Feeds

Collar the lot of us! The biometric delusion

Optimism beats evidence in the drive to fingerprint the world

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

IPS may not have conducted any subsequent trials of flat print fingerprinting, but their cousins the UK Border Agency (UKBA) did start a six-month trial of biometrics based on facial recognition at Manchester airport in August 2008. Eleven months later, no results have been published by UKBA.

But there have been leaks to the BBC and the Daily Telegraph.

"Sources from the UK Border Agency (UKBA) have revealed that the devices are failing to detect when two people pass through them at the same time. The system [smartgates, the Automated Clearance System (ACS)], which replaces traditional passport control measures, is undergoing a live trial at Manchester Airport, where a UKBA worker said it was suffering almost daily malfunctions. He said immigration officers had been able to accompany travellers through the scanners without an alarm being triggered, even though the booths are supposed to detect if more than one person enters at a time. 'Immigration officers have been able to tailgate passengers through the machine, without the machine picking it up,' he said.

"The source said there were malfunctions taking place almost daily in the pilot project, which is thought to have cost the taxpayer several hundred thousand pounds. 'There are five pods and when one breaks down, they all break down.'

"Up until the point of the official launch, it was rejecting 30 per cent of those who tried to get through it,' the UKBA worker said. 'We believe they had to recalibrate it – essentially make it easier to get through the system'".

Unlikely bin Laden doppelgangers

And the Telegraph has tracked down another biometrics expert, like Tony Mansfield and Marek Rejman-Greene:

"In a leaked memo, an official says the machines have been recalibrated to an 'unacceptable' level meaning travellers whose faces are shown to have only a 30 per cent likeness to their passport photographs can pass through. Rob Jenkins, an expert in facial recognition at Glasgow University's psychology department, said lowering the match level to 30 per cent would make the system almost worthless. Using facial recognition software from Sydney airport in Australia set at 30 per cent, he found the machines could not tell the difference between Osama bin Laden and the actors Kevin Spacey or even the actress Winona Ryder, while Gordon Brown was indistinguishable from Mel Gibson".

When asked whether this technology works, instead of referring to the results of their own field trial, UKBA point to a report produced in March 2007 by... NIST.*

This is another one of NIST’s computer-based trials, not a field trial. The conclusion drawn from the report by both UKBA and HOSDB is that biometrics based on facial geometry are now reliable enough for airport security. No earlier report is cited. No later report is cited. This is the single report on which UKBA and HOSDB rely. Are they right to place so much confidence in it?

The trial uses eight different sets of sample biometric data (p.35). Two of them are sets of iris scan data. Iris scans are not on offer in the NIS and those results of NIST’s are therefore irrelevant. One is a set of three-dimensional face data, also not on offer in the NIS and so, again, irrelevant. Of the remaining five sets of data, four of them are taken from very few subjects (257 subjects in the worst case, then 263, then 335, and 336 subjects in the best case). As any GCSE student can tell you, that is too small a sample for UKBA to be able to decide whether the technology would work for 60 million people in the UK.

Which leaves us with just one relevant sample dataset, of 36,000 subjects. And how well did facial recognition verify their identity? According to Figure 20 of the NIST report (p.46), at a false match rate of 0.01 per cent, 100 times worse than Professor Daugman's working figure, the false non-match rate varies between eight per cent and 19 per cent, depending on which supplier’s biometrics algorithm is used.

* In the course of its May 2004 report, claiming that flat print fingerprinting works well, NIST had this to say about the alternative, facial recognition: "Even under controlled illumination, which is not used in US-VISIT, the error rate of face is 50 times higher than the two-fingerprint results discussed here. If the case of uncontrolled illumination is considered, this factor would be 250. This means that face recognition is useful only for those cases where fingerprints of adequate quality cannot be obtained" (para.3.3).

By March 2007, NIST would have us believe, facial recognition algorithms had improved by one or even two orders of magnitude. IPS, UKBA and HOSDB may believe that. But note that the US government seems to be in no hurry to incorporate facial recognition into US-VISIT and certainly not into an ID card scheme for their own nationals.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.