Feeds

Collar the lot of us! The biometric delusion

Optimism beats evidence in the drive to fingerprint the world

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

IPS may not have conducted any subsequent trials of flat print fingerprinting, but their cousins the UK Border Agency (UKBA) did start a six-month trial of biometrics based on facial recognition at Manchester airport in August 2008. Eleven months later, no results have been published by UKBA.

But there have been leaks to the BBC and the Daily Telegraph.

"Sources from the UK Border Agency (UKBA) have revealed that the devices are failing to detect when two people pass through them at the same time. The system [smartgates, the Automated Clearance System (ACS)], which replaces traditional passport control measures, is undergoing a live trial at Manchester Airport, where a UKBA worker said it was suffering almost daily malfunctions. He said immigration officers had been able to accompany travellers through the scanners without an alarm being triggered, even though the booths are supposed to detect if more than one person enters at a time. 'Immigration officers have been able to tailgate passengers through the machine, without the machine picking it up,' he said.

"The source said there were malfunctions taking place almost daily in the pilot project, which is thought to have cost the taxpayer several hundred thousand pounds. 'There are five pods and when one breaks down, they all break down.'

"Up until the point of the official launch, it was rejecting 30 per cent of those who tried to get through it,' the UKBA worker said. 'We believe they had to recalibrate it – essentially make it easier to get through the system'".

Unlikely bin Laden doppelgangers

And the Telegraph has tracked down another biometrics expert, like Tony Mansfield and Marek Rejman-Greene:

"In a leaked memo, an official says the machines have been recalibrated to an 'unacceptable' level meaning travellers whose faces are shown to have only a 30 per cent likeness to their passport photographs can pass through. Rob Jenkins, an expert in facial recognition at Glasgow University's psychology department, said lowering the match level to 30 per cent would make the system almost worthless. Using facial recognition software from Sydney airport in Australia set at 30 per cent, he found the machines could not tell the difference between Osama bin Laden and the actors Kevin Spacey or even the actress Winona Ryder, while Gordon Brown was indistinguishable from Mel Gibson".

When asked whether this technology works, instead of referring to the results of their own field trial, UKBA point to a report produced in March 2007 by... NIST.*

This is another one of NIST’s computer-based trials, not a field trial. The conclusion drawn from the report by both UKBA and HOSDB is that biometrics based on facial geometry are now reliable enough for airport security. No earlier report is cited. No later report is cited. This is the single report on which UKBA and HOSDB rely. Are they right to place so much confidence in it?

The trial uses eight different sets of sample biometric data (p.35). Two of them are sets of iris scan data. Iris scans are not on offer in the NIS and those results of NIST’s are therefore irrelevant. One is a set of three-dimensional face data, also not on offer in the NIS and so, again, irrelevant. Of the remaining five sets of data, four of them are taken from very few subjects (257 subjects in the worst case, then 263, then 335, and 336 subjects in the best case). As any GCSE student can tell you, that is too small a sample for UKBA to be able to decide whether the technology would work for 60 million people in the UK.

Which leaves us with just one relevant sample dataset, of 36,000 subjects. And how well did facial recognition verify their identity? According to Figure 20 of the NIST report (p.46), at a false match rate of 0.01 per cent, 100 times worse than Professor Daugman's working figure, the false non-match rate varies between eight per cent and 19 per cent, depending on which supplier’s biometrics algorithm is used.

* In the course of its May 2004 report, claiming that flat print fingerprinting works well, NIST had this to say about the alternative, facial recognition: "Even under controlled illumination, which is not used in US-VISIT, the error rate of face is 50 times higher than the two-fingerprint results discussed here. If the case of uncontrolled illumination is considered, this factor would be 250. This means that face recognition is useful only for those cases where fingerprints of adequate quality cannot be obtained" (para.3.3).

By March 2007, NIST would have us believe, facial recognition algorithms had improved by one or even two orders of magnitude. IPS, UKBA and HOSDB may believe that. But note that the US government seems to be in no hurry to incorporate facial recognition into US-VISIT and certainly not into an ID card scheme for their own nationals.

Security for virtualized datacentres

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.