Posts by D Moss Esq 271 publicly visible posts • joined 19 Jun 2009
I wouldn't get hung up on the picture of a lady with a USB stick fingernail, data at your fingertips, etc ... I'm sure it's just meant to be lightly amusing. It isn't the logo for Project STORK. Unsurprisingly, that's a stork, flying through a ring of stars, and a painful attempt to explain the acronym -- Secure idenTity acrOss boRders linKed, plese see http://www.eid-stork.eu/.
"News of the plans emerged in the response to a Register Freedom of Information Act request to the Criminal Records Bureau (CRB). Today campaigners warned it could be used to help impose ID cards through the back door."
This is not entirely a new development.
Back in October 2006, the Home Office issued their first cost report on the National Identity Scheme (NIS). The report included very little by way of costs information. Instead, the Home Office took the oportunity to market ID cards, saying they would help to improve the accuracy of CRB checks:
"It is currently very difficult for Criminal Records Bureau (CRB) Registered Bodies to establish an applicant's identity efficiently ... It is already known that on some occasions, individuals are matched against the wrong criminal record ... this can lead to delays in processing their applications. In a small number of cases, people known to the police have been able to proceed through the system undiscovered", see http://dematerialisedid.com/PDFs/costreport37.pdf, p.5.
How are ID cards supposed to help with CRB checks? There's a one-word answer – biometrics. The cost report is only 13 pages long, but 41 times the Home Office mention biometrics. Biometrics is the answer to everything, illegal immigration, illegal working, sex offences, false asylum claims, terrorism, identity fraud and inefficient public services.
The Home Office have got a lot riding on biometrics. It's a shame they're not up to it, http://www.theregister.co.uk/2009/08/14/biometric_id_delusion/.
A reader who wishes to remain anonymous emails:
"Thanks, it's a good article - but...
"Have you looked at the worldwide perspective on this?
"Already, about 2.2 billion people have 'smart' ID cards. Over 900 million are biometric with fingerprints (China's only has digital facial images, not fingerprints)
"By 2012, over 85% of the world's population will have smart ID cards.
"If it isn't working, why haven't we heard the screams?
"Incidentally, I should point out that I am an opponent of ID cards and fear what they will mean to ordinary people.
"What worries me is that exaggerating the problems will convince most people not to worry or oppose the project, because 'it isn't going to happen'.
"I have written an article on this subject, but it's under consideration, waiting to be published.
----------
1. Thank you for your email.
2. I look forward to seeing your article.
3. The problem I consider is the unreliability of the biometrics chosen for the National Identity Scheme (NIS) and for its cousins, like eBorders. I have not exaggerated that problem. I have reported it and cited public domain sources in each case.
4. The NIS and eBorders explicitly rely on biometrics. Bringing attention to the laughable unreliability of the biometrics chosen is an economical way of demonstrating that the NIS and eBorders must fail. It confronts those two initiatives with quantitative evidence, no theological or political or social or ethical arguments required, it's not a matter of judgement, it's nothing more than arithmetic, there's no "wriggle room", within their own terms of reference, these initiatives must fail. The Identity & Passport Service (IPS) and the UK Border Agency (UKBA) are an embarrassment to any self-respecting Big Brother, they wouldn't even get a GCSE in mass surveillance.
5. The big arguments against putting state-controlled identity management at the centre of social interaction are not even mentioned, let alone exaggerated.
6. If readers think my point is that there is no need to campaign against the NIS and eBorders because they won't work, then I have failed abysmally.
7. It had not occurred to me that anyone would interpret this article as a call to cease campaigning but if that is a valid inference then I thank you for opening my eyes to it and for creating the opportunity to reiterate my belief that the NIS and eBorders poison the political ecology of the UK and need to be energetically resisted and terminated as soon as possible in the interests of the good government that we want, need, deserve and pay for. The intention of the article is precisely to equip people with simple arguments to campaign with.
8. "Why haven't we heard the screams?", you ask. In the UK, with its typically gentle demeanour, criticism of the NIS and eBorders started slowly and quietly, but it's in fourth gear now and you can hear the screams, notably on the exemplary forum of No2ID (http://forum.no2id.net) and radiating out from there in the press and the broadcast media, local and national, and in Parliament and the devolved assemblies and local authorities.
9. Spain has compulsory ID cards. Spain suffered the horror of the Madrid railway bombings. They may not have made the connection but, point that out to people, and you'll hear the screams. By 2005, Pakistan had issued 64 million biometric ID cards to citizens at home and abroad to help combat terrorism. Two years later, the unfortunate Benazir Bhutto was still nevertheless assassinated and even now Pakistan still remains some distance away from the orderly, efficient and safe state promised by the advocates of ID cards. They may not have made the connection but, point that out to people, and you'll hear the screams.
10. Why don't you hear screams from US-VISIT? Because US-VISIT doesn't apply to US citizens. It applies to Mexicans trying to cross the Rio Grande. They can scream all they like, they won't be heard. And it applies to tourists and businessmen. They can scream all they like, but they don't have a vote. If the rumoured plans of DHS to apply US-VISIT to the Canadian border ever come to fruition, then you might hear some screams.
11. Let me ask you in return -- why don't you hear screams of success? Where are the well-argued cases with supporting evidence for the success of biometric ID cards?
12. I look forward to seeing your sources for the 2.2 billion, 900 million, 85% figures. In the case of the 900 million people with flat print fingerprint ID cards, has identity theft been reduced, has other crime been reduced, has terrorism been countered, have government services become more efficient? If not, why waste money on these identity management systems?
13. "Global mobile penetration to reach 75% by 2011". That's what it says in The Register, http://www.theregister.co.uk/2007/10/26/mobile_pentration_research/. That's 4 billion people enrolled in a global identity management system that works. At the same time as heading off an identity management system for 900 million people that doesn't work, I really think we should all pay a bit of attention to mobile phones, http://DematerialisedID.com.
14. Have I looked at the worldwide perspective? For mobile phones, I tried to. For IPS-style ID card systems, no. I have looked at the NIS in depth. I have looked at the EU's OSCIE specification (http://dematerialisedid.com/Mobiles.html#nothing) and Project STORK (http://dematerialisedid.com/BCSL/Hall.html and http://dematerialisedid.com/BCSL/Festival.html). I have looked at US-VISIT in some depth (http://dematerialisedid.com/Biometrics.html#usvisit) and at NADRA in Pakistan (http://dematerialisedid.com/BCSL/Risk.html para.10). Also Operation Golden Shield in China. But not at the whole world.
15. It seems to me that an awful lot of countries, the UK included, are labouring under the delusion that governing means operating identity management systems and that they will work because biometrics work. And it seems to me as a result that the first country to point out that the biometrics emperor has no clothes will cause consternation, bring the whole house of cards down and ultimately help to restore reason to government.
N2
You ask:
"Anyone know [any] government IT initiative to be a success, that it operating with in the design intent & within budget etc, as opposed to a claimed success?
"It seems like theyve failed at everything else & Ive every confidence they will fail at this."
----------
A lifetime of reading Private Eye suggests that Accenture and EDS (now Hewlett-Packard) can normally be relied upon to deliver "delayed success" in government projects, Hitachi have given up with NPfIT, leaving CSC and BT to fail alone, and Capita have had a mixed experience with local authority services such as pension, payroll, rents and benefits.
Let me leave those projects to Private Eye and concentrate on the National Identity Scheme (NIS). The inception of the NIS can be dated to some time in 1999, please see the UK Government Gateway FAQ, section 1.1.1, http://archive.cabinetoffice.gov.uk/e-government/docs/responsibilities/document_library/pdf/gateway_faqs_v2.pdf:
"Q. What is the Government Gateway? What is it for?
"A. In 1999, the UK Government commissioned a report from PA Consulting looking at the cross-government infrastructure that would be required to enable the delivery of online services and joined-up government to be implemented. One of the recommendations in that report was that the UK Government should procure a central ‘gateway’ that would help tackle common issues such as user identity management, messaging and transaction handling."
Arguably, in 10 years, PA Consulting and the Identity & Passport Service (IPS) and its predecessors, have achieved nothing. They are utterly ineffectual. Sedentary, if not actually supine, they have set low targets for themselves and failed to meet even those.
Is there someone somewhere, I sometimes ask myself, someone with real power, the power to make things not happen, putting his or her foot on the brake?
Is it right to fear the NIS or is it more sensible just to pour scorn on the hopeless under-achievers at IPS?
Don't know.
But one thing is clear. Any supplier who "gets into bed" with IPS should re-examine their commercial decision-making processes, http://dematerialisedid.com/BCSL/Risk.html. CSC, with their £385 million contract to produce the biographical National Identity Register (NIR), and IBM with their £265 million contract to produce the biometric NIR, are all set for a place in the business school case studies on how to come a cropper – an eminently avoidable cropper.
Mr T
You say:
"The article assumes technology never advances and it assumes if perfection cannot be attained there is no point in making an improvement.
"What we need for now is something better than what we have now. Achieving perfection is always something for the future."
----------
As it happens, no. I'm all for research into biometrics, I expect technology to advance, I understand that there are limits to human systems, some small failure rate would be acceptable to us all, but the failure rates of mass consumer biometrics at the moment are not small by any standard.
Nigel Sedgwick is my nominee for the expert on biometrics most worth listening to, http://dematerialisedid.com/BCSL/Fantasy.html. He is the man who has calculated the performance needed to deliver politicians' promises for biometrics and he is the man who says that there are no such biometrics available today that he knows of. Which seems to me to be the end of the argument – biometrics is a subject without an object. Unless you know better. In which case, please tell us.
Mr Sedgwick likens today's mass consumer biometrics industry to the airline industry 100 years ago. Rolling out biometrics today to the entire population is as suicidal as getting everyone to take transatlantic flights in 1909.
Mr Smith
You ask:
"... checking each person against *all* other users (including the one they claim to be) gives 60milion ^2 or 3.6E^15 ... So how does the number of matches get dropped by 1/2?"
----------
Suppose we have both George VI and Che Guevara on the population register. Your calculation treats matching George to Che as separate from matching Che to George. Professor Daugman's method calls that one match, not two. He's doing combinations, you're doing permutations.
The reader who wishes to remain anonymous replies:
"Fair enough - I would actually expect it is as you suggest - they are probably configured to be somewhat lax -- you know the numbers better than I do, but if the probability of another person being able to pass through on my credentials is 1/10000 then presumably they figure this 0.01% chance is acceptable to prevent brute force attack. I would spend a long time to find one of the compatible 700 people. But they aren't claiming it offers fool proof identification, either.
"If I am able to find any information about the manufacturer I will send it along.
"Cheers,
"-<reader name>"
----------
I believe that most people think the biometrics being offered in the National Identity Scheme (NIS) and in the UK Border Agency's eBorders scheme are 100% reliable, binay, yes/no, that's you/that's not you. That causes most people to look on these schemes in a certain way.
If and when they realise that the identity ascribed to a person by today's mass consumer biometric technology is only probabilistic, I believe that people will look on it in a different way. The technology will provide acceptable value for money if the error rate is small.
But what is "small"? 0.5%? 1%? Those would probably count as small, and people would grudgingly think the money is well spent. But 20%? That will come as a shock. Nothing in the utterances and press releases of politicians and civil servants has prepared people for that sort of error rate. But that's what the FNMR is, apparently, for flat print fingerprinting, with a low FMR.
Not having been prepared, people will feel cheated, the money will feel wasted and the instigators of the NIS and eBorders will be lucky if the worst they suffer is derision.
----------
You would have trouble finding 700 people in <countryname> with similar flat print fingerprints to yours. I would, too. We're both nice people.
But consider a newspaper editor. He or she is used to retaining private investigators (PIs) to discover secrets about people. The PIs, in turn, have contacts in the police or at credit card companies who will supply information for money. This doesn't happen at The Register, I imagine, and we all know it doesn't happen at the News of the World. But it happens. Someone is keeping those PIs in business.
A newspaper editor, or organised criminal, could ask his contacts to get him the name and address of the top 100 people with closest matching flat print fingerprints, all neatly categorised by post code. Henchmen could then be despatched to do a spot of burgling/pickpocketing. Perhaps it would be best not to steal the look-alikes' cards. That would get them revoked. But just note down/download some details so that a decent copy can be made.
Bob, it seems ot me, after that, is your uncle.
The nice people suffer. The nasty people prosper.
----------
Hope you can get some information.
Best wishes
dm
A reader who wishes to remain anonymous emails:
"Hi David - I'm confused because <countryname> is using fingerprint-based identity verification (not identification as you define it, because it is matching my flat-fingerprint read against a smartcard that stores a copy or some hashed representation), and this system has worked quite reliably for me over the last few years since they started using it in all their automated immigration kiosks.
"I use it myself several times per month and occasionally it can't read my fingerprint but it tells me this and I try it again and it goes through. I don't see evidence of the 15-30% failure rates you are mentioning. Are they using a better technology?
"Personally I always thought the bigger concern about biometric security was the impossibility of revoking a stolen key. If someone is able to compromise the reader infrastructure then presumably they can capture the hash of my digital retina, for example. Now they could submit this through any hacked interface, and I can never recall it as stolen. Of course this requires that they hack both sides, but we know that even ATMs are hacked -- good, send me a new debit card. But a new retina?
"Curious to hear your thoughts.
"Cheers, -<readername>"
----------
1. It is possible that this country is using more reliable technology than others. Could you try to find out who supplies it?
2. I would be surprised if they have found a supplier with an infallible product. We would have heard about it by now, if that was the case, and we would all know the failure to enroll rate (FTE), and the matching false match and false non-match rates (FMR and FNMR). Nobody with a light like that would hide it under a bushel.
3. You are only a sample of one. You cannot draw much of a conclusion from so small a sample.
4. Can you find out how the fingerprint equipment has been set. It may be that the authorities have deliberately opted for a low FNMR. In that case, they are likely to experience a high FMR -- you may find that hundreds of people could pass through the gates using your ID card.
5. Scanning your iris is supposed to be risk-free. Scanning your retina isn't. I asked my optician. She said it was a bad idea to have your retina repeatedly scanned. Only a sample of one, admittedly.
6. You're confused? Nothing like as confused as the politicians and civil servants here in the UK, http://dematerialisedid.com/BCSL/Tulipmania.html.
Best wishes
dm
Mr Coward
You say:
"The only way to use a hashing system currently is with DNA profiles which are gene sequences and therefore effectively a specific value rather than a measurement. Here your only problem is the probability of a matched sequence which is higher than most people think."
Correct.
Professor Sir Alec Jeffreys, the man who invented DNA profiling, so he should know, had this to say way back in 2004, http://www.guardian.co.uk/science/2004/sep/09/sciencenews.crime:
"Genetic profiles stored by police normally record the details of 10 specific parts of the long chain of molecules that make up a person's DNA. The chances of two unrelated people having the same details for all these 10 markers - and hence the chance of a false identification - is said to be about one in a billion. This method has traditionally been regarded as highly efficient at identifying suspects from DNA traces left at crime scenes.
"However, Prof Jeffreys said the increasing number of records being held on the police database - currently about 2.5m - meant that having only 10 markers per person was no longer foolproof."
Absolutely no need to apologise.
Your Hungarian experience reminds me.
One of the arguments used for the introduction of biometrics into the UK is that other countries use them. That doesn't make biometrics reliable, of course. It simply suggests that we in the UK should do what other people do.
In Hungary, they speak Hungarian. Do the Home Office suggest that we all speak Hungarian?
No. They do not follow their own rule.
Just as well. After all, they speak Portuguese in Brazil. So we should speak Portuguese.
The rule implies both that we should speak Hungarian and that we shouldn't, because we should speak Portuguese.
Reductio ad absurdum.
Ed
You say:
"We, as humans, can mistake one person for another. I can't believe computers are going to get better at recognizing us than we can each other in the near future."
According to the US National Institute of Standards and Technology (NIST), http://www.frvt.org/FRVT2006/docs/FRVT2006andICE2006LargeScaleReport.pdf:
"In an experiment comparing human and algorithm performance, the best-performing face recognition algorithms were more accurate than humans."
That was the result of a laboratory-based experiment. It has never been repeated in the field. Quite the opposite.
NIST's methodology for predicting outcome in the field is utterly discredited.
Mr Animal
You say:
"You know this, I know this, many statisticians, mathematicians, techies and geeks know this. What we actually need is some trusted (ha!) media organisation, like say the beeb, to explain it to the rest ..."
Quite right. Editors in the print media and broadcast should be lobbied to insert the word "alleged" into any of their reports on the reliability of biometrics. Biometrics are guilty until proven innocent -- normal scientific scepticism.
As for your joking assertion that "they're all in it together I tell you!", you know and I know that that's not quite it. There's just a general assumption that biometrics work infallibly, a forgivable mistake, people can't be expected to question everything, there isn't time, how many false beliefs do you and I hold?
We just need to indicate to politicians, civil servants, journalists and others that this is an area where it's worth putting in a bit of effort to question the received wisdom, otherwise we'll waste a fortune and there will be a lot of disappointment when all those raised hopes for security and efficiency are dashed.
Mr Cowherd
You say:
"Portugal ... is using fully automated facial biometrics already."
Correct. Ditto Australia, please see letter from Home Office Scientific Development Branch (HOSDB), http://dematerialisedid.com/BCSL/Rejman-Greene.html:
"Operational testing, e.g. in Australia and in Portugal, has confirmed the improvements which the NIST technology tests have identified."
That is HOSDB's assertion. I can find no references to the success of the technology in Portugal. As to Australia, please see http://www.australianit.news.com.au/story/0,,23502567-5013040,00.html?from=public_rss:
"Customs refused to disclose the rates at which the system inaccurately identified people ..."
This is not how science is normally conducted, is it? Normally, the emphasis is on openness, which promotes confidence. The Australian Customs are depressing confidence, their secrecy looks suspicious, what have they got to hide?
Mr Wilkinson
Thank you for your contribution, especially valued coming from a practitioner.
I did propose a plan to John Reid when he was Home Secretary how to get off the hook while saving face, http://dematerialisedid.com/Open.html. The plan is unused and remains available to any future Home Secretary and, indeed, to the Interior Minister of any country in the world. Interior Ministers, or Prime Ministers, http://dematerialisedid.com/OffTheHook.html.
Ms Helm, you say:
"... maybe we find ways to measure multiple biometrics, or different biometrics, to obtain more reliable results. Then the assertion that you could use biometrics for a national identity system becomes more likely ... The bottom line is not that it is impossible, but simply that the current technology is not mature enough."
I think that is correct. No single, practical biometric suitable for mass consumer use is known. The "hope" is that some combination of biometrics might deliver usable reliability. So far, there is no known composite biometric either, please see http://dematerialisedid.com/BCSL/Fantasy.html.
That is the "bottom line". Schemes like the National Identity Service and eBorders are proceeding in the full knowledge that the biometrics they depend on are not available. Call it "delusion" or "fantasy", whatever, it isn't rational, scientific, businesslike or responsible.
Julian
Uou say:
"To prove that each [of 60 million people] is represented by a unique electronic identity on the population register, each biometric would have to be compared with all the rest. That would involve making 1.8 x 10^15 comparisons.
Bollocks - I think - except in the most improbable worst case. Hash the identity and do a sort, then look for consecutive duplicates. Quicksort is O(nlogn)... do the math.
----------
What you outline is an algorithm for finding matches. It may be a jolly good algorithm. But it says nothing about the number of matches you will find, nor does it help to distinguish the genuine matches from the false ones.
Professor Daugman's argument lives, therefore, to fight another day. The number of false matches is so great that it is not feasible to say that everyone has one and only one identity recorded on the population register. Not with populations like the 60 million of us in the UK, 600 million in the EU and 6 billion in the world.
NIST had a lot of trouble proving uniqueness in a population of 6 million, please see http://dematerialisedid.com/PDFs/ir_7110.pdf. You might approach them with your hashing function, they could be grateful ...
Consider the world.
Divide it into two.
Those people who live in Hillingdon, Set A. And those who don't, Set B.
Assume that there are more members of Set B than there are of Set A.
Assume that demand rises as prices fall and vice versa.
What 400 businesses in Hillingdon have discovered is the quickest way to go out of business.
A small number of people will be given a discount (i.e. paid) to do business with them, thus reducing margins.
And a large number of people will have the incentive to do business with them reduced, thus reducing turnover.
Economic assisted suicide.
I refer to the biography of William Blake by GE Bentley Jr, The Stranger from Paradise: A Biography of William Blake, pp.58-60.
Blake trained at the Royal Academy. Circa September 1780, he and two friends (Stothard and Parker) sailed down to Chatham to do some sketching.
Bentley quotes from the biography of Stothard written by his daughter-in-law:
"... they were suddenly surprised by the appearance of some soldiers, who very unceremoniously made them prisoners, under the suspicion of their being spies for the French government; as this country was then at war with France. In vain did they plead that they were only there sketching for their own amusement; it was insisted upon that they could be doing nothing less than surveying for purposes inimical to the safety of Old England."
Tip for tomorrow: a messenger was sent to the Academy, which vouched for its three students and they were released.
BBC, Friday 20 December 2002 02:09 GMT, Phone firms 'flooded' by crime checks:
"Mobile phone firms are being overwhelmed by police requests for information about suspects' calls, the companies have complained.
"Almost half a million inquiries are made to the firms every year by police and customs officers, the BBC has learned." http://news.bbc.co.uk/1/hi/uk/2592707.stm
It may be that the number of requests for mobile phone records is actually static and that two years ago, in 2006-07, the "authorities" just stopped counting for a while or left six months' statistics on the train by mistake.
There is no telling how many requests are submitted by the security services, but we should not ignore the police, customs officers (now spread around HMRC and UKBA), SOCA, and the FSA, who presumably find time to do a bit of investigatory work in between banks going bust.
Given that there are about 450 local authorities, the number of requests submitted by them is heart-warmingly pathetic, an average of 3 or 4 each. Long may it remain that way.
This is a pretty magisterial article of yours, Mr Lettice, and I congratulate you on it.
The UK, like the Republic of Ireland and Denmark, is specifically excluded under EC 2252/2004 from having to record fingerprints on passports. There is no EU obligation there and no US obligation. The Identity & Passport Service (IPS) "volunteered" to record fingerprints. They can just un-volunteer.
The ICAO's Berlin Resolution provides for people to send a photograph of themselves by post, together with their passport application -- there is no ICAO requirement to attend a personal interview, that is an elaboration of IPS's, and they can just un-elaborate it.
The ICAO do point out that the biometrics stored on passports need to be protected by PKI, the public key infrastructure. PKI will protect any message, whatever it is, equally well. There is no distinction from that point of view between facial recognition and fingerprints. You and Mr Huhne are perhaps falling into the trap of a false distinction there.
Mr Grayling might be more prepared to abandon the IBM contract for a biometrics database if he knew how unreliable the biometrics chosen by IPS are.
There is no chance of these biometrics proving that each person has one and only one electronic identity. Professor Daugman, of irisprint biometrics fame, has pointed out that IPS would drown in a sea of false positives if they tried. The maths is incontrovertible. The more upright suppliers have given up offering "identification".
They can barely offer verification, the confidence that the person in front of you is the rightful bearer of the passport. Here, IPS will drown in a sea of false negatives.
So, drop the peculiar insistence on a distinction between the forgeability of facial recognition and fingerprint biometrics and add a healthy dose of scepticism about the reliability of the biometrics, and your article becomes 100% magisterial, instead of just 99%.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
