Feeds

DHS and UK ID card biometric vendor in false ID lawsuit

Right fingerprints, wrong felony and murder rap

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

At San Jose Superior Court today (11 May) biometrics company Identix will seek to have a product liability and slander lawsuit against it and the States of California and Oregon dismissed. Plaintiffs Roger Benson and Miguel Espinoza are seeking restitution for the damage inflicted on them by duplication in police records which gave them other people's criminal records.

Benson was wrongfully imprisoned for 43 days for carrying a firearm when a convicted felon, although the felony on his record had been committed by someone else, while Espinoza, had his restaurant business destroyed by a false record of a criminally negligent homicide conviction. The plaintiffs claim that their problems stemmed from Identix's Livescan 10-print, a fingerprint scanner used to enter fingerprint data into police systems. Two months ago Identix was re-confirmed as the winner of a Department of Homeland Security Blanket Purchase Agreement (BPA) for fingeprint systems, this being worth and estimated $27 million over five years. Identix is also supplying equipment for the UK Passport Service's ID card pilot, so one might reasonably consider that the stakes in San Jose Superior Court will be rather high.

The case hinges on the origin of duplicate record ID numbers, but it is the fact that these actually existed that is of the broadest significance. Benson, whose case has been going through the courts longest, stepped into trouble when he was pulled in for a traffic violation and fingerprinted. This process was carried out using a Livescan system, which produced an Electronic Fingerprint Card (EFC). Each EFC is assigned a fingerprint control number, FPN, which is intended to be unique. Previous paper-based systems, which are still widely used in the US, use EFCs preprinted with a unique FPN, but this is not the case with EFCs produced with the Livescan system. Benson's EFC was created on February 6th 1998, and on September 10th 1998 one William Lee Kellog, charged with multiple felonies, was put through the booking process. Kellogg's EFC had the same FPN as Benson's.

FPNs are widely used in criminal justice databases, and the duplicate records entered the Oregon Judicial Information Network (OJIN), where Kellogg's convictions were attached to Benson's record. A routine inspection in California the next year uncovered a handgun in Benson's truck, and as his Oregon record said he was a thrice convicted felon, he was arrested for being in violation of the California Penal Code.

The plaintiffs' complaint alleges that the defendants have known since 1996 "that Livescan machines had the identified propensity of creating defective EFCs," and that they therefore knew that this was corrupting criminal justice databases and court records. It is not clear from the evidence presented that the blame rests entirely with the Livescan equipment, but it does seem clear that Oregon was aware that duplication incidents were occurring (a list of 97 of these was compiled), and it has certainly taken Benson some considerable time, against considerable opposition, to clear his name.

He was, for example, unaware of the biometric technology's influence on his case until 2002, and prior to this had come up with some decidedly paranoid theories to explain why his life was being destroyed because of a traffic violation. As indeed, you might.

For the rest of us, the real issue is how fallibility in software and human input can produce extremely serious errors in systems which are intended to provide virtually infallible identification. There is here no dispute that Benson's and Kellogg's biometric records are entirely different (Benson has only nine fingertips, for starters), but the processes operated in such a way that Benson's record got the convictions. These spread from Oregon to California, and Benson's attorney claims that he is still recorded by the FBI as having been arrested as a felon in possession of a firearm.

Organisations deploying such systems should of course be extremely concerned that they are not subject to such errors. Aside from the impact on the victims, the creation of false records will damage the integrity of the database they're used in initially, and the sharing of this data will result in the corruption spreading into other systems. The further it gets, the harder it will be to undo the damage. But the more sure the designers are that they've ruled out problems like this, the harder it will be to have errors corrected. If it's impossible, then the people complaining have got to be mad, right? The issue of how you deal with the data is actually far more important than getting the technology to produce a "unique" biometric. ®

Related links:

Benson's complaint

Glitches in ID card kit frustrate Blunkett's pod people

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Facebook to let stalkers unearth buried posts with mobe search
Prepare to HAUNT your pal's back catalogue
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?