I do find it a bit ironic that the same Senator Schumer seeking to force Facebook to change its privacy policies – rightly so I might add - is simultaneously leading the push in Congress to require all Americans to have national ID cards.

The concept for a National ID Card with biometric identifiers – like fingerprints, facial, and/or iris scans – is being proposed for inclusion in the coming immigration reform legislation. There are a number of reasons why this concerns me, most notably the fact that its part of much larger pattern of government expansion of power through increasingly intrusive assaults on our civil liberties. All of course, in the name of keeping us safe, and protecting us usually from one kind of brown person or another. Now, instead of pandering to those afraid of “terrorists” on every street corner, this seems to be pandering to those unduly afraid of the “illegal immigrant threat”.

Consider, biometrics technology is the computerized matching of an individual’s personal characteristics against an image or database of images. Initially, the system captures a fingerprint, picture, or some other personal characteristic, and transforms it into a small computer file (often called a template). The next time someone interacts with the system, it creates another computer file (often called a sample), and compares it to the original template or tries to find a match in its database. Because every sample is a little different, biometrics really asks whether the sample is similar enough to the template.

So let’s be real clear, creating a database with 100′s of millions of facial scans and thumbprints raises a host of surveillance, tracking and security questions, and consumer hassles with the DMV - never mind the enormous cost.

Privacy expert Bruce Schneier recently pointed out some of pro’s and con’s of a biometric based ID:

Biometrics can vastly improve security, especially when paired with another form of authentication such as passwords. But it’s important to understand their limitations as well as their strengths. On the strength side, biometrics are hard to forge. It’s hard to affix a fake fingerprint to your finger or make your retina look like someone else’s. Some people can mimic voices, and make-up artists can change people’s faces, but these are specialized skills.

On the other hand, biometrics are easy to steal. You leave your fingerprints everywhere you touch, your iris scan everywhere you look. Regularly, hackers have copied the prints of officials from objects they’ve touched, and posted them on the Internet. We haven’t yet had an example of a large biometric database being hacked into, but the possibility is there. Biometrics are unique identifiers, but they’re not secrets.

And a stolen biometric can fool some systems. It can be as easy as cutting out a signature, pasting it onto a contract, and then faxing the page to someone. The person on the other end doesn’t know that the signature isn’t valid because he didn’t see it fixed onto the page. Remote logins by fingerprint fail in the same way. If there’s no way to verify the print came from an actual reader, not from a stored computer file, the system is much less secure.

…

A more secure system is to use a fingerprint to unlock your mobile phone or computer. Because there is a trusted path from the fingerprint reader to the stored fingerprint the system uses to compare, an attacker can’t inject a previously stored print as easily as he can cut and paste a signature. A photo on an ID card works the same way: the verifier can compare the face in front of him with the face on the card.

Fingerprints on ID cards are more problematic, because the attacker can try to fool the fingerprint reader. Researchers have made false fingers out of rubber or glycerin. Manufacturers have responded by building readers that also detect pores or a pulse.

The lesson is that biometrics work best if the system can verify that the biometric came from the person at the time of verification. The biometric identification system at the gates of the CIA headquarters works because there’s a guard with a large gun making sure no one is trying to fool the system.

…

One more problem with biometrics: they don’t fail well. Passwords can be changed, but if someone copies your thumbprint, you’re out of luck: you can’t update your thumb. Passwords can be backed up, but if you alter your thumbprint in an accident, you’re stuck. The failures don’t have to be this spectacular: a voiceprint reader might not recognize someone with a sore throat, or a fingerprint reader might fail outside in freezing weather. Biometric systems need to be analyzed in light of these possibilities.

Biometrics are easy, convenient, and when used properly, very secure; they’re just not a panacea. Understanding how they work and fail is critical to understanding when they improve security and when they don’t.

So, from Schneier’s perspective, it does seem that requiring ALL AMERICANS to carry these, particularly with the fingerprint or the iris as the biometricidentifier, doesn’t make much sense, and poses a significant threat to onesidentity being stolen – not protected.

The Consumer Federation of California joined with the ACLU and a host of other organizations to oppose the transition to biometric drivers licenses here in California not long ago. Some of the privacy concerns we raised during that debate include:

Right to Privacy – Personal Freedom and Security

o Whether biometric images should be collected, which images should be collected (i.e. facial v. thumbprint scan), who has access to those images, and for what purposes are the preliminary privacy questions that should addressed to protect individuals’ constitutional right to privacy.

o The Creation of Dossiers about Individuals and their Activities: Where a biometric identifier is used as a unique identifier to catalogue personal information about an individual, it would enable monitoring, tracking and surveillance of individuals. This concern applies to both the government and databrokers/private industry using the same biometric to gather information.

Threat to Anonymity and Anonymous Speech: Unless current law is changed, the biometric thumbprints and facial scans from the DMV will be used in criminal investigations, and as public and private surveillance cameras become more ubiquitous, the likelihood rises of using facial recognition to identify andsurveil innocent people just walking down the street or engaged in First Amendment protected speech on political or labor issues.

The Supreme Court has found that compelling an individual to disclose his or her political ideas or affiliations to the government deters the exercise of First Amendment rights. The right to anonymous speech, protest and leafleting are critical to our democracy.

o Perceived Infallibility and Inaccuracy: The concept that each of us is unique does not always translate into accurate biometric identification. Computer “matches” must be reviewed visually by people to confirm the accuracy. And, even then, errors are made.

Brandon Mayfield, the Oregon Attorney, was erroneously linked to the 2004 Madrid train bombings after his prints were misidentified and he was held by the FBI for two weeks, though he was never charged. His prints were “identified” through the Integrated Automated Fingerprint Identification System (IAFIS). IAFIS identified a few potential matches that were then reviewed by a fingerprint examiner and an outside experienced fingerprint expert.

o What is the “bang for the buck” that California (or in this case the US) would get from undefined changes being proposed in the nature and use of these biometric databases? How much is the whole system going to cost? How much would be borne by the state, how much would be borne by individuals?

We do know that creating biometric database systems (facial image and thumbprint) will be very costly, and even more costly to do correctly (in addition to the technology, staff needs be trained, and there must be technical and due process protections in place to ensure that people’s licenses are not wrongly denied or taken away because of an error).

The Legislative Analysts Office raised their own privacy concerns,particularly regarding whether the data would be stored by a private vendor, and whether states that have experienced a 5-10 percent reduction in fraud using biometrics is necessarily relevant to state’s that already have secure cards and issuance processes. In other words, the Legislature (or Congress in this case)would need to assess costs of implementing a biometrics system in light of the cost of implementing other solutions and the actual number of fraudulent IDs prevented.

EFF, in its opposition to this concept as a component of PASS ID (a slightly scaled back version of REAL ID), wrote:

Proponents seem to be blind to the systemic impotence of such an identification card scheme. Individuals originally motivated to obtain and use fake IDs will instead use fake identity documents to procure “real” drivers’ licenses. PASS ID creates new risks — it calls for the scanning and storage of copies of applicants’ identity documents (birth certificates, visas, etc.). These documents will be stored in databases that will become leaky honeypots of sensitive personal data,prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database.

…proponents of the national ID effort seem blissfully unaware of the creepy implications of a “papers please” mentality (think Arizona) that may grow from the issuance of mandatory federal identification cards.

Do we really want to create a multibillion-dollar program – at a time of economic recession and growing deficits – that enhances opportunities for identity theft, turns state motor vehicle departments into arms of U.S. Immigration and Customs Enforcement and will almost certainly lead to harassment of immigrants, legal or otherwise?

It would also complicate efforts by some states to issue driver’s licenses to illegal immigrants, because such licenses would require special markings to signal that the bearer is here illegally. Sensible measures to enforce our immigration laws is one thing, but anything that discourages undocumented immigrants from getting driver’s licenses endangers all drivers on the road and raises insurance costs for everyone.

So if we put everything into that one document – make it the be-all and end-all of identification for most Americans – what might we have? An invasion of ordinary citizens’ privacy and phony documentation in the hands of identity thieves and potential terrorists that we believe too readily is authentic.

Let’s remember too the state reaction to REAL ID, with at least 42 states have considered anti-Real ID legislation, and another 25 states have enacted anti-real ID bills or resolutions, and fourteen of those states have passed binding legislation prohibiting participation in the Real ID program. Six more states have already passed resolutions or statutes in 2009.

Imposing a first-ever national identity card system, even if just for employment, would violate privacy by helping to consolidate data and facilitate tracking, and over time its use will almost certainly expand to cover other activities necessary to participate in society.

Here’s a couple clips from an article in United Press International this week:

On a five-year timetable the biometric cards would replace Social Security cards and would be used to prove eligibility for employment. Card scanners would be issued to all U.S. employers. The cards would at least have the capability of being linked to a central data system.

Like all controversial government programs, the proposed national ID card has an innocuous name: When Senate Democratic leaders unveiled the new program last month they called it Biometric Enrollment, Locally Stored Information and Electronic Verification of Employment – or “Believe,” for short.

…

The difference would be in the biometric information and the universality of the employment requirement. However, the opportunities for abuse by unscrupulous government employees are obvious.

The proposal rang alarm bells at the American Civil Liberties Union in Washington. While criticizing several aspects of proposed immigration reform, the group is concentrating its criticism on the ID cards.

“If the biometric national ID card provision of the draft bill becomes law, every worker in America would have to be fingerprinted and a new federal bureaucracy — one that could cost hundreds of billions of dollars — would have to be created to issue cards,” the organization said in a statement. “The ACLU strongly opposes the inclusion of a biometric national ID in this or any comprehensive immigration reform bill and urges senators to reject such an ID card.”

In his own statement, Christopher Calabrese, ACLU legislative counsel, said: “Creating a biometric national ID will not only be astronomically expensive, it will usher government into the very center of our lives. Every worker in America will need a government permission slip in order to work. And all of this will come with a new federal bureaucracy — one that combines the worst elements of the (Department of Motor Vehicles) and the (U.S. Transportation Security Administration). America’s broken immigration system needs real, workable reform, but it cannot come at the expense of privacy and individual freedoms.”

Click here to read more.

So my position is clear. What I particularly don’t like about it is the pattern for which it is a part of…a pattern of deteriorating privacy, increasing government and corporate powers and authority, and the expanding number of ways in which “security” and “safety” are used to scare people into giving up those very things.

If nothing else, before anything remotely like this becomes law, I would like to see an open, vigorous debate, and if the public goes and the legislature truly goes for it, then a series of steps need to be taken to implement it in a way that is fair, reasonable and secure.

Posted by CFC at Thursday, May 13, 2010

Issues Corporate Accountability, Data Protection, Government Surveillance, Records Privacy, Social Security Numbers

Ed Imwinkelried, Chair and Michael Cherry, Vice Chair - The Digital Technology Committee of the National Association of Criminal Defense Lawyers reporting that fingerprint evidence cannot be trusted. You read that right.

The Digital Technology Committee of the National Association of Criminal Defense Lawyers believes it can prove that the methods used by today’s fingerprint examiners are insufficient to establish fingerprint uniqueness.

Our membership includes experienced pattern recognition scientists who have appeared before the National Academies of Science and worked with the U.S. Department of Commerce National Institute of Standards and Technology(NIST).  Before becoming involved in forensic issues, they received letters of appreciation from the U.S. Executive Office of the President, the Director of NIST, and the White House Y2K Czar.

For example, NIST invited them to participate as members of an ad hoc working group on Data Formats for the Interchange of Fingerprint, Facial, Scar, Mark, and Tattoo (SMT) Information.  These standards define the content, format, and units of information that are used for the fingerprint, facial, or SMT identification of a subject.  They not only participated on this project;  they were also permitted to vote to replace the lossy compression scheme used by the FBI and other law enforcement agencies–a scheme that saved space by sacrificing detail.  Other voters included Interpol, Germany’s Federal Criminal Police Office, the Netherlands National Police Agency, and the Royal Canadian Mounted Police.

Most recently, they have turned our attention to fingerprint analysis.  In our opinion, the ACE-V methodology should be renamed PACE-V — partial analysis comparison evaluation and verification; examiners analyze incomplete information.  We are eager to participate in DAUBERT/FRYE hearings to expose the insufficiency of the current paradigm.

You can contact us at:

Michael Cherry, Vice Chair                                                               Ed Imwinkelried, Chair

201 513-8300                                                                                                        530 752-0727

By John Ozimek • The Register

Radical Think Tank Open Europe has this week exposed a study by the EU that could lead to the creation of a massive cross-Europe database, amassing vast amounts of personal data on every single citizen in the EU.

The scope of this project also reveals a growing governmental preference for systems capable of locking people up not for what they have done, but for what they might do.

Open Europe (OE) researcher, Stephen Booth, has been reviewing projects currently in receipt of EU funding. Last week he identified one of these - Project INDECT – as having potentially far-reaching effects for anyone living or working in Europe. The main objectives of this project, according to its own website, are:

To develop a platform for: the registration and exchange of operational data, acquisition of multimedia content, intelligent processing of all information and automatic detection of threats and recognition of abnormal behaviour or violence, to develop the prototype of an integrated, network-centric system supporting the operational activities of police officers.

In addition, it aims “to develop a set of techniques supporting surveillance of internet resources, analysis of the acquired information, and detection of criminal activities and threats.”

There are two controversial aspects to this research. First is the extent of data collection implied by the project scope. Second, and perhaps far more worrying, is the proposition that law enforcement agencies, in possession of sufficient data, will in future be able to model potentially criminal and anti-social behaviour and therefore focus on individuals before crimes are committed.

In this, it echoes another EU-sponsored piece of research – ADABTS – which is all about Automatic Detection of Abnormal Behaviour and Threats in crowded Spaces. According to the ADABTS prospectus, it “aims to develop models for abnormal and threat behaviours and algorithms for automatic detection of such behaviours as well as deviations from normal behaviour in surveillance data.”

The INDECT project is co-ordinated by Polish academic Professor Andrzej Dziech. Participants include several institutions from Poland – which until recently had its own issues with over-arching state surveillance – as well as the Northern Ireland Police Service.

Shami Chakrabarti, the director of human rights group Liberty, described this approach as a “sinister step” for any country, but “positively chilling” on a European scale.

Stephen Booth added: “The problem with the EU funding these types of projects is the lack of accountability. Citizens are left completely in the dark as to who has approved them and there is no way to ensure that civil liberties are being duly respected.

“The absence of any political debate about the use of these new surveillance technologies in our society is a very dangerous trend, which is especially acute at the EU level.”

However, the idea of punishing potential criminals is not just an EU notion. As El Regreported last year, the Home Office has certainly considered the use of automated profiling to check travellers at points of entry to the UK. This has been controversial, both because of the veiled racism implied by such a policy, as well as evidence provided to the Home Office that it might not actually work.

However, the Vetting Database – which is due to go live later this year – will take decisions on whether people are fit to work in millions of “regulated” positions on the basis of a scoring system, designed to “predict” likelihood to offend.

The introduction of predictive models into society appears to be carrying on apace, with very little public debate as to how desirable they are, or how the state should compensate citizens where mistakes occur. There is also a blurring of the lines between predicting a threat – in which case law enforcement officers can be asked to investigate – and simply predicting criminality and penalising an individual on the basis of something they have not yet done.

OE is interested in seeing less formal integration across Europe, and a return to more issues being resolved at the national level. Their investigation looked at funding provided under the Seventh Framework Programme (FP7). This can be accessed via the Cordis portal, and is a mechanism whereby funds controlled by the EU Commission are made available for research projects.

The existence of an FP7 project is not necessarily an indicator of EU policy in an area, but it is clear evidence of some interest in the approach being investigated.

Project INDECT launched on 1 January this year with a project budget of 14.86 million Euros. It is due to deliver the goods, including a 15-node pilot project, by the end of 2013. ®

Police in Malaysia are hunting for members of a violent gang who chopped off a car owner’s finger to get round the vehicle’s hi-tech security system.

The car, a Mercedes S-class, was protected by a fingerprint recognition system.

Accountant K Kumaran’s ordeal began when he was run down by four men in a small car as he was about to get into his Mercedes in a Kuala Lumpur suburb.

The gang, armed with long machetes, demanded the keys to his car.

It is worth around $75,000 second-hand on the local market, where prices are high because of import duties.

Stripped naked

The attackers forced Mr Kumaran to put his finger on the security panel to start the vehicle, bundled him into the back seat and drove off.

But having stripped the car, the thieves became frustrated when they wanted to restart it. They found they again could not bypass the immobiliser, which needs the owner’s fingerprint to disarm it.

They stripped Mr Kumaran naked and left him by the side of the road – but not before cutting off the end of his index finger with a machete.

Police believe the gang is responsible for a series of thefts in the area.

Anyone who follows the news has no doubt come across the claim that “Israel is the only democracy in the Middle East.” Usually, this claim is followed by its logical inference: “As an island of freedom located in a region controlled by military dictators, feudal kings and religious leaders” - Not any more – Israel democracy is now controlled by superficial politicians…

Black Day for Democracy

By Gil Ronen and Nissan Ratzlav-Katz

(IsraelNN.com) The Knesset plenum approved Monday evening the ‘Biometric Law’ in the final readings. Forty Knesset members voted in favor of the law, 11 against and three abstained. The purpose of the law is the creation of a biometric database that would hold the fingerprints and facial photos of all of the country’s citizens. The data would be stored in the Interior Ministry computers.

MK Nitzan Horowitz (Meretz), who led the opposition to the law, said after its approval that the vote was “a serious mistake which causes grave harm to freedom of the individual in Israel.”

“I hope that we do not pay too heavy a price for it,” Horowitz said. “In any case, it has been proven that an unrelenting public struggle by idealists can have influence and make a difference. The proof is that the law in its final wording is completely different from the original version.”

During the Knesset debate about the law, MK Horowitz stood at the podium and held up printouts of information from the Ministry of Interior’s database which contained information about Knesset members and which reached the Internet. He said that he would not show the contents so as not to invade the MKs’ privacy. “The leaked data which reached my hands prove how easy it is to break into government databases,” he said. “I hope that this will not be the fate of the biometric database.”

MK Dov Henin (Hadash) said that despite the government’s statements that it would not force Israeli citizens to join the database, “in fact, whoever does not do so would be punished – he will not be able to leave the country’s borders, since he would not receive a passport at the level required in developed countries.” The database is not truly a voluntary one, he said.

Faked fingerprints
On the same day that the Knesset approved the law, there news from Tokyo that appeared to show that this system, too, was not foolproof. Police in the Japanese capital said that they arrested a 27-year-old Chinese woman suspected of illegally entering the country after surgically altering her fingerprints to deceive a biometric recognition system operated by immigration officials.

Australia Post has revealed plans to introduce new technology to allow Post Office staff to take fingerprints, biometric scans and digital signatures from customers applying for services such as bank accounts and passports.

The new Identification Services Program Project is expected to be adopted at all 4,443 retail Post outlets, but is currently being tested at 25 Australia Post-owned outlets across NSW and Western Australia.

If approved by State and Federal Governments, Australia Post would become the first non-law-enforcement organisation to take digital fingerprints for commercial purposes.
The power is currently limited to law enforcement Agencies, the Courts, spy Agencies and the Defence Force.
Spokesperson for Australia Post, Alex Twomey was reported in the press as confirming fingerprinting capabilities would be introduced over the next two years and that staff would be trained in protocols for storing and transmitting customer information.
“Fingerprint information will be stored for six hours at the outlet and then transferred for storage at a central Australia Post database,” Mr Twomey said.
“Under Agency agreements, we would then be required to wipe the information after it was sent to Government Departments or other corporate clients.”
According to reports, Australia Post plans to install the data capture equipment at 375 of its own outlets by the end of June 2010, followed by another 400 in 2011 and then 2,000 privately managed post offices nationwide.
Funding for the Identification Services Program project trial was approved in March 2009.
Chairman of the Australian Privacy Foundation, Dr Roger Clarke said he was concerned over the lack of public discussion surrounding the new system.

“These types of initiatives are just too important to introduce without public discussion,” Dr Clarke said.

He said “securing fingerprints and other data across such a large retail network was a major concern as it would be difficult to design a system to protect all information”.

By Søren Duus Østergaard – Duus Blog

A basic principle in the current European Data Protection Act is to ensure proportionality between the level and amount of personal identifiable data, that you have to reveal to identify yourself has to be proportional to the risk and danger incurred if the identity is faked or stolen.

The recent years have seen a growth in tools for identification, mainly in the biometric area, that has led to the risk of ‘overreacting’ using easy biometrics where lesser level of authentication could have been used. One of the latest strange cases from Denmark is a night club, that has been allowed by the data protection agency to take customers fingerprints at the entrance as a means to secure against violent behavior. Horror examples of major collection of biometric data is of course U K’s collection of DNA profiles for children, a practice that was started 5 or 6 years ago.

The risks involved are related to the kind of threat you are trying to prevent: Do we need the security tool to reveal the identity and all related information? This may be the case if we have a strong suspicion that a person is directly related in crime or an act of terror. Or do we only need to know if a person is 18 years old so it is legal to sell alcohol to him/her? Similarly, within the health area a nurse and a doctor do not need to have full access to a patients medical record if he has lost his consciousness and need a blood transfusion, only the key information of blood type and current medication.

So the use of biometrics in itself is one dimension of the game – and the other dimension is what the biometric identification gives access to reveal of PII – Personally Identifiable Information – at the same time or as a consequence of using the biometrics.

The first question of proportionality is then solely related to the ‘strength’ of the biometric method used. A weak solution is a quick, convenient solution which is non-intrusive, non-incriminating and non-discriminating in regard to civil rights and color of skin, sex, race and religion. For this purpose simple biometrics like a signature (Analog or digitized) may be better than a fingerprint ( traditional, optical electronic scanning using a template to generate a simple bit stream) – because fingerprints may be seen as incriminating, offensive, police-like. while a face recognition reveals race, color of skin and maybe sex, and thus does not meet the other criteria.

Signatures may be faked, fingerprints (simple fingerprints) can be stolen – in bizarre cases it has been seen that criminals have cut off fingers of owners of Mercedes 300S cars to break the fingerprint starting mechanism. (This risk is probably less in Northern Europe, though.) Or it may bedifficult to read the results properly.

When stronger proof is needed, it is acceptable to rely on methods with higher reliability – like the thermal scanning of fingerprints, that measures the distance from the underlying blood, revealing riffs and valleys, again to be transformed by fast fourier transformation to a template consisting of 0′s and 1′s. This prevents the use of faked fingerprints copied on a strip of tape – and even the rough case of cutting off Mercedes’ owner’s finger –( presumably the blood has stopped circulating – so no heat difference). AlsoIris recognition has been suggested, whereas 3D face recognition at this point still has a higher rate of errors. It has been suggested to use at least 2 types of biometry, like the US border control where you combine fingerprints with face recognition.
In any case the reliability of the identification methodology applied in every case has to discussed and explained before any solution is deployed. (See article about reliability)

It may be OK under well-defined circumstances to use higher level of trusted biometrics, even if they are not 100% proof. The second dimension of the question than is what other PII is stored with the template or the face geometry is stored and how these data are protected. This is a question of data stewardship and again should be in proportion to the use of the data. Taking the example from the Danish night club that has been granted permission to store peoples’ fingerprints, these should definitely not be store with any other information than the purpose: Is this guy know to have a tendency to quarrel – NOT his name, address etc. Even if this is kept using cryptography, it is not in proportion to the use of the biometric data.

Other types of biometrics are recognition of moving patterns, voice recognition, pattern of the veins, retina scan – and of course DNA. Whereas the failure rate (both positive and negative) of the first 2 of these types are still relatively high, the 3 other may reveal unwarranted additional details of the health situation of the individual, hence these items should only be used for forensic purposes and not just collected arbitrarily or even – as in the UK DNA case – systematically.

An important aspect of using Biometrics is also how it will be possible to revoke or change the biometrics as the person changes. Whereas fingerprints remain stable for a longer period in life, face geometry changes a lot from childhood to old age, so does walking patterns, voice. And people do have cosmetic operations in their faces, accidents may change the looks and behavior so any system based on biometrics should have a way to allow for changes of this kind and it should be possible to revoke biometrics.

But as the technology improves and computing power is increasing, one solution which could use biometrics and at the same time prevent the data from occurring in the open space or being communicated could be to have an ID card with a number of different domains, each holding the relevant information linked to the person: one domain simply stating the age, another for the bank including bank account numbers, one for driving license use, one for medical/health care use, one for insurance use, one for credit cards, one for public identification purposes.
If this identity card can be activated by a fingerprint reader plus a pin code, the citizen could then select exactly how much PII he wants to reveal in the situation. This is in line with the PrimeLife recommendations from IBM Zürich Lab, that has just got the German award for forward think identity management solution. This type of solution has the advantage that the user is in full control and that no central database is required for the biometric data.

In a few days I will discuss the use of video surveillance, what we know about it as a crime prevention tool and what may be a more intelligent way of using it.

Increasingly facial recognition is picking out people in a crowd

A surveillance state, with cameras on every street is commonplace but now Big Business is also turning to Big Brother.

Face recognition, behavior analyzing surveillance cameras, biometric profiling and the monitoring and storing of our shopping patterns has made snooping into our habits, movements and private lives ever easier.

Dismayed at its shrinking power to market to us via traditional media or even the internet, the private sector is now proposing to reach potential customers in ways that critics say should have us all concerned.

“There is an enormous pent-up demand for personalized location advertising, whether it is on your cellophane or PDA, on your radio in your car, or on the billboards you walk by on the streets and inside stores,” says Bruce Schneier, chief security technology officer of BT.

“This is yet another technological intrusion into privacy. And like all such intrusions, it will be taken as far as the owner of that intrusion finds it profitable.”

Emotional reactions

New surveillance technology could even evaporate the advertiser’s favorite grouse that “half of advertising is wasted, but we don’t know which half”.

Advertisers are turning to “intelligent” digital billboards that use cameras to watch you watching the ads.

In Germany, developers have placed video cameras into street advertisements attempting to discern people’s emotional reactions to the ads, according to the Washington-based privacy advocate outfit the Electronic Privacy Information Center (EPIC).

It warns that this type of surveillance encroaches on civil liberties. Such face, voice and behavior technology could be a means of tracking individuals on a mass level across their entire lives, it says.

Pushed by the demands of advertisers and security-minded governments, these technologies are becoming so increasingly smart and intrusive that they now resemble something out of science fiction, it warns.

Science fact

Some of the technology available now seems to have overtaken fiction.

When an interactive ad shouts out to Tom Cruise’s character in the 2002 film Minority Report: “John Anderton, you could use a Guinness!” It identified him as he walked through a mall by scanning the unique pattern of his iris.

This is now pretty standard. Face recognition technology is proving to be a handier, more sophisticated tool to pick us out on the street, a crowded room or at passport control.

Such systems are able to automatically detect and identify human faces using recognition algorithms.

The first step for a facial recognition system is to recognize a human face and extract it from the rest of the scene. Next, the system measures the distance between the features — a distinctive aspect of our faces that does not change with disguises or even surgery.

Matches can then be found in databases in under a second, although 100% accuracy is not yet guaranteed.

Currently the private sector is finding such systems useful for what it calls “targeted marketing,” or “dynamic advertising.”

Japan’s NEC, for instance, is sells face-recognition technology to allow advertisers to tailor what ad is showing on a digitized screen depending on the viewer’s sex and age.

Tracking systems, such as these, can determine the viewer’s gender 85-90% of the time, approximate age and ethnicity, and change the ads accordingly.

NEC denies the system raises privacy concerns as it does not store any images, only the analyzed results (age and sex) based on those images.

But as Schneier points out systems like these are likely liable to “function creep” where a technology is brought in for one purpose, to profile your sex while viewing an ad for example, and then begins to push the boundaries.

“Once the cameras are installed and operational, once they’re networked to central computers, then it’s a simple matter of upgrading the software,” he says.

“And if they can do more — if they can provide more “value” to the advertisers — then of course they will. To think otherwise is simply naive.”

And when advertisers start to follow us, our privacy, our right to be left alone will be severely compromised, he thinks.

More control

Democratic governments, charged with protecting us from such violations, are beginning to wake up to these practices.

EU commissioner Viviane Reding wants to see tighter controls

The US is about to propose a bill to ensure that consumers know what information is being collected about them. While the EU promises to rigorously police what it claims are already stringent controls on our personal data.

“Europeans must have the right to control how their personal information is used,” Viviane Reding, the EU’s commissioner for information society and media told BBC news. “We cannot give up this basic principle, and have all our exchanges monitored, surveyed and stored, in exchange for a promise of ‘more relevant’ advertising.”

Despite such assurances, given the pervasiveness of such technologies firstly on the internet and now spreading to the physical world, what we do about them in the next few years will be crucial. It might control our privacy for generations to come say human rights advocates.

“Companies are increasingly impatient to get to us and once these practices are commonplace it will hard to reverse them,” says Marc Rotenberg director of EPIC. “Particularly as, ironically, we lose privacy these companies are gaining secrecy.”

It would seem sensible to debate now how far business and the state should be allowed to tag us while we still have a privacy to protect.

By Ellen Messmer Framingham – Computerworld | Thursday, 24 September, 2009

The Federal Bureau of Investigation is expanding beyond its traditional fingerprint-focused collection practices to develop a newbiometrics system that will include DNA records, 3-D facial imaging, palm prints and voice scans, blended to create what’s known as “multi-modal biometrics”.
“The FBI today is announcing a rapid DNA initiative,” said Louis Grever, executive assistant director of the FBI’s science and technology branch, during his keynote presentation at the Biometric Consortium Conference in Tampa.

The FBI plans to begin migrating from its IAFIS database, established in the mid-1990s to hold its vast fingerprint data, to a next-generation system that’s expected to be in prototype early next year. This multi-modal NGI biometrics database system will hold DNA records and more.

Grever said that fingerprints and DNA appear to be the most mature and searchable biometrics possibilities, but the FBI is working to include iris-scan records among newer biometrics technologies to identify criminals and terrorists. The plan is to share this data with authorised US and international investigative partners, as the agency does today.

The FBI’s current IAFIS database remains a workhouse; it processes about 200,000 daily transactions from its 370 million 10-fingerprint records, and it just crossed the 250 million transaction mark.

The next-generation FBI database system is under design by MorphoTrak and is expected to include DNA, iris scans, advanced 3-D facial imaging and voice scans among its multi-modal biometrics. Lower turnaround times for delivering information over wide-area networks are planned. The goal is to drop from a roughly two-hour response time for IAFIS urgent requests to less than 10 minutes.

But FBI officials acknowledged there’s still a lot of research and development that needs to be done to reach its NGI goals. One goal is to develop a rapid DNA analysis method that would provide DNA analysis in less than an hour, as opposed to several hours or even days. The FBI is cosponsoring research with the Department of Defense, which has a similar goal.

Kevin Reid, section chief for the biometrics service section at the FBI, said the FBI also wants to establish a service-oriented architecture for NGI, but it’s not clear when this would be in place to provide services related to biometrics information-sharing.

The FBI is already moving into new areas, including setting up apalm-print repository and searchable databases for scars, marks and tattoos that it will be collecting.

The FBI, under the DNA Fingerprint Act of 2005, is now allowed to collect reference-sample DNA material for biometrics analysis purposes at the time of booking, Grever said. “DNA has become a powerful and timely tool,” said Grever, adding there are no “privacy or civil liberties issues beyond those associated with fingerprints.”