Feeds

FBI preps $1bn biometric database

'Next Generation Identification' awaits you

Combat fraud and increase customer satisfaction

"If someone steals and spoofs your iris image, you can't just get a new eyeball." Paul Saffo, technology industry observer

Quality science fiction has often provided the prism through which we view, for good or ill, the effects of technological and scientific evolution on human life in all its moral and ethical disarray. No recent sci-fi movie has portrayed the inexorable expansion of the use of biometric data in public fora better than Minority Report.

To the surprise of no one who follows such things, the FBI on Friday at last revealed its plans for a major expansion of the use of biometrics in law enforcement - and perhaps most unnervingly, what appears to be a widespread expansion of its use in public spaces.

"Bigger. Faster. Better. That's the bottom line," Thomas E. Bush III, assistant director of the FBI's Criminal Justice Information Services Division, said to the Washington Post. Of course, with American law enforcement, that's always the bottom line, and this is clearly just the beginning.

The program is closely tied with technology currently being developed at the West Virginia University Center for Identification Technology Research (CITeR), located a short drive away, that will allow for biometric identification based on facial recognition technology from as far away as 200 yards, and iris scans from about fifteen feet. Although the report did not specifically address questions of public surveillance, it's difficult to imagine places other than public spaces where law enforcement needs to recognize people from 200 yards away.

The FBI's biometric database is apparently being developed according to standards - of what? - allegedly shared by Britain, Canada, Australia, the US and New Zealand, and includes criminal histories. It is connected, for purposes of cross-reference, with the Terrorist Screening Center's database, and the National Crime Information Center database, which is the FBI's master criminal database of terrorists, felons, fugitives and other undesirables.

Minority retort

Civil libertarians and privacy advocates are not amused.

They claim that the project presents nightmare scenarios of stolen biometric information being used for ever-more outlandish forms of identity theft, which would be nearly impossible to correct. Correcting an inaccurate credit report is already an insulting and hair-raising experience in America, and critics contend that the use of biometrics would make correcting inaccurate credit reports or criminal histories nearly impossible. Besides, they argue, the US government does not exactly have a sterling record when it comes to database security - what happens when, as seems inevitable, the database is hacked and this intimate and allegedly indisputable data is compromised?

The FBI already has a database of 55 million fingerprints and several million DNA samples, but the new initiative will be able to rely on iris patterns, face-shape data, scars, and even unique mannerisms such as the ways people walk and talk, to solve crimes and identify criminals, terrorists and the like.

The FBI will also be more than happy to retain - upon request by employers, though we suspect employers who prefer that the data not be retained will probably have to "opt out" - the fingerprints of employees who have undergone criminal background checks so the employers can be notified if employees have brushes with the law. The project will also share data with law enforcement agencies around the world. Information sharing is always a two way street, which makes the whole endeavor seem even less reliable, depending on where that information comes from.

Databases usually become less accurate, rather than more, the older and bigger they get, because there's very little incentive for the humans that maintain them to go back and correct old, inaccurate information rather than simply piling on new information. Data entry typically trumps data accuracy. Furthermore, the facial recognition technology in its current iteration is woefully inaccurate, with recognition rates as low as 10 per cent at night. All in all, there is ample reason for skepticism - not that it will make much of a difference.

Thanks for the memories

Biometric sharing with the government has already proven to be a sucker's deal for those who have chosen to participate. The government is never going to assume one's innocence just because that individual has agreed to make him or herself immediately identifiable to government screeners - which is why Americans who agreed to submit to routine iris scans in airports still have to wait in line to take off their shoes and have their bags x-rayed.

CITeR director Lawrence A. Hornak - a visionary of the Big Brother school of technology - awaits the day when devices will be able to "recognize us and adapt to us. The long-term goal," he said, is "ubiquitous use" of biometrics. A traveler may walk down an airport corridor and "allow" his face and iris images to be captured without ever stepping up to a kiosk and looking into a camera, he said. Sound familiar?

One of the most memorable scenes in Minority Report occurs when John Anderton, pursued by his own pre-crime division, breaks into a secure area using a stolen eyeball to bypass an iris-scan identification system. Of course, sophisticated criminals of the future will probably not have to resort to carrying stolen eyeballs around in ziplock bags - the glories of digital information technology will surely provide cleaner, more elegant criminal solutions.®

Burke Hansen, attorney at large, heads a San Francisco law office

SANS - Survey on application security programs

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.