by Adam Walser

The criminals new joy with Biometrics is, once you’ve fool the system, your faked fingerprint is made of the same stuff as fruit pastilles, so you can simply dress the evidence on other innocent victim, without letting the victim any chance to hold himself blameless.

LOUISVILLE, Ky. (WHAS11) — A Louisville woman says she was arrested by police, thrown in jail and went to court for crimes she never committed three times in the last year and a half because of her name.  The woman’s name is Melissa Ann Richardson, but she’s not the only woman with that name in Louisville.  Richardson says another Melissa Ann Richardson has been getting in lots of trouble and doesn’t show up for court, which is making her life increasingly difficult.
Whenever Melissa Ann Richardson leaves home, she has to have lots of documentation proving that she’s Melissa Ann Richardson because recently she’s been confused with a different Melissa Ann Richardson.  She is also white, has brown hair, green eyes and an October birthday.  The difference is that Melissa Ann Richardson has been arrested dozens of times for prostitution and drugs. “I don’t see any resemblance and that’s just because I don’t want to be affiliated in any way with prostitution,” said Richardson.
The other Melissa Ann Richardson also has an unfortunate habit of not showing up for court.  Twice last year, Melissa Ann Richardson was arrested, booked and had to go to court for the other woman’s crimes. “They told me that it was done. They typed everything in. The clerk said ‘Okay, we’re sorry. It won’t happen again,’” said Richardson.  However, on Friday, Richardson said it happened again.
She was stopped at a red light in a minivan in West Louisville when a police officer pulled her over and questioned her.  After checking her ID, the officer arrested Richardson on charges she says belong to the other woman.  The other Melissa Ann Richardson apparently even gave officers the first Melissa Ann’s date of birth when she was arrested so it was back to jail.
“Usually it’s only been about eight hours. This past weekend, it was the worst of it. It was 33 hours,” Richardson said.  Police say the mix-ups can happen because right now, pictures aren’t placed on e-warrants, which are displayed on officers’ laptop computers so police rely on the information they’re given. A Louisville Metro Corrections Department spokesperson says it’s standard procedure to use a fingerprint scan on all prisoners who are booked.  It’s unclear as to what happened in the latest case.
As for Richardson, she’ll keep carrying her makeshift purse.  “Thank you for not believing me, but I’m out. And if you arrest me again, I’m gonna get out again. But this time, I’m pursuing a different angle. I’ve called our attorney and we’re gonna go that route,” Richardson said.
Late this afternoon, we learned that part of the problem at the jail is that the records for both Melissa Ann Richardsons were apparently merged, leading them to believe they had the right suspect over the weekend.
We tried to locate the other Melissa Ann Richardson to talk to her about the situation today, but like the police, we weren’t able to find her.

Apple looking to profile users with heartbeat sensor, facial recognition on future iPhone?



By:Will Park

About Will -  Monday, August 23rd, 2010 at 12:28 PM PST

Apple isn’t just looking to keep their iPhone and iPod devices secure from the ever-present threat of users looking to jailbreak their smartphone/media player, the Cupertino, CA.-based tech company is apparently considering using biometric heartbeat sensors to verify authorized users. We recently mentioned that a newly uncovered patent application hinted at Apple’s plans to lock down or remote wipe data on iPhones that have been deemed jailbroken or unlocked. That, in itself, was a bit disturbing, but we’re not sure how to feel about a future iPhone being able to identify users by heartbeat, voice, or facial recognition.

On the one hand, the technology is impressive. We first saw Apple’s patent application on embedded biometric sensors about a year ago. The idea that a smartphone could use integrated sensors to detect users via heartbeat patterns, voice patterns, and pictures of users’ faces is like sweet, sweet music to a gadget geek’s ears. Automatic biometric identification sounds like a geek’s dream come true. In fact, this kind of technology solves one of the initial obstacles to artificial intelligence – the ability to accurately identify people.

Unfortunately, there are privacy concerns at stake here. Worse yet, there’s the unsettling potential that your iPhone could turn snitch on your biometric readings, should you decide to jailbreak your phone. Think about it. Upon detecting that you’re running a jailbroken or unlocked iPhone, this technology could very well report to Apple your unique biometric signature for future reference. From that point on, you could be tagged in some Apple customer service computer as a person to scrutinize when it comes time for warranty repairs or other customer service matters.

On the upside, it sure would be nice to know that your wayward iPhone was capable of detecting an unauthorized user and alerting authorities (and yourself, of course) that it is in the process of being “misappropriated” – all before you even realized that the handset is no longer in your pocket or purse. Apple’s Find My iPhone feature in its MobileMe service does a great job of tracking the phone and wiping all data (should it come to that), but that’s only possible if you A) know that your phone is missing and B) have a computer nearby to lock/wipe the handset.

The downside, of course, is being denied for customer service on your device because Apple knows that your unique biometric signature has been associated with a jailbroken, unlocked, or otherwise hacked iPhone. That’s not a pleasant thought – especially because Apple customer service is widely considered to be at the top of its game.

In either case, we’re not going to be able to stop the mobile industry’s march towards higher technology and more gadget wizardry as time goes on, so we might as well get used to new tech that makes us feel a bit uncomfortable.

What say you? Would you be inclined to buy a phone that included biometric security and technology that would be able to detect an unauthorized user?

[Via: AppleInsider]

Adobe CTO: Apple’s behavior a throwback to 1984

By Demian Bulwa • San Francisco Chronicle | Posted: Monday, August 23, 2010 12:15 am | No Comments Posted

Share

OAKLAND, Calif. • When the 24 Hour Fitness chain recently installed finger scanners as a way of verifying members’ identity, it was a public première of sorts for a powerful and fast-expanding technology — and a test of whether consumers will embrace it.

The scanners, which came to the chain’s 60 Bay Area gyms this month, are a form of biometrics, in which people are recognized through a unique physical quality. Although 24 Hour Fitness checks fingers, biometric devices can verify people’s identity based on the contours of hands, eyes and faces, a voice, even a scent or a style of walking.

The technology has become far more accurate and affordable in recent years, allowing it to move beyond longtime police and military uses and to be hailed as a potential solution to the menace of identity theft.

Corporate America has taken notice, as have privacy advocates, who say consumers ought to tread cautiously into a largely unregulated field.

Many companies now have employees punch in with biometrics. At schools, the devices restrict access or allow students to pay for subsidized lunches. The gym at California State University Chico uses hand scanners, while Walt Disney World scans the fingers of pass-holders. In some countries, finger scanners are built into ATMs.

“It’s just part of our cyber-existence these days,” said Dan Miller, a senior analyst at Opus Research in San Francisco, which has focused on voice verification. “The neat thing about biometrics is that you are the thing that identifies you.”

The novelty of the technology, though, prompted an array of reactions at 24 Hour Fitness. Outside a downtown Oakland gym one morning, many customers said they had signed up without reservation for the new “Cardless Check-in” system, seeing only speed and convenience.

“Why not? It’s cool,” said Michael Nguyen, 38, an engineer from San Jose. “It’s not a big deal.”

But others — some of whom refused to participate in the program, which is voluntary — felt as if they had stumbled into a science fiction plot. They worried that the gym was going to do something sinister with their scan, while admitting they couldn’t think of exactly what that would be.

“The only time I ever saw that before was in the movie ‘Total Recall,’” said Isaac Thomas, 36, a Caltrans worker from Vallejo. He said he had submitted to scanning but added, “Now I’m wondering what they’re going to do with my fingerprint.”

“I did not do it,” said Jenica Babbitt, 35, a social worker from Oakland. “I don’t know why I didn’t do it. It just seems weird.”

Another woman said she was concerned about the scanners but for a different reason: She often sneaks into 24 Hour Fitness under a friend’s membership. She declined to give her name.

Company officials, concerned about the public perception of the scanners, tested them for months at some locations while soliciting feedback from members. They say the reaction was overwhelmingly positive, with just 3 percent of people declining to be scanned during the pilot program.

The officials say they have no ulterior motive. They say the scanners simply allow visitors to show up without a club card and an ID, while preventing nonmembers from sneaking in. The company also saves on paper, plastic and postage, having issued 1.9 million cards last year.

Members using the machines must first enroll, submitting to an initial scan. Then, during visits, they punch in a 10-digit code before placing the pad of one of their index fingers over a small window. Using the code, the system compares the finger to the one that was previously enrolled. False matches, or rejections, are rare, the company says.

The system doesn’t actually store fingerprints of the type that could be compared with prints from a crime scene, officials say. The machines, made by MorphoTrak of Alexandria, Va., map out unique points within the ridges of a finger, then convert that information into a binary code— ones and zeroes — that is encrypted.

If someone were able to crack the encryption, said Gary Jones, MorphoTrak’s senior manager for biometric security products, “it would still be impossible to reverse-engineer the information into a person’s fingerprint image.”

Two privacy experts who have followed biometric technology said that, in isolation, the health club’s program may be perfectly safe. But they said consumers should be certain that biometric scans taken at places such as 24 Hour Fitness are stored securely and not used for any other purpose.

It is conceivable, they said, that a law enforcement agency could figure out a way to compare fingerprints with a database such as the one kept by 24 Hour Fitness. It’s also possible, they said, that finger scans could be stolen as credit card numbers are.

Jared Kaprove, an attorney who focuses on domestic surveillance at the Electronic Privacy Information Center in Washington, said, “It’s easy to get a credit card reissued, but you can’t get your fingerprints reissued.”

Posted in Medical, National on Monday, August 23, 2010 12:15 am Updated: 11:26 pm.

Why are fast fingerprint matching algorithms not used by the FBI for IAFIS? Ten (10) minutes for a fingerprint match?

Lockheed heads a $1.5 billion project upgrading the FBI IAFIS. The upgrade regarding fingerprints has occurred, and new statistics show full fingerprint matching takes at least 10 minutes when submitted electronically. That’s on a database of 56 million criminal prints, plus nearly 250 million civil prints. How can that be? With commercial matching algorithms available that perform at 20 million fingerprints/sec, it should only take 15 secs, add a few for comm lag. Are the newer algorithms not really reliable, or do Lockheed and the FBI disdain new developments from smaller companies? Why is 10 minutes the best match time from IAFIS?

A man was arrested in Florida for loitering. Police fingerprinted him and electronically submitted his prints to the FBI’s fingerprint database. Within five minutes, Florida police were notified that their loitering suspect was wanted in California on murder charges. California officials were also notified.

The database is fed by more than 86,000 agencies

Our Integrated Automated Fingerprint Identification System responds quickly to requests like this 24 hours a day, 365 days a year, to help our local, state, and federal partners—and our own investigators—solve and prevent crime and apprehend criminals and terrorists.

IAFIS houses some 56 million criminal prints (plus nearly 250 million civil prints) submitted by more than 86,000 criminal justice agencies. Included in our criminal database are fingerprints from 73,000 known and suspected terrorists processed by the U.S. or by foreign law enforcement agencies who work with us.

IAFIS keeps communities safe. There’s no better way to illustrate how IAFIS works than to show how it’s been used. Other recent cases:

• Texas Rangers reported four suspicious individuals along a remote part of the U.S.-Mexico border to the U.S. Customs and Border Protection. Customs took the four into custody and, after determining they were in the U.S. illegally, took their fingerprints and sent them electronically to IAFIS. Lo and behold, there was a hit: one of the men was wanted on murder charges in North Carolina.
• In Virginia, a federal program giving credentials to transportation workers sent a potential employee’s prints to IAFIS. Good thing—the man was wanted by Miami authorities for murder (suffice to say he didn’t get the job!)
• Police in New York City arrested an individual on assault charges. His prints were sent to IAFIS, which sent back word that the man was wanted not only by local authorities in Pennsylvania on murder charges but also by the FBI on unlawful flight charges.

IAFIS’ expanded use. We’re taking part in a pilot project that allows near real-time sharing of prints and other information in IAFIS and the Department of Homeland Security’s Automated Biometric Identification System, or IDENT. This means not only do the FBI and agencies like Customs and Border Protection have the benefit of each other’s biometric information, but also that local, state, and federal agencies using IAFIS have access to certain immigration data relevant to their cases.

We’ve already seen some successes. For example, Border Patrol agents working at a port of entry along the California-Mexico border encountered a man coming from Mexico claiming to be a U.S. citizen but who said he left his alien card at home. Suspicious, the agents fingerprinted the man and sent his prints to the joint IDENT/IAFIS program, which informed them that he was wanted by Los Angeles police on murder, rape, and burglary charges.

What’s ahead for our fingerprint operations? Our Next Generation Identification System will incorporate additional biometrics, like iris and facial imaging and palm prints, to enhance identification of terrorists and criminals even more. Says Tom Bush, who heads our Criminal Justice Information Services Division that manages IAFIS, “IAFIS has been a fantastic tool in support of criminal justice and the war on terror—NGI will give us bigger, better, and faster capabilities, and lead us into the future.”

Resources: IAFIS website

Legislation could lead to ‘use of less secure identity solutions’

Aug 12, 2010 | 03:08 PM

ALEXANDRIA, Va. – Legislation that would sharply restrict the use of biometric technology in Alaska would have unintended negative consequences and “ultimately result in the use of less secure identity solutions,” the Security Industry Association (SIA) warned in a letter to the bill sponsor.

The bill (SB 190) from Alaska State Sen. Bill Wielechowski (D-District J) mandates that “A person may not retain or analyze, or disclose or distribute to another person, biometric information on an individual without first obtaining the informed and written consent of the individual.” (Law enforcement and other parties authorized by state or federal law would be excluded.) Biometric data is defined to include fingerprints, handprints, voices, facial images, iris images and retinal images. Violators would be liable for actual damages and civil penalties of as much as $100,000.

SIA CEO Richard Chace noted in the letter to Wielechowski that the federal government is implementing an identity management program that relies on biometric technology and argued that biometrics are an important security tool that “answers the question, ‘Are you who you say you are?’”

“Biometrics provide an effective measure against fraud and identity theft in applications as diverse as personal access to buildings/computers, banking security, business-to-business transactions and ecommerce,” the letter stated.

Chace also stressed that the association and its members are committed to developing security solutions that protect personal information and ensure privacy and said that they “are in the final stages of developing a framework that will help educate policymakers, consumers and industry stakeholders on technology and privacy related issues.”

The Security Industry Association (www.siaonline.org) is the leading trade group for businesses in the electronic and physical security market. SIA protects and advances its members’ interests by advocating pro-industry policies and legislation on Capitol Hill and throughout the 50 states; producing cutting-edge global market research; creating open industry standards that enable integration; advancing industry professionalism through education and training; opening global market opportunities; and providing sole sponsorship of the ISC Expos, the world’s largest security trade shows and conferences.

Canada’s privacy commissioner Jennifer Stoddart is taking legal action against the American Association of Medical Colleges for violating Canadian law governing electronic personal information, the Vancouver Sun reports.

Canadian officials are taking legal action against the storage of biometric information for individuals who take the MCAT test

Students who sign up to take the MCAT test must provide fingerprints and photographs to confirm their identity, as they are more secure than a plastic ID card. The enhanced security protocols ensure individuals do not cheat, helping to maintain a high-standing credibility for the exam.

The information is kept in an electronic database for 10 years to ensure an individual who attends medical school is in fact the same person who originally took the test, the news provider relays.

The storing of biometric data is worrisome to many, as the information could be hacked by an outside source or accessed legally by the U.S. authorities under the Patriot Act – an anti-terrorism mechanism that gives U.S. law enforcement officials the power to access electronic records stored in the country.

The privacy issue continues to hound further adoption of biometric security solutions. Although few people doubt the effectiveness of the technology, there are concerns regarding the storage of private information on electronic databases. In June, a Canadian apartment complex received complaints about a fingerprint scanner used to allow individuals entrance onto the premises, as some people worried about the safety of their information.

POSTMEDIA NEWS – AUGUST 10, 2010 2:02 AM

Canada’s privacy watchdog has gone to court to stop the collection and storage of fingerprints from students who apply to medical schools.

Privacy commissioner Jennifer Stoddart launched legal action in Federal Court last week, accusing the American Association of Medical Colleges of violating the Canadian law that governs electronic personal information.

The association administers the Medical College Admission Test on behalf of schools in the U.S. and Canada. It uses “biometric identity verification” to stop cheating on the tests.

But it also means the fingerprints and photographs of Canadian students who write the MCAT in Canada — even if they plan to attend medical school in Canada — could later be accessed by U.S. authorities under the Patriot Act.

© Copyright (c) The Edmonton Journal

Read more

The public has repeatedly rebuffed attempts by the federal government to centralize identification management

By Mike Spinney – Jul 22, 2010

Mike Spinney is a senior privacy analyst at the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy.

The Homeland Security Department recently announced an initiative aimed at creating a more secure system of online identification. According to its Web site, the National Strategy for Trusted Identities in Cyberspace seeks to “improve cyberspace for everyone — individuals, private sector and governments — who conducts business online.”

That’s certainly a noble goal. But the very existence of NSTIC begs two very important questions: Does protecting me and my fellow citizens while we transact business online fall within the department’s areas of responsibility? And does DHS truly believe it can do what the private sector, driven by a clear and compelling profit motive, has yet to successfully accomplish?

The answer to both questions is a resounding no. DHS should focus on doing what its name implies — protecting the homeland — and resist the urge to demote itself into the role of national cyber mall cop.

I say this not to demean the department, which shoulders a weighty load in addressing the manifold threats to our shores in this age of terrorism, but because any effort by DHS to create a voluntary trusted identity program is doomed to fail.

The recent experience and backlash associated with Real ID — rebuffed by the general public and legislatively rejected by 11 states before being scrapped — and high-tech passports — subject to ongoing criticism for their security vulnerabilities — demonstrate that the public is uneasy at best and at worst dead set against any attempts by the federal government to centralize identification in any form. Another national identification storm cloud is gathering on the horizon in the form of the Biometric Enrollment, Locally-stored Information, and Electronic Verification of Employment provision of pending immigration reform. With every attempt at using technology to track citizens, George Orwell’s shadow grows longer.

Conspiracy theories aside, lessons learned from the evolution of Social Security numbers into a de facto national financial credential — in spite of being prohibited by the law that created them for any use other than the management of Social Security benefits — should be enough to remind us of what can happen with a national identification program even when it is conceived with the best of intentions.

Of course, DHS would not be the first organization to fail at creating a broadly successful universal digital identifier. Devices such as smart cards and tokens have been in use for years and are effective for managing identity-based access to secure enterprise systems. But such technology works best in a single organization because cost and management issues temper their advantages in broader applications.

At the consumer level, where individuals might be using multiple identities for a broad range of applications, any secure identity system would need to take into account the highly complex vagaries of human behavior. Doing so successfully in the private sector would be a feat with a multibillion-dollar payday — and there’s plenty of money and brainpower being spent on that effort already.

Consider, too, the challenges DHS faces in successfully launching a trusted identity program when the agency lacks the trust of the general public. In the Ponemon Institute’s annual Privacy Trust Study of the United States Government, DHS ranked 70th among the 75 federal agencies studied. The Citizenship and Immigration Services agency and Customs and Border Protection agency, both of which are part of DHS, ranked 74th and 75th, respectively.

If DHS believes that a more secure online experience will enhance homeland defense, that goal would be better served by the creation of an educational program that makes people more aware of how to safely conduct online activities. When you get beyond the Beltway, you find that too many people are making unsafe decisions online not because the technologies and techniques are lacking but because they simply don’t know any better. If left to persist, public ignorance will be the downfall of any trusted identity strategy.

Third Quarter Fiscal Year 2010 Report to CongressDepartment of Homeland Security Report of the Chief Privacy Officer Pursuant to Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007June 23, 2010

BBC – NEWS

A commonly-used cancer drug can make patients’ fingerprints disappear, potentially causing problems for foreign travel, a doctor warns.

One patient was held by US immigration officials for four hours before they allowed him to enter the country.

The case is highlighted in the journal Annals of Oncology.

The patient’s doctor, Eng-Huat Tan, from Singapore, advised all travellers to the US being treated with the drug capecitabine to carry a doctor’s note.

Dr Tan, based at the National Cancer Centre in Singapore, said several other patients had also reported loss of fingerprints on blog sites, with some also having problems entering the US.

Dr Eng-Huat Tan
National Cancer Centre, Singapore

His patient, a 62-year-old man, had head and neck cancer that had spread, but which had responded well to chemotherapy.

He was prescribed capecitabine to help prevent the cancer coming back.

Although the drug is commonly used to treat a range of cancers, it can cause chronic inflammation of the palms or soles of the feet, leading to peeling, bleeding or blistering of the skin.

Over time this can lead to the loss of fingerprints.

Dr Tan’s patient developed mild side effects, and because they did not affect his daily life, it was decided that he should keep on taking a low dose of the drug.

In December 2008, after more than three years of capecitabine he travelled to the US to visit relatives.

Dr Tan said: “He was detained at the airport customs for four hours because the immigration officers could not detect his fingerprints.

“He was allowed to enter after the custom officers were satisfied that he was not a security threat.

“He was advised to travel with a letter from his oncologist stating his condition and the treatment he was receiving to account for his lack of fingerprints to facilitate his entry in future.”

Security measures

Foreign visitors have been asked to provide fingerprints at USA airports for several years.

The images are matched with millions of visa holders to detect whether the new visa applicant has a visa under a different name.

It is uncertain when a patient will lose their fingerprints, and in this case the patient was not aware that he had.

Dr Tan said: “Patients taking long-term capecitabine may have problems with regards to fingerprint identification when they enter US ports or other countries that require fingerprint identification and should be warned about this.

“It is possible that there may be a growing number of such patients. They should prepare adequately before travelling to avert inconvenience.”

Martin Ledwick, of the charity Cancer Research UK, said: “In a minority of cases, some chemotherapy drugs can cause hand and foot syndrome, where the skin can begin to peel on the palms of the hands and soles of the feet.

“For most people, this is reasonably mild.”