Archive for February 2010

Kevin Rudd says Australia faces major terror threat

Feb 24th, 2010 | By | Category: News

BBC News

Australian Prime Minister Kevin Rudd has warned that his country is now under a permanent and increased threat of militant attack.

He also announced plans to fingerprint and face-scan visitors from 10 high-risk countries.

Mr Rudd said there was a growing threat from Islamist radicals born or raised in Australia.

Last week, five Australians of foreign origin received heavy sentences for conspiring to launch a jihadist attack.

Home grown

Mr Rudd said that many “home-grown terrorists” were inspired by what he called international jihadist narratives, as he released a new report compiled by intelligence agencies.

“The threat of home-grown terrorism is now increasing,” he said.

“This white paper is clear: some of the threat we now face comes from the Australian-born, Australian-educated and Australian residents.”

Al-Qaida-linked groups in Yemen and Sudan are the new centre of threat internationally, the policy paper says, and the risks posed by Afghanistan and Pakistan remain high.

The paper says that, despite Indonesia’s successes against terrorism, the Jakarta hotel attacks of last July point to an ongoing threat there.

David Hicks in an undated family photo

Australian David Hicks, captured in 2001, spent five years in Guantanamo
No escape

“Terrorism continues to pose a serious threat and a serious challenge to Australia’s security interests. That threat is not diminishing,” Mr Rudd said.

“In fact, the government security intelligence agencies assess that terrorism has become a persistent and permanent feature of Australia’s security environment. These agencies warn that an attack could occur at any time.”

Australia will spend A$69m ($62m; £40m) on new biometric facilities and will set up a national control centre to co-ordinate efforts to fight extremism.

The government also plans to work with communities to stamp out radicalism by helping all ethnic groups integrate better with mainstream society.

Last week five Australian citizens of Lebanese, Libyan and Bangladeshi origin were jailed for up to 28 years for gathering weapons in preparation for an attack on an unknown target.

In August, five men with alleged links to Somalia’s al-Shabab militants were arrested and charged over an alleged plot to attack a Sydney military barracks.

Foreign Minister Stephen Smith said about 40 people have been arrested in Australia on terror charges since 2000.

“Whilst the numbers are small… it only takes one to get through,” he said, adding that the techniques used by home-grown militants were evolving.

“We are now seeing emerging the potential so-called lone wolf escapade where we don’t have sophisticated planning but an individual is seduced by the international jihad and as a lone wolf does extreme things,” he told ABC radio.

He said the 10 countries to face more stringent entry procedures would not be named yet. “There may be a diplomatic effort required in regards to some of those countries, as you would expect,” he said.

Australia is a close ally of the United States. It was among the first to commit troops to US-led campaigns in Afghanistan and Iraq.

It has not suffered a major peacetime attack on home soil, but 95 Australians have been killed in militant bombings in neighbouring Indonesia since 2001.

New Hampshire to ban biometrics?

Feb 24th, 2010 | By | Category: News

By Leischen Stelter – 02.23.2010

CONCORD, N.H.—A bill introduced in the New Hampshire Legislature could have serious consequences for the development and deployment of biometric technology and could also jeopardize public confidence in the technology. HB 1409, sponsored by Rep. Neal Kurk, originated over concerns of privacy, but there is concern that the broadness of the bill could negatively impact the development of biometrics as an important security tool, said Don Erickson, director of government relations for Security Industry Association.

Specifically, this bill dictates, “no government agency or private entity shall issue an identification card, other than an employee identification card, or use an identification device or system, that requires the collection or retention of an individual’s biometric data.” The legislation also restricts the disclosure use of “biometric data as a condition of doing business with, engaging in any business activity or relationship with, or obtaining services from, that agency or entity.”

The legislation would ban all biometrics, including fingerprints, palm prints, facial features, voice data recognition, iris recognition, hand geometry and retinal scans, according to the bill.

If passed, this legislation would take effect on January 1, 2011.

SIA issued a statement saying that banning nearly all the uses of biometrics is an inappropriate response to privacy concerns. “The sponsor was concerned about privacy and the protection of individual privacy” not about issues of security, said Erickson. And, he contends, biometrics are actually more secure than other technologies. “With biometrics, you don’t have a password or a key to lose, it’s biometric information so you don’t have to worry about people stealing it,” he said.

Vijay Kumar, marketing manager for Ingersoll Rand Security Technologies, Schlage biometrics, agreed that biometrics pose minimal privacy concerns. “A lot of people don’t understand biometrics and these situations are based on misperceptions,” he said. “I think people confuse it with the systems they see on TV crime shows.” The major distinction, said Kumar, is differentiating between identification and authenticating systems. “Identification compares a person to all the people in the system and matches one to a number of samples,” he said. “Authentication is a one-to-one search, where a live biometric—a hand sample for example—is presented by a person and compared to a stored biometric given by the person by consent.”

He agrees with Erickson that biometrics are actually a very secure form of identification. “Biometrics of authentication is actually a more private situation than what we had when we used numeric codes and password and those types of identities are easy to capture,” he said.

However, industry members aren’t surprised this bill was introduced. Security concerns are not to be taken lightly. In this day and age, with increasing incidents of credit card and identity theft, people have a reason to be concerned about privacy, said Erickson. “The industry has taken steps to control personal identification information and it’s in their interest to,” he said. “End users need to be sensitive to this and spend time doing their homework on exactly how the technology works and privacy guards in place.”

And while this bill is troubling for those involved with biometrics, few think it will make much more progress in New Hampshire.  Erickson said the bill was recently voted down 11-6 in committee and doubts it will be reintroduced.

Uncomfortable questions over biometric ID Cards and national security

Feb 23rd, 2010 | By | Category: News

In the last ten days we have learnt that “persons unknown” stole the identity of British citizens and cloned modern UK passports to enter Dubai to perform an assassination. Last week, the Foreign Secretary got up in the House of Commons to say that his legal action before the Court of Appeal was to protect intelligence vital to national security given to the UK by the USA’s national security agencies.

There are obvious data protection consequences that flow from these events that are not being picked up by journalists as part of the current public discourse.

In relation to biometric passports, the official Government information states that all passports now issued contain ‘biometric’ details “which are unique to you – like your fingerprint, the iris of your eye, and your facial features”. In addition, “the chip inside the passport contains information about the holder’s face – such as the distances between eyes, nose, mouth and ears” which “can then be used to identify the passport-holder”.

Also the chip is protected in four ways:

  • “a ‘digital signature’, which shows that the data is genuine and which country has issued the passport
  • Basic Access Control, a ‘chip protocol’ that prevents the data being read without the passport holder’s knowledge
  • Public Key Infrastructure (PKI), a digital technique that confirms the data on the chip was written by IPS and has not been changed, and
  • the chips can only be read at a few centimetres’ distance from a chip reader – so they cannot be accidentally read”.

So, by implication, either “persons unknown” using the UK Passports in Dubai managed to evade some of the above security checks (including any biometric security) or airport security arrangements at a major international airport has suffered a complete failure. Which one is most culpable? It is a very important question.

For instance, if some or all the biometric features that protect the Passport have been “overcome”, where does this leave the biometric security on the ID Card? If one agency can get round the security, isn’t it rather obvious that others can do so also? Does every significant ID Card check now need a reference to personal data stored on the National Identity Register (and recorded on that infamous audit trail) as the means of making sure an ID Card is not a clone? If so, then the ID Card costs have just increased significantly.

In relation to the intelligence issue, I accept that there are immense difficulties. However, if we start from the position that intelligence is information from which one can deduced or infer a possible action, then the position becomes clearer. For example, if “X has been in contact with Y” then it might be important to put “Y” on a watch list.

However, I do not think that “X has been water-boarded” qualifies as intelligence – it is a description of what has happened to X. It might be confidential to qualify the intelligence by explaining that “intelligence from X has been gained under torture”, but there again, it is the information that is provided that is the “intelligence” and not the means by which it was extracted from the informant.

In other words, the Foreign Secretary’s claim that “The seven paragraphs contain summaries of American intelligence relating to Mr Mohamed’s case held in UK files” cannot possibly be substantiated by the facts. One cannot possibly undermine the principle of protecting intelligence sharing if the information itself does not qualify as intelligence (in this case, it relates to inhuman or degrading treatment).

Reference: In my evidence to the Joint Committee on Human Rights published in 2006, I explore national security in the context of Parliamentary scrutiny, data protection, human rights and terrorism. I explain why the UK system of scrutiny desperately needs an overhaul (

ISRAEL: Dubai job re-raises concerns over biometrics

Feb 22nd, 2010 | By | Category: Articles

Israel-biometrics-texas-state The Dubai affair has had its eyebrow-raising moments, like theTwitter accident (since un-tweeted) and the latest trends in spy wear. But it’s also re-raising concerns about the possible next phase in smart identification: biometrics.Intelligence agencies in false mustaches could soon beoutsmarted by systems using biometric information to provide categorically positive IDs.Phony IDs are used by the underage crowd to acquire beer as well as in the perpetration of scams, espionage and terrorism. Israel says it has about 350,000 fakes floating around, costing the country the equivalent of hundreds of millions of dollars. Financial scams are expensive; terrorism costs lives. A few years ago, Israeli authorities started pushing for smart, un-fake-able IDs with foolproof information – and also a national biometric database. A group called NO2BIO campaigned against the biometric-database bill; among other actions, they mooned cameras outside the house of then-Interior Minister Meir Sheetrit in the wee hours, showing privacy goes both ways.Israel’s low-tech population database is already on the Web. But leaked biometrics such as facial features could allow anyone with a grudge and software (and maybe a gun) to pick out Israelis – average Joes and high-ranking officials — from a crowd in an airport or downtown rush hour anywhere in the world. It’s universal jurisdiction on speed.
Avi Dichter, legislator and former head of Israel’s General Security Service (GSS), says Israel secures far more sensitive databases. Government minister and lawmaker Michael Eitan says a biometric database is like a nuclear reactor that nobody needs – and heaven help everyone if it leaks. Protests and warnings from information security experts led the government to reconsider halfway through legislation and announce a two-year pilot program on a voluntary basis instead. The Justice Ministry is already mulling legislation banning private biometric databases too.Biometric identification is bad for bad guys but also for the guys who are after them. Agents will have to find new ways to cross borders when the world goes biometric and disguises won’t fool programs measuring distances between points on a person’s face. One report said Dubai would give Interpol retinal scans of the suspected assassins, but Israeli experts were dubious. Future operations will be higher tech and higher risk. Meanwhile, Michael Bodenheimer, an Israeli Torah scholar, continues to explain that it’s someone else who applied for that (genuine) German passport in his name. And who paid for the tickets bought with those credit cards is still unknown.Yossi Melman writes in Haaretzthat the Dubai assassination was probably one of the last of its kind. Advanced technologies and biometrics will change the rules and, paradoxically, wind up hurting intelligence agencies, particularly Mossad, which is widely believed to have assassinations in its DNA and uses actual agents to carry them out, he writes.If Mossad chief Meir Dagan and his like really are Superman, then it seems someone left some stuff in the phone booth while changing – and lots of people want to know whose stuff it is. Israel already got in trouble when a bunch of British passports for use by Mossad agents were found in an actual phone booth in Bonn in 1987. With biometrics knocking on the door, Superman is going to have to find a new costume — or maybe a new job altogether.– Batsheva Sobelman in JerusalemPhoto: Human retina, now being increasingly scanned in biometric identity checks. Credit: Texas State University website

Biometrics: New Hampshire considering banning biometrics in ID cards

Feb 19th, 2010 | By | Category: News

The New Hampshire legislature is considering a bill which would ban biometric data, including fingerprints, retinal scans, DNA, palm prints, facial feature patterns, handwritten signature characteristics, voice data, iris recognition, keystroke dynamics, and hand characteristics from being used in state or privately issued ID cards, except for employee ID cards

The move toward biometric IDs is accelerating, but New Hampshire wants to buck this trend. Acting out of concerns for residents’ privacy, the New Hampshire Legislature is considering a bill that would ban the use of biometrics data in identification cards. At least two trade groups oppose the legislation, saying biometrics technology has a number of security benefits.

The bill would prohibit biometrics data, including fingerprints, retinal scans, and DNA, from being used in state or privately issued ID cards, except for employee ID cards. In addition, it would ban the use of ID devices or systems that require the collection or retention of an individual’s biometric data.

SC Magazine’s Angela Moscaritolo writes that under the bill, biometric data would also include palm prints, facial feature patterns, handwritten signature characteristics, voice data, iris recognition, keystroke dynamics, and hand characteristics. “That’s the kind of information the government shouldn’t generally require to be gathered about an individual,” New Hampshire Representative Daniel Itse, who co-sponsored the bill, on Wednesday.

The bill has drawn criticism from several organizations, including the Security Industry Association (SIA), a business trade group covering the electronic and physical security market. “SIA firmly believes that the broad restrictions proposed by [the bill]… reflects a significant misunderstanding of the security features and privacy safeguards of this widely-adopted technology,” the group said in a statement. SIA encouraged a New Hampshire House committee to reject the bill and conduct a study into the merits of biometrics technology.

Moscaritolo writes that this is the only pending bill of its kind in the nation, but in the past there have been similar legislative actions taken in opposition of biometrics technology, Don Erickson, director of government relations for SIA, told “We are concerned about seeing a pattern of these bills start to pop up in states, which will result in a patchwork of different laws that organizations would have to comply with,” Erickson said.

A similar bill, introduced several years ago in Pennsylvania to limit the use of biometrics, was never acted on, Erickson said.

In contrast, numerous bills have passed at the state and federal levels to authorize and implement systems that use biometrics technology for personal identification, Walter Hamilton, chairman and president of the International Biometric Industry Association (IBIA), a nonprofit trade association representing developers, manufacturers, and integrators of biometrics, told Moscaritolo. “We think it’s inappropriate to single out a technology and say, ‘Thou shall not use,’” Hamilton said. “We think there are many examples of useful applications where it protects citizens.” The use of biometrics can thwart fraud and identity theft by ensuring a person is who they claim to be, he said.

Moscaritolo notes that the bill was introduced in January in the New Hampshire HouseCommerce and Consumer Affairs Committee. It was the subject of a public hearing Tuesday and is scheduled for discussion Thursday in an executive session of the committee.

Credit Card Frauds: Chip-and-PIN is broken

Feb 18th, 2010 | By | Category: News

If Simple Credit Cards are cloneable just imagine how ”New ID cards” are supposed to be ‘unforgeable’ – but it took expert minutes to clone one, and program it with false data

By Cory Doctorow at 11:43 PM February 11, 2010

(Chip and PIN is broken via Schneier)

BBC: New flaws in chip and pin system revealed

Noted security researcher Ross Anderson and colleagues have published a paper showing how “Chip-and-PIN” (the European system for verifying credit- and debit-card transactions) has been thoroughly broken and cannot be considered secure any longer. I remember hearing rumbles that this attack was possible even as Chip-and-PIN was being rolled out across Europe, but that didn’t stop the banks from pushing ahead with it, spending a fortune in the process.

The flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a PIN, using a signature or not at all. This particular subprotocol is not authenticated, so you can trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s chip-and-PIN. The upshot is that you can buy stuff using a stolen card and a PIN of 0000 (or anything you want). We did so, on camera, using various journalists’ cards. The transactions went through fine and the receipts say “Verified by PIN”.

It’s no surprise to us or bankers that this attack works offline (when the merchant cannot contact the bank) — in fact Steven blogged about it here last August.

But the real shocker is that it works online too: even when the bank authorisation system has all the transaction data sent back to it for verification. The reason why it works can be quite subtle and convoluted: bank authorisation systems are complex beasts, including cryptographic checks, account checks, database checks, and interfaces with fraud detection systems which might apply a points-scoring system to the output of all the above. In theory all the data you need to spot the wedge attack will be present, but in practice? And most of all, how can you spot it if you’re not even looking? The banks didn’t even realise they needed to check.

CNMI Data Kept From Federal Government

Feb 18th, 2010 | By | Category: News

Unheardnomore – February 16, 2010

The Government Accountability Office (GAO) issued a sixteen page report on CNMI immigration Border Control Databases to U.S. Senator Jeff Bingaman (D-NM), Chair of the Senate Committee on Energy and Natural Resources. The report emphasizes the fact that the federal government has no direct access to the LIDS data system that was paid for with a $1.5 million federal grant form the Department of Interior’s Office of Insular Affairs.

The CNMI Department of Labor has released little data that they have collected from their LIDS system, which is the revised LIIDS system. (See these posts for more information on the CNMI DOL’s refusal to share essential data and campaign to maintain the broken local system: Fitial Administration Grasping to Retain Broken Local SystemMore On CNMI Statistics and DataDOL’s 10th Interim Report: Hidden Data and StatisticsQuestions About the CNMI Department of Labor, and Hidden Data)

The GAO report indicates that the federal government sent a letter to the governor requesting information on the LIDS system and the Border Management System (BMS) (Emphasis added):

The LIDS and BMS databases have remained in the CNMI’s control during the CNMI’s transition to U.S. immigration law, and as of January 2010, the U.S. government’s direct access to information in these databases had not yet been established.

On July 1, 2008, a senior DHS official sent a letter to the Governor of the CNMI requesting a broad range of documents that included information on the current CNMI system for recording and documenting the entry, exit, work authorization, and authorized conditions of individuals staying in the CNMI. DHS also requested any repositories of fingerprints, photographs, or other biometric information included in the system.

On August 19, 2008, the office of the Governor of the CNMI responded to the letter by providing an overview of the BMS system, describing the security of the system, the data input and output, and the immigration system’s history in the Commonwealth. The document notes that BMS collects photographs through passport readers but states that the CNMI does not maintain any repositories of fingerprints or other biometric information to share with DHS.

In September 2009 the CNMI government suggested that data would be shared for a fee. Perhaps they forgot that the system was paid for by the federal government. From the report: (emphasis added)

On September 15, 2009, the CNMI government issued a draft protocol for implementing U.S. immigration law that, among other things, proposes to allow the U.S. government restricted access to information contained in LIDS and BMS, for a fee and in exchange for comparable information. Specifically, the CNMI protocol envisions the following:

•DHS and the CNMI will engage in a two-way data exchange, with DHS providing flight entry data and the CNMI providing information from its immigration records (LIDS and BMS).

•The CNMI will provide access to CNMI immigration records that DHS formally requests via an appropriate document and within a reasonable time frame.

•The CNMI will consider privacy protections in making information available to the U.S. government.

•The CNMI expects to recover the cost of generating and producing any information requested by DHS.

As of January 2010, the U.S. government had no direct access to LIDS and BMS and had no arrangements in place to obtain direct access, according to U.S. officials.9 The CNMI government has provided DHS access to the information stored in LIDS and BMS on a case-by-case basis.

CNMI has assigned one point of contact to respond to all DHS data inquiries, such as inquiries for verification of an individual’s immigration status. Since the United States assumed control of immigration and border security in the CNMI on November 28, 2009, the CNMI government has continued to maintain and update LIDS and BMS.

CNMI Customs officers now collect information to update BMS with data on entries and departures from Commonwealth airports and seaports. Computers and passport readers, previously used by CNMI immigration, have been installed at airport customs inspection stations, and data from customs declaration forms are used to update the system.

The report states that the current system and the fact that the CNMI government provides one point of contact for information could compromise security and investigations. From the report:

ICE stated in its technical comments relying on one CNMI point of contact to verify immigration status for individuals subject to department investigations is insufficient and could compromise security for ongoing operations. ICE noted that because DHS operates 24 hours per day, 7 days per week, the CNMI point of contact cannot be responsive to all of the department’s needs. ICE officials said that it is imperative for the department to have direct access to the CNMI data systems in order to perform the department’s mission with maximum efficiency.

USCIS suggested in its technical comments that pertinent CNMI immigration information should be integrated into their existing systems: the Computer Linked Application Information Management System (CLAIMS 3 and 4)10 and the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT).11 In the interim, LIDS and BMS databases should be installed as stand-alone systems in Honolulu, Guam, and Saipan for USCIS adjudications access. Staff from USCIS’s California Service Center should also have access to, and be trained in the use of, LIDS and BMS.

The CNMI government needs to turn over all records to the federal government and release control of LIDS and BMS to appropriate federal agencies.

The government has your baby’s DNA

Feb 4th, 2010 | By | Category: News

By Elizabeth Cohen, CNN Senior Medical Correspondent

(CNN) — When Annie Brown’s daughter, Isabel, was a month old, her pediatrician asked Brown and her husband to sit down because he had some bad news to tell them: Isabel carried a gene that put her at risk for cystic fibrosis.

While grateful to have the information — Isabel received further testing and she doesn’t have the disease — the Mankato, Minnesota, couple wondered how the doctor knew about Isabel’s genes in the first place. After all, they’d never consented to genetic testing.

It’s simple, the pediatrician answered: Newborn babies in the United States are routinely screened for a panel of genetic diseases. Since the testing is mandated by the government, it’s often done without the parents’ consent, according to Brad Therrell, director of theNational Newborn Screening & Genetics Resource Center.

In many states, such as Florida, where Isabel was born, babies’ DNA is stored indefinitely, according to the resource center.

Many parents don’t realize their baby’s DNA is being stored in a government lab, but sometimes when they find out, as the Browns did, they take action. Parents in Texas, and Minnesota have filed lawsuits, and these parents’ concerns are sparking a new debate about whether it’s appropriate for a baby’s genetic blueprint to be in the government’s possession.

“We were appalled when we found out,” says Brown, who’s a registered nurse. “Why do they need to store my baby’s DNA indefinitely? Something on there could affect her ability to get a job later on, or get health insurance.”

According to the state of Minnesota’s Web site, samples are kept so that tests can be repeated, if necessary, and in case the DNA is ever need to help parents identify a missing or deceased child. The samples are also used for medical research.

Art Caplan, a bioethicist at the University of Pennsylvania, says he understands why states don’t first ask permission to screen babies for genetic diseases. “It’s paternalistic, but the state has an overriding interest in protecting these babies,” he says.

However, he added that storage of DNA for long periods of time is a different matter.

“I don’t see any reason to do that kind of storage,” Caplan says. “If it’s anonymous, then I don’t care. I don’t have an issue with that. But if you keep names attached to those samples, that makes me nervous.”

DNA given to outside researchers

Genetic testing for newborns started in the 1960s with testing for diseases and conditions that, if undetected, could kill a child or cause severe problems, such as mental retardation. Since then, the screening has helped save countless newborns.

Over the years, many other tests were added to the list. Now, states mandate that newborns be tested for anywhere between 28 and 54 different conditions, and the DNA samples are stored in state labs for anywhere from three months to indefinitely, depending on the state. (To find out how long your baby’s DNA is stored, see this state-by-state list.)

Brad Therrell, who runs the federally funded genetic resource consortium, says parents don’t need to worry about the privacy of their babies’ DNA.

“The states have in place very rigid controls on those specimens,” Therrell says. “If my children’s DNA were in one of these state labs, I wouldn’t be worried a bit.”

The specimens don’t always stay in the state labs. They’re often given to outside researchers — sometimes with the baby’s name attached.

According to a study done by the state of Minnesota, more than 20 scientific papers have been published in the United States since 2000 using newborn blood samples.

The researchers do not have to have parental consent to obtain samples as long as the baby’s name is not attached, according to Amy Gaviglio, one of the authors of the Minnesota report. However, she says it’s her understanding that if a researcher wants a sample with a baby’s name attached, consent first must be obtained from the parents.

More Empowered Patient news and advice

Scientists have heralded this enormous collection of DNA samples as a “gold mine” for doing research, according to Gaviglio.

“This sample population would be virtually impossible to get otherwise,” says Gaviglio, a genetic counselor for the Minnesota Department of Health. “Researchers go through a very stringent process to obtain the samples. States certainly don’t provide samples to just anyone.”

Brown says that even with these assurances, she still worries whether someone could gain access to her baby’s DNA sample with Isabel’s name attached.

“I know the government says my baby’s data will be kept private, but I’m not so sure. I feel like my trust has been taken,” she says.

Parents don’t give consent to screening

Brown says she first lost trust when she learned that Isabel had received genetic testing in the first place without consent from her or her husband.

“I don’t have a problem with the testing, but I wish they’d asked us first,” she says.

Since health insurance paid for Isabel’s genetic screening, her positive test for a cystic fibrosis gene is now on the record with her insurance company, and the Browns are concerned this could hurt her in the future.

“It’s really a black mark against her, and there’s nothing we can do to get it off there,” Brown says. “And let’s say in the future they can test for a gene for schizophrenia or manic-depression and your baby tests positive — that would be on there, too.”

Brown says if the hospital had first asked her permission to test Isabel, now 10 months old, she might have chosen to pay for it out of pocket so the results wouldn’t be known to the insurance company.

Caplan says taking DNA samples without asking permission and then storing them “veers from the norm.”

“In the military, for instance, they take and store DNA samples, but they tell you they’re doing it, and you can choose not to join if you don’t like it,” he says.

What can parents do

In some states, including Minnesota and Texas, the states are required to destroy a baby’s DNA sample if a parent requests it. Parents who want their baby’s DNA destroyed are asked to fill outthis form in Minnesota and this form in Texas.

Parents in other states have less recourse, says Therrell, who runs the genetic testing group. “You’d probably have to write a letter to the state saying, ‘Please destroy my sample,’” he says.

He adds, however, that it’s not clear whether a state would necessarily obey your wishes. “I suspect it would be very difficult to get those states to destroy your baby’s sample,” he says

FBI Scans DMV Photos for Criminals

Feb 4th, 2010 | By | Category: News

By Jonathan Saupe –

Thursday (Feb. 4th) on KOLD News 13 Live at 10 p.m. “Justice In Sight”: A home invasion, a purse snatching, an armed robbery.. terrifying crimes leaving victims with only blurry details and confused facts for investigators to use in trying to crack the case. Thursday at 10 p.m., Crime Specialist Som Lisaius will have a special Live, Local, & Late Breaking demonstration that will make you a good victim or witness.
(AP) – In its search for fugitives, the FBI has begun using facial-recognition technology on millions of motorists, comparing driver’s license photos with pictures of convicts in a high-tech analysis of chin widths and nose sizes.

The project in North Carolina has already helped nab at least one suspect. Agents are eager to look for more criminals and possibly to expand the effort countrywide. But privacy advocates worry that the method allows authorities to track people who have done nothing wrong.

“Everybody’s participating, essentially, in a virtual lineup by getting a driver’s license,” said Christopher Calabrese, an attorney who focuses on privacy issues at the American Civil Liberties Union.

Earlier this year, investigators learned that a double-homicide suspect named Rodolfo Corrales had moved to North Carolina. The FBI took a 1991 booking photo from California and compared it with 30 million photos stored by the motor vehicle agency in Raleigh.

In seconds, the search returned dozens of drivers who resembled Corrales, and an FBI analyst reviewed a gallery of images before zeroing in on a man who called himself Jose Solis.

A week later, after corroborating Corrales’ identity, agents arrested him in High Point, southwest of Greensboro, where they believe he had built a new life under the assumed name. Corrales is scheduled for a preliminary hearing in Los Angeles later this month.

“Running facial recognition is not very labor-intensive at all,” analyst Michael Garcia said. “If I can probe a hundred fugitives and get one or two, that’s a home run.”

Facial-recognition software is not entirely new, but the North Carolina project is the first major step for the FBI as it considers expanding use of the technology to find fugitives nationwide.

So-called biometric information that is unique to each person also includes fingerprints and DNA. More distant possibilities include iris patterns in the eye, voices, scent and even a person’s gait.

FBI officials have organized a panel of authorities to study how best to increase use of the software. It will take at least a year to establish standards for license photos, and there’s no timetable to roll out the program nationally.

Calabrese said Americans should be concerned about how their driver’s licenses are being used.

Licenses “started as a permission to drive,” he said. “Now you need them to open a bank account. You need them to be identified everywhere. And suddenly they’re becoming the de facto law enforcement database.”

State and federal laws allow driver’s license agencies to release records for law enforcement, and local agencies have access to North Carolina’s database, too. But the FBI is not authorized to collect and store the photos. That means the facial-recognition analysis must be done at the North Carolina Division of Motor Vehicles.

“Unless the person’s a criminal, we would not have a need to have that information in the system,” said Kim Del Greco, who oversees the FBI’s biometrics division. “I think that would be a privacy concern. We’re staying away from that.”

Dan Roberts, assistant director of the FBI’s Criminal Justice Information Services Division, added: “We’re not interested in housing a bunch of photos of people who have done absolutely nothing wrong.”

Gone are the days when states made drivers’ licenses by snapping Polaroid photos and laminating them onto cards without recording copies.

Now states have quality photo machines and rules that prohibit drivers from smiling during the snapshot to improve the accuracy of computer comparisons.

North Carolina’s lab scans an image and, within 10 seconds, compares the likeness with other photos based on an algorithm of factors such as the width of a chin or the structure of cheekbones. The search returns several hundred photos ranked by the similarities.

“We’ll get some close hits, and we’ll get some hits that are right on,” said Stephen Lamm, who oversees the DMV lab.

The technology allowed the DMV to quickly highlight 28 different photos of one man who was apparently using many identities. It also identified one person who, as part of a sex change, came in with plucked eyebrows, long flowing hair and a new name – but the same radiant smile.

The system is not always right. Investigators used one DMV photo of an Associated Press reporter to search for a second DMV photo, but the system first returned dozens of other people, including a North Carolina terrorism suspect who had some similar facial features.

The images from the reporter and terror suspect scored a likeness of 72 percent, below the mid-80s that officials consider a solid hit.

Facial-recognition experts believe the technology has improved drastically since 2002, when extremely high failure rates led authorities to scrap a program planned for the entrances to the Winter Olympics in Salt Lake City.

Lamm said investigators reviewing the galleries can almost always find the right photo, using a combination of the computer and the naked eye.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, questioned whether the facial-recognition systems that were pushed after the Sept. 11 attacks are accurate or even worthwhile.

“We don’t have good photos of terrorists,” Rotenberg said. “Most of the facial-recognition systems today are built on state DMV records because that’s where the good photos are. It’s not where the terrorists are.