The public has repeatedly rebuffed attempts by the federal government to centralize identification management

By Mike Spinney – Jul 22, 2010

Mike Spinney is a senior privacy analyst at the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy.

The Homeland Security Department recently announced an initiative aimed at creating a more secure system of online identification. According to its Web site, the National Strategy for Trusted Identities in Cyberspace seeks to “improve cyberspace for everyone — individuals, private sector and governments — who conducts business online.”

That’s certainly a noble goal. But the very existence of NSTIC begs two very important questions: Does protecting me and my fellow citizens while we transact business online fall within the department’s areas of responsibility? And does DHS truly believe it can do what the private sector, driven by a clear and compelling profit motive, has yet to successfully accomplish?

The answer to both questions is a resounding no. DHS should focus on doing what its name implies — protecting the homeland — and resist the urge to demote itself into the role of national cyber mall cop.

I say this not to demean the department, which shoulders a weighty load in addressing the manifold threats to our shores in this age of terrorism, but because any effort by DHS to create a voluntary trusted identity program is doomed to fail.

The recent experience and backlash associated with Real ID — rebuffed by the general public and legislatively rejected by 11 states before being scrapped — and high-tech passports — subject to ongoing criticism for their security vulnerabilities — demonstrate that the public is uneasy at best and at worst dead set against any attempts by the federal government to centralize identification in any form. Another national identification storm cloud is gathering on the horizon in the form of the Biometric Enrollment, Locally-stored Information, and Electronic Verification of Employment provision of pending immigration reform. With every attempt at using technology to track citizens, George Orwell’s shadow grows longer.

Conspiracy theories aside, lessons learned from the evolution of Social Security numbers into a de facto national financial credential — in spite of being prohibited by the law that created them for any use other than the management of Social Security benefits — should be enough to remind us of what can happen with a national identification program even when it is conceived with the best of intentions.

Of course, DHS would not be the first organization to fail at creating a broadly successful universal digital identifier. Devices such as smart cards and tokens have been in use for years and are effective for managing identity-based access to secure enterprise systems. But such technology works best in a single organization because cost and management issues temper their advantages in broader applications.

At the consumer level, where individuals might be using multiple identities for a broad range of applications, any secure identity system would need to take into account the highly complex vagaries of human behavior. Doing so successfully in the private sector would be a feat with a multibillion-dollar payday — and there’s plenty of money and brainpower being spent on that effort already.

Consider, too, the challenges DHS faces in successfully launching a trusted identity program when the agency lacks the trust of the general public. In the Ponemon Institute’s annual Privacy Trust Study of the United States Government, DHS ranked 70th among the 75 federal agencies studied. The Citizenship and Immigration Services agency and Customs and Border Protection agency, both of which are part of DHS, ranked 74th and 75th, respectively.

If DHS believes that a more secure online experience will enhance homeland defense, that goal would be better served by the creation of an educational program that makes people more aware of how to safely conduct online activities. When you get beyond the Beltway, you find that too many people are making unsafe decisions online not because the technologies and techniques are lacking but because they simply don’t know any better. If left to persist, public ignorance will be the downfall of any trusted identity strategy.

by Jonathan Strickland

We’ve all seen movies in which a character has a retinal scan to prove his or her identity before walking into a top-secret installation. That’s an example of a biometric system. In general, biometrics is a collection of measures of human physiology and behavior. A biometric system could scan a person’s fingerprint or analyze the way he or she types on a keyboard. The purpose of most biometric systems is to authenticate a person’s claimed identity.

Biometrics tend to be more convenient than other methods of identity authentication. You might forget your ID at home when you head out the door, but you’ll still be able to use biometric devices. Imagine verifying your identity while at the store by swiping your finger across a sensor.

But along with convenience and security comes a concern for privacy. For biometrics to work, there needs to be a database containing the relevant information for each individual authorized by the system. For example, at that top-secret installation, every employee’s biometric signature would have to be recorded so that the scanners could verify each person’s identity. This might not present much of a problem on its own. If the only data the system stores relates to the actual biometric measurements, privacy violations are at a minimum. But by their very nature, biometric systems collect more information than just the users’ fingerprints, retinal patterns or other biometric data. At a basic level, most systems will record when and where a person is at the time of a scan.

I Recognize That Face

Biometric systems with cameras may use facial recognition software or study the way you move to identify you.

You might think of fingerprint or retinal scanners when you hear the word Biometrics, but the term has a broader definition. Facial recognition technology falls into the biometric category. There are already several cameras on the market that can detect faces. A few are able to recognize and remember a group of faces. You just take a picture of a friend, tag the photo and the camera will automatically tag any future photos of that friend. It’s both cool and creepy.

Imagine using this technology in public places to identify the people passing through. For example, a major city might install cameras at high-traffic areas to scan for terrorists or identify criminals. While the motivation for using that technology might be pure, it creates difficult privacy issues. The city would have a record of everyone who passed through that neighborhood. The technology treats everyone as a suspect as if it’s only a matter of time before each of us commits a crime.

And what happens if the technology makes a mistake and misidentifies someone? Weather conditions, clothing, hairstyles and even the cleanliness of the lens could affect the ability of the camera to identify people. Critics might ask: Why install a system that’s unreliable?

What happens if a person suffers an illness or injury that changes his or her appearance? Such a change could present problems with biometrics. Adjusting the biometric system to accommodate the change could also result in a violation of the user’s privacy. The system administrator now knows more details about the user.

A society with pervasive biometric systems would make anonymity a virtual impossibility. Should that society become oppressive or otherwise abusive to the population, the citizens would have few opportunities to react without revealing their own identities.

Groups like the Biometrics Institute are aware of privacy concerns and strive to create processes to limit the chance for biometric applications to violate a person’s privacy. Other groups advocate that companies, governments and other organizations conduct a privacy assessment before installing a biometric system. With vigilance and caution, we may find a way to incorporate biometrics into our lives and still maintain our privacy.

Ed Imwinkelried, Chair and Michael Cherry, Vice Chair - The Digital Technology Committee of the National Association of Criminal Defense Lawyers reporting that fingerprint evidence cannot be trusted. You read that right.

The Digital Technology Committee of the National Association of Criminal Defense Lawyers believes it can prove that the methods used by today’s fingerprint examiners are insufficient to establish fingerprint uniqueness.

Our membership includes experienced pattern recognition scientists who have appeared before the National Academies of Science and worked with the U.S. Department of Commerce National Institute of Standards and Technology(NIST).  Before becoming involved in forensic issues, they received letters of appreciation from the U.S. Executive Office of the President, the Director of NIST, and the White House Y2K Czar.

For example, NIST invited them to participate as members of an ad hoc working group on Data Formats for the Interchange of Fingerprint, Facial, Scar, Mark, and Tattoo (SMT) Information.  These standards define the content, format, and units of information that are used for the fingerprint, facial, or SMT identification of a subject.  They not only participated on this project;  they were also permitted to vote to replace the lossy compression scheme used by the FBI and other law enforcement agencies–a scheme that saved space by sacrificing detail.  Other voters included Interpol, Germany’s Federal Criminal Police Office, the Netherlands National Police Agency, and the Royal Canadian Mounted Police.

Most recently, they have turned our attention to fingerprint analysis.  In our opinion, the ACE-V methodology should be renamed PACE-V — partial analysis comparison evaluation and verification; examiners analyze incomplete information.  We are eager to participate in DAUBERT/FRYE hearings to expose the insufficiency of the current paradigm.

You can contact us at:

Michael Cherry, Vice Chair                                                               Ed Imwinkelried, Chair

201 513-8300                                                                                                        530 752-0727

By ANGELA CHARLTON
Associated Press Writer – Charlotte Observer

DAVOS, Switzerland The biggest travel threat facing the world now is passport fraud, according to the chief of Interpol – the millions of stolen documents that could be used by terrorists or criminals to travel worldwide.

Airport body scanners, embraced by many in the aftermath of the attempted Christmas Day airplane bombing, are a misguided solution to travel threats, Interpol Secretary-General Ronald K. Noble told The Associated Press in an interview Thursday night.

“The greatest threat in the world is that last year there were 500 million, half a billion, international air arrivals worldwide where travel documents were not compared against Interpol databases,” he said on the sidelines of the World Economic Forum, where 2,500 business and political leaders are gathered in this Alpine resort.

“Right now in our database we have over 11 million stolen or lost passports,” he said. “These passports are being used, fraudulently altered and are being given to terrorists, war criminals, drug traffickers, human traffickers.”

The solution, he said, is better intelligence, and better intelligence sharing, among countries.

“You don’t know the motivation behind the person carrying the passport,” he said. If you’re a terrorist, he said, “Are you going to carry explosives that are going to be detected? No.”

Many U.S. airports use the body-scanning machines and airports in other countries are adopting them after Nigerian Umar Farouk Abdulmutallab allegedly tried to detonate explosives hidden in his underwear Dec. 25 on the Detroit-bound flight.

But Noble questioned “the amount of money and resources that go into these (body-scanning) machines.”

He cited a case two weeks ago in a Caribbean country where five people were arrested carrying European passports, but were caught after they were found to be carrying stolen passports – one stolen back in 2001. The five had “definite links to crime, organized crime, human trafficking but no definite links to terrorism,” he said, though he wouldn’t name the country.

He said U.S. authorities are recognizing the threat of passport fraud – in 2006, U.S. authorities scanned the Interpol database about 2,000 times, while last year they did so 78 million times. They came up with 4,000 people traveling on stolen or lost passports.

Intelligence experts have cast doubt on the usefulness of the so-called no-fly lists of suspects shared among airports worldwide, saying that criminals can change their names or make simple name spelling changes that render them untrackable.

“(The lists) are useful but I don’t believe they are the be-all and end-all,” Noble said, adding he was concerned about governments’ efforts to expand them.

Noble, who has expanded Interpol’s efforts to fight terrorism, cybercrime, corruption and maritime piracy in his nearly 10 years at the helm of international police agency Interpol, also had words of warning for people hoping to donate money to Haiti after its devastating earthquake.

“Be very careful,” he said, citing several cases of fraudsters preying on donors and stealing their money via fake charity Web sites.

“Whenever there’s a tragedy it seems to bring out the best in people and unfortunately the worst,” he said. He said several U.S. sites have been taken down since the earthquake after they were found to represent no known charity.

Interpol has a team helping identify victims in Haiti, a daunting task with an estimated 200,000 dead. Another daunting task will be rebuilding Haiti’s law enforcement.

Policing in Haiti “was a challenge before this happened,” he said.

This threat brought to you by RFID

By Dan Goodin in San Francisco • The Register

Computer scientists in Britain have uncovered weaknesses in electronic passports issued by the US, UK, and some 50 other countries that allow attackers to trace the movements of individuals as they enter or exit buildings.

The so-called traceability attack is not the only exploit of an e-passport that allows attackers to remotely track a given credential in real time without first knowing the cryptographic keys that protect it, the scientists from University of Birmingham said. What’s more, RFID, or radio-frequency identification, data in the passports can’t be turned off, making the threat persistent unless the holder shields the government-mandated identity document in a special pouch.

“A traceability attack does not lead to the compromise of all data on the tag, but it does pose a very real threat to the privacy of anyone that carries such a device,” the authors, Tom Chothia and Vitaliy Smirnov, wrote. “Assuming that the target carried their passport on them, an attacker could place a device in a doorway that would detect when the target entered or left a building.”

To exploit the weakness, attackers would need to observe the targeted passport as it interacted with an authorized RFID reader at a border crossing or other official location. They could then build a special device that detects the credential each time it comes into range. The scientists estimated the device could have a reach of about 20 inches.

“This would make it easy to eavesdrop on the required message from someone as they used their passport at, for instance, a customs post,” the authors wrote.

The attack works by recording the unique message sent between a particular passport and an official RFID reader and later replaying it within range of the special device. By measuring the time it takes the device to respond, attackers can determine whether the targeted passport is within range. In the case of e-passports from France, the process is even easier: electronic credentials from that country will return the error message “6A80: Incorrect parameters” if the targeted person is in range and “6300: no information given” if the person is not.

The research is only the latest to identify the risks of embedding RFID tags into passports and other identification documents. Last year, information-security expert Chris Paget demonstrated a low-cost mobile platform that surreptitiously sniffs the unique digital identifiers in US passport cards and next-generation drivers licenses. Among other things, civil liberties advocates have warned that those identifiers could be recorded at political demonstrations or other gatherings so police or private citizens could later determine whether a given individual attended.

To be sure, the practicality of traceability attacks is more limited because a targeted passport first must be observed within range of a legitimate reader. But once this hurdle is cleared – as would be relatively easy for unscrupulous government bureaucrats to do – the attack becomes a viable way to track a target.

Chothia and Smirnov of the University of Birmingham’s School of Computer Science said the security hole can be closed by standardizing error messages and “padding” response times in future e-passports. But that will do nothing to protect holders of more than 30 million passports from more than 50 countries who are vulnerable now, they said.

And that’s sure to fuel criticism of RFID-enabled identification.

“This is a great example of why e-passports are a bad idea,” Paget wrote in an email to The Register. “It’s simply too expensive to replace vulnerable documents (especially when they have a 10-year lifespan) in response to legitimate security concerns, regardless of their severity. People will continue to poke holes in e-passports; without a mechanism to fix those problems there’s a strong argument that’s we’re better off without the RFID.”

ISRAEL at Risk of Not Being a Democracy Anymore: Knesset Approves INVASIVE ‘Biometric Law’

Anyone who follows the news has no doubt come across the claim that “Israel is the only democracy in the Middle East.” Usually, this claim is followed by its logical inference: “As an island of freedom located in a region controlled by military dictators, feudal kings and religious leaders” - Not any more – Israel democracy is now controlled by superficial politicians…

Black Day for Democracy

By Gil Ronen and Nissan Ratzlav-Katz

(IsraelNN.com) The Knesset plenum approved Monday evening the ‘Biometric Law’ in the final readings. Forty Knesset members voted in favor of the law, 11 against and three abstained. The purpose of the law is the creation of a biometric database that would hold the fingerprints and facial photos of all of the country’s citizens. The data would be stored in the Interior Ministry computers.

MK Nitzan Horowitz (Meretz), who led the opposition to the law, said after its approval that the vote was “a serious mistake which causes grave harm to freedom of the individual in Israel.”

“I hope that we do not pay too heavy a price for it,” Horowitz said. “In any case, it has been proven that an unrelenting public struggle by idealists can have influence and make a difference. The proof is that the law in its final wording is completely different from the original version.”

During the Knesset debate about the law, MK Horowitz stood at the podium and held up printouts of information from the Ministry of Interior’s database which contained information about Knesset members and which reached the Internet. He said that he would not show the contents so as not to invade the MKs’ privacy. “The leaked data which reached my hands prove how easy it is to break into government databases,” he said. “I hope that this will not be the fate of the biometric database.”

MK Dov Henin (Hadash) said that despite the government’s statements that it would not force Israeli citizens to join the database, “in fact, whoever does not do so would be punished – he will not be able to leave the country’s borders, since he would not receive a passport at the level required in developed countries.” The database is not truly a voluntary one, he said.

Faked fingerprints
On the same day that the Knesset approved the law, there news from Tokyo that appeared to show that this system, too, was not foolproof. Police in the Japanese capital said that they arrested a 27-year-old Chinese woman suspected of illegally entering the country after surgically altering her fingerprints to deceive a biometric recognition system operated by immigration officials.

14 November 2009 | Jared Yee

Collecting biometric information could put civil liberties and privacy at risk, despite considerable benefits, says the Irish Council for Bioethics (ICB).

In its report, “Biometrics: Enhancing Security or Invading Privacy?”, the ICB explores privacy concerns stemming from the growing use of biometric technologies to counter identity theft.

The technologies reviewed in the report include the familiar ones of fingerprint, palmprint, facial, vein pattern and voice recognition, plus newer technologies like gait (style of walking), keystroke dynamics and DNA. These are a “a more robust confirmation of a person’s identity” than PIN numbers and ID cards.

However, these also put privacy at risk because electronic data can be collected, compiled and connected with rapidly increasing ease. The ICB stated that individual civil liberties could be implicated, especially if personal information enters the public sphere. Individuals could be categorised with biologically-derived labels such as ‘disabled’, ‘criminal’, ‘suspect’ or ‘immigrant’, potentially leading to discrimination.

“The ubiquity of biometrics begs the question whether any of us can lead truly private lives anymore,” said Dr Siobhán O’Sullivan.

The ICB acknowledges the usefulness of biometric information for security and privacy purposes, but demonstrates that the information should be treated with sensitivity and discretion. The report states that “An individual’s biometric information is an intrinsic element of that person. The Council, therefore, recommends that the right to bodily integrity and respect for privacy should apply not only to an individual’s body, but also to any information derived from the body, including his/her biometric information.” The 192-page report can be downloaded from the ICB website.~ TechCentral, Nov 6; Irish Council for Bioethics

___________________________________________________________________________________________

On 4 November 2009 the Council published its latest opinion document
Biometrics: Enhancing Security or Invading Privacy? Opinion
Click here to download the document as a pdf

INDIA NEWS – Wall Street Journal – USA

[Editor's note: The Business Case Faceoff is a feature exclusive to india.wsj.com in collaboration with students at the Indian School of Business in Hyderabad. It is designed to delve into the most important business and economic issues facing the country and to assess them through the lens of an MBA case study. We welcome your comments and suggestions – please register for free and use the Comment tab.]

THIS WEEK: Debate on whether India’s Unique Identity card project will provide a basis for a positive and accurate identification of its citizens or infringe their privacy and human rights.

INTRODUCTION: Nandan Nilekani was recently handpicked by Prime Minister Manmohan Singh to head the newly created Unique Identification Authority of India. No one doubts the immense potential of the project nor does one doubt the impeccable credentials of the man chosen to lead it. But given the powerful nexus of entrenched politicians and bureaucrats who stand to lose their power and influence, will this project really see the light of the day? Mr. Nilekani’s bold endeavor may mark the beginning of a new era where distinguished private citizens take on challenges of national importance or he may end up becoming a disillusioned man. We look at the underlying dynamics that may make or mar this project. Is this the right project at the right time in the history of our nation or should we scale back our ambitions to focus more on what is achievable rather than merely aspirational?

Krishna Chilukuri: UIAI and India’s First Steps Towards e-Governance

India has finally taken on a bold challenge to create a unique identification for all Indians and appointed IT business leader and visionary, Nandan Nilekani to head the task. This is a big vision project through which government services can be provided, tracked and accounted for along with enabling a multitude of private sector products and services that rely on accurate and positive identification of consumers.

Krishna Chilukuri

In order to enable the next phase of growth, India has to tackle domestic issues of corruption, inefficiencies, lack of strong enforcement of the rule of law and internal security. There is a strong correlation between countries that are on the top of the United Nations e-Government Readiness Index with their success in lowering corruption and having a high quality of life as measured by the Human Development Index. Most e-Government implementations rely on positive and accurate identification of their citizens and the interconnection of databases and information across government bodies and services. The unique identification program is the first step towards creating the infrastructure for e-Government services in India. The goal should be no less than aiming to be in the top 10 countries on the UN e-Government readiness index which will have a positive effect on not only the economy but also on human development in India.

The core task for the Unique Identification Authority of India is to assign a unique identification number to each resident in the country and to eliminate the need for multiple identification mechanisms. This unique number will be the basis for a positive and accurate identification of citizens on which e-Governance platforms and services can be built around. One such project is the Citizens Smart Card Project, which will enable citizens to avail subsidies on food, energy, education, etc. depending on their entitlements, according to the 11th report of the Second Administrative Reforms Commission.

e-Governance also has the potential to tackle corruption which is at the root of the problems that currently are a drag on our economic growth. Our government departments work in isolation, each having its own database with no linkage to other government databases. These databases are usually not in good shape with problems of data entry, duplicate entries, dead entries, and more which make data reconciliation difficult. Most recently India was ranked 74th in the International Corruption Index and international companies often cite corruption and government inefficiency as reasons for not investing in India. It is imperative for India to tackle this issue and e-Governance built on unique identification is the right strategy for India.

A project of such magnitude is inherently challenging and difficult to implement. It will require tremendous resources and effort and success is not always guaranteed. There are many challenges to overcome in its implementation, specifically issues related to privacy, misuse of data, excessive government oversight and possibility for discrimination and bias. The sensitive nature of some of these challenges call for impartial leaders and managers who are not politically motivated or biased and who have high integrity and public trust. The current government of India could not have chosen a more appropriate leader than Nandan Nilekani to lead this project.

Nandan Nilekani has proven himself in the corporate sector, building one of the most admired companies in India and earned public appreciation with his book “Imagining India – Ideas for the new century.” He is a Padma Bhushan award winner and was named among the ‘World’s most respected business leaders’ in 2002 and 2003, according to a global survey by Financial Times and PricewaterhouseCoopers. Nandan Nilekani has both the passion and dedication for India’s future as well as the technical expertise and managerial skills to tackle a problem of such magnitude and is the right person to lead this effort.

As Mr. Nilekani has said in an interview with Knowledge@Whatron, “The other important thing, I felt, was that India had a very small window of opportunity. It has this huge demographic dividend and this young population, but that demographic dividend could well become a demographic disaster if we did not make the right investments in our human capital.”

The time has never been more critical for India to break out of its shackles and strive towards a better future for all its citizens. The unique identification project is only the first step in the right direction – we need many more.

Vignesh Nandakumar: Unique ID Scheme – More Politics Than IT

One of the UPA government’s biggest announcements after a landmark electoral victory was that of appointing Nandan Nilekani as the head of the Unique Identification Authority of India. The Unique ID opens up enormous possibilities for India at this stage of its growth. However, the real challenges of implementing such a project in India need to be addressed credibly so that this project fulfills its objectives.

Vignesh Nandakumar

The project plans to use state-of-the-art biometric and Information Technology on a phenomenal scale, and will have its share of technological challenges. However, the project itself is less about technology, and more about the politics and processes of providing every Indian with a Unique ID.

The biggest stumbling block to national IDs in many advanced countries has been the violation of privacy rights guaranteed under their respective constitutions. Two of the largest populated countries in the EU, Germany and Hungary, have not implemented one for these reasons. The USA Patriot Act, enacted by the U.S. Congress, to vastly increase powers of surveillance and implement a biometric identification system, faced enormous opposition and has since been scaled back. Biometric identification systems have been rejected in advanced countries due to concerns over efficacy in enhancing security and high implementation costs. The Unique ID scheme could potentially lead to large scale abuse in a country like India in the absence of effective legislation providing adequate safeguards to prevent misuse.

Though originally mooted to address our security needs, the scope of the ID has been expanded to aid delivery of social sector schemes to deserving citizens. This complicates the implementation because it combines both authentication and identification with the same ID.

There are systemic challenges germane to India. The legislative and delivery control over social sectors is divided between the states and the center, making the ID effective only through agreement from all the state governments. The citizen service centers at the district level have to be equipped with technical and manpower capability to use the ID while administering services such as birth and death registrations, land records and employment insurance. This is a Herculean task considering the level of granularity that needs to be achieved. The lack of stable 24 hour power supply across the country will hinder access to the central databases for authentication. It is unclear if these systemic issues have been addressed, failing which the ID scheme will be ineffective.

Aligned to the issue of privacy is the issue of saliency that arises when certain aspects of a person’s identity are publicly highlighted. Identifiers such as caste, religion and place of birth will be required for social sector schemes. Numerous social studies show that knowledge of these identifiers adversely impacts delivery of services such as education and health care to disadvantaged citizens, defeating the very purpose of the ID. These contradictions, which is unique to India, have to be reconciled to prevent selection bias.

However, these challenges do not take away the high impact of this idea, if well executed. With a person of Mr. Nilekani’s capability and stature heading this project, one expects some of these issues to be already tabled for action. While his appointment is a welcome step, the current organizational structure of the UIDAI, headed by Cabinet Minister rank Chairman, reporting to the Vice-Chairman of the Planning Commission, also of Cabinet rank is politically unsustainable. The country also lacks a legal framework permitting the involvement of a person from neither the political spectrum nor the administrative services in what is essentially a political scheme. Continuity of this structure beyond Mr. Nilekani’s involvement could be a problem. The government of India should enact clear processes for capable private citizens to hold office, perhaps through the amendment of the IAS system, so that the government and the country can benefit from these talented leaders.

The Unique ID is a critical piece of information infrastructure that India needs to boost its growth. However, the above issues need to be addressed satisfactorily to ensure it doesn’t create more problems than it solves. The central and state governments must enact legislation for adequate safeguards and operating processes for sharing of the databases amongst states, before the Unique IDs are issued. Failing this, there will be few users and takers for the scheme.

ABOUT THE AUTHORS:

Krishna K Chilukuri is currently pursuing the post graduate program in management at ISB. He has over 15 years of work experience in the corporate world encompassing stints around the world and in many different roles. Mr. Krishna’s interests include Strategic thinking, marketing 2.0 as well as game theory and its practical applications in decision making.

Vignesh Nandakumar is currently pursuing the post graduate program in management at ISB. He has over eight years of experience in the high-tech industry in various parts of the world. He is passionate about the prospects universal education and renewable energy offer for empowering growth in India. He holds a keen interest in the role of technology in public policy and governance.

The opinions expressed in this article are entirely the personal opinions of the students which were formed on the basis of an interpretation of facts and data available in the public domain. The ISB, as an institution, does not subscribe to these views in whole or in part.

Related Stories:

• Infosys Founder to Create India ID Database

By Michael Fitzpatrick – BBC Increasingly facial recognition is picking out people in a crowd

A surveillance state, with cameras on every street is commonplace but now Big Business is also turning to Big Brother.

Face recognition, behavior analyzing surveillance cameras, biometric profiling and the monitoring and storing of our shopping patterns has made snooping into our habits, movements and private lives ever easier.

Dismayed at its shrinking power to market to us via traditional media or even the internet, the private sector is now proposing to reach potential customers in ways that critics say should have us all concerned.

“There is an enormous pent-up demand for personalized location advertising, whether it is on your cellophane or PDA, on your radio in your car, or on the billboards you walk by on the streets and inside stores,” says Bruce Schneier, chief security technology officer of BT.

“This is yet another technological intrusion into privacy. And like all such intrusions, it will be taken as far as the owner of that intrusion finds it profitable.”

Emotional reactions

New surveillance technology could even evaporate the advertiser’s favorite grouse that “half of advertising is wasted, but we don’t know which half”.

Advertisers are turning to “intelligent” digital billboards that use cameras to watch you watching the ads.

In Germany, developers have placed video cameras into street advertisements attempting to discern people’s emotional reactions to the ads, according to the Washington-based privacy advocate outfit the Electronic Privacy Information Center (EPIC).

It warns that this type of surveillance encroaches on civil liberties. Such face, voice and behavior technology could be a means of tracking individuals on a mass level across their entire lives, it says.

Pushed by the demands of advertisers and security-minded governments, these technologies are becoming so increasingly smart and intrusive that they now resemble something out of science fiction, it warns.

Science fact

Some of the technology available now seems to have overtaken fiction.

When an interactive ad shouts out to Tom Cruise’s character in the 2002 film Minority Report: “John Anderton, you could use a Guinness!” It identified him as he walked through a mall by scanning the unique pattern of his iris.

This is now pretty standard. Face recognition technology is proving to be a handier, more sophisticated tool to pick us out on the street, a crowded room or at passport control.

Such systems are able to automatically detect and identify human faces using recognition algorithms.

The first step for a facial recognition system is to recognize a human face and extract it from the rest of the scene. Next, the system measures the distance between the features — a distinctive aspect of our faces that does not change with disguises or even surgery.

Matches can then be found in databases in under a second, although 100% accuracy is not yet guaranteed.

Currently the private sector is finding such systems useful for what it calls “targeted marketing,” or “dynamic advertising.”

Japan’s NEC, for instance, is sells face-recognition technology to allow advertisers to tailor what ad is showing on a digitized screen depending on the viewer’s sex and age.

Tracking systems, such as these, can determine the viewer’s gender 85-90% of the time, approximate age and ethnicity, and change the ads accordingly.

NEC denies the system raises privacy concerns as it does not store any images, only the analyzed results (age and sex) based on those images.

But as Schneier points out systems like these are likely liable to “function creep” where a technology is brought in for one purpose, to profile your sex while viewing an ad for example, and then begins to push the boundaries.

“Once the cameras are installed and operational, once they’re networked to central computers, then it’s a simple matter of upgrading the software,” he says.

“And if they can do more — if they can provide more “value” to the advertisers — then of course they will. To think otherwise is simply naive.”

And when advertisers start to follow us, our privacy, our right to be left alone will be severely compromised, he thinks.

More control

Democratic governments, charged with protecting us from such violations, are beginning to wake up to these practices.

EU commissioner Viviane Reding wants to see tighter controls

The US is about to propose a bill to ensure that consumers know what information is being collected about them. While the EU promises to rigorously police what it claims are already stringent controls on our personal data.

“Europeans must have the right to control how their personal information is used,” Viviane Reding, the EU’s commissioner for information society and media told BBC news. “We cannot give up this basic principle, and have all our exchanges monitored, surveyed and stored, in exchange for a promise of ‘more relevant’ advertising.”

Despite such assurances, given the pervasiveness of such technologies firstly on the internet and now spreading to the physical world, what we do about them in the next few years will be crucial. It might control our privacy for generations to come say human rights advocates.

“Companies are increasingly impatient to get to us and once these practices are commonplace it will hard to reverse them,” says Marc Rotenberg director of EPIC. “Particularly as, ironically, we lose privacy these companies are gaining secrecy.”

It would seem sensible to debate now how far business and the state should be allowed to tag us while we still have a privacy to protect.

Posted by Irene – Loss of Privacy

October  1, 2009

An expansion is currently underway that will develop the FBI’s current fingerprint collection database into a new biometrics system that includes DNA, facial recognition, palm prints and voice scans.

The plan is to share this data with authorized U.S. and international investigative partners, as the agency does today.

The FBI’s current IAFIS database remains a workhorse; it processes about 200,000 daily transactions from its 370 million 10-fingerprint records, and it just crossed the 250 million transaction mark

The next-generation FBI database system is under design by Lockheed Martin, with MorphoTrak and others, and is expected to include DNA, iris scans, advanced 3-D facial imaging and voice scans among its multi-modal biometrics. Lower turnaround times for delivering information over wide-area networks are planned. The goal is to drop from a roughly two-hour response time for IAFIS urgent requests to less than 10 minutes.

The FBI is already moving into new areas, including setting up a palm-print repository and searchable databases for scars, marks and tattoos that it will be collecting.

The FBI, under the DNA Fingerprint Act of 2005, is now allowed to collect reference-sample DNA material for biometrics analysis purposes at the time of booking, Grever said. “DNA has become a powerful and timely tool,” said Grever, adding there are no “privacy or civil liberties issues beyond those associated with fingerprints.”

Given that DNA can be fabricated, how accurate is this new biometric database going to be?  Given that they’re tracking everything else about you, it won’t be long before whatever makes you “you” is in a database somewhere.