Feeds

Minister's shock claim: ID scheme to check 13 biometrics

This little piggy failed the scan test, this little piggy tried again...

  • alert
  • submit to reddit

Top three mobile application threats

Beating off newspaper reports that biometric scans could misidentify up to one in 1,000 users, Home Office Minister Tony McNulty told Sunday's BBC Radio 4 World at One programme that the possibility of errors in one type of scan was precisely why the UK ID card system would be able to check 13 biometrics. Impressed? Confused? Both? Previously the Home Office had shrugged-off suggestions of unreliability by pointing out that three biometrics will be used, fingerprint, iris and facial, but as McNulty continued it became apparent that it's actually 13, if you count fingers individually.

As he told Radio 4, "if there are difficulties with the facial biometric, there are 12 other biometrics, two iris checks and ten finger and thumb prints." This novel new way to deconstruct biometrics will no doubt be compelling to the Great British Public and a boon to the marketing departments of the biometric industry.

The UK ID card scheme has always been intended to cater for all ten digits, so the switch from saying three to saying 13 is simply a sign that the Home Office thinks it needs to spin harder. The use of three (we'll just stick with that number, if it's all the same to you) types of biometric can in principle identify an individual more reliably, but it's more costly and complicated (Do you read all three and set a pass rate? Do you read different ones depending on circumstances? Do you fall back to the second and third on failure of the first?).

Nor is accuracy simply a matter of how many biometrics you read, because to a great extent you set the accuracy level yourself when you calibrate the readers. If you're too strict on accuracy, then you incorrectly reject an unacceptably high proportion of sus..., er, subjects. And if you're too slack, anybody can walk in. You complicate matters further if - as the UK Government would so dearly like to do - you want to conduct one to many searches so that you can snag duplicate IDs and individuals you're looking for, because you're likely to want to calibrate the system differently for those purposes.

Essentially, the Home Office spin about three, 13 or umpteen different kinds of biometric is just drizzle obscuring all of this. If the equipment you're using to read the biometrics is proving less accurate than you had initially anticipated then yes, it does affect what you have to read and how much you have to read in order to improve your chances of getting an accurate result. That does not mean it's 'all OK' because you cleverly anticipated this by deciding to read three classes of biometric right from the start (actually, you didn't, but now you reckon you'll have to). It means that the overall capabilities of the system are not as great as you had initially hoped. But going onto the radio and saying something like, 'Yes, individually they're all crap, so we're going to have to read all three' doesn't sound nearly so good.

The news story McNulty was responding to was carried in the Independent on Sunday, here. We assume this will go into the paid-for section shortly. The problems it covers are mostly well-known ones, but it's a useful summary. McNulty himself helpfully added "people with brown eyes" as a problem area to the list in the paper.

While we're about it, we couldn't resist McNulty's comments on The Politics Show in defence of Home Office dawn raids on asylum seekers: "We are not knocking down doors at four in the morning with people booted and suited in riot gear. Most of the removals occur around half-five, half-six, seven in the morning." So presumably the borderline between free democracy and police state lies somewhere between the hours of 4am and 5.30am. Does freedom get a longer lie-in at weekends? ®

Related stories:

Top three mobile application threats

More from The Register

next story
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.