Feeds

DHS and UK ID card biometric vendor in false ID lawsuit

Right fingerprints, wrong felony and murder rap

  • alert
  • submit to reddit

Application security programs and practises

At San Jose Superior Court today (11 May) biometrics company Identix will seek to have a product liability and slander lawsuit against it and the States of California and Oregon dismissed. Plaintiffs Roger Benson and Miguel Espinoza are seeking restitution for the damage inflicted on them by duplication in police records which gave them other people's criminal records.

Benson was wrongfully imprisoned for 43 days for carrying a firearm when a convicted felon, although the felony on his record had been committed by someone else, while Espinoza, had his restaurant business destroyed by a false record of a criminally negligent homicide conviction. The plaintiffs claim that their problems stemmed from Identix's Livescan 10-print, a fingerprint scanner used to enter fingerprint data into police systems. Two months ago Identix was re-confirmed as the winner of a Department of Homeland Security Blanket Purchase Agreement (BPA) for fingeprint systems, this being worth and estimated $27 million over five years. Identix is also supplying equipment for the UK Passport Service's ID card pilot, so one might reasonably consider that the stakes in San Jose Superior Court will be rather high.

The case hinges on the origin of duplicate record ID numbers, but it is the fact that these actually existed that is of the broadest significance. Benson, whose case has been going through the courts longest, stepped into trouble when he was pulled in for a traffic violation and fingerprinted. This process was carried out using a Livescan system, which produced an Electronic Fingerprint Card (EFC). Each EFC is assigned a fingerprint control number, FPN, which is intended to be unique. Previous paper-based systems, which are still widely used in the US, use EFCs preprinted with a unique FPN, but this is not the case with EFCs produced with the Livescan system. Benson's EFC was created on February 6th 1998, and on September 10th 1998 one William Lee Kellog, charged with multiple felonies, was put through the booking process. Kellogg's EFC had the same FPN as Benson's.

FPNs are widely used in criminal justice databases, and the duplicate records entered the Oregon Judicial Information Network (OJIN), where Kellogg's convictions were attached to Benson's record. A routine inspection in California the next year uncovered a handgun in Benson's truck, and as his Oregon record said he was a thrice convicted felon, he was arrested for being in violation of the California Penal Code.

The plaintiffs' complaint alleges that the defendants have known since 1996 "that Livescan machines had the identified propensity of creating defective EFCs," and that they therefore knew that this was corrupting criminal justice databases and court records. It is not clear from the evidence presented that the blame rests entirely with the Livescan equipment, but it does seem clear that Oregon was aware that duplication incidents were occurring (a list of 97 of these was compiled), and it has certainly taken Benson some considerable time, against considerable opposition, to clear his name.

He was, for example, unaware of the biometric technology's influence on his case until 2002, and prior to this had come up with some decidedly paranoid theories to explain why his life was being destroyed because of a traffic violation. As indeed, you might.

For the rest of us, the real issue is how fallibility in software and human input can produce extremely serious errors in systems which are intended to provide virtually infallible identification. There is here no dispute that Benson's and Kellogg's biometric records are entirely different (Benson has only nine fingertips, for starters), but the processes operated in such a way that Benson's record got the convictions. These spread from Oregon to California, and Benson's attorney claims that he is still recorded by the FBI as having been arrested as a felon in possession of a firearm.

Organisations deploying such systems should of course be extremely concerned that they are not subject to such errors. Aside from the impact on the victims, the creation of false records will damage the integrity of the database they're used in initially, and the sharing of this data will result in the corruption spreading into other systems. The further it gets, the harder it will be to undo the damage. But the more sure the designers are that they've ruled out problems like this, the harder it will be to have errors corrected. If it's impossible, then the people complaining have got to be mad, right? The issue of how you deal with the data is actually far more important than getting the technology to produce a "unique" biometric. ®

Related links:

Benson's complaint

Glitches in ID card kit frustrate Blunkett's pod people

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.