmen could then be despatched to do a spot of burgling/pickpocketing. Perhaps it would be best not to steal the look-alikes' cards. That would get them revoked. But just note down/download some details so that a decent copy can be made.

    Bob, it seems ot me, after that, is your uncle.

    The nice people suffer. The nasty people prosper.

    ----------

    Hope you can get some information.

    Best wishes

    dm

  70. John 61
    Jobs Horns

    @ Keith T

    Quote:

    What we need for now is something better than what we have now. Achieving perfection is always something for the future.

    Surely this puts you into an infinite loop?

    *All* databases suffer from the same thing: GIGO.

  71. Anonymous Coward
    Anonymous Coward

    Home Office Scientists

    The Home Office has scientists!?

    Rofl, I don't believe a word of it.

  72. Adrian 4

    @AC - DNA

    ""The only way to use a hashing system currently is with DNA profiles"

    Can you see where this is all going yet?!"

    No, not any more.

    http://www.nytimes.com/2009/08/18/science/18dna.html?_r=1

    I predict atomisers matching celeb DNA on ebay any time now ...

  73. N2
    FAIL

    Anyone know

    Any government IT initiative to be a success, that it operating with in the design intent & within budget etc, as opposed to a claimed success?

    It seems like theyve failed at everything else & Ive every confidence they will fail at this.

  74. Chris Hunt
    FAIL

    The bigger picture

    I think even new labour realise that ID cards won't work, but they won't have the job of making them work.

    When the tories win the next election*, it'll be their job to implement the cards, and their fault when it all goes tits up. Think "millenium dome" with knobs on.

    Of course the tories are committed to dropping the scheme altogether. That's even better for NuLab - they can accuse the tories of being soft on crime/security/terrorism; and next time there's a terrorist attack they can claim that ID cards might have prevented it.

    All good ammunition in the ongoing political bunfight, for only £5M and counting - but who cares, it's only our money!

    Of course the plan runs into trouble if, somehow, Labour win next year (let's call this the "John Major" scenario). Then they just keep it in a perpetual series of consultations and trials and whatnot to keep it on the "coming soon but not yet ready" list so as not to pay the price of cancelling it. Sadly, with daily-mail-appeasing uppermost in their minds, I think the tories might do this too.

    Card-shaped icon with "fail" written on it...

  75. John Smith 19 Gold badge
    Thumb Down

    Where does 1.8 E15 come from?

    IIRC 60million is the official number from the offfice of national statistics based on the last census.

    checking each person against *all* other users (including the one they claim to be) gives 60milion ^2 or 3.6E^15.

    I am including a check against the person they claim to be as well (which logically should be the first on the list)

    Note we are not looking for at least 1 match (IE the idea that on *average* we have to cover 1/2 of any database to find a match) we want *all* matches, as an impostor should be the person who has a higher match score (on their real identity) than the person they are claiming to be.

    So how does the number of matches get dropped by 1/2?

    Note this does not change the conclusion. Only an idiot or a data fetishist would beleive the claims made for these systems given the size of the DB, the match rate needed and the number of false positives it will generate.

    Like all natural recognition problems (speech, vision, hand writing etc) recognition error rates which would look good in controlled computer environments (1 % or even 0.01%) are rubbish compared to human abiliites.

    Thumbs up for the article. Thumbs down for the NIR the ID card or the misbegotten idea that passports should be "reportable documents."

  76. Anonymous Coward
    Anonymous Coward

    @Charles 9

    Quote >>>

    Concerning measurements---so what if those measurements can be made MORE ACCURATELY? Or is there some inherent accuracy ceiling that no amount of technology can compensate? <<<

    Yes, it's called the Heisenberg Uncertainty Principle.

  77. Richard 33

    Smith

    I have just one polite request. Please don't put up any more pictures of "Jacqui" Wacky Smith in your articles. She is no longer Home Secretary, thank god. Putting her picture there just makes normal members of the public want to hit things. I have above average blood pressure as it is - please don't push me over the edge.

  78. D Moss Esq

    Keith T Posted Friday 14th August 2009 19:45 GMT

    Mr T

    You say:

    "The article assumes technology never advances and it assumes if perfection cannot be attained there is no point in making an improvement.

    "What we need for now is something better than what we have now. Achieving perfection is always something for the future."

    ----------

    As it happens, no. I'm all for research into biometrics, I expect technology to advance, I understand that there are limits to human systems, some small failure rate would be acceptable to us all, but the failure rates of mass consumer biometrics at the moment are not small by any standard.

    Nigel Sedgwick is my nominee for the expert on biometrics most worth listening to, http://dematerialisedid.com/BCSL/Fantasy.html. He is the man who has calculated the performance needed to deliver politicians' promises for biometrics and he is the man who says that there are no such biometrics available today that he knows of. Which seems to me to be the end of the argument – biometrics is a subject without an object. Unless you know better. In which case, please tell us.

    Mr Sedgwick likens today's mass consumer biometrics industry to the airline industry 100 years ago. Rolling out biometrics today to the entire population is as suicidal as getting everyone to take transatlantic flights in 1909.

  79. D Moss Esq

    John Smith 19 Posted Wednesday 19th August 2009 06:39 GMT

    Mr Smith

    You ask:

    "... checking each person against *all* other users (including the one they claim to be) gives 60milion ^2 or 3.6E^15 ... So how does the number of matches get dropped by 1/2?"

    ----------

    Suppose we have both George VI and Che Guevara on the population register. Your calculation treats matching George to Che as separate from matching Che to George. Professor Daugman's method calls that one match, not two. He's doing combinations, you're doing permutations.

  80. D Moss Esq

    N2 Posted Tuesday 18th August 2009 09:10 GMT

    N2

    You ask:

    "Anyone know [any] government IT initiative to be a success, that it operating with in the design intent & within budget etc, as opposed to a claimed success?

    "It seems like theyve failed at everything else & Ive every confidence they will fail at this."

    ----------

    A lifetime of reading Private Eye suggests that Accenture and EDS (now Hewlett-Packard) can normally be relied upon to deliver "delayed success" in government projects, Hitachi have given up with NPfIT, leaving CSC and BT to fail alone, and Capita have had a mixed experience with local authority services such as pension, payroll, rents and benefits.

    Let me leave those projects to Private Eye and concentrate on the National Identity Scheme (NIS). The inception of the NIS can be dated to some time in 1999, please see the UK Government Gateway FAQ, section 1.1.1, http://archive.cabinetoffice.gov.uk/e-government/docs/responsibilities/document_library/pdf/gateway_faqs_v2.pdf:

    "Q. What is the Government Gateway? What is it for?

    "A. In 1999, the UK Government commissioned a report from PA Consulting looking at the cross-government infrastructure that would be required to enable the delivery of online services and joined-up government to be implemented. One of the recommendations in that report was that the UK Government should procure a central ‘gateway’ that would help tackle common issues such as user identity management, messaging and transaction handling."

    Arguably, in 10 years, PA Consulting and the Identity & Passport Service (IPS) and its predecessors, have achieved nothing. They are utterly ineffectual. Sedentary, if not actually supine, they have set low targets for themselves and failed to meet even those.

    Is there someone somewhere, I sometimes ask myself, someone with real power, the power to make things not happen, putting his or her foot on the brake?

    Is it right to fear the NIS or is it more sensible just to pour scorn on the hopeless under-achievers at IPS?

    Don't know.

    But one thing is clear. Any supplier who "gets into bed" with IPS should re-examine their commercial decision-making processes, http://dematerialisedid.com/BCSL/Risk.html. CSC, with their £385 million contract to produce the biographical National Identity Register (NIR), and IBM with their £265 million contract to produce the biometric NIR, are all set for a place in the business school case studies on how to come a cropper – an eminently avoidable cropper.

  81. BlueGreen

    @Michael H.F. Wilkinson: "using some distance measure"

    Okay, presume we have some distance measure D, and let's assume the distance is not single, but multi-dimensional; call that dimension N.

    Let's try this: we take a large, random (and therefore hopefully representational) sample of irises, apply D and plot them throughout N space. I suspect there would be large clusters representing racial subgroups, but let's ignore that for the mo and assume they're fairly smoothly scattered.

    Partition the space into S subsets with regular cuts to produce a regular grid in this hyperspace, analogous to drawing a grid on a 2d sheet of paper. Plenty of cuts = plenty of hypercells here, of the order of thousands or tens of thousands, call this number H. Pick or construct the central-most (centroid?) iris in each hypercell. This is your target hash bucket iris.

    Now take your suspect's iris and match it against each target hash iris. Operation is O(H). When you've found the best-matching hypercell then start matching against all the irises in that cell (V of them, say); operation is O(V). Overall operation is O(H)*O(V) not O(H*V), give or take a square power perhaps.

    Tweak as required.

    How does that sound?

    some disclaimers - this isn't my area so I'm just stabbing randomly. And I don't like biometrics and its uber-tracking kin, I'm just treating it as a problem. And there are undoubtedly errors but the central idea seems prima facie workable

  82. D Moss Esq

    Anonymous reader @ Sun 23-08-2009 14:21

    A reader who wishes to remain anonymous emails:

    "Thanks, it's a good article - but...

    "Have you looked at the worldwide perspective on this?

    "Already, about 2.2 billion people have 'smart' ID cards. Over 900 million are biometric with fingerprints (China's only has digital facial images, not fingerprints)

    "By 2012, over 85% of the world's population will have smart ID cards.

    "If it isn't working, why haven't we heard the screams?

    "Incidentally, I should point out that I am an opponent of ID cards and fear what they will mean to ordinary people.

    "What worries me is that exaggerating the problems will convince most people not to worry or oppose the project, because 'it isn't going to happen'.

    "I have written an article on this subject, but it's under consideration, waiting to be published.

    ----------

    1. Thank you for your email.

    2. I look forward to seeing your article.

    3. The problem I consider is the unreliability of the biometrics chosen for the National Identity Scheme (NIS) and for its cousins, like eBorders. I have not exaggerated that problem. I have reported it and cited public domain sources in each case.

    4. The NIS and eBorders explicitly rely on biometrics. Bringing attention to the laughable unreliability of the biometrics chosen is an economical way of demonstrating that the NIS and eBorders must fail. It confronts those two initiatives with quantitative evidence, no theological or political or social or ethical arguments required, it's not a matter of judgement, it's nothing more than arithmetic, there's no "wriggle room", within their own terms of reference, these initiatives must fail. The Identity & Passport Service (IPS) and the UK Border Agency (UKBA) are an embarrassment to any self-respecting Big Brother, they wouldn't even get a GCSE in mass surveillance.

    5. The big arguments against putting state-controlled identity management at the centre of social interaction are not even mentioned, let alone exaggerated.

    6. If readers think my point is that there is no need to campaign against the NIS and eBorders because they won't work, then I have failed abysmally.

    7. It had not occurred to me that anyone would interpret this article as a call to cease campaigning but if that is a valid inference then I thank you for opening my eyes to it and for creating the opportunity to reiterate my belief that the NIS and eBorders poison the political ecology of the UK and need to be energetically resisted and terminated as soon as possible in the interests of the good government that we want, need, deserve and pay for. The intention of the article is precisely to equip people with simple arguments to campaign with.

    8. "Why haven't we heard the screams?", you ask. In the UK, with its typically gentle demeanour, criticism of the NIS and eBorders started slowly and quietly, but it's in fourth gear now and you can hear the screams, notably on the exemplary forum of No2ID (http://forum.no2id.net) and radiating out from there in the press and the broadcast media, local and national, and in Parliament and the devolved assemblies and local authorities.

    9. Spain has compulsory ID cards. Spain suffered the horror of the Madrid railway bombings. They may not have made the connection but, point that out to people, and you'll hear the screams. By 2005, Pakistan had issued 64 million biometric ID cards to citizens at home and abroad to help combat terrorism. Two years later, the unfortunate Benazir Bhutto was still nevertheless assassinated and even now Pakistan still remains some distance away from the orderly, efficient and safe state promised by the advocates of ID cards. They may not have made the connection but, point that out to people, and you'll hear the screams.

    10. Why don't you hear screams from US-VISIT? Because US-VISIT doesn't apply to US citizens. It applies to Mexicans trying to cross the Rio Grande. They can scream all they like, they won't be heard. And it applies to tourists and businessmen. They can scream all they like, but they don't have a vote. If the rumoured plans of DHS to apply US-VISIT to the Canadian border ever come to fruition, then you might hear some screams.

    11. Let me ask you in return -- why don't you hear screams of success? Where are the well-argued cases with supporting evidence for the success of biometric ID cards?

    12. I look forward to seeing your sources for the 2.2 billion, 900 million, 85% figures. In the case of the 900 million people with flat print fingerprint ID cards, has identity theft been reduced, has other crime been reduced, has terrorism been countered, have government services become more efficient? If not, why waste money on these identity management systems?

    13. "Global mobile penetration to reach 75% by 2011". That's what it says in The Register, http://www.theregister.co.uk/2007/10/26/mobile_pentration_research/. That's 4 billion people enrolled in a global identity management system that works. At the same time as heading off an identity management system for 900 million people that doesn't work, I really think we should all pay a bit of attention to mobile phones, http://DematerialisedID.com.

    14. Have I looked at the worldwide perspective? For mobile phones, I tried to. For IPS-style ID card systems, no. I have looked at the NIS in depth. I have looked at the EU's OSCIE specification (http://dematerialisedid.com/Mobiles.html#nothing) and Project STORK (http://dematerialisedid.com/BCSL/Hall.html and http://dematerialisedid.com/BCSL/Festival.html). I have looked at US-VISIT in some depth (http://dematerialisedid.com/Biometrics.html#usvisit) and at NADRA in Pakistan (http://dematerialisedid.com/BCSL/Risk.html para.10). Also Operation Golden Shield in China. But not at the whole world.

    15. It seems to me that an awful lot of countries, the UK included, are labouring under the delusion that governing means operating identity management systems and that they will work because biometrics work. And it seems to me as a result that the first country to point out that the biometrics emperor has no clothes will cause consternation, bring the whole house of cards down and ultimately help to restore reason to government.

  83. John Smith 19 Gold badge
    Unhappy

    @D Moss Esq

    OMG

    I'll pick up my copy of the Homer Simpson award on the way out.

  84. Anonymous Coward
    FAIL

    One Error In The Article

    The author has confused 'Indentification' (the searching of the database for a given probe image) with de-duping (checking each database biometric is only on the database once).

This topic is closed for new posts.