The tourist hoping to use her credit card in any part of the globe, the asylum seeker hoping to access social benefits in her host country, the banker hoping to move money from one stock market to another in real time—all have the same need. They must prove their identities and be certain of others’. Traditional means of proving identities are not dependable enough in most parts of the world and hence unfit for global digital networks. In this context, biometrics appears to offer a viable technological solution. However, the technology itself is subject to popular critique, warning of dystopian futures of overwhelming surveillance and loss of privacy.

By: Emilio Mordini, Andrew P. Rebera

Article first published online: 19 JAN 2012 DOI: 10.1111/j.1541-1338.2011.00535.x

© 2012 by The Policy Studies Organization

Abstract

• 1 We intend no reference to any actual group of that name, should such exist.
• 2 We do not discuss the other major concern, namely that the technology could be highly invasive of privacy and has the potential to reveal a huge amount of sensitive personal information regarding, say, health, background, lifestyle, and others. In this regard, there is some overlap with the issues discussed in section 2(ii).
• 3 See, e.g., Kaluszynski (2001), Joseph (2001), as well as Project Bertillon athttp://www.criminocorpus.cnrs.fr/bertillon/enter_uk.html.
• 4 In all cases bar the first of the following, biometrics is fairly obviously incidental. Even in the first (concerning Agamben) we feel that, ultimately, what is objectionable does not pertain to biometrics.
• 5 We are here using the word “personal” (and cognates) in a very wide sense, according to which relations between the state and an individual may be described as personal.
• 6 In the spirit of the (tongue in cheek) adage that 88.5% of statistics are made up, the veracity of these statistics is explored inAaronovitch (2009) and Channel 4 News (2008).
• 7  There are of course a variety of issues at play in this controversy. Our point is merely that there is a prima facie case to be answered. Whether it can be answered and how is not a point of interest here.
• 8  It is of course the case that if the primary goal of bearing arms is not to shoot people but, say, to shoot targets for sport, or to have something nice to hang above the mantelpiece, then we might construe the analogy differently. As mentioned in an earlier note, we are not really concerned with the rights and wrongs of gun ownership here.
• 9  How strongly one reads “bestow” here is likely to depend upon one’s answers to antecedent questions in political philosophy. A certain variety of social contract theorist might suppose that the citizen is, in some sense, born of identification by the state; in which case bestowal here is more or less literal: the state creates the citizen as a bearer of rights. Alternatively, if one holds that rights accrue to the individual independently of the state, identification by the state will involve less of a bestowal and more of an acknowledgment of rights. Our use of “bestow” is not intended to prejudge any of these foundational matters in political ontology and philosophy.
• 10  In the Kantian mode: the initial bestowal of rights serves as a condition of the possibility of all subsequent legitimate identification transactions between A and B, state and citizen.
• 11  The use of CCTV in classes would still be objectionable on the grounds of data minimization. What need is there for cameras in classes? If it is for discipline, or for teacher-training, these ends could be met by less intrusive methods. We will not explore the issues.
• 12  The soldiers appear in the photograph as anonymous. In reality they are (presumably) not, but have at least their names or numbers shown on their uniforms. Let us emphasize again that we are not discussing what or who is literally depicted in the photo, but its wider symbolic significance as an iconic image of the dark side of biometric identification transactions.
• 13  Again, the facts in Afghanistan may be different, but we are not discussing Afghanistan.
• 14  Once more: we are not discussing Afghanistan. Perhaps the actual soldiers in the photograph speak the villager’s language—perhaps he speaks theirs. Perhaps there has been a huge publicity campaign about the identification system.
• 15  This work has been funded by two European Commission research grants, RISE—Rising panEuropean and International Awareness of Biometrics and Security Ethics (GA230389), and TABULA RASA—Trusted Biometrics under Spoofing Attacks (GA 257289).

Tagging your friend in a Facebook photo seems like harmless fun.

But a new study from Carnegie Mellon University warns of potential danger.

When facial recognition software is paired with social media profiles, the risk of identity theft rises.

Prof. Alessandro Acquisti

It is possible, says privacy expert Alessandro Acquisti, to identify strangers and gain their personal information — perhaps even their Social Security numbers — by using face recognition software and social media profiles.

The results of the study are being presented today at Black Hat, a security conference in Las Vegas.

“A person’s face is the veritable link between her offline and online identities,” Acquisti said.

“When we share tagged photos of ourselves online, it becomes possible for others to link our face to our names in situations where we would normally expect anonymity.”

Acquisti is an associate professor of information technology and public policy at the Heinz College and a Carnegie Mellon CyLab researcher.

He and his research team, which included CMU postdoctoral fellows Ralph Gross and Fred Stutzman, combined three technologies to identify individuals online and offline in the physical world.

They used an off-the-shelf face recognizer, cloud computing and publicly available information from social network sites.

Since these technologies are also accessible by end-users, the results foreshadow a future when we all may be recognizable on the street.

Not just by friends or government agencies using sophisticated devices, but by anyone with a smartphone and an Internet connection.

In one experiment, Acquisti’s team identified individuals on a popular online dating site where members protect their privacy through pseudonyms.

In a second experiment, they identified students walking on campus — based on their profile photos on Facebook.

In a third, the team predicted personal interests and, in some cases, even the Social Security numbers of the students, beginning with only a photo of their faces.

CMU researchers also built a smartphone application to demonstrate the ability of making the same sensitive inferences in real-time.

In an example of “augmented reality,” the application uses offline and online data to overlay personal and private information over the target’s face on the device’s screen.

“The seamless merging of online and offline data that face recognition and social media make possible raises the issue of what privacy will mean in an augmented reality world,” Acquisti said.

Cloud computing will continue to improve performance times at cheaper prices, and online people-tagging and face recognition software will continue to provide more means of identification.

“Ultimately, all this access is going to force us to reconsider our notions of privacy. It may also affect how we interact with each other,” Acquisti said.

“Through natural evolution, human beings have evolved mechanisms to assign and manage trust in face-to-face interactions,” he added.

“Will we rely on our instincts or on our devices, when mobile phones can predict personal and sensitive information about a person?”

Cybersecurity expert Mikko Hypponen, chief research officer at F-Secure Corporation in Finland, has some chilling warnings about the age of organized cybercrime and Stuxnet-style cyberwarfare. We tracked him down at TEDGlobal 2011 in Edinburgh.

You have tackled many computer virus outbreaks. Who or what are the biggest cyber threats today?
We can split attackers into three basic groups.

There are the hobbyists or hactivists like Anonymous or Lulzsec. They are not trying to make money, they are trying to send a political message, do it for fun or the challenge.

They are a problem but not nearly as bad a problem as organized criminal gangs who do all their attacks for money: they infect home computers, do banking Trojans to steal data, hack credit card details, hijack computers for ransom. They are the biggest threat to the normal end user.

The third problem is cyberwar or cybersabotage, things like the Stuxnet virus launched against a nuclear research centre in Iran, or countrywide denial of service attacks like we saw hitting Georgia and Estonia. These problems will be even more frequent in the future.

How do cybercriminals steal our sensitive data?
The most typical way to become a victim is to take a Windows computer and go online. Five years ago it was done through email, now it’s done through the web.

You might go to Google, click on a search result, and you’re infected. You don’t see anything happening, you can’t tell. They hack into high-profile websites like newspaper websites and insert some exploit codes and so you visit the site, read the news, and get infected.

Another way is to make a new, fake site from scratch, put lots of keywords there and so it ends up in the search results. There is no real content there but you go there and get infected.

Then there are key loggers. They sit silently on your computer and record everything that you type. Everything is saved and sent to the criminals. They are looking for online purchases when you type your name, address, credit card details and security codes.

How much is cybercrime costing us?
Nobody really knows. Nobody can calculate it reliably because the biggest losses come from denial of access to services, for which it is difficult to calculate the losses. You hear that cybercrime is bigger than the drug trade. I don’t believe that. It’s big, but it’s not that big. I believe it’s in the hundreds of millions of euros per year.

So what can we do to protect ourselves?
We have to stop blaming the user because most problems are not related to the user.

Of course the computer has to be vulnerable, which can be down to user error, but that gets very technical. Your Windows might be updated, but what about Quicktime, Flash and Java plug-ins or add-ons?

We have to move responsibility up to higher levels, to operating system manufacturers, to security companies like us, and to operators and Internet Service Providers (ISPs) that provide the connections.

What about governments or law enforcement authorities?
In the online world each individual crime is small but there are lots of lots of them, and victims all over world. It makes it a nightmare to investigate.

On the internet there are no borders, making every single online crime an international crime, beyond national jurisdictions. That means the sheer numbers of international crimes have exploded in the last ten years. Have the numbers of international law enforcement systems exploded in the last 10 years? No they haven’t.

We are proposing a new framework, like Interpol, focusing on online crime. All countries would promise to work together. So if country A is investigating a crime involving servers in countries B and C, those countries would be forced to help solve the crime.

So the internet needs to be more orderly than previously?
Yes, it does but we have to be very careful not to restrict the openness, creativity and freedom of speech we have on the internet, careful not to move towards a police state.

Mikko Hypponen at the TEDGlobal 2011: ”Fighting viruses, defending the net”

You say we risk losing everything if we don’t deal with cyber security. What do you mean?

When people learn about these security and privacy problems their first reaction is to never go online again. That’s perfectly human but it’s not the right reaction. We have crime in the real world. Yet people run businesses and walk the streets.

One thing we are missing from the online world which we have in the real world is police work. That is why we have to fight these security and privacy problems. We risk these criminals running rampant and taking away peoples’ trust. If people don’t trust the net they won’t use it.

We are already seeing some countries blocking ISPs from some regions so we risk turning the globalized internet back into nation states or islands of internet usage that don’t talk to each other.

Which brings us to cyberwarfare: why is Stuxnet such a revolutionary threat?
Stuxnet is unique. Yes, it infects computers but in addition it is capable of jumping from those computers to Programmable Logic Controller (PLC) boxes, in this Stuxnet’s case Siemens PLCs running Siemens’ own operating system. These PLCs operate all kinds of infrastructure, factories and systems.

Stuxnet infects the PLC and hopes that device is used in one specific target—in this case the Natanz nuclear enrichment processing plant in Iran. We believe it broke nuclear fuel enrichment centrifuges by turning them at the wrong speeds. But if it infects other PLCs that end up in a food processing plant then nothing will happen.

That is a targeted attack, a very difficult attack, and a very worrying attack.

What happens now that the Stuxnet genie is out of the bottle?
Let me tell you something worrying. Three months ago I went online and tried to find a copy of Stuxnet from public sources. It took me three minutes. Any other government or any extremist group could try to modify Stuxnet, it is right there.

It is the first of its kind, so far we’ve only seen one, but the worry is we will see more. Stuxnet shows that the PLCs that control our entire infrastructure, everything that we rely on, can be infected.

“Big Brother Is Watching You” was the pervasive punch-line in British writer George Orwell’s classic novel “1984.” Now we know Big Brother is listening too.

By Arthur I. Cyr

“Big Brother Is Watching You” was the pervasive punch-line in British writer George Orwell’s classic novel “1984.” Now we know Big Brother is listening too.

Revelations that Rupert Murdoch’s News International Corp. for years has conducted massive hacking into British cell phone information is truly shocking. Alleged targets include cell phones of a murdered young girl and relatives of soldiers killed in action. Britain’s political parties have united in Parliament, an unusual move, to condemn the company.

The scandal includes allegations of police payoffs. An initial police investigation concluded the snooping was a renegade incident targeting only a few individuals.

Murdoch’s political influence in Britain has been enormous. Politicians across the spectrum fear his power to embarrass or endorse, and have assiduously courted his favor.

Orwell, one of the greatest writers of the 20th century, was a committed socialist. Unlike many on the left, however, he had personal involvement with working people, because he was one. He stressed egalitarianism, while warning about the dangers of concentrated power in government as well as corporations.

The Murdoch snooping scandal is particularly grotesque, and may bring down that media empire. However, guarding individual freedom, including privacy, from intrusive power structures inevitably is a challenge.

Other developments in British politics and American business underscore this tension. Britain’s coalition government has wisely repealed a national identity card. A card microchip linked to biometric data encouraged bureaucratic snooping. Amid launch of the latest iPhone, Apple leader Steve Jobs gave particular emphasis to protecting customer privacy.

A wag once suggested that “1984″ was really about 1948, a reference to the Stalinist dictatorships ruling in Eastern Europe as well as the Soviet Union when the novel was published. The Cold War had just emerged, and for many communism seemed the wave of the future.

Intense anti-communism seriously distorted U.S. domestic politics and the wider society intellectuals accused of left-wing views found their careers damaged and in some cases destroyed. Blacklisting of writers became a symbol of this intimidation.

An open economy under the rule of law helps limit abuse. Modern Britain has never had dictatorship, and the effects of Conservative Prime Minister Margaret Thatcher’s “Big Bang” deregulation of the economy were important in facilitating freedom. Her heavy-handed style earned her the sobriquet “Big Sister,” but the reforms were crucial to Britain’s economic recovery and reassertion of international influence starting in the 1980s.

A similar process unfolded in the U.S., beginning in the Carter administration and carried much further by the Reagan administration. The financial crises of the past decade, facilitated in part by deregulation gone too far, overshadow the durable beneficial consequences of this market freedom.

This in turn brings context to Steve Jobs’ statement. Apple last year surpassed Microsoft in total capitalization, a major accomplishment for a firm floundering less than 10 years ago before cofounder Jobs returned. Products that facilitate freedom are now major Apple marketing themes.

Meanwhile, competitor Google has grappled with embarrassing accusations that extensive information on individuals has been collected. For example, Google Earth cars driving through random neighborhoods captured specific data from unsecure wireless outlets in unsuspecting households.

In our fascinating, fantastic global information revolution, institutions committed to following the law and protecting personal privacy, not just profits and power, deserve our support. Murdoch and crew deserve condemnation, and prosecution.

Above all, remember: Big Brother is not watching you.

Not yet.

But he’d like to.

Arthur I. Cyr is Clausen distinguished professor at Carthage College. He is also a columnist for Scripps Howard News Service (www.scrippsnews.com). E-mail him at acyr@carthage.edu.

This week, the Center for Constitutional Rights (CCR) and several other organizations released documents from a FOIA lawsuit that expose the concerted efforts of the FBI and DHS to build a massive database of personal and biometric information. This database, called “Next Generation Identification” (NGI), has been in the works for several years now. However, the documents CCR posted show for the first time how FBI has taken advantage of the DHS Secure Communitiesprogram and both DHS and the State Department’s civil biometric data collection programs to build out this $1 billion database.

JULY 8TH, 2011 by Jennifer Lynch

This week, the Center for Constitutional Rights (CCR) and several other organizations released documents from a FOIA lawsuit that expose the concerted efforts of the FBI and DHS to build a massive database of personal and biometric information. This database, called “Next Generation Identification” (NGI), has been in the works for several years now. However, the documents CCR posted show for the first time how FBI has taken advantage of the DHS Secure Communitiesprogram and both DHS and the State Department’s civil biometric data collection programs to build out this $1 billion database.

Unlike some government initiatives, NGI has not been a secret program. The FBI brags about it on its website (describing NGI as “bigger, faster, and better”), and both DHS and FBI have, over the past 10+ years, slowly and carefully laid the groundwork for extensive data sharing and database interoperability through publicly-available privacy impact assessments and other records. However, the fact that NGI is not secret does not make it OK. Currently, the FBI and DHS have separate databases (called IAFIS and IDENT, respectively) that each have the capacity to store an extensive amount of information—including names, addresses, social security numbers, telephone numbers, e-mail addresses, fingerprints, booking photos, unique identifying numbers, gender, race, and date of birth. Within the last few years, DHS and FBI have made their data easily searchable between the agencies. However, both databases remained independent, and were only “unimodal,” meaning they only had one biometric means of identifying someone—usually a fingerprint.

In contrast, as CCR’s FOIA documents reveal, FBI’s NGI database will be populated with data from both FBI and DHS records. Further, NGI will be “multimodal.” This means NGI is designed to allow the collection and storage of the now-standard 10-print fingerprint scan in addition to iris scans, palm prints, and voice data. It is also designed to expand to include other biometric identifiers in the future. NGI will also allow much greater storage of photos, including crime scene security camera photos, and, with its facial recognition and sophisticated search capabilities, it will have the “increased ability to locate potentially related photos (and other records associated with the photos) that might not otherwise be discovered as quickly or efficiently, or might never be discovered at all.”

The FBI does not just collect and store data from people caught up in the criminal justice system;about 1/3 of the data collected and reviewed in IAFIS is from civil sources such as attorney bar applications, federal and state employees, and people who work with children or the elderly. In the past, the FBI has not allowed these records to include photos and has segregated civil records from criminal data. Civil records were also not included in bulk checks for criminal investigative purposes. NGI may take down these barriers, however. There is some evidence to show the FBI is considering including this data in future NGI database searches and, according to the CCR FOIA documents, has already begun to include civil records from DHS and State Department database files such as visa applications, immigration records, and border entries and exits.

So why should we be worried about a program like NGI, which the FBI argues will “reduce terrorist and criminal activities”? Well, the first reason is the sheer size of the database. Both DHS and FBI claim that their current biometrics databases (IDENT and IAFIS, respectively) are the each the “largest biometric database in the world.” IAFIS contains 66 million criminal records and 25 million civil records, while IDENT has over 91 million individual fingerprint records.

Once these records are combined into one database and once that database becomes multimodal, as we discussed in our 2003 white paper on biometrics, there are several additional reasons for concern. Three of the biggest are the expanded linking and tracking capabilities associated with robust and standardized biometrics collection systems and the potential for data compromise.

Already, the National Institute for Standards and Technology, along with other standards setting bodies, has developed standards for the exchange of biometric data. FBI, DHS and DoD’s current fingerprint databases are interoperable, indicating their systems have been designed (or re-designed) to read each others’ data. NGI will most certainly improve on this standardization. While this is good if you want to check to see if someone applying for a visa is a criminal, it has the potential to be very bad for society. Once data is standardized, it becomes much easier to use as a linking identifier, not just in interactions with the government but also across disparate databases and throughout society. This could mean that instead of being asked for your social security number the next time you apply for insurance, see your doctor, or fill out an apartment rental application, you could be asked for your thumbprint or your iris scan.

This is a big problem if your records are ever compromised because you can’t change your biometric information like you can a unique identifying number such as an SSN. And the manyrecent security breaches show that we can never fully protect against these kinds of data losses.

The third reason for concern is at the heart of much of our work at EFF. Once the collection of biometrics becomes standardized, it becomes much easier to locate and track someone across all aspects of their life. As we said in 2003, “EFF believes that perfect tracking is inimical to a free society. A society in which everyone’s actions are tracked is not, in principle, free. It may be a livable society, but would not be our society.”

Unfortunately, biometric data collection is not limited to NGI or even to the legacy DHS, FBI and DoD fingerprint collection programs. The federal government and states have been steadily expanding their DNA collection efforts over the last 10 years as well. Currently all 50 states, the federal government and the District of Columbia collect and share DNA records through the FBI’sCODIS database. At least 15 of those states, as of 2010, collect DNA from defendants convicted of misdemeanor offenses. And as of 2009, under the federal DNA Fingerprint Act of 2005 and several recently-expanded state statutes, at least 21 states and the federal government collect DNA samples from any adult arrested for (not just convicted of) a crime. This has led to an exponential increase in the amount of DNA collected in the United States on an annual basis, with nearly 1.7 million samples processed (pdf Pg8) in 2009, alone. As of 2011, the National DNA Index or NDIS (the federal level of CODIS) contains over 9,748,870 offender profiles, and the states’ individual databases are each expanding as well.

Currently, it doesn’t appear the FBI plans to incorporate the DNA data held by CODIS into NGI. However, NGI has been designed to be flexible and to be able to incorporate additional biometric identifiers as the need arises in the future. This means that we can’t rule anything out. FBI claimsNGI “doesn’t threaten individual privacy,” but the government’s continuing efforts to collect, store and track the biometric data for so many Americans and foreigners cannot bode well for a society that values privacy.

Vishv Bandhu Gupta says the UID project could create more errors than it can correct

The concept of “a ubiquitous magic plastic” that bring out the unique in a living person has caught the fascination of most of us. An unpopular government sees in it the ability of cutting a long red tape short to correctly identify the genuine citizens in need. The agonised cops of India see in it a great ally to apprehend the much-wanted terrorists, whose biometric data could now be verified with existing records, as and when these come into existence, before he commits another heinous crime.

These expectations are fair. But, the fumes of fire cooking such recipes are rising from unforeseen quarters, which must raise serious concerns in India. Major fires, ironically, are caused by the maniac rush of more reliable and sophisticated software in the market to collect the biometric data of a person, making earlier biometric-reading software and newly-bought hardware obsolete. Further, other factors like a person ageing and the data collected under different weather condition influence the result within the same software, inducing false errors. In South Korea, where the municipal authorities recently introduced “a thumb impression biometric software”, chipped on the closing handle of cars to park and drive away the car to ensure automatic security, raised false “error alarm” in three per cent of the cases. It forced the authorities to shut down the project temporarily.

None of these technologies are being substantially tested for trial in India by the Unique Identification Authority of India (UIDAI). The UIDAI, very inexplicably, does not even comment on such doubts, which have surfaced in the technologically advanced countries; neither does it tell us how it intends to counter such errors? It has not started the testing of its software for a real run on any of the unique IDs. This expensive government mission, for which Rs 45,000 crore have been earmarked by Finance Ministry, now claims that the Aadhaar project of the UIDAI will just provide unique ID numbers, and not unique ID cards, as was its original mandate. The UIDAI is an attached office under the Planning Commission, which says that the job of the UIDAI is to develop and implement the necessary institutional, technical and legal infrastructure to issue unique identity numbers to Indian residents (read it as “the UIDAI will issue only unique numbers not smart cards”). The UIDAI has been buying time, when hundreds of crores of rupees are going down the drain every week.

David Moss, who spent eight years campaigning against the UK’s National ID (NID) card scheme, has questioned the logic of the UIDAI and the government to depend on biometrics to produce UID numbers. In a report titled, “India’s ID Card Scheme Drowning in a Sea of False Positives”, Moss said, “[The FPIR] conclusions do not follow from the evidence reported. Nothing in UIDAI’s surprisingly low-quality report suggests that it would be feasible to prove that each electronic identity on the Central ID Repository (CIDR) is unique. Not with a billion plus people on the database. Far from it, India can be confident, from the figures quoted in UIDAI’s proof of concept trial report, that de-duplication could never be achieved.”

he UIDAI is also silent on several important facts being reported in newspapers every day. The UK government initially allocated £250 million in 2002 for developing the NID project for a period of eight years. Soon it realised that errors in reading biometric parameters were far above the acceptable level, so it shut down the department responsible for it in February 2010. This experiment cost the UK treasury an estimated £4.5 billion in the eight years for which it was carried.The problems with the UIDAI are manifold. One problem area is the database of citizens the authority has used for compiling its lists. It has drawn from the beneficiaries of the Central and state government pensioners, which number several millions. The second lot comes from the Indian security forces, which can provide fairly reliable data. Allotting a UID number to a person from such reliable stock of government rolls does not involve great efforts, but was UIDAI head Nandan Nilekani hired and allocated huge sums running into Rs 45,000 crore for such simple chores?Some reports that have emanated from the Planning Commission state that the UIDAI has not only ignored privacy concerns but also ignored sample test results of its pilot project. Both the government and the UIDAI have been in such a hurry that they have neglected the basic principles of pilot testing and size of the sample. For over 1.2 billion UID numbers, they have used data from just 20,000 people, in pairs, as sample and have on the basis of the results gone ahead with the UID number through the Aadhaar project.Spending very little or no money at all on independent research or developing biometric solutions, the UIDAI is partnering with companies which have proprietary technologies and upfront loyalties with foreign governments. For example, the tenders and contracts awarded by the UIDAI appears to be opaque in nature. Some of companies, which were selected, and their top managements have a tainted background and thus have been criticised in the media across the world.The UIDAI had selected three consortia – Accenture, Mahindra Satyam-Morpho and L1 Identity Solutions – to implement the core biometric identification system for the Aadhaar programme. The UIDAI had stated that the three agencies would design, supply, install, commission, maintain and support the multi-modal automatic biometric identification subsystem. The three vendors would also be involved in development of a multi-modal software development kit for client enrollment stations, the verification server, manual adjudication and monitoring functions of the UID application.L1 Identity Solutions, in particular, has names associated with the Central Intelligence Agency (CIA) and other American defence organisations in its top management or as directors. Although there is nothing wrong in having former top government officials as directors in a company, it is often looked upon as something not quite right. Post-retirement, many top government officials have joined hands with fat for-profit companies that deal in their areas of expertise. In fact, in many countries, it has now become a trend.Thousands of other former intelligence officers, who have left the CIA and other agencies, have returned as contractors, often making two or three times more money than what they were making in their former jobs. According to a report published in 2008, contractors were responsible for at least half of the estimated $48 billion a year the US government spends on intelligence. The real figures are kept hidden under the pretext of national security.L1 Identity Solutions is one of the largest defence contractors in the US and specialises in selling face-recognition systems, electronic passports, such as Fly Clear and other biometric technology, to over 25 countries around the world. It is also contracted by the US State Department and the Department of Homeland Security for passports, visas, driving licenses and transportation workers’ ID cards. The company is on the way to becoming a monopoly in the US, especially for providing Real ID and driver’s licenses.According to an IT expert, L1 and NADRA, the Pakistan unique identity agency, appear to have been created on the same business model. “Staffed strongly by persons with intelligence (quasi-military) links, the major goals of both agencies are to do business with their respective governments, and they succeed to the extent that they have virtually no competition. And this is the company UIDAI has welcomed into India,” said an expert.Vishv Bandhu Gupta is a former commissioner of the income tax department

monsoonrains@gmail.com

Hoover Institution Stanford University

Copyright © 2011 by the Board of Trustees of Leland Stanford Junior University

BY JOSHUA POLLACK

Google’s surprise announcement of “a highly sophisticated and targeted attack” on its systems–a case of computer-aided espionage–has also raised the specter of offensive warfare. Defense News quotes Adm. Robert Willard of U.S. Pacific Command as declaring that “the skills being demonstrated” by Chinese hackers in the service of “exfiltrating data”–a fancy way of saying “spying”–are also relevant to “wartime computer network attacks.”

If that’s not alarming enough, last week, Gerald Posner added a new entry in the annals of hype in a piece he wrote for the Daily Beast: “While Google weighs exiting China, a classified FBI report says [Beijing] has already developed a massive cyber army [that is] attacking the U.S. with ‘WMD-like’ destruction capabilities.”

“In the last few years, it’s become almost a rite of passage among federal employees to have their computer networks partially shut down for days or weeks after an intrusion, usually (but not always) attributed to China.”

Posner’s assessment is clearly excessive. But recent years have seen a growing tendency to treat “the cyber threat” as a “strategic” problem, sparking an interest in “cyber deterrence.” U.S. Strategic Command even appears to have incorporated computer network attacks into the existing U.S. nuclear declaratory policy, based on the idea of “calculated ambiguity.” Last May, Gen. Kevin Chilton of STRATCOM told journalists, including the Global Security Newswire’s Elaine Grossman, “You don’t take any response options off the table from an attack on the United States of America,” including a cyber attack.

When “cyber attack” means a form of spying, General Chilton’s statement will come across as extreme. But it’s certainly possible that the ability to compromise computers will play a role in future war-fighting. (Aaron Mannes and James Hendler identified some realistic possibilities in a Washington Times op-ed last August.) Still, let’s keep the matter in perspective: If the United States were ever to get into a shooting war with another nuclear weapon state, cyber attacks would be the least of anyone’s worries.

The Google Affair underscores that there is a different sort of “strategic” cyber threat. Today’s issues of global concern hinge in large part on the state of U.S.-Chinese relations: stabilizing the world economy in the wake of the fiscal crisis, shoring up the nuclear nonproliferation regime, and achieving effective cooperation to forestall the worst effects of climate change, to name the most salient issues. And let’s be blunt: Pervasive spying via the internet is harming China’s relations with the United States.

In the last few years, it’s become almost a rite of passage among federal employees to have their computer networks partially shut down for days or weeks after an intrusion, usually (but not always) attributed to China. Everyone from the Office of the Secretary of Defense to the Commerce Department has been a target. And in certain circles, there are few computing experiences more familiar and less delightful than receiving the dreaded socially engineered e-mail attack–an authentic-looking message, seemingly from a known person, but with a nasty PDF attachment.

In other words, not every intrusion of this type is as systematic and well-planned as the December 2009 raid on Google, Adobe, and other U.S. firms. Any American who works on Asia-Pacific security issues or has an interest in human rights in China has probably been aware of the problem for some time. If they haven’t received an e-mail probe personally, chances are good they will know someone who has.

The damage to goodwill has been considerable. It isn’t shocking that one major power spies on another, or necessarily even intolerable. As the saying goes, “It’s all in the game.” But the game has never been friendly, and there’s something breathtakingly crude about how it’s being played today. The attempt to capture as many computers as possible is aggressive and indiscriminate, reaching into the lives of private citizens in the United States and beyond. In a particularly insidious turn, the spies have been known to take advantage of professional contacts between Americans and Chinese in order to assemble convincingly spoofed messages and to mine e-mail address books for targets.

All of this effort is aimed at getting the targets to open the attachments. No serious attempt is made to cloak where the attacks are coming from, should a fake message be spotted. That’s especially striking in contrast to the technical and social sophistication of the probes.

These practices are, quite frankly, abusive and uncivilized. And the mechanical denials of Chinese officials do as much harm to the country’s image as the scattershot spying itself, if that’s possible. As it happens, spying is not the same as warfare. But it does harm regardless.

by m2john under Workforce Management

Recently, Planet Biometrics posted a story entitled “Biometrics Cruise into the Disney Dream” that described how facial recognition biometric technology is used throughout their new cruise ship in “moving art” and personalized photography.  “Moving art” is interactive art spread throughout the ship that contains moving pictures which are cued to play once a passenger stands in front of the screen.  Facial recognition is used to recognize the person that is standing in front of the screen so that the same interactive video does not play twice.  In addition, Disney uses facial recognition technology to help sort and consolidate the reams of photos that staff photographers snap of individuals and families as they enjoy their time on the ship and Castaway Cay Island.  Facial recognition biometrics saves a lot of time and creates efficiencies for passengers to find the photos that are exclusive to themselves and their families.

In case you missed it, at the 2011 National Retail Federation “Retail’s Big Show” in New York, Kraft Foods debuted a state of the art kiosk which can instantly scan a passerby, determine their gender and age group, then suggest which food products might be an attractive meal idea.  It even goes so far as to allow a customer to scan their loyalty card and search their past ordering history to hone their choices even more.  Wow.  Pretty cool.

Which brings us to the subject of our blog post.  With the increasing sophistication of technology that surrounds us and the use of biometric identification to help customize marketing messages to consumers, is biometrics becoming a gigantic intrusion into our personal lives or a savvy tool for companies to personalize their message?

Big brands would argue that they are simply utilizing biometrics in this capacity as a means to engage customers by tailoring a solution or offering that is relevant and timely.  They vehemently deny storing anyone’s image or sharing biometric information with anyone.  On the other side of the coin, privacy advocates worry (and perhaps rightfully so) that companies are indeed storing these images and as biometrics becomes more and more prevalent for identification in many different vertical markets, the protection of an individual’s biometric template information is not secure and regulated by a set of national standards.

Valid arguments can be made for both sides of the fence.  Expect to see biometrics popping up more often in companies’ efforts to engage with their customers and to help enhance their in-store or entertainment experience.

What’s your take?  Should we allow companies to use biometric technology as a means to personalize their marketing message to consumers for entertainment or direct sales?  Do privacy advocates have a convincing argument when they question the use of biometrics in this capacity?  Please share your thoughts in our comments section below.

November 14, 2010

By Simon Krauss, Privacy Eye Thoughtful Privacy and Technology Investigations

The Denver Post reported today on a health club that was using a fingerprint reader as an alternative to using a membership card .(http://www.denverpost.com/business/ci_16601571)

The Post article discussed the concerns over using biometrics, including privacy concerns.  To some extent, the concerns over privacy invasion due to someone falsifying biometric information are understandable.  It is the ultimate identity theft — a stealing of a physical aspect of you.  This feels different then a stolen credit card number.

On the other hand, stealing your fingerprint or, worse yet, your finger, is an inefficient way to steal your identity.  Unless there is high value associated with your fingerprint, fingerprint biometric theft is more profitable if taken as a batch, just like credit card theft.

Fingerprint readers work by measuring certain aspects of your fingerprint and storing mathematical representation of those measurements.  What would be stolen is this stored mathematical representation of your fingerprint.  Probably yours and everyone elses in the database.  In this way, what is stolen is a string of numbers — like a credit card theft.

The bigger concern with using biometrics is the assumption that the biometric is always correct.  There is the issue of a fingerprint reader not recognizing you, in which an additional method of authentication is needed.  There is also the issue a the fingerprint reader identifying someone else as you, in which you better hope that what the person is able to access is no more than your health club.

Although there is an emotional pull in considering biometrics for authentication, in the end the issues come down to the same thing as any other means of authentication and authorization– the balancing of the value of what is secured with the cost of keeping it secured for the length of time it is valuable.

While account numbers are unique between a health club and a bank, your biometric is unique to you, regardless of where you use it.   Health clubs have much less riding on the security of biometric data than a bank. If health clubs and banks both use fingerprints in the same way for authentication and authorization of their customers we are in trouble, as there is likely to be much less security for the storage of the health club biometric than the bank biometric.  Once the health club biometric is stolen it can then be used access the bank.

This concern, of course, can be lessened significantly if the health club and the bank measure the fingerprint differently and if they also encrypt the resulting fingerprint mathematical representation differently.  This may create even greater security than using credit card numbers as at least each business using your fingerprint would be storing a different mathematical string and you are far less likely to lose your finger than your wallet.

“Biometrics will only be effective when combined with a second, authenticating factor, such as a PIN or a password. Unfortunately, such an approach limits the degree to which biometrics can simplify security”

By Isaac Leung on  11 October 2010

“Developers of face recognition systems are continuing to work on reliability and the ability to handle the wide range of lighting conditions that are typically encountered by mobile users.”

Biometric Innovations is an Australian company which designs, develops, integrates and delivers biometrics-based security solutions for government and commercial communities. The company’s software engineer, Damien Crabtree says biometrics are becoming more attractive options for businesses as costs come down and the technology reaches full maturity.

The company says in addition to traditional customers from correctional facilities, it’s also seeing its BioMatch software and Sagem fingerprint scanners being deployed in small-to-medium sized businesses, large businesses and retail stores.

“As with all electronics, the manufacturing costs and components have come down in price, so it’s now at a reasonable level for most businesses to contemplate it as an alternative to the existing technologies,” Crabtree told Electronics News.

According to Acuity Market Intelligence, fingerprint technology, given its continuing maturation and cost-effectiveness, will continue to dominate the market through to 2017, although it will be challenged by iris and face recognition.

The relative size of the components and continued integration of technologies will also play a big part in the ubiquity of biometrics. While current fingerprint readers have been reduced to the size of a small chip, the next step is for touch screens to have integrated fingerprint capabilities. Camera and software enhancements could also see visual recognition technologies like iris and face integrated into common devices like mobile telephones.

Inherent insecurity, or incorrect application?

Biometrics differentiates itself from previous security solutions due to its ability to provide positive identification. Successfully leveraging the capabilities of this technology for applications in the consumer, commercial and government sectors will be key for an industry looking to retain its strong growth.

Covetek Australasia provides consumers with domestic fingerprint door locks, such as its BioDoor range. It is also introducing security systems based on facial recognition.

Marketing director Kevin Mackay claims while biometric technologies for consumers need to be practical, affordable and user-friendly, positive identification the central advantage offered by these systems. “Smart cards can be given to a friend to access. A password can be passed on. But biometrics is really recognising a person, through their fingerprint or face,” says Mackay.

But the general biometrics market is not without difficulty. Manufacturers face scepticism from customers regarding the security of their solutions, worries regarding the privacy of biometric data, and legislation stemming from these concerns.

Argus Global is an Australian company which specialises in software applications using biometric technologies to provide access control, time and attendance, visitor management and asset management. According to chief executive officer Bruce Lyman, the holy grail for the biometrics solution industry has always been the application of the technology to combat fraud.

However, erroneous perceptions regarding the privacy and security of biometrics have prevented manufacturers from breaking into that market.

“It’s really about the market not being well-informed about the technology, even though it is already quite mature,” Lyman explained.

The popular television series Mythbusters has not made things any easier. In episode 59 of season 4, hosts Jamie and Adam bypassed consumer-grade fingerprint readers and locks via various methods, including using a ballistics gel replica of a fingerprint.

In September 2010, the US-based National Research Council published a report titled Biometric Recognition: Challenges and Opportunities, arguing biometric systems are “inherently fallible”, calling for additional scientific research and threat assessments.

The problem, Lyman says, is not that fingerprint readers are inherently unreliable or easily fooled. After all, it’s seeing wide utilisation of the technology with its corporate, federal and state clients. “The challenge in the consumer sector is that right now it’s being addressed by technologies that don’t meet international standards,” Lyman explains.

In more critical applications like homeland security or immigration, he claims, the devices and systems are regulated by and compliant with security standards.

Lyman expects the consumer market to be challenged as governments develop legislations in response to the burgeoning use of biometrics. But despite the growing attention being paid to biometrics, Lyman sees the technology as a contributor in the overall application, rather than as a complete security system in itself.

“In this industry, what is not always understood by the users or the market is the fact that the technology is really irrelevant,” says Lyman, “Our biggest customers. . .are driven not by the technology but by the applications you can drive out of that the technology.”

For example, hospitals tend to buy systems which dispense drugs, but have a strong identifying element. Some of these clients might opt for iris biometrics to reduce the risk of contamination from contact.

Lyman says the integration of biometrics into applications and devices is further being driven by the US military, which provides its troops with biometric handheld devices that also embed GPS technologies, picture taking capabilities and wireless connectivity.

But such devices are not restricted to the military, with patents being filed in the United States for an access device intended for the US-VISIT system run by the Department of Homeland Security.

The device would gather fingerprint-based biometric identification and location data provided by a GPS, encrypt the information, and transmit it wirelessly to a server for verification. The technology provides verification of the identity of its holder, and informs the relevant government department if it’s currently inside or outside of the United States, allowing the tracking of entry or exit to and from the country.

While such devices can operate in a standalone mode independent of the presence of a constant connection to a network, Lyman says more information and algorithms are being stored on a single unit, making data protection even more critical. The intensely personal nature of biometric data exacerbates concerns over data security.

“With that sort of trend emerging, the issue is what have I got on the device?” Lyman asks, “What am I storing? If I lose one of these in Afghanistan, where is the data going to end up? How do I store the data, how do I protect it, and what is it connecting back to?”

Lyman says clients sufficiently concerned with data security may instead choose to buck the trend, and utilise “thin” biometric devices which only transmit and receive data to and from a secure network.

Any remaining problems with biometrics will no doubt be ironed out with time, as new technological developments emerge, and standards are developed for the technology However, the industry is more interested in the bigger picture, integrating biometrics into existing and new applications, not so much as a standalone one-size-fits-all security technology, but as enhanced solutions to existing and new challenges.

Identity or authentication?

These trends seem to indicate that biometrics is not the magic bullet for security. A 2006 article by Steve Riley, senior security strategist at Microsoft, posits that biometrics should only play an identifying role in an application, rather than displacing traditional methods of authentication. The piece, titled It’s Me, and Here’s My Proof: Why Identity and Authentication Must Remain Distinct, separates the concepts of identity and authentication.

Identity is a public assertion which in the pre-biometrics age was the equivalent of a user name. Authentication is the secret response, such as a PIN or password.

Riley argues biometrics should only provide the identity part of the equation, since people leave their biometric signatures everywhere. While biometric data is certainly harder to replicate than simply typing in a username, it’s not infallible. As Mythbusters found, fingerprints can be easily lifted from surfaces, while faces are readily stored by security systems and cameras.

According to Riley, biometrics will only be effective when combined with a second, authenticating factor, such as a PIN or a password. Unfortunately, such an approach limits the degree to which biometrics can simplify security.

Technologies are emerging, however, which blend protection and convenience by combining biometric identification data with context-specific data such as location, time, or platform to form a security certificate. Such systems would provide access and authorisation only if all data points line up.

Biometrics, while still conjuring futuristic expectations, is here today as a maturing technology, especially in fingerprint. While bringing to the table capabilities like positive identification, biometrics should be seen as an enhancement to security, rather than being a replacement of existing solutions.

As such, it performs best when integrated as part of a larger system, and serving an identification role in various applications. This trend is one which will continue as devices and systems are increasingly embedded with biometric components and functions.

While it is easy to be distracted by the workings of biometrics, systems-level considerations undertaken by the designers and the competence of users can make or break the underlying security technology.

Biometrics is centred around humans — the biological signatures of fingerprints, veins, irises, faces, and voices. And the effectiveness of any security implementation is ultimately dependent on the people designing and constructing the system. Humans are the key to a successful system in both senses of the word.

Article by Sheila Robinson
Edited & published by Lamar Stonecypher

Security and privacy is important to everyone. The use of biometric technology has improved confidence in this area. However, as with any technology it can be a subject of abuse. Should we feel safe with such personal information being obtained by businesses and the government?

Government Use of Biometric Information

The use of biometry technology by the US government is increasing. Biometric technology methods such as facial recognition can be useful for finding criminals in large public areas. However, there is concern that it can be abused and infringe our first amendment rights, such as protesters at a political rally. People could be identified from these situations and put into a government database. Another problem is that facial recognition biometric readings are prone to a high rate of error. It is possible that individuals could be accused of being involved with crimes that they did not commit.

After 9/11, security has become a big issue. The Transportation Security Administration (TSA) is trying to implement “whole body scanners” for use on international travelers in airports. By many this is considered to be a civil liberties violation, since the TSA has confirmed that naked digital pictures of an individual could be stored or transmitted to other locations.

Other privacy issues with biometric technology concern abuse of this information during times of social unrest. There is concern that public and private databases that contain information like fingerprints could be accessed and misused. Biometric social security cards are also being considered as a measure to prevent illegal immigrants from getting jobs. Loss of job opportunities and discrimination could be possible with inaccurate biometric readings.

Fraud or Identity Theft with the Use of Biometric Technology

Biometric methods are not foolproof. Due to this vulnerability, there is always the threat of someone impersonating an individual and stealing their identity by obtaining this data. Problems could later result for the individual being impersonated. Since the biometric data is supposed to be accurate due to its unique qualities an individual’s innocence may be difficult to prove. Unlike passwords, biometric readings cannot be replaced with another one from the same person. Other potentially dangerous situations could also occur – like a person cutting off the finger of another individual to gain access to a security system, vehicle etc.

Other Concerns with Biometric Methods

Security systems that scan and compare biometric data can give false positive and false negative readings. There can be a system breakdown if the scanning sensor fails to produce an accurate reading. This could result in a valid individual being denied access through the system or giving access to someone who should not be allowed entry.

Other privacy issues with biometric technology concern the data being used to crosslink other information about an individual, such as their marital status, religion or employment situation.

Final Thoughts on Biometric Technology and Privacy

Even though using biometry technology is considered to be an effective measure for security and protection against crime, there is concern that it violates the privacy and personal rights of individuals. These issues include the possibility of fraud, identity theft, civil liberty violations and inaccuracy of data that could result in being accused of a crime or become a victim of discrimination. It raises questions about how the biometric data is stored. Could the information be shared internationally? We should also be concerned about the long term effects of biometric data being tracked on such a close basis.

By Spencer Ackerman | August 25, 2010

BAGRAM AIR FIELD, Afghanistan — Don’t think of the U.S. military’s new Detention Facility In Parwan as just a holding pen for suspected insurgents. It’s also an emerging datafarm, storing biometric information on its inmate population. In a country with a shaky commitment to the rule of law, those identifiers could become weapons.

Parwan, with its thousand-or-so detainee population, will become an Afghan-run detention complex next year. By 2014, it’ll become a major Afghan jail, run by the Ministry of Justice to incarcerate convicted criminals, not hold insurgents taken off the battlefield. But Army Brigadier General Mark Martins, who currently runs day-to-day operations at the detention center, explains that there’s a basic problem with Afghanistan’s criminal justice system: It doesn’t have a efficient information infrastructure to identify the people it holds. That’s where he comes in.

Every detainee who comes into Parwan leaves basic information with the Detainee Services Branch during in-processing: Name; father’s name; residence. A mark of any identifying scars, marks or tattoos. Residence of record. After a shower and a medical exam, the DSB scans their irises and collects prints from all of their fingers, rolling their thumbs for a 360-degree view. Its cameras snap five photographs of every detainee’s face. All of this information goes into a military database called the Automated Biometric Information System.

Troops in the field can access the system through a set of portable consoles that the DSB has on hand. The Biometrics Automated Toolset, or BAT, allows troops who detain insurgents on the battlefield to get a quick biometric identification of who they’ve captured, all through talking to the database. One clunky component of it, the Handheld Interagency Identity Detection System (HIIDE), which looks like a big black FunSaver, takes pictures of a captive’s irises, facial features and fingerprints. BATS and HIIDE were used in Iraq, where counterinsurgents like David Kilcullen praised the devices for allowing troops to quickly and positively identify known insurgents during the surge.

But any detective will tell you that a database is only as good as the data it contains. And after 30 years of war, Afghanistan isn’t really in the data-collection game. The U.S. military’s detentions command, known as Joint Task Force-435, is working with the Afghan Ministry of Interior to kick-start an up-to-date records program.

Martins says he and the ministry want “enrollments on 15 percent of fighting-age males,” Afghans between the ages of 14 and 49.  Studies that he’s seen convince him that 15 percent represents a Gladwellian tipping point, allowing the U.S. and the Afghans to match exponentially more latent fingerprints off homemade bombs to Afghans in the system.

But that means biometric information about one million people. And the easiest way to get this information is by locking up a whole lot of Afghans and collecting it against their will, one of the reasons that human rights advocates are wary about the U.S.’s plans to turn over Parwan to the Afghans.

In Iraq, privacy advocates raised similar concerns about weaponizing the biometrics database — essentially, turning it into a military hit list. Afghanistan is filled with corruption, fraud and malicious police officers. Its commitment to the rule of law is, to be charitable, immature. In such a circumstance, a counterinsurgency tool like the biometric database just as easily become predatory, allowing its possessors to take out their political or ethnic rivals and reward their allies. If theWikiLeaks disclosures put Afghans in danger, imagine what iris scans and fingerprints could mean for people who don’t want to pay bribes to crooked cops.

“That’s a policy-significant issue,” Martins admits, “Who holds the data?” According to an October memorandum signed by the U.S. and Afghan governments, the Afghans will. The U.S. might see its collected records become the “biometric component of a national ID” Martins says, good for property ownership records, establishing credit lines and other economic behavior. But first, the biometrics database will be “MOI’s data,” in the hands of the security services — the legacy of ten years of U.S. detention operations in Afghanistan.

Credit: DoD Biometrics

By Demian Bulwa • San Francisco Chronicle | Posted: Monday, August 23, 2010 12:15 am | No Comments Posted

Share

OAKLAND, Calif. • When the 24 Hour Fitness chain recently installed finger scanners as a way of verifying members’ identity, it was a public première of sorts for a powerful and fast-expanding technology — and a test of whether consumers will embrace it.

The scanners, which came to the chain’s 60 Bay Area gyms this month, are a form of biometrics, in which people are recognized through a unique physical quality. Although 24 Hour Fitness checks fingers, biometric devices can verify people’s identity based on the contours of hands, eyes and faces, a voice, even a scent or a style of walking.

The technology has become far more accurate and affordable in recent years, allowing it to move beyond longtime police and military uses and to be hailed as a potential solution to the menace of identity theft.

Corporate America has taken notice, as have privacy advocates, who say consumers ought to tread cautiously into a largely unregulated field.

Many companies now have employees punch in with biometrics. At schools, the devices restrict access or allow students to pay for subsidized lunches. The gym at California State University Chico uses hand scanners, while Walt Disney World scans the fingers of pass-holders. In some countries, finger scanners are built into ATMs.

“It’s just part of our cyber-existence these days,” said Dan Miller, a senior analyst at Opus Research in San Francisco, which has focused on voice verification. “The neat thing about biometrics is that you are the thing that identifies you.”

The novelty of the technology, though, prompted an array of reactions at 24 Hour Fitness. Outside a downtown Oakland gym one morning, many customers said they had signed up without reservation for the new “Cardless Check-in” system, seeing only speed and convenience.

“Why not? It’s cool,” said Michael Nguyen, 38, an engineer from San Jose. “It’s not a big deal.”

But others — some of whom refused to participate in the program, which is voluntary — felt as if they had stumbled into a science fiction plot. They worried that the gym was going to do something sinister with their scan, while admitting they couldn’t think of exactly what that would be.

“The only time I ever saw that before was in the movie ‘Total Recall,’” said Isaac Thomas, 36, a Caltrans worker from Vallejo. He said he had submitted to scanning but added, “Now I’m wondering what they’re going to do with my fingerprint.”

“I did not do it,” said Jenica Babbitt, 35, a social worker from Oakland. “I don’t know why I didn’t do it. It just seems weird.”

Another woman said she was concerned about the scanners but for a different reason: She often sneaks into 24 Hour Fitness under a friend’s membership. She declined to give her name.

Company officials, concerned about the public perception of the scanners, tested them for months at some locations while soliciting feedback from members. They say the reaction was overwhelmingly positive, with just 3 percent of people declining to be scanned during the pilot program.

The officials say they have no ulterior motive. They say the scanners simply allow visitors to show up without a club card and an ID, while preventing nonmembers from sneaking in. The company also saves on paper, plastic and postage, having issued 1.9 million cards last year.

Members using the machines must first enroll, submitting to an initial scan. Then, during visits, they punch in a 10-digit code before placing the pad of one of their index fingers over a small window. Using the code, the system compares the finger to the one that was previously enrolled. False matches, or rejections, are rare, the company says.

The system doesn’t actually store fingerprints of the type that could be compared with prints from a crime scene, officials say. The machines, made by MorphoTrak of Alexandria, Va., map out unique points within the ridges of a finger, then convert that information into a binary code— ones and zeroes — that is encrypted.

If someone were able to crack the encryption, said Gary Jones, MorphoTrak’s senior manager for biometric security products, “it would still be impossible to reverse-engineer the information into a person’s fingerprint image.”

Two privacy experts who have followed biometric technology said that, in isolation, the health club’s program may be perfectly safe. But they said consumers should be certain that biometric scans taken at places such as 24 Hour Fitness are stored securely and not used for any other purpose.

It is conceivable, they said, that a law enforcement agency could figure out a way to compare fingerprints with a database such as the one kept by 24 Hour Fitness. It’s also possible, they said, that finger scans could be stolen as credit card numbers are.

Jared Kaprove, an attorney who focuses on domestic surveillance at the Electronic Privacy Information Center in Washington, said, “It’s easy to get a credit card reissued, but you can’t get your fingerprints reissued.”

Posted in Medical, National on Monday, August 23, 2010 12:15 am Updated: 11:26 pm.

The public has repeatedly rebuffed attempts by the federal government to centralize identification management

By Mike Spinney – Jul 22, 2010

Mike Spinney is a senior privacy analyst at the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy.

The Homeland Security Department recently announced an initiative aimed at creating a more secure system of online identification. According to its Web site, the National Strategy for Trusted Identities in Cyberspace seeks to “improve cyberspace for everyone — individuals, private sector and governments — who conducts business online.”

That’s certainly a noble goal. But the very existence of NSTIC begs two very important questions: Does protecting me and my fellow citizens while we transact business online fall within the department’s areas of responsibility? And does DHS truly believe it can do what the private sector, driven by a clear and compelling profit motive, has yet to successfully accomplish?

The answer to both questions is a resounding no. DHS should focus on doing what its name implies — protecting the homeland — and resist the urge to demote itself into the role of national cyber mall cop.

I say this not to demean the department, which shoulders a weighty load in addressing the manifold threats to our shores in this age of terrorism, but because any effort by DHS to create a voluntary trusted identity program is doomed to fail.

The recent experience and backlash associated with Real ID — rebuffed by the general public and legislatively rejected by 11 states before being scrapped — and high-tech passports — subject to ongoing criticism for their security vulnerabilities — demonstrate that the public is uneasy at best and at worst dead set against any attempts by the federal government to centralize identification in any form. Another national identification storm cloud is gathering on the horizon in the form of the Biometric Enrollment, Locally-stored Information, and Electronic Verification of Employment provision of pending immigration reform. With every attempt at using technology to track citizens, George Orwell’s shadow grows longer.

Conspiracy theories aside, lessons learned from the evolution of Social Security numbers into a de facto national financial credential — in spite of being prohibited by the law that created them for any use other than the management of Social Security benefits — should be enough to remind us of what can happen with a national identification program even when it is conceived with the best of intentions.

Of course, DHS would not be the first organization to fail at creating a broadly successful universal digital identifier. Devices such as smart cards and tokens have been in use for years and are effective for managing identity-based access to secure enterprise systems. But such technology works best in a single organization because cost and management issues temper their advantages in broader applications.

At the consumer level, where individuals might be using multiple identities for a broad range of applications, any secure identity system would need to take into account the highly complex vagaries of human behavior. Doing so successfully in the private sector would be a feat with a multibillion-dollar payday — and there’s plenty of money and brainpower being spent on that effort already.

Consider, too, the challenges DHS faces in successfully launching a trusted identity program when the agency lacks the trust of the general public. In the Ponemon Institute’s annual Privacy Trust Study of the United States Government, DHS ranked 70th among the 75 federal agencies studied. The Citizenship and Immigration Services agency and Customs and Border Protection agency, both of which are part of DHS, ranked 74th and 75th, respectively.

If DHS believes that a more secure online experience will enhance homeland defense, that goal would be better served by the creation of an educational program that makes people more aware of how to safely conduct online activities. When you get beyond the Beltway, you find that too many people are making unsafe decisions online not because the technologies and techniques are lacking but because they simply don’t know any better. If left to persist, public ignorance will be the downfall of any trusted identity strategy.

In a country where Nepali’s, Bangladeshis and Pakistani’s can practically walk across the border – why should a terrorist bother to fake a biometric passport?

It could come useful in certain situations. Why would someone like David Headley risk a clandestine crossover, when he could live in the best of hotels, mix in the most hallowed social circles – legally? It’s also a neat trick to shift blame to an Indian citizen, after a terrorist attack.

But an “attack” is not the only thing a cloned biometric passport can be used for. It can also be used to steal your identity. For cheap. If my last post made you believe it’s almost impossible to mess around with a biometric passport, I’m very sorry. Because this one – is about how it’s already been done. With equipment that costs less than ten thousand rupees.

Lukas Grunwald, a German security expert, did it in 2006. British newspapers reported on a similar stunt by Adam Laurie, in 2007. Jeroen Van Beek, a researcher in the Netherlands, actually walked into Amsterdam airport with a fake biometric passport made in the name of Elvis Presley. He was not stopped.

Just Google their exploits – most technically minded terrorists probably already have. Here’s a quick account of how they did it.

A biometric passport has a chip, about the size of the one in your mobile phone SIM. That chip is embedded in a radio transmitter, slightly smaller than your visiting card. The entire unit is then sealed, into the last, thick page of our passports. You’ll get one of these things when you apply to renew your passport.

Effectively – this passport is now a tiny radio transmitter. It emits radio signals at a certain frequency. And over those radio waves, it transmits the information stored in its chip.

If you have a radio scanner listening in on that specific frequency – you can intercept that data. You could be standing ten meters away, you wouldn’t even need to touch the passport. You could read it, then clone it.

I’ll get into the specifics later. But here’s why you should begin to get worried.

1.) Let’s say a terrorist knows he looks a fair bit like you. First, he’d clone all your passport details by eavesdropping on the chip. Then insert his new, cloned chip into a fake paper passport he’s already made.

He’d grow a beard or a pony tail – to confuse the airport guards. When they test his passport on their reader, it wouldn’t ring any alarms – after all it’s a perfect clone of a perfectly valid passport.

When they try to physically cross check his appearance against your facial image stored on the chip, they wouldn’t spot a difference. A biometric facial or fingerprint scanner would have rung alarms – but they’re very expensive and used at very few counters. So a terrorist COULD cross borders – using YOUR passport details.

There is also a psychological problem – if the machine says a passport is OK, airport officials will tend to believe it and drop their guard. They won’t bother to do a more careful physical check. Because that would take more time – and after all wasn’t the biometric passport meant to save time at check in counters?

2.) Or let’s say it’s scamsters who want to target you. The postman or courier boy who delivers your passport home, could copy details from its chip, without even opening the envelope. So could a hotel attendant abroad – when you show him your passport to book a room. Among those details, will be an exact digital copy of the first page of your passport.

This first page is something we often photocopy. We use it as a proof of identity – to open a bank account, to apply for a new phone connection, for a driving license etc. The scamster could send that first page to an Indian bank and open a new account in your name. And funnel in dirty money into it, without you ever knowing.

3.) There’s another loophole in the “Biometric Passport as extra security” scheme. When you walk into a country like the US with your passport, your info is not only scanned and crosschecked – it’s also stored on their servers for a very long time. This supposedly happens to all passports presented at immigration – part of their “War on Terror” is keeping track of the details and frequency of people’s visits.

In theory, a corrupt official in the department could gather your private data and sell it to people on the black market. Right now – someone else can’t easily match your unique biometrics. But technology gets better everyday, so a leak in the department would mean a terrorist could walk around with your identity.

4.) Another pinprick in the “security” angle. At least one researcher has shown how to trigger a small bomb when it comes close enough to radio signals transmitted by a particular country’s passport. Terrorists could also use a similar technique can to single out people of a particular country from a group – and target them for kidnapping/elimination.

It’s not just passports. The technology can be used to eavesdrop and clone other RFID or Radio Frequency Identification Devices. That includes the card you use to get entry into your office, your new driving license and perhaps even the upcoming UID or Universal Identity card.

Getting back to the passports. Inexpensive Radio Frequency scanners can easily be bought online. You could also build one by modifying the Bluetooth receiver on your PC. Software like Golden Reader, that let you communicate with a passport chip, are easily available on the net. The International Civil Aviation Organization or ICAO – the nodal agency behind the biometric passport movement, has it on its website.

When held over a passport reader at the airport, the chip and the reader first challenge each other with a code. Once each is satisfied the other’s a genuine party – the chip transmits the info it carries to the reader.

To prevent people from eves-dropping on this exchange, the designers of biometric passports used a simple trick. They printed a twenty four character, two line strip of data on one of the pages of the passport.

This “Strip” is called a “Machine Readable Zone”, or MRZ. Only after swiping this strip through a machine, would the passport reader be able to generate a valid challenge that the passport chip would respond to. So whoever wants to read the passport, would have to have it open, in his hand.

Smart. The problem is, the characters they’ve decided to print on that strip. Your date of birth, your passport number, its date of expiry and so on – in a specific pattern.

Clever programmers can guess those details. Your DOB, they find from sites like Facebook. From public databases online – they observe patterns in a long series of passport numbers. They also find out the number of passports issued everyday in the country.

They feed all that research into a maths formula that’s often used by companies to generate things like random credit card numbers. And crack the MRZ of your passport, on a normal home PC, in under two hours. The big expense – about Rs 10,000 for a radio scanner. With the MRZ code, a terrorist or scamster can suck data from your chip, standing upto ten meters away at the check in counter.

Governments could of course put in place a more complex passport numbering system. But though such demonstration attacks have been widely reported in the foreign press, they haven’t moved on this yet.

When someone like a postman has the luxury of holding your physical passport in his hand, he can suck it dry with another trick. He swipes the passport against his radio scanner many, many times.

The more the number of swipes, the higher the chance of the computer mathematically guessing the security code. In an ATM, if you enter the wrong code thrice – you’re locked out and can’t withdraw any money. A similar safety feature hasn’t yet been built into these passport chips.

A small backgrounder on how all this started in the first place. After 9/11, America decided that all foreigners entering its borders would need to have machine readable passports with biometrics – on the assumption that these would be tough to forge.

It demanded this of the 27 countries that had a visa waiver agreement with it. Most of Europe fell in line and soon, the rest of the world.

After researchers publicly carried out attacks on these passports, FIDIS, or the “Future of Identity in the Information Age” – a European Union funded body called the technology used in them “poorly conceived”.

“European governments have forced their citizens to adopt documents which dramatically reduce their security and privacy and increase the risk of identity theft.”

The Indian Government however – doesn’t seem to have listened.

Posted by Howard A. Schmidt to the White House Blog – on June 25, 2010 at 02:00 PM EDT

Cyberspace has become an indispensible component of everyday life for all Americans.  We have all witnessed how the application and use of this technology has increased exponentially over the years. Cyberspace includes the networks in our homes, businesses, schools, and our Nation’s critical infrastructure.  It is where we exchange information, buy and sell products and services, and enable many other types of transactions across a wide range of sectors. But not all components of this technology have kept up with the pace of growth.  Privacy and security require greater emphasis moving forward; and because of this, the technology that has brought many benefits to our society and has empowered us to do so much — has also empowered those who are driven to cause harm.

Today, I am pleased to announce the latest step in moving our Nation forward in securing our cyberspace with the release of the draft National Strategy for Trusted Identities in Cyberspace (NSTIC).  This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.

The NSTIC, which is in response to one of the near term action items in the President’s Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers – both public and private – to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.). Another key concept in the strategy is that the Identity Ecosystem is user-centric – that means you, as a user, will be able to have more control of the private information you use to authenticate yourself on-line, and generally will not have to reveal more than is necessary to do so.

The Department of Homeland Security (DHS), a key partner in the development of the strategy, has posted the draft NSTIC at www.nstic.ideascale.com. Over the next three weeks (through July 19^th), DHS will be collecting comments from any interested members of the general public on the strategy. I encourage you to go to this website, submit an idea for the strategy, comment on someone else’s idea, or vote on an idea. Your input is valuable to the ultimate success of this document. The NSTIC will be finalized later this fall.

Howard A. Schmidt is the Cybersecurity Coordinator and Special Assistant to the President

Yosie Saint-Cyr

It was recently reported that Passport Canada has issued 25,000 biometric passports, and plans to issue them to all Canadians by 2011. The government is introducing e-passports to enhance security, fight fraud, reduce identity theft and meet international counter-terrorism measures already in use in travel documents in over 60 countries, including the United States, the European Union, Australia and Israel. The e-passport will now be valid for a period of 10 years (thank you!—that’s an improvement at least).

A biometric passport has a data chip inside it that can be read electronically. The chip contains information about the holder’s face—such as the distances between eyes, nose, mouth and ears—which authorities can use to identify the passport holder. These details are taken from the holder’s passport photograph. The chip also holds the information that is printed on the personal details page of the passport. Biometric details are unique to each citizen, like a fingerprint, the iris of the eye and facial features.

The US Electronic Privacy Information Centre (EPIC) describes the privacy issues and risks associated with facial recognition technology (FR) in the following manner:

Devices using biometric identifiers attempt to automate this (FR) process by comparing the information scanned in real time against an ‘authentic’ sample stored digitally in a database. The technology has had several teething problems, but now appears poised to become a common feature in the technological landscape. … There are significant privacy and civil liberties concerns regarding the use of such devices that must be addressed before any widespread deployment.” (Emphasis added.)

EPIC has identified six major areas of concern:

Passport Canada has indicated that it has taken measures to avoid or mitigate the above privacy risks. Several summary reports dealing with these issues and action taken are available on the Passport Canada website.

Data on the chip is protected in various ways, including: a “digital signature”, which shows that the data is genuine and which country has issued the passport; access control, where a “chip protocol” prevents the data being read without the passport holder’s knowledge; and a digital technique that confirms the data on the chip was written by an authorized regional passport department and has not been changed. Also, the chip can only be read within 10 centimetres from a chip reader, so it cannot be accidentally read.

However, the Canadian Civil Liberties Association (CCLA) still believes that privacy concerns are an issue and have not all been dealt with.

In a recent report, the CCLA indicated that new technologies such as biometric passports should be implemented with adequate legal safeguards. The group is interested in knowing what measures Passport Canada has taken to date, and intends to continue acting to ensure the civil liberties of Canadians are being protected, including the rights of privacy and mobility.

Moreover, the CCLA shares the same privacy and accuracy concerns (in PDF) on the introduction of biometric passports (e-passports) in Canada as EPIC. They are:

• “Function creep”, which means using the information in the future for a purpose beyond the original purpose
• Third party access to the information to link the information to that of the third party without the consent of the individual
• Centralized retention of the information
• Loss of control by individuals on the use and dissemination of one’s personal information

In addition, Canadians travelling with biometric passports will be subject to the privacy practices of other countries. This means, for example, that foreign databases might store Canadian citizens’ personal identifying information. The CCLA would like to know how Passport Canada plans to handle this inevitability? And rightly so. Privacy International has reported that because of biometric passports, the International Civil Aviation Organization (ICAO), would have a database of over a billion people worldwide by 2015. Yikes!

The CCLA has stated—and I totally agree with them:

While Canadian citizens understand they have restricted privacy rights at international borders, they are not necessarily consenting to the information contained on the RFID chip in the passport being stored in a foreign government’s database.”

Furthermore, the CCLA brought up the issue that faces are constantly changing, and facial biometrics open a Pandora’s box for mass surveillance by states of individuals, with a corresponding chilling effect on many civil liberties. As a fine example, take the 2009 case of Suaad Hagi Mohamud, a Canadian woman who was erroneously accused by Kenyan border officials of impersonation because they thought she did not look like her passport photo. Canadian consular officials concurred that she was an imposter and voided her passport. She was stranded in Kenya for three months before DNA evidence proved her identity.

As I was reading the CCLA’s privacy and accuracy concerns on the introduction of biometric passports in Canada, a story broke about misuse of passport information. A border guard used women’s passport details to hit on them later on Facebook (of course). The Canada Border Services Agency has known about the problem since last October when it received a complaint. The article states that the agency refused to release the name of the employee subject of the complaint, or information about whether the employee was disciplined or terminated.

It is evident that biometrics, and the collection of personal biometric information, raises obvious significant privacy concerns. It’s easy to see that this information can be used and misused. Yes, maybe it is a strong authentication measure, but the invasion of privacy and potential for misuse is in my opinion very undesirable.