A D.C.-based privacy group has asked the Federal Trade Commission to examine Facebook’s facial-recognition technology.

The Electronic Privacy Information Center (EPIC) joined with the Center for Digital Democracy, Consumer Watchdog, and the Privacy Rights Clearinghouse to file a complaint with the agency, arguing that the facial-recognition software is “unfair and deceptive.”

EPIC wants the FTC to require Facebook to stop using the technology pending an investigation, as well as ultimately make it opt-in.

“Users could not reasonably have known that Facebook would use their photos to build a biometricdatabase in order to implement a facial recognition technology under the control of Facebook,” EPIC argued.

The organization said without FTC intervention, Facebook will “likely expand the use of the facial recognition database it has covertly established for purposes over which Facebook users will be able to exercise no meaningful control.”

Back in December, Facebook announced plans for facial-recognition technology intended to make it easier for people to tag photos of friends. Facebook said it would examine newly uploaded photos and compare them to other photos in which you or your friends are tagged in order to make tagging suggestions.

Last week, security firm Sophos expressed concern that facial recognition had been turned on by default. Users must go in and disable the service if they do not want to show up as “suggested tags” in their friends’ photos. Facebook acknowledged that it should have been more communicative about the service.

“We should have been more clear with people during the roll-out process when this became available to them,” a Facebook spokesman said in a Tuesday statement.

The news was met with concern overseas, however. Several members of EU’s Article 29 DataProtection Working Party—like the U.K., Ireland, and Luxembourg—are investigating the issue.

“As with any new technology, we would expect Facebook to be upfront about how people’s personal information is being used,” the U.K.’s Information Commissioner’s Office said in a statement. “The privacy issues that this new software might raise are obvious and users should be given as much information as possible to give them the opportunity to make an informed choice about whether they wish to use it. We are speaking to Facebook about the privacy implications of this technology.”

In the EU, the Data Protection Directive of 1995 requires that people give their consent to the use of their data. Companies that process personal data must tell users about how their information is being used and whether it is passed on to other companies or individuals. The data protection agencies within the EU are responsible for monitoring and enforcing this directive, according to a European Commission spokesman.

Though the Article 29 Working Party is independent of the European Commission, the commission will propose a reform of the data protection rules this year. “The challenges on data protection resulting from new technologies, such as cloud computing and social network sites, are one of the central reasons for this reform,” the spokesman said.

Here in the U.S., Rep. Edward Markey, a Massachusetts Democrat, expressed support for the EPIC filing. “The Federal Trade Commission should investigate this important privacy matter, and I commend the consumer groups for their filing. When it comes to users’ privacy, Facebook’s policy should be: ‘Ask for permission, don’t assume it,’” Markey said in a statement. “Rather than facial recognition, there should be a Facebook recognition that changing privacy settings without permission is wrong. I encourage the FTC to probe this issue and will continue to closely monitor this issue.”

Markey and EPIC have both tangled with Facebook in the past. In December 2009, EPIC and other consumer groups filed another complaint with the FTC arguing that Facebook’s recent privacy update violated federal consumer protection law. It also expressed concern with Facebook allowing developer access to users’ phone numbers and addresses, a feature it is now revamping.

Markey and Rep. Joe Barton, meanwhile, have written to Facebook on several occasions requesting more information on data collection by third-party developers and advertisers.

For more from Chloe, follow her on Twitter @ChloeAlbanesius.

Dan Roberts, the assistant director of the FBI: “My database is very rich with 70 million bad guys. But we don’t own those records. They’re owned by the states, by the 18,000 law enforcement agencies across this country. They submit them to us and allow us to use them, we hold them and distribute them per their agreements with each of the states. And every state has a different law governing what records can be distributed and what they can be used for. The challenge is walking that line and making sure we’re not violating any of the states’ rights in addition the federal laws that we have…”

Published 8 March 2011

DHS is currently developing a joint database to gain access to the Department of Defense’s (DOD) biometrics database and hopes to have the system operational by the end of this year; the goal is to allow DHS agents at points of entry to run an individual’s fingerprint to determine if that person had any run-ins with the U.S. military and also includes fingerprints taken from improvised explosive devices; this new system is a vast improvement over current joint data exchange plans between DHS, DOD, and the FBI which are often done manually; this database must be implemented according to Homeland Security Presidential Directive 24, which mandates that all biometric data shared between government agencies must conform to local privacy laws

DHS is currently developing a joint database that will give border agents access to the Department of Defense’s (DOD) biometrics records and hopes to have the system operational by the end of this year.

The goal is to allow DHS agents at points of entry to run an individual’s fingerprint to determine if that person had any run-ins with the U.S. military. The database also includes fingerprints taken from improvised explosive devices.

Speaking before a panel at last month’s AFCEA Homeland Security conference in Washington, D.C., Thomas Killion, director of DOD’s Biometrics Identity Management Agency, “The battlefield is not a nice, neat place.”

“There’s a lot of trafficking across the globe, there are people moving across that globe, and there are certainly cases of people who have involved themselves in the wrong kinds of activities in theater and then popped up elsewhere on the globe, perhaps trying to come across the border. If we weren’t sharing this data and that were to happen, and they were to engage in activities here domestically, we would certainly hear about that in the press,” added Bob Mocny, the director of DHS’ U.S. VISIT program.

Mocny says that this new system will function similarly to the existing Secure Communities program, which connects local law enforcement agents with DHS and FBI databases. Under the system, whenever an individual is arrested, police officers can scan their fingerprint and it will determine if they had any prior arrests or felonies as well as their immigration status.

“We can tell that police officer who is really in front of them, and the fact that they’ve been deported two or three times before and the fact that we want to put a detainer on that individual and deport them,” he said.

According to Mocny, “From October 2008 through the end of January 2011, 62,000 convicted criminal aliens have been removed because of the Secure Communities program. And that 62,000 just may not have been encountered before.”

These new systems are a vast improvement over current joint data exchange plans between DHS, DOD, and the FBI which are often done manually. Now agents in the field will have the ability to search through voluminous amounts of data within seconds.

These new joint information sharing databases must be implemented according to Homeland Security Presidential Directive 24, which mandates that all biometric data shared between government agencies must conform to local privacy laws.

Dan Roberts, the assistant director of the FBI, says that ensuring privacy laws are followed is often more difficult than the technological implementation of such systems.

“My database is very rich with 70 million bad guys. But we don’t own those records. They’re owned by the states, by the 18,000 law enforcement agencies across this country. They submit them to us and allow us to use them, we hold them and distribute them per their agreements with each of the states. And every state has a different law governing what records can be distributed and what they can be used for. The challenge is walking that line and making sure we’re not violating any of the states’ rights in addition the federal laws that we have,” he said.

http://www.thestar.com/news/world/article/744199—israelification-high-security-little-bother
The ‘Israelification’ of airports: High security, little bother
Cathal Kelly Staff Reporter 

Voyeurism Security

While North America’s airports groan under the weight of another sea-change in security protocols, one word keeps popping out of the mouths of experts: Israelification.

That is, how can we make our airports more like Israel’s, which deal with far greater terror threat with far less inconvenience.

“It is mindboggling for us Israelis to look at what happens in North America, because we went through this 50 years ago,” said Rafi Sela, the president of AR Challenges, a global transportation security consultancy. He’s worked with the RCMP, the U.S. Navy Seals and airports around the world.

“Israelis, unlike Canadians and Americans, don’t take s— from anybody. When the security agency in Israel (the ISA) started to tighten security and we had to wait in line for — not for hours — but 30 or 40 minutes, all hell broke loose here. We said, ‘We’re not going to do this. You’re going to find a way that will take care of security without touching the efficiency of the airport.”

That, in a nutshell is “Israelification” – a system that protects life and limb without annoying you to death. 
Despite facing dozens of potential threats each day, the security set-up at Israel’s largest hub, Tel Aviv’s Ben Gurion Airport, has not been breached since 2002, when a passenger mistakenly carried a handgun onto a flight. How do they manage that?

“The first thing you do is to look at who is coming into your airport,” said Sela.

The first layer of actual security that greets travellers at Tel Aviv’s Ben Gurion International Airport is a roadside check. All drivers are stopped and asked two questions: How are you? Where are you coming from?

“Two benign questions. The questions aren’t important. The way people act when they answer them is,” Sela said.

Officers are looking for nervousness or other signs of “distress” — behavioural profiling. Sela rejects the argument that profiling is discriminatory.

“The word ‘profiling’ is a political invention by people who don’t want to do security,” he said. “To us, it doesn’t matter if he’s black, white, young or old. It’s just his behaviour. So what kind of privacy am I really stepping on when I’m doing this?”

Once you’ve parked your car or gotten off your bus, you pass through the second and third security perimeters.
Armed guards outside the terminal are trained to observe passengers as they move toward the doors, again looking for odd behaviour. At Ben Gurion’s half-dozen entrances, another layer of security are watching. At this point, some travellers will be randomly taken aside, and their person and their luggage run through a magnometer.

“This is to see that you don’t have heavy metals on you or something that looks suspicious,” said Sela.
You are now in the terminal. As you approach your airline check-in desk, a trained interviewer takes your passport and ticket. They ask a series of questions: Who packed your luggage? Has it left your side?

“The whole time, they are looking into your eyes — which is very embarrassing. But this is one of the ways they figure out if you are suspicious or not. It takes 20, 25 seconds,” said Sela.

Lines are staggered. People are not allowed to bunch up into inviting targets for a bomber who has gotten this far.

At the check-in desk, your luggage is scanned immediately in a purpose-built area. Sela plays devil’s advocate — what if you have escaped the attention of the first four layers of security, and now try to pass a bag with a bomb in it?

“I once put this question to Jacques Duchesneau (the former head of the Canadian Air Transport Security Authority): say there is a bag with play-doh in it and two pens stuck in the play-doh. That is ‘Bombs 101′ to a screener.. I asked Ducheneau, ‘What would you do?’ And he said, ‘Evacuate the terminal.’ And I said, ‘Oh. My. God.’

“Take Pearson. Do you know how many people are in the terminal at all times? Many thousands. Let’s say I’m (doing an evacuation) without panic — which will never happen. But let’s say this is the case. How long will it take? Nobody thought about it. I said, ‘Two days.’”

A screener at Ben-Gurion has a pair of better options.
First, the screening area is surrounded by contoured, blast-proof glass that can contain the detonation of up to 100 kilos of plastic explosive. Only the few dozen people within the screening area need be removed, and only to a point a few metres away.

Second, all the screening areas contain ‘bomb boxes’. If a screener spots a suspect bag, he/she is trained to pick it up and place it in the box, which is blast proof. A bomb squad arrives shortly and wheels the box away for further investigation.

“This is a very small simple example of how we can simply stop a problem that would cripple one of your airports,” Sela said.

Five security layers down: you now finally arrive at the only one which Ben-Gurion Airport shares with Pearson — the body and hand-luggage check.

“But here it is done completely, absolutely 180 degrees differently than it is done in North America,” Sela said.
“First, it’s fast — there’s almost no line. That’s because they’re not looking for liquids, they’re not looking at your shoes. They’re not looking for everything they look for in North America. They just look at you,” said Sela. 

“Even today with the heightened security in North America, they will check your items to death. But they will never look at you, at how you behave. They will never look into your eyes … and that’s how you figure out the bad guys from the good guys.”

That’s the process — six layers, four hard, two soft. The goal at Ben-Gurion is to move fliers from the parking lot to the airport lounge in a maximum of 25 minutes.
This doesn’t begin to cover the off-site security net that failed so spectacularly in targeting would-be Flight 253 bomber Umar Farouk Abdulmutallab — intelligence. In Israel, Sela said, a coordinated intelligence gathering operation produces a constantly evolving series of threat analyses and vulnerability studies. 

“There is absolutely no intelligence and threat analysis done in Canada or the United States,” Sela said. “Absolutely none.”

But even without the intelligence, Sela maintains, Abdulmutallab would not have gotten past Ben Gurion Airport’s behavioural profilers.

So. Eight years after 9/11, why are we still so reactive, so un-Israelified?

Working hard to dampen his outrage, Sela first blames our leaders, and then ourselves.

“We have a saying in Hebrew that it’s much easier to look for a lost key under the light, than to look for the key where you actually lost it, because it’s dark over there. That’s exactly how (North American airport security officials) act,” Sela said. “You can easily do what we do. You don’t have to replace anything. You have to add just a little bit — technology, training.. But you have to completely change the way you go about doing airport security. And that is something that the bureaucrats have a problem with. They are very well enclosed in their own concept.”

And rather than fear, he suggests that outrage would be a far more powerful spur to provoking that change.
“Do you know why Israelis are so calm ? We have brutal terror attacks on our civilians and still, life in Israel is pretty good. The reason is that people trust their defence forces, their police, their response teams and the security agencies.

They know they’re doing a good job. You can’t say the same thing about Americans and Canadians. They don’t trust anybody,” Sela said. “But they say,… ‘ So far, so good…’ Then if something happens, all hell breaks loose and you’ve spent eight hours in an airport. Which is ridiculous. Not justifiable

“But, what can you do? Americans and Canadians are nice people and they will do anything because they were told to do so and because they don’t know any different.”

U.S. Department of Homeland Security Secretary Janet Napolitano and Public Safety Canada Minister Peter Van Loan today announced initiatives between the United States and Canada.

Source: U.S. Department of Homeland Security Posted on: 24th November 2009

Those initiatives build on their shared commitment to tackle common threats like terrorism and organized crime while ensuring the lawful flow of travel and trade across the border.

The announcement came after Secretary Napolitano and Minister Van Loan met for the second of their formal biannual meetings; the Secretary and the Minister have also met three other times this year.

Today they reviewed progress on the mutual goals they announced in May, including enhancing information sharing and expanding integrated law enforcement while protecting privacy and economic security.

“Close cooperation and coordination between the United States and Canada is critical to the national and economic security of both nations,” said Secretary Napolitano. “Minister Van Loan and I are committed to working together to combat transnational threats and facilitate lawful travel and trade on both sides of the border.”

“A shared understanding of the threats and risks we face is paramount to our common objective of enhancing U.S.-Canadian security. We are working together to achieve this,” said Minister Van Loan. “We have a joint responsibility to secure the safety of our citizens.”

Secretary Napolitano and Minister Van Loan also made announcements to strengthen both trade and security:

Streamlining Border Shipping: Canada and United States have agreed to work toward aligning the U.S. Customs Trade Partnership Against Terrorism (C-TPAT) and Canada’s Partners in Protection (PIP) program, in an effort to achieve harmonization as quickly as possible. These trusted shipper programs focus on improving the security of private sector supply chains and benefit shippers.

Maritime Emergency Cooperation: Canada and United States have created a Maritime Annex to the Joint Framework for the Movement of People and Goods During and Following Emergencies. This is an addition to the Framework the countries established in May. The new annex guides communication and coordination during incidents that affect shared waterways and ports, enabling both nations to assist one another during emergencies.

NEXUS and FAST Cards Now Accepted Everywhere: Canada will join the United States in recognizing NEXUS and Free and Secure Trade (FAST) trusted traveler program cards as valid identification documents in all lanes at all land and sea border ports of entry beginning Nov. 25. It was also announced that the programs are expanding with new enrollment centers opening in St. Stephen, New Brunswick – Calais, Maine and Lansdowne, Ontario – Alexandria Bay, N.Y

Immigration Information Sharing: Secretary Napolitano announced that the United States will join a biometric data sharing initiative involving Canada, Australia, the United Kingdom and, eventually, New Zealand – an initiative designed to strengthen the integrity of immigration systems and the security of each country while protecting privacy and civil rights. Minister Van Loan, with the Canadian Minister of Citizenship, Immigration and Multiculturalism, Jason Kenney, welcomed the United States’ participation.

“Previous trials show that biometric information sharing works. For example, when the fingerprints of some asylum claimants in Canada were checked against the U.S. database, more than a third matched and 12 percent of these individuals presented a different identity in the United States,” said Minister Kenney. “The data sharing helps uncover details about refugee claimants such as identity, nationality, criminality, travel and immigration history, all of which can prove relevant to the claim.”

Fighting Money Laundering and Terrorist Financing: Secretary Napolitano and Minister Van Loan announced that the two countries are in the final stages of completing a Memorandum of Understanding to share data on currency seized at the border. This will significantly enhance the ability of law enforcement officers in both countries to investigate and track illicit cash movement. It will disrupt the flow of funds that support the activities of criminals and terrorists.

Combating Human Trafficking: Secretary Napolitano and Minister Van Loan agreed to instruct their respective law enforcement agencies to enhance collaboration on efforts to combat human trafficking in both nations and across the U.S.-Canada border. As part of extensive existing cooperative efforts to ensure the security of the 2010 Vancouver Olympic Games, both countries are already focusing on ensuring that the Games do not present a venue for criminals to engage in human trafficking.

Security Cooperation: Secretary Napolitano and Minister Van Loan also agreed to exchange best practices and broaden collaboration in the areas of critical infrastructure protection and countering violent extremism.

Continuing Cooperation: Minister Van Loan and Secretary Napolitano expect to meet again in approximately six months to continue their strategic work on mutual initiatives to combat security threats and expedite travel and trade.

By Søren Duus Østergaard – Duus Blog

A basic principle in the current European Data Protection Act is to ensure proportionality between the level and amount of personal identifiable data, that you have to reveal to identify yourself has to be proportional to the risk and danger incurred if the identity is faked or stolen.

The recent years have seen a growth in tools for identification, mainly in the biometric area, that has led to the risk of ‘overreacting’ using easy biometrics where lesser level of authentication could have been used. One of the latest strange cases from Denmark is a night club, that has been allowed by the data protection agency to take customers fingerprints at the entrance as a means to secure against violent behavior. Horror examples of major collection of biometric data is of course U K’s collection of DNA profiles for children, a practice that was started 5 or 6 years ago.

The risks involved are related to the kind of threat you are trying to prevent: Do we need the security tool to reveal the identity and all related information? This may be the case if we have a strong suspicion that a person is directly related in crime or an act of terror. Or do we only need to know if a person is 18 years old so it is legal to sell alcohol to him/her? Similarly, within the health area a nurse and a doctor do not need to have full access to a patients medical record if he has lost his consciousness and need a blood transfusion, only the key information of blood type and current medication.

So the use of biometrics in itself is one dimension of the game – and the other dimension is what the biometric identification gives access to reveal of PII – Personally Identifiable Information – at the same time or as a consequence of using the biometrics.

The first question of proportionality is then solely related to the ‘strength’ of the biometric method used. A weak solution is a quick, convenient solution which is non-intrusive, non-incriminating and non-discriminating in regard to civil rights and color of skin, sex, race and religion. For this purpose simple biometrics like a signature (Analog or digitized) may be better than a fingerprint ( traditional, optical electronic scanning using a template to generate a simple bit stream) – because fingerprints may be seen as incriminating, offensive, police-like. while a face recognition reveals race, color of skin and maybe sex, and thus does not meet the other criteria.

Signatures may be faked, fingerprints (simple fingerprints) can be stolen – in bizarre cases it has been seen that criminals have cut off fingers of owners of Mercedes 300S cars to break the fingerprint starting mechanism. (This risk is probably less in Northern Europe, though.) Or it may bedifficult to read the results properly.

When stronger proof is needed, it is acceptable to rely on methods with higher reliability – like the thermal scanning of fingerprints, that measures the distance from the underlying blood, revealing riffs and valleys, again to be transformed by fast fourier transformation to a template consisting of 0′s and 1′s. This prevents the use of faked fingerprints copied on a strip of tape – and even the rough case of cutting off Mercedes’ owner’s finger –( presumably the blood has stopped circulating – so no heat difference). AlsoIris recognition has been suggested, whereas 3D face recognition at this point still has a higher rate of errors. It has been suggested to use at least 2 types of biometry, like the US border control where you combine fingerprints with face recognition.
In any case the reliability of the identification methodology applied in every case has to discussed and explained before any solution is deployed. (See article about reliability)

It may be OK under well-defined circumstances to use higher level of trusted biometrics, even if they are not 100% proof. The second dimension of the question than is what other PII is stored with the template or the face geometry is stored and how these data are protected. This is a question of data stewardship and again should be in proportion to the use of the data. Taking the example from the Danish night club that has been granted permission to store peoples’ fingerprints, these should definitely not be store with any other information than the purpose: Is this guy know to have a tendency to quarrel – NOT his name, address etc. Even if this is kept using cryptography, it is not in proportion to the use of the biometric data.

Other types of biometrics are recognition of moving patterns, voice recognition, pattern of the veins, retina scan – and of course DNA. Whereas the failure rate (both positive and negative) of the first 2 of these types are still relatively high, the 3 other may reveal unwarranted additional details of the health situation of the individual, hence these items should only be used for forensic purposes and not just collected arbitrarily or even – as in the UK DNA case – systematically.

An important aspect of using Biometrics is also how it will be possible to revoke or change the biometrics as the person changes. Whereas fingerprints remain stable for a longer period in life, face geometry changes a lot from childhood to old age, so does walking patterns, voice. And people do have cosmetic operations in their faces, accidents may change the looks and behavior so any system based on biometrics should have a way to allow for changes of this kind and it should be possible to revoke biometrics.

But as the technology improves and computing power is increasing, one solution which could use biometrics and at the same time prevent the data from occurring in the open space or being communicated could be to have an ID card with a number of different domains, each holding the relevant information linked to the person: one domain simply stating the age, another for the bank including bank account numbers, one for driving license use, one for medical/health care use, one for insurance use, one for credit cards, one for public identification purposes.
If this identity card can be activated by a fingerprint reader plus a pin code, the citizen could then select exactly how much PII he wants to reveal in the situation. This is in line with the PrimeLife recommendations from IBM Zürich Lab, that has just got the German award for forward think identity management solution. This type of solution has the advantage that the user is in full control and that no central database is required for the biometric data.

In a few days I will discuss the use of video surveillance, what we know about it as a crime prevention tool and what may be a more intelligent way of using it.

By Swati Prasad, ZDNet Asia – Friday, September 25, 2009 04:59 PM

NEW DELHI–The need for standards and concerns over security and privacy were highlighted this week, as the Indian government prepares to roll out various e-government projects based on biometrics.

“The industry, government and academia need to collaborate to evolve standards for biometrics,” Nandita Jain Mahajan, IBM’s India South chief privacy and information security office, said during the India Preparatory Meeting: Biometrics and Data Protection, held here Thursday. The two-day event was organized by the Data Security Council of India, a self-regulatory organization led by Nasscom.
According Mahajan, the Indian government should adopt open standards to avoid heavy dependence on one technology vendor.
The country is in the process of deploying biometric cards for various e-government schemes, including the national unique identity card and e-passport projects.
“No government wants to be locked into any one technology,” S. K. Sinha, senior director of National Informatics Centre (NIC), said during a panel discussion, adding that India has put much emphasis on standardization for the technology.
“The Indian government is working on a national standard for biometrics [and] wants to have a technology standard that is open and provides a level-playing field so that many vendors can take part,” Sinha said. However, he noted that standards should be established such that they can widely adopted by the industry. “Standards should be implementable,” he said.

Are biometric cards privacy-compatible?
According to Shree Parthasarthy, a director at Deloitte said biometrics is “as old as forensics”, taking into account several factors such as the iris scan, finger prints, appearance, social behavior, skull measurement, voice, and so on. “It’s impossible to replicate or mimic all of these characteristics,” Parthasarthy noted.
And while biometric cards offer better security, he noted that there are several primary concerns over the use of such cards, including questions about privacy protection, misuse of biometric data and how biometrics will support privacy policies.
According to Mahajan, there are three technology components in biometrics: acquisition, extraction and matcher. Often, all attributes of biometric cards do not match and the acceptability error rates can be high, he said.
“If your password is compromised, you can change it, but if your biometrics is compromised, what can you do about it,” he questioned.
Y. D. Wadaskar, managing director of Pune-based IT security products company, WYSE Biometrics Systems, said: “Every individual is unique and therefore, biometrics and privacy go hand in hand. We need to trust these cards just as we trust our doctors and lawyers when we share personal information with them.”
Sunil Dhaka, chief information security officer of ICICI Bank, said the bank has been successful in implementing biometric cards for agriculture-based banking in rural areas.
“Since rural India has no Internet or tele-banking facility, we realized the solution had to be online-offline ready,” Dhaka said. “With such cards, we can do banking at the speed of thought.”

One billion ID cards challenge
Zia Saquib, executive director of Centre for Development of Advanced Computing (C-DAC), who also attended the meet, noted that deploying biometric cards for citizens in New York is different from implementing similar schemes in rural India. C-DAC develops applications for e-government projects.
According to Saquib, data collection and enrolment in rural areas can prove a challenge as “identification is a sensitive issue,” he said.
“We need to have strong authentication processes in place at the time of enrolment, he explained, adding that biometric data must not be stored in the same place as personal data.”
Biometric data must be stored locally,” he said. Saquib also highlighted the benefits of using digital rights management methodology for biometrics, giving users access to information only on a “need to know” basis.
Sinha said generating over 1 billion national unique ID cards cannot be done with small number of stakeholders. “You need different stakeholders for enrolment, creation of database, generating algorithms, verifying and distributing these cards,” he added.
“And when you have so many stakeholders, the need for standards becomes all the more critical,” he noted. Asked how the government plans to address privacy and security concerns over biometric cards, he said it is still too early to provide comments.
Sinha said: “All we can say is that the data will be highly protected and we will put several cyber-controls and encryptions in place, in both online and offline mode.”
Swati Prasad is a freelance IT writer based in India.