Feeds

Collar the lot of us! The biometric delusion

Optimism beats evidence in the drive to fingerprint the world

  • alert
  • submit to reddit

SANS - Survey on application security programs

Once again, NIST provide no support to IPS or UKBA or HOSDB. A false non-match rate of between eight and 19 per cent does not sound like convincing evidence for the reliability of facial recognition as a biometric. And remember that these figures emanate from a methodology which has already been discredited as a predictor of outcomes in the field.

Mansfield and Rejman-Greene note in their report that the reliability of biometrics based on facial geometry falls off a cliff two months after people are first photographed – "even under relatively good conditions, face recognition fails to approach the required performance" (para.52d). For the first two months in the life of any new passport, verification will be erratic. For the last 118 months, it will be impossible – that is the implication. What do NIST have to say about this problem? Nothing.

There is one other piece of facial geometry evidence which it would be useful to see, and that is a report on the results of China’s 10 million faces test, an element of Operation Golden Shield. China, like the UK, is keen on using biometrics. That report is unfortunately not available.

Here at the end of the review, the adventitious question arises of why do politicians and civil servants all over the world continue to advocate the use of biometrics when the evidence simply doesn’t support them? There is no answer. Their behaviour is inexplicable.

One thing is clear, though, and that is that biometrics cannot deliver. Identification is not feasible. Verification is laughably unreliable. And the flat earther David Blunkett is wrong. So is Tony Blair when he says that “biometrics give us the chance to have secure identity”. And so is Gordon Brown when he says that biometrics “will make it possible to securely link an individual to a unique identity”.

The scale of the institutional fantasy which constitutes the NIS is grotesque. Biometrics cannot underpin the NIS and so, by IPS’s logic, the NIS cannot underpin the “interactions and transactions between individuals, public services and businesses”. Safeguarding Identity is a false prospectus – no properly managed stock exchange would allow its shares to be listed. The NIS is guaranteed to fail.*

Your taxes at work - PA's 'Innovation Highway' explains biometrics

We have already noted some of the practical implications of NIS fantasy – millions of us would have trouble proving our right to work, getting state healthcare and state education. Here are two more:

• IPS have not even provided a way to collect everyone's biometrics. Italy (population 58 million) has a national network of about 8,000 ID card registration centres. The Netherlands (17m) has – or plans to have – about 4,000 centres. The UK (61m) was recommended by Tony Mansfield and Marek Rejman-Greene to set up a network of about 2,000 centres (para.105), a curiously low number, but not as low as the number IPS came up with: 69. Instead of registering people themselves, IPS expect high street retailers to do the job for them. But which high street retailer, having spent decades growing a trusted brand, will risk the anger of 20 per cent of their customers who, having handed over their fingerprints, are told as a result that they have no right to work in the UK? Fantasy. ®

• If UKBA use flat print fingerprinting to check everyone coming into the country, and everyone leaving the country, UK nationals, other EEA nationals and non-EEA nationals alike, and if the technology performs as well as it does in US-VISIT, then they will have to detain about 8,000 travellers a day. The prisons are full. Where are UKBA going to put all the detainees? Fantasy.

* Anyone not convinced by the facts, figures and arguments presented here may consider the conclusion of the Office of Government Commerce, an independent office of HM Treasury: "This has all the inauspicious signs of a project continuing to be driven by an arbitrary end date rather than reality... I conclude that we are setting ourselves up to fail".

What's more, the UK Passport Agency (UKPA, previously the Passport Office, subsequently UKPS, subsequently IPS) agrees: "I wouldn't argue with a lot of this...".

In addition to the politicians and civil servants driving the NIS, there are, of course, the consultancies, notably PA Consulting. PA give it as their opinion that biometrics is mostly hype.

And beyond the consultancies, there are the biometrics companies themselves. The history of L-1 Identity Solutions, Inc., one of the more financially successful members of the industry, provides some support for PA's view and no support for the NIS.

David Moss has been in IT for over 30 years now and works as an IT consultant. He has failed for over six years to convince the government that we already have ID cards, in the form of our mobile phones, but it's early days yet - the standard gestation period is apparently 12 years. While waiting for the government to have the original idea themselves that we don't need the ID cards the Identity & Passport Service keep writing press releases about, because we already have mobile phones, he is trying to make people confront the evidence before their eyes, that the biometrics emperor has no clothes.

Editor's note: A more heavily annotated version of this document is also available in PDF form, from David Moss himself, or from The Register's library, here.

3 Big data security analytics techniques

More from The Register

next story
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
APPLE FAILS to ditch class action suit over ebook PRICE-FIX fiasco
Do not pass go, do cough (up to) $840m in damages
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.