‘Positively chilling’ says Liberty

By John Ozimek • The Register

Radical Think Tank Open Europe has this week exposed a study by the EU that could lead to the creation of a massive cross-Europe database, amassing vast amounts of personal data on every single citizen in the EU.

The scope of this project also reveals a growing governmental preference for systems capable of locking people up not for what they have done, but for what they might do.

Open Europe (OE) researcher, Stephen Booth, has been reviewing projects currently in receipt of EU funding. Last week he identified one of these - Project INDECT – as having potentially far-reaching effects for anyone living or working in Europe. The main objectives of this project, according to its own website, are:

To develop a platform for: the registration and exchange of operational data, acquisition of multimedia content, intelligent processing of all information and automatic detection of threats and recognition of abnormal behaviour or violence, to develop the prototype of an integrated, network-centric system supporting the operational activities of police officers.

In addition, it aims “to develop a set of techniques supporting surveillance of internet resources, analysis of the acquired information, and detection of criminal activities and threats.”

There are two controversial aspects to this research. First is the extent of data collection implied by the project scope. Second, and perhaps far more worrying, is the proposition that law enforcement agencies, in possession of sufficient data, will in future be able to model potentially criminal and anti-social behaviour and therefore focus on individuals before crimes are committed.

In this, it echoes another EU-sponsored piece of research – ADABTS – which is all about Automatic Detection of Abnormal Behaviour and Threats in crowded Spaces. According to the ADABTS prospectus, it “aims to develop models for abnormal and threat behaviours and algorithms for automatic detection of such behaviours as well as deviations from normal behaviour in surveillance data.”

The INDECT project is co-ordinated by Polish academic Professor Andrzej Dziech. Participants include several institutions from Poland – which until recently had its own issues with over-arching state surveillance – as well as the Northern Ireland Police Service.

Shami Chakrabarti, the director of human rights group Liberty, described this approach as a “sinister step” for any country, but “positively chilling” on a European scale.

Stephen Booth added: “The problem with the EU funding these types of projects is the lack of accountability. Citizens are left completely in the dark as to who has approved them and there is no way to ensure that civil liberties are being duly respected.

“The absence of any political debate about the use of these new surveillance technologies in our society is a very dangerous trend, which is especially acute at the EU level.”

However, the idea of punishing potential criminals is not just an EU notion. As El Regreported last year, the Home Office has certainly considered the use of automated profiling to check travellers at points of entry to the UK. This has been controversial, both because of the veiled racism implied by such a policy, as well as evidence provided to the Home Office that it might not actually work.

However, the Vetting Database – which is due to go live later this year – will take decisions on whether people are fit to work in millions of “regulated” positions on the basis of a scoring system, designed to “predict” likelihood to offend.

The introduction of predictive models into society appears to be carrying on apace, with very little public debate as to how desirable they are, or how the state should compensate citizens where mistakes occur. There is also a blurring of the lines between predicting a threat – in which case law enforcement officers can be asked to investigate – and simply predicting criminality and penalising an individual on the basis of something they have not yet done.

OE is interested in seeing less formal integration across Europe, and a return to more issues being resolved at the national level. Their investigation looked at funding provided under the Seventh Framework Programme (FP7). This can be accessed via the Cordis portal, and is a mechanism whereby funds controlled by the EU Commission are made available for research projects.

The existence of an FP7 project is not necessarily an indicator of EU policy in an area, but it is clear evidence of some interest in the approach being investigated.

Project INDECT launched on 1 January this year with a project budget of 14.86 million Euros. It is due to deliver the goods, including a 15-node pilot project, by the end of 2013. ®

This threat brought to you by RFID

By Dan Goodin in San Francisco • The Register

Computer scientists in Britain have uncovered weaknesses in electronic passports issued by the US, UK, and some 50 other countries that allow attackers to trace the movements of individuals as they enter or exit buildings.

The so-called traceability attack is not the only exploit of an e-passport that allows attackers to remotely track a given credential in real time without first knowing the cryptographic keys that protect it, the scientists from University of Birmingham said. What’s more, RFID, or radio-frequency identification, data in the passports can’t be turned off, making the threat persistent unless the holder shields the government-mandated identity document in a special pouch.

“A traceability attack does not lead to the compromise of all data on the tag, but it does pose a very real threat to the privacy of anyone that carries such a device,” the authors, Tom Chothia and Vitaliy Smirnov, wrote. “Assuming that the target carried their passport on them, an attacker could place a device in a doorway that would detect when the target entered or left a building.”

To exploit the weakness, attackers would need to observe the targeted passport as it interacted with an authorized RFID reader at a border crossing or other official location. They could then build a special device that detects the credential each time it comes into range. The scientists estimated the device could have a reach of about 20 inches.

“This would make it easy to eavesdrop on the required message from someone as they used their passport at, for instance, a customs post,” the authors wrote.

The attack works by recording the unique message sent between a particular passport and an official RFID reader and later replaying it within range of the special device. By measuring the time it takes the device to respond, attackers can determine whether the targeted passport is within range. In the case of e-passports from France, the process is even easier: electronic credentials from that country will return the error message “6A80: Incorrect parameters” if the targeted person is in range and “6300: no information given” if the person is not.

The research is only the latest to identify the risks of embedding RFID tags into passports and other identification documents. Last year, information-security expert Chris Paget demonstrated a low-cost mobile platform that surreptitiously sniffs the unique digital identifiers in US passport cards and next-generation drivers licenses. Among other things, civil liberties advocates have warned that those identifiers could be recorded at political demonstrations or other gatherings so police or private citizens could later determine whether a given individual attended.

To be sure, the practicality of traceability attacks is more limited because a targeted passport first must be observed within range of a legitimate reader. But once this hurdle is cleared – as would be relatively easy for unscrupulous government bureaucrats to do – the attack becomes a viable way to track a target.

Chothia and Smirnov of the University of Birmingham’s School of Computer Science said the security hole can be closed by standardizing error messages and “padding” response times in future e-passports. But that will do nothing to protect holders of more than 30 million passports from more than 50 countries who are vulnerable now, they said.

And that’s sure to fuel criticism of RFID-enabled identification.

“This is a great example of why e-passports are a bad idea,” Paget wrote in an email to The Register. “It’s simply too expensive to replace vulnerable documents (especially when they have a 10-year lifespan) in response to legitimate security concerns, regardless of their severity. People will continue to poke holes in e-passports; without a mechanism to fix those problems there’s a strong argument that’s we’re better off without the RFID.”

ISRAEL at Risk of Not Being a Democracy Anymore: Knesset Approves INVASIVE ‘Biometric Law’

Anyone who follows the news has no doubt come across the claim that “Israel is the only democracy in the Middle East.” Usually, this claim is followed by its logical inference: “As an island of freedom located in a region controlled by military dictators, feudal kings and religious leaders” - Not any more – Israel democracy is now controlled by superficial politicians…

Black Day for Democracy

By Gil Ronen and Nissan Ratzlav-Katz

(IsraelNN.com) The Knesset plenum approved Monday evening the ‘Biometric Law’ in the final readings. Forty Knesset members voted in favor of the law, 11 against and three abstained. The purpose of the law is the creation of a biometric database that would hold the fingerprints and facial photos of all of the country’s citizens. The data would be stored in the Interior Ministry computers.

MK Nitzan Horowitz (Meretz), who led the opposition to the law, said after its approval that the vote was “a serious mistake which causes grave harm to freedom of the individual in Israel.”

“I hope that we do not pay too heavy a price for it,” Horowitz said. “In any case, it has been proven that an unrelenting public struggle by idealists can have influence and make a difference. The proof is that the law in its final wording is completely different from the original version.”

During the Knesset debate about the law, MK Horowitz stood at the podium and held up printouts of information from the Ministry of Interior’s database which contained information about Knesset members and which reached the Internet. He said that he would not show the contents so as not to invade the MKs’ privacy. “The leaked data which reached my hands prove how easy it is to break into government databases,” he said. “I hope that this will not be the fate of the biometric database.”

MK Dov Henin (Hadash) said that despite the government’s statements that it would not force Israeli citizens to join the database, “in fact, whoever does not do so would be punished – he will not be able to leave the country’s borders, since he would not receive a passport at the level required in developed countries.” The database is not truly a voluntary one, he said.

Faked fingerprints
On the same day that the Knesset approved the law, there news from Tokyo that appeared to show that this system, too, was not foolproof. Police in the Japanese capital said that they arrested a 27-year-old Chinese woman suspected of illegally entering the country after surgically altering her fingerprints to deceive a biometric recognition system operated by immigration officials.

United Kingdom is Leading Pack in Face Recognition; Is U.S. Next?

By ASHLEY PHILLIPS – ABC NEWS

A 17-year-old walks into a liquor store, carries a 12-pack of beer up to the counter and hands the clerk a flawless fake ID. Unbeknown to him, the clerk need not even glance at the ID before turning him down. His face gave him away. A facial recognition system placed behind the store counter analyzes the teen’s 17-year-old features and informs the clerk of his illegal age. It’s just one of a litany of uses for the fast-evolving surveillance technology, a field that has security experts salivating and privacy advocates bracing for a battle.

(Getty / ABC News)

Computers that can pick out fugitives in a crowd, video cameras that scold people for littering, eyes in the sky that detect crimes as they’re being committed. While these scenarios may sound straight out of George Orwell’s “1984,” they are becoming reality and could be headed for your corner store sooner than you think.

Although still being researched across the globe, facial recognition technology has already taking hold, particularly in Great Britain.

Last week, Budgens, a U.K. grocery story chain, announced that it would use facial recognition technology to prevent its clerks from selling alcohol and cigarettes to underage customers. The photos of customers who were refused previously will be stored in a database, and then if the offenders come in to buy similar products again, the clerk will be alerted.

Similarly, the British government plans to roll out a facial recognition pilot program in London airports this summer. People who hold biometric U.K. and EU passports can pass through unmanned gates. At the gate, their faces will be scanned to match them to their passport records.

Though the technology has been around for years and the British are embracing it and moving forward, technology experts say facial recognition — and the cameras needed to support it — wouldn’t fly with privacy-obsessed Americans, at least not yet.

“[Facial recognition] really has picked up steam in the last 10 years,” said Vijayakumar Bhagavatula, who teaches electrical and computer engineering at Carnegie Mellon. “The principle has been around for 25 years, but it started getting put into commercial systems five to 10 years ago.”

Bhagavatula describes the technology simply.

“Let’s say a digital camera is taking a picture of someone’s face. So now it gets represented in computers as a bunch of numbers,” he said. “Humans have no problem [saying] that’s someone I know. The computer has to look at those numbers and say, ‘Are these the same set of numbers corresponding to a person I took a photo of a year ago?’”

It’s a complex process, and it is not flawless. For computers, those numbers representing human features can change based on the person’s expression, lighting and overall quality of the image, according to Bhagavatula.

To combat this, researchers are constantly looking for new algorithms to analyze facial features. Currently, many researchers are looking at features that don’t change, such as the distance between the eyes, the angle made by the tip of the nose or the length of an eyebrow, he said.

“Many methods try to capture these kinds of things that are unique to people’s faces,” he said. “You hope that these numbers stay the same when a person smiles or frowns.”

The U.S. Privacy Police

The kind of monitoring that would enable facial recognition to work well has not caught on in the United States, at least not yet, according to Paul Saffo, a technology forecaster in Silicon Valley.

“The English have always had a slightly different attitude toward privacy,” Saffo said. “They’ve never had a strong a privacy culture as America has had. The English do not have a constitution. Their protections are in common law. It is easier for the government to overstep notions of privacy than it would be here, because you have people invoking the Bill of Rights.”

But Saffo believes that given the right crisis, the United States would eventually accept the technology.

“Do not underestimate the psychic shock of the London subway bombings,” he said. “We bleat and cry about privacy, but we happily surrender our privacy for the cheapest of coin.”

So far, most legislative pushes for video monitoring by city governments have been thwarted.

This week in Washington, D.C., a bill pushed by the city’s mayor calling for nearly $1 million in funding for citywide public cameras was voted down by the city council.

“People sometimes talk about video surveillance systems as moving forward inexorably in the United States, but we’ve seen quite a few successful protests,” said Mark Rotenberg, the director of the Electronic Privacy Information Center. “I think there are a lot of questions that need to be asked about video surveillance. The most obvious one is: what is the purpose?”

“[Britains] have embraced a really extraordinary amount of monitoring by the government that I don’t think the U.S. would accept,” he said.

Yeah, but Does It Work?

Some critics also take issue with the accuracy (or lack thereof) of facial recognition technology.

In perfect conditions, facial recognition can be fairly effective, according to experts, but in less than perfect conditions it can be wildly inaccurate. For example, it is difficult for a computer to identify a person who is walking on a city street or in an airport where his face might be blurred, obscured or shadowed.

“We have gotten a long way from where we were 10 years ago,” says Carnegie Mellon’s Bhagavatula. “But good algorithms have an 80 percent accept rate. It’s pretty good, but not perfect.”

Rob Jenkins, a psychology professor at the University of Glasgow in Scotland, may have found at least one way around the technology’s inaccuracies. Jenkins and his colleague Mike Burton published a study in the journal Science in January that outlined a method to get 100 percent accuracy from computers by using what the researchers called an “averaged” face image, made up of 20 photos.

“The great thing about this averaging process is it just washes out all these differences of single photographs. The lighting and the pose all kind of becomes neutralized,” Jenkins told ABCNEWS.com in January. “And what you’re just left with is the core of the face. The aspects of the image are consistent from one photo to the next.”

Since that study, police, governments and companies have shown interest in his research, Jenkins said. And although he is interested more in how the mind recognizes faces than how the technology is used, as a citizen, he finds the ubiquity of CCTV troubling.

“New technologies that are being unveiled as being the solution to problems — often they’re just a better key to locking and unlocking something, but that doesn’t mean that you shouldn’t think about what’s behind the door,” he said. “Because if you put all this trust in a new technology, … you can find yourself in quite a hairy situation.”

Jenkins points out that sometimes even humans can’t recognize familiar faces.

“The human brain is the most sophisticated computer we know of,” he said. “Engineers are setting themselves [up] with a very difficult problem by demanding accurate performance. Even humans can’t do this reliably and should give us pause. … Is the goal a realistic goal? Are we ever going to build a machine that can do that? And maybe we will, but I think it’s a question that’s worth asking.”

By Søren Duus Østergaard – Duus Blog

A basic principle in the current European Data Protection Act is to ensure proportionality between the level and amount of personal identifiable data, that you have to reveal to identify yourself has to be proportional to the risk and danger incurred if the identity is faked or stolen.

The recent years have seen a growth in tools for identification, mainly in the biometric area, that has led to the risk of ‘overreacting’ using easy biometrics where lesser level of authentication could have been used. One of the latest strange cases from Denmark is a night club, that has been allowed by the data protection agency to take customers fingerprints at the entrance as a means to secure against violent behavior. Horror examples of major collection of biometric data is of course U K’s collection of DNA profiles for children, a practice that was started 5 or 6 years ago.

The risks involved are related to the kind of threat you are trying to prevent: Do we need the security tool to reveal the identity and all related information? This may be the case if we have a strong suspicion that a person is directly related in crime or an act of terror. Or do we only need to know if a person is 18 years old so it is legal to sell alcohol to him/her? Similarly, within the health area a nurse and a doctor do not need to have full access to a patients medical record if he has lost his consciousness and need a blood transfusion, only the key information of blood type and current medication.

So the use of biometrics in itself is one dimension of the game – and the other dimension is what the biometric identification gives access to reveal of PII – Personally Identifiable Information – at the same time or as a consequence of using the biometrics.

The first question of proportionality is then solely related to the ‘strength’ of the biometric method used. A weak solution is a quick, convenient solution which is non-intrusive, non-incriminating and non-discriminating in regard to civil rights and color of skin, sex, race and religion. For this purpose simple biometrics like a signature (Analog or digitized) may be better than a fingerprint ( traditional, optical electronic scanning using a template to generate a simple bit stream) – because fingerprints may be seen as incriminating, offensive, police-like. while a face recognition reveals race, color of skin and maybe sex, and thus does not meet the other criteria.

Signatures may be faked, fingerprints (simple fingerprints) can be stolen – in bizarre cases it has been seen that criminals have cut off fingers of owners of Mercedes 300S cars to break the fingerprint starting mechanism. (This risk is probably less in Northern Europe, though.) Or it may bedifficult to read the results properly.

When stronger proof is needed, it is acceptable to rely on methods with higher reliability – like the thermal scanning of fingerprints, that measures the distance from the underlying blood, revealing riffs and valleys, again to be transformed by fast fourier transformation to a template consisting of 0′s and 1′s. This prevents the use of faked fingerprints copied on a strip of tape – and even the rough case of cutting off Mercedes’ owner’s finger –( presumably the blood has stopped circulating – so no heat difference). AlsoIris recognition has been suggested, whereas 3D face recognition at this point still has a higher rate of errors. It has been suggested to use at least 2 types of biometry, like the US border control where you combine fingerprints with face recognition.
In any case the reliability of the identification methodology applied in every case has to discussed and explained before any solution is deployed. (See article about reliability)

It may be OK under well-defined circumstances to use higher level of trusted biometrics, even if they are not 100% proof. The second dimension of the question than is what other PII is stored with the template or the face geometry is stored and how these data are protected. This is a question of data stewardship and again should be in proportion to the use of the data. Taking the example from the Danish night club that has been granted permission to store peoples’ fingerprints, these should definitely not be store with any other information than the purpose: Is this guy know to have a tendency to quarrel – NOT his name, address etc. Even if this is kept using cryptography, it is not in proportion to the use of the biometric data.

Other types of biometrics are recognition of moving patterns, voice recognition, pattern of the veins, retina scan – and of course DNA. Whereas the failure rate (both positive and negative) of the first 2 of these types are still relatively high, the 3 other may reveal unwarranted additional details of the health situation of the individual, hence these items should only be used for forensic purposes and not just collected arbitrarily or even – as in the UK DNA case – systematically.

An important aspect of using Biometrics is also how it will be possible to revoke or change the biometrics as the person changes. Whereas fingerprints remain stable for a longer period in life, face geometry changes a lot from childhood to old age, so does walking patterns, voice. And people do have cosmetic operations in their faces, accidents may change the looks and behavior so any system based on biometrics should have a way to allow for changes of this kind and it should be possible to revoke biometrics.

But as the technology improves and computing power is increasing, one solution which could use biometrics and at the same time prevent the data from occurring in the open space or being communicated could be to have an ID card with a number of different domains, each holding the relevant information linked to the person: one domain simply stating the age, another for the bank including bank account numbers, one for driving license use, one for medical/health care use, one for insurance use, one for credit cards, one for public identification purposes.
If this identity card can be activated by a fingerprint reader plus a pin code, the citizen could then select exactly how much PII he wants to reveal in the situation. This is in line with the PrimeLife recommendations from IBM Zürich Lab, that has just got the German award for forward think identity management solution. This type of solution has the advantage that the user is in full control and that no central database is required for the biometric data.

In a few days I will discuss the use of video surveillance, what we know about it as a crime prevention tool and what may be a more intelligent way of using it.