Feeds

Minister's shock claim: ID scheme to check 13 biometrics

This little piggy failed the scan test, this little piggy tried again...

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Beating off newspaper reports that biometric scans could misidentify up to one in 1,000 users, Home Office Minister Tony McNulty told Sunday's BBC Radio 4 World at One programme that the possibility of errors in one type of scan was precisely why the UK ID card system would be able to check 13 biometrics. Impressed? Confused? Both? Previously the Home Office had shrugged-off suggestions of unreliability by pointing out that three biometrics will be used, fingerprint, iris and facial, but as McNulty continued it became apparent that it's actually 13, if you count fingers individually.

As he told Radio 4, "if there are difficulties with the facial biometric, there are 12 other biometrics, two iris checks and ten finger and thumb prints." This novel new way to deconstruct biometrics will no doubt be compelling to the Great British Public and a boon to the marketing departments of the biometric industry.

The UK ID card scheme has always been intended to cater for all ten digits, so the switch from saying three to saying 13 is simply a sign that the Home Office thinks it needs to spin harder. The use of three (we'll just stick with that number, if it's all the same to you) types of biometric can in principle identify an individual more reliably, but it's more costly and complicated (Do you read all three and set a pass rate? Do you read different ones depending on circumstances? Do you fall back to the second and third on failure of the first?).

Nor is accuracy simply a matter of how many biometrics you read, because to a great extent you set the accuracy level yourself when you calibrate the readers. If you're too strict on accuracy, then you incorrectly reject an unacceptably high proportion of sus..., er, subjects. And if you're too slack, anybody can walk in. You complicate matters further if - as the UK Government would so dearly like to do - you want to conduct one to many searches so that you can snag duplicate IDs and individuals you're looking for, because you're likely to want to calibrate the system differently for those purposes.

Essentially, the Home Office spin about three, 13 or umpteen different kinds of biometric is just drizzle obscuring all of this. If the equipment you're using to read the biometrics is proving less accurate than you had initially anticipated then yes, it does affect what you have to read and how much you have to read in order to improve your chances of getting an accurate result. That does not mean it's 'all OK' because you cleverly anticipated this by deciding to read three classes of biometric right from the start (actually, you didn't, but now you reckon you'll have to). It means that the overall capabilities of the system are not as great as you had initially hoped. But going onto the radio and saying something like, 'Yes, individually they're all crap, so we're going to have to read all three' doesn't sound nearly so good.

The news story McNulty was responding to was carried in the Independent on Sunday, here. We assume this will go into the paid-for section shortly. The problems it covers are mostly well-known ones, but it's a useful summary. McNulty himself helpfully added "people with brown eyes" as a problem area to the list in the paper.

While we're about it, we couldn't resist McNulty's comments on The Politics Show in defence of Home Office dawn raids on asylum seekers: "We are not knocking down doors at four in the morning with people booted and suited in riot gear. Most of the removals occur around half-five, half-six, seven in the morning." So presumably the borderline between free democracy and police state lies somewhere between the hours of 4am and 5.30am. Does freedom get a longer lie-in at weekends? ®

Related stories:

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.