Slashdot Mirror
Biometrics in Airports
asv108 writes: "Extremetech has an article by renowned security expert Bruce Schneier about why face recognition in public places such as airports is not a good idea." Schneier is being generous - real world results show that facial recognition systems are a lot less than 99.99% accurate even under laboratory conditions (people posing for the camera under ideal lighting).
Finally, the moderation you deserve.
Visit someone online.
C'mon, Enemy of the State showed us that not only should they be advanced enough to give a definite ID, the single camera should be able to pan around the person, zoom in, and even show you the label on their T-shirt...
For example - would you agree to putting your thumb on a fingerprint scanner at teh jetway entrance before you got on the plane? Retinal scan? The idea of the airlines having fingerprints for every passenger is pretty scary - but banks and many stores fingerprint when you use/cash checks. What level of this type of stuff will we accept? At what cost?
But then - the best biometric system in the world wouldn't have stopped the WTC attack - the hijackers were passengers with tickets and many used their real names anyway so.... I fear we'll find many liberties and the like given up in the name of security that really won't help that much.
Top Most Bizarre/Disturbing Error Messages
In airports, the face recognition technology would be a good idea (once the system becomes better at actualy being able to tell the difference between my dog spot and the bathroom plunger). But the big argument comes with putting this techonolgy to use outside the airports, like in public parks, or on street cornors. I know I wouldn't like that very much, and i don't think many other people would appriciate big brother watching them every time they step outside their homes. On the other hand, putting them to use in airports, trainstations, stadiums, or even nudie bars (you get the idea) would be a great help to protect the areas where tens of thousands of people can potentialy gather -- but thats just my opinion.
See:
m l
http://www.theregister.co.uk/content/4/21916.ht
These sigs are more interesting tha
The only way that a system like that is any good is if there is still a human being checking all of the 'hits' that the recognition systems gets. Of course, there are still all the people that should get picked up but don't..
It's hard to agree with this, even if this were true when the people's face is similar to the one on the photo, a little change, like moustache and big (maybe fake)scars will make it near ineffective...
At lest, for the passenger, for the staff people, I think it may be a good idea!
Hasn't this system shown its bugs when used in the past at major events like the Super Bowl?
Even if they manage to improve its accuracy, the most important ingredient in better airport security is better-paid, more-reliable personnel. At many major airports, like New Orleans where I live, the scanner folks start at minimum wage and get about three hours of training. Ouch.
When airlines start taking security seriously - and stop trying to increase profit margins by paying people squat - then we'll have a safer system.
Top 5 ways to have fun with an airport face scanner
/bin/laden mask to the back of someone's back and watch the fireworks
5: Wear a Nixon mask and watch the security guys do a double-take looking at their computer readout
4: Attach a
3: Sell time on the system to Oil of Olay to spot oily, reflective skin
2: Adapt it to seek out hot chicks
1: Link it to Am I Hot Or Not!
Ah, computer dating -- it's like pimping, but you rarely have to use the phrase "upside your head" -- Bender
Somehow we coming to the conclusion that there's no substitute for thorough searching of passenger's baggage and carry-on items. Though this is an invasion of privacy and an inconvenience to travelers, this is needed to avoid another tragedy like the events of Sept. 11th.
Face recognition should come into play if there is suspicion aroused from some other means of security.
I like fire ants. They are very spicy!
I don't even know why I'm responding to your bigoted crap, but I feel forced to point out that the al Quaeda training manual instructs terrorists to shave their beards. Hence, beards aren't a good marker for future terrorists. Arab names, however, are.
If you have a problem with my views, REPLY, don't moderate!
Wearing sunglasses + a hat is enough to fool one of these systems.
They primarily rely on the distance between the eyes. Cover the eyes & they'll usually be ineffectual. Cover the forehead too, and they simply don't work.
Short of stopping & searching everybody who wears a hat + sunglasses, I don't see how these are going to be effective.
Any terrorist prepared to commit suicide is going to think nothing of having reconstructive surgery if that's what it takes to foil such a system.
With better advances, we can make this system work much better and cut down on false alarms. Biometrics is a much better solution than the ridiculous things we have now: no curbside check in, security checkpoints everywhere.
This pessimism is what is hindering the improvement of safety everywhere.
If the system were 99.99% accurate and it indicated a match, wouldn't you want to pull the person out for closer inspection? (this is not to say that you treat him like a terrorist)
After all, airports already arbitrarily subject people to random inspection of their luggage.
Yes, they would. If they worked. Anyone with a hat and sunglasses could fool it. This is not to mention lighting and the like...
There's one thing that no one wants to hear:
There is no way to stop a determined terrorist on a suicide mission.
They will somehow find a way to accomplish their goals, and if one of them fails, there will be thousands waiting behind him to try again. Wipe out one terrorist group and another will rise to take their place. Stop a terrorist from boarding an airplane and they'll drive a bomb in on the ground floor.
All of this going to war, extra security measures, etc... it will make us feel more secure, and feel like we're accomplishing something, but when it doesnt stop terrorism (it wont) then what will we do?
-J5K
The libertarian solution to the failures of capitalism is to apply more capitalism til the failures are fixed.
But, hey, what's the problem with that? You got something to hide?!?
"Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
--Ben Franklin--
299,792,458 m/s...not just a good idea, its the law!
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
Regardless of whether the face scanning software was 100% accurate (as pointed out already by various people and the article itself, we aren't even close to that), who says that potential terrorists/criminals are even going to be in the comparison database. All you have to do is ensure that this is going to be your first offence, and you won't even be in there.
...
Again we are attempting to find a series of high tech solutions (at very high expense), when we really need to be applying a bit more low tech, hands-on investigative work. You can't automate everything (certainly not yet anyway)
I imagine that airport patrons identified as "terrorists" by the face recognition system would be detained by security, have their ID rigorously checked and have their luggage rigorously inspected. (With high levels of accuracy, this would amount to a few people per airport per day.) I do not imagine that they would be shot on sight. Inconveniencing (and embarrassing) a few patrons at each airport every day is certainly not a good thing, but it is hardly self-evident that it would be intolerable.
I am not a big fan of universal use of face recognition technology for the reasons outlined in Phil Agre's excellent essay on that subject (linked at the bottom of the Schneier piece as well). But we all understand that some compromises have to be made to make air travel secure. If this is the best argument against using face recognition at airports, it's not a good one.
The important thing is that the surviellence information must be handled in the right way; it's way too easy nowadays for companies in the name of profits to pool customer databases together and generate a large profile on you without you knowing. If surviellence is being used for government purposes, then only the government should have access to it; furthermore, if you are detained only because the computer indicated a match but you are otherwise innocent, there should be no record about this made in the computer beyond doing a $missed++ increment on the global database.
Thus, any sort of increased surviellence absolutely needs some sort of public oversight to make sure the information is not abused or that information that should not be stored isn't. Frequent inspections of the use of biometrics, unrestricted access to the computer files and data collected, all done by private citizens with NDAs, is necessary before these systems should be in place.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
1) An computer match doesn't necessarily mean you jump the person. A picture of the suspect and an archival photo of who the computer thinks they are would be displayed on a security monitor. A human can make the final choice. False positives would be drastically reduced this way. The authorities may decide to simply label the suspect as suspicious and keep a close eye on them. Treat the software as a tool to help human security guards narrow their search, not as the whole security system. Hell, for this purpose 80%-90% accuracy would be enough.
2) He writes:
- "You might have a grainy picture of a terrorist, taken five years ago from 1000 yards away when he had a beard. Not nearly as useful"
This is still useful. There is facial recognition software that does its work by measuring the distances between the facial features. As long as you can make out the eyes, mouth and nose it should work. It will even work if you are wearing glasses or have a new beard! The only way to be sure of throwing it off is to wear large, very dark glasses and a big hat. These would make you look suspicious anyway. Like I said in point one, it doesn't have to be 99.99% accurate.Basically, don't make this more complicated than it needs to be and keep human guards in the loop!
I was really pissed off when Texas started requiring thumb prints to get a drivers license, but what choice did I have? Every once in a while you can refuse to give your social security number to people, but once rules are set you have a simple choice, put up with the envasion of privacy or don't do X. Personally I would be really pissed off by biometric scans at airports, even showing an ID is mildly offensive, but when you have to get from New York to L.A. in a day what are your options?
There is also this vendor nuetral test
Bottom line is that this is merely a marketing opportunity for someone to get capital for products that are NOT ready for prime time.
This has actually been examined by the US Department of Defense (DoD) Defense Advanced Research Projects Agency (DARPA), which sponsored the Facial Recognition Vendor Test (FRVT) 2000, the test linked to above
Under live conditions in an uncontrolled enviroment, the best false detection rate (FDR) was 33 per cent, with a false acceptance rate (FAR) of ten per cent. This means that to detect 90 per cent of terrorists we'd need to raise an alarm for one in every three people passing through the airport.
I would say it is somewhat unacceptable.
"It is a greater offense to steal men's labor, than their clothes"
Do you think that the people implementing this kind of thing do so because they think it improves security and safety?
If so I think you have made a mistake. They are implementing it because they think it will make the public think that it improves security and safety.
Giving the public what they think is best is always easier that giving them what is actually best. (and of course you might be wrong about whats best and the public right but thats another issue)
The only solution to this kind of thing is to reduce the gap between the real best solution and the publics belief of what the best solution is.
That means two things. Unlazy authorities and education of the people. Don't hold your breath on the former. Help out yourself with the latter.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Biometrics are much easier to implement when the person's alledged identity is known. If the person claims to be X, the system need only compute B(X) and compare that to a precomputed data base entry B'(X). These values will almost never be identical due to noisy real world systems (different lighting, microphone noise, dirt on the fingerprint/retina scanner, etc.). Instead a statistical comparison must be made. If B(X) is statistically similar to B'(X), admit entry, otherwise call the firing squad.
In the article, Bruce assumes his readers understand this. His explanation of why face recognition systems cannot find the rare targets in large populations is quite good. The same logic applies to voice matching for projects like Eschelon.
And, of course, this wouldn't prevent individuals from using their own valid IDs to access public areas. The assumption of most security systems is that the intruder wants to commit a crime and get out while minimizing the probability of detection. A suicidal terrorist does not have this goal. He/she seeks to enter an area, commit a crime, and then die in the attempt. The tools developed for normal security may not be appropriate for suicidal terrorists or individuals on shooting sprees.
Given one hour to live, the student replied: "I'd spend it with professor FP who can make an hour seem like a lifetime."
"Schneier is being generous - real world results show that facial recognition systems are a lot less than 99.99% accurate even under laboratory conditions"
The point of the article, was for Scheier TO BE GENEROUS. At first glance... you think 99.99% is so close to 100% that it's almost perfect. But when Schneier factors in the number of people that travel every day... 10 000 false terrorists (or wolves), is a lot.
Now... in a real-world situation... if the TRUE results of face recognition where even 1% lower than Schneier's ideal situation... then the inconvience would compound itself that much more!
In short... the Terrorist Face Recognition System 5000, is useless.
I don't mean to be picky here, but my math says that if 1 out of every 1,000,000,000 people going through is a terrorist, there will be 99,999 false alarms for every terrorist detected, not 9,999. Eh, what's an order of magnitude here or there, anyways...
The best way to predict the future is to invent it.
On a semi-related, semi-offtopic note: the anti-DMCA group Minnesotans for Fair Copyright will be hosting a lecture by Bruce Schneier at the University of Minnesota on Thursday, November 8. Should be a great talk -- everyone agrees that Bruce is a really great speaker!
We also have some other DMCA speakers coming up -- Dan Burk on Oct 4, and John Logie on Oct 17. For more info, subscribe to the list:
DMCA-minnesota-subscribe@yahoogroups.com
people get all worked up over 99.n% and they rarely take into consideration what that would mean with the sample size they are looking at.
AIDS tests is one example we reviewed in college I recall in my stats class when this was covered.
There are some odd things afoot now, in the Villa Straylight.
>> If the system were 99.99% accurate and it indicated a match, wouldn't you want to pull the person out for closer inspection?
you KNOW someone who's bags are searched because they look like a terrorist is going to go running straight to their lawyer.
avoiding lawsuits would be a huge hinderance to implementing a system like that.
Damn, you're right. I always wanted to be (potentially at least) constantly monitored by the government whenever I'm in a public place. I'm sure no one operating such systems would ever abuse them, or send the KGB (er, Office of Homeland Security) to roust someone just because they were looking suspicious. And of course the error rate on facial recognition must be one in a billion...right?
Also, this erosion of our natural (and Constitutional) right to privacy wouldn't send us further down the slippery slope to ever more intrusive and totalitarian government monitoring...right?
Fool.
"Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
--Ben Franklin--
Power corrupts. Absolute power corrupts absolutely.
--unknown (by me at least;)--
299,792,458 m/s...not just a good idea, its the law!
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
You cash your checks at a bank where you have an account, or you live outside the US. It's been going on here for a couple of years.
Best Slashdot Co
Yes, if the technology isn't 100% reliable, it isn't worth installing at an airport. If you'd read the article, you would have seen the author's discussion of how this works-- or rather, how it doesn't work. The gist of it is that even if the system only screws up one time in ten thousand, you get thousands of "false positive" results for every time you find an actual terrorist, so the system will end up getting ignored.
There is an article in yesterdays (Thurs 9/27/01) Wall Street Journal about how Biometrics wouldn't have helped in the terrorism case, that is, it wouldn't have worked in picking up the faces of the two guys who they have on tape passing through Maine's airport. Basically the article says that face recognition technology doesn't work as effective as they hawk it out to. Actually following the hijackings the companies developing biometric products went on record saying that if their products had been in place then this would have been averted and their stocks rocked up. The WSJ puts a doubt on that. Their point, or the point of the person they interview who agues that it doesn't work that well is that cameras would have to zoom in and cover each face for longer than a camera in an open space like an airport or a football stadium possibly could be expected to.
It actually puts some stats to the Superbowl Biometrics scam where they used face-recognition at last years SB. Turns out that of the 11 or howeverthefuckmany people they said they nabbed, most, were not correct matches.
I used to get mad at the opening track on Mos Def's Black on Both Sides when he says
You got a lot of socities and governments
tryin to be God, wishin that they were God
They wanna create satellites and cameras everywhere
and make you think they got the all-seein eye
Eh.. I guess The Last Poets wasn't, too far off
when they said that certain people got a God Complex
I believe it's true
I don't get phased out by none of that, none of that
helicopters, the TV screens, the newscasters, the..
satellite dishes.. they just, wishin
They can't really never do that
Hell yeah they can! Well, at least for now, maybe they can't. In any event, if you have a WSJ from yesterday lying around. A very good piece.
The problem I have with so many of these sorts of arguements, is that they generally fail to offer solutions. I've seen: many petitions and rallys for peace in the wake of the attacks; dire predictions of the end of civil liberties; Not one of them addressed the issue of "well if we don't do this than what should we do?". Which tells me that they don't know, don't have any better ideas, and don't want to draw attention the fact because it may thwart their political agenda. But ignoring the problem isn't going to make it go away.
So, facial recognition isn't perfect. As he said, if you cross-reference the system against an identity card or fingerprint or retina, which I believe is entirely acceptable for someplace as security-sensitive as an airport, you have a much stronger system. In which case, if someone was flagged by the biometric system you could discreetly stop them and verify their identity. And even if you didn't use a secondary means of identification, looking for one terrorist in a thousand is MUCH easier than looking for one in a million. It would at least be enough for the system to tell you to take a closer look at what you are doing.
Your personal rights end where other people's begin. This is why you have to have a license to drive, or fly, or shoot a gun in the first place - vehicles and weapons are extremely dangerous to others if used improperly or intentionally. If it were up to me, I'd be adding these systems to every car, truck, boat, and weapon rental or dealership as well. I doubt the terrorists will strike again by air anytime soon, but these other routes are wide open.
---If you can't trust a nerd, who can you trust?
If I got hassled like that everytime my server went down, I'd be busy installing Linux now. Hey wait, I am...
(How's your tolerance for bad spelling?)
Money for nothing, pix for free
The point of the article was to combat this fallacy. A system may be 99.99% accurate overall, but for the people it identifies as terrorists, only .01% accurate. And who wants to waste their time with a system that's .01% accurate? It's definitely not as good as random searches which, being truly random, have a good deterrent value.
I know this may seem paradoxical, but you can read the article for the details.
Thumb print out here in Oregon.
They've been doing it since at least 1995.
He's probably never seen the charred, limbless corpse of a loved one on a Manhattan sidewalk. It's time to draw the line between convenience and importance. We need biometrics in public places, and we need ubiquitous biometric id. Civil liberties are great, but you don't have any liberties when you're dead.
I am for safety, but not if my privacy's at stake. I mean, many people have a hard enough time using a credit card because they don't want their transactions logged; I see this as being far worse.
Wouldn't it make more sense and be much easier to simply link the FBI "watch list" to the airlines computers? Many of the hijackers were on this list. It seems incredible to me that a person on the list could buy a one-way ticket with cash without the system bringing up all sorts of warnings. Some of the hijackers (not all) fall into this category.
The following things should cause there to be extra scrutiny (especially if you do/are more than one of them):
It seems that doing a lookup on a name in a database is much quicker/easier/less expensive than installing facial recognition systems all over the place. Why not implement a simple solution that would have caught these guys first instead of a complex on that might not work?
If you feel that we must use high-tech solutions, maybe a smart card put into passports and driver's licenses would make more sense and be more accurate. Once simple solutions are implemented then we can worry about the crazy complex ones.
Lasers Controlled Games!
Ok so it generates 9999 false alarms on ONE BILLION people. The security staff needed for that many people is already in place and these Billion people are spread out across the world I doubt you can find a billion flyers in the U.S. alone. In other words you might have 10 people false alerted a major airport. I can live with that. All they need to do is approach you and hand check your I.D. it's not like they are going to throw you in jail cause a computer picked your face out of the crowd. Matter of fact Terrorists will probably run if approached by security. Simply said as long as they use it as a tool it's fine. Flag the person for an extra long checkout I can deal with extra delays.
Just to carry one concealed.
Best Slashdot Co
has anyone seen these guise?
This thread is a little misleading. The prints required at banks (as far as I've seen, that is) are quick thumbprints using colorless ink (it reacts with a chemical on the paper they put it on, I assume.) There's a little ink pad by each teller window. It's as quick as signing a form, and no less intrusive, in my opinion. It's not like they take you into the back room for a full set of black, inky prints on one of those FBI cards.
Evil is the money of root.
But then - the best biometric system in the world wouldn't have stopped the WTC attack - the hijackers were passengers with tickets and many used their real names anyway so
You do know that the FBI was busy looking for several of the terrorists even as the planes hit the WTC, right? They got into the country and disappeared- a face check at the gate might have flagged them and possibly prevented the attacks. The terrorists would have at least been delayed enough to stop some of the attacks.
You're right: biometrics is coming. This could be a very good thing if we drive the technology to good use. Fingerprint check when I use a credit card: why not? I'd love it if the store *knew* I was the owner of that card- I've had my number stolen before. Ever spoken with someone who's had their identity stolen? It's a multi-year nightmare of wrecked credit, endless phone calls and general heartburn.
Realize that we have almost no privacy anyway. Various large companies know a *lot* about me. They know personal details down to my last dollar, my taste for mint chip ice cream and the fact my wife and I are infertile. The government has run at least 3 background checks on me that I know of, the most recent within the last month. (I got my pilot's license recently: the FBI has already visited the airports I used to pull my records.)
Biometrics won't change that-what we need to do is make sure the transparancy goes both ways.
Eric
"Seven Deadly Sins? I thought it was a to-do list!"
Uh, how about because they don't work?
Oh dear. "to detect 90 per cent of terrorists we'd need to raise an alarm for one in every three people passing through the airport. It's absolutely inconceivable that any security system could be built around this kind of performance," .
Oh, OK, if it's for the children, then who cares if it works or not?
Frankly, I'm happy to be surveilled, and to give my government my face/DNA/fingerprints/nail clippings/ear wax or anything else that they need, if they have a system that works. However, I do not want a system that picks one person out of three and screams "Terrorist!".
If you were blocking sigs, you wouldn't have to read this.
Bruce also states earlier in his article that Biometrics is only one of several authentication types. So why is he hinting that face recognition would solely decide if someone is a terrorist?
It makes sense to me to use this in conjunction with security measures already in place. If the system does in fact generate 9,999 false alarms, then these are cases that should be looked at more closely by the security personal. It does not require that this suspected person be handcuffed and taken away, but could just mean that security staff should pay closer attention to this case, and resort to another authentication method, as suggested by Bruce.
This applies to all forms of identification and identity databases. We have social security numbers and a social security credit database. The system has its occassional upsets, but all in all it works. The Police work with large criminal databases. etc. As a society we keep records of people. The security and integrity of those records has nothing to do with face recognition technology.
Terrorists are unlikely to pose for photo shoots.
Sure they are. We knew they were terrorists when they entered the country in the first place (which sparks an entirely different problem that I won't talk about). We have a passport photo which they posed for to get into the country. The fact is that we know who many of these people are. An internation database of known terrorists would work.
[ 99.99% accurate problem ]. Assume that one in one billion flyers, on average, is a terrorist. Is the software any good?
Damn right it is. The odds that 4 passangers on a single plane will be incorrectly identified as terrorists is roughly 1 in 1,000,000,000,000. Even if it is only one terrorist, a posative match might result in increased scrutiny of that individual. Such a screening tool could only be helpful.
The real problem with American Security systems is that idiots like this moron are advising people.
Someone you trust is one of us.
I worked for Viisage Technology for a couple of years, and they use a system in the building where two cameras scan for faces in the hallway (as you're approaching to enter) and if a face found matches one in the employee database, it unlocks the door.
It was sophisticated enough to identify me as me even when I was wearing my eyeglasses, and later, when I grew a goatee type beard and moustache. No ID code to enter, no badge to carry. If you didn't match anyone in the database, it would summon security and leave the doors locked.
Having run their Technical Support Department for 2 years, I can tell you that the products not only work, but work very well. They use the facial recognition in Massachusetts at the Department of Transitional Assistance (Welfare) offices to identify those people obtaining multiple ID's under assumed names to weed out Welfare fraud.
The kind of access system they have in their entry could be used in an airport entry to identify a suspected terrorist trying to move about the country and alert security. It's pretty close to an Orwelian concept, except this type of monitoring would definately have oversight by a committee or White House office to prevent civil rights abuses.
I personally am against the idea on principle, but sometimes one principle takes precedence over another.
The Dopester
"Yes, I'm a Karma Whore, but I'm doing it to pay my way through school."
Putting aside the fact that there are numerous terrorists who aren't Arab (which may be appropriate in this select case), is it really that easy to pick out an Arab versus some other ethnic group if they dress and groom themselves in a westernized manner? I doubt it. There's such a huge variety of ethnicities in America that it can be nearly impossible to say with certainty where someone is from just by looking at them, even if you're trained to do so. If Mr. Atta were going by the name of Mr. Mancini or Peres or Rodriguez, I bet hardly anyone would have thought of him as Arab.
---If you can't trust a nerd, who can you trust?
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
That should be 'tolerance'. I guess Mensa's standards are slipping...and this was the most ironic thing in your post. ;-)
299,792,458 m/s...not just a good idea, its the law!
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
99% accurate in laboratory conditions with controlled lighting and camera settings.
Deleted
The article makes a good argument in terms of economics and man-power required to install, run, and maintain a system like this. One thing I disagree with though is the problem of having 9,999 false positives. Obviously, if you were to use this system as your "last line of defense" and instantly arrested anyone who "popped" positive, that would be a problem, but lets suppose that we use some common sense...
Simply take the people that come up positive and run them through a separate set of tests. (Interview, fingerprint, cross-referrence their photo ID...) These additional tests should be able to filter out someone who's a (known) terrorist from someone who just has the same haircut.
Redundancy is a GOOD thing.
Big contractors making billions out of the Government? Hmm?
Deleted
Well, I'm going to weigh in on your side on this one. Facial recognition software could be a boon, in my opinion.
I'll agree that a few people will find it to be something of a consistent hassle. It should be relatively simple for them to verify that they are not whoever they look like via fingerprints.
IMO, we definitely need to also put cameras in the rooms where folks are questioned, too, though. And all of the cameras should be available over the internet in real-time!!! With these two provisos, facilities that victimize those with unfortunate resemblances can be caught very quickly, and it should radically reduce other abuses of authority.
I'm sure that it will bring about new abuses, but IMO the system I outlined above would by far eliminate more abuses than it introduces.
BTW, if you're going to have a sig that says you have no toleranse(sic) for stupidity, you ought to spell check it. Also, apprehensive is spelled like I spelled it, and entrys should be entries.
I don't know about the goatee, but as it stands we are required to take the metal out of our pockets, put purses and cell phones through the x-ray. I don't see why we couldn't have people take off their glasses when they go through the checkpoint. Requiring beards to be shaved off may be a bit of an intrusion...
Evil is the money of root.
2 of the bastards were on a watch list for terrorism, one even had an arrest warrant.
Most of these "Holy Warriors" don't have criminal records, but sometimes we flag them as potential terrorists and put them on watch lists.
If we can't use the list to detect them at the entrance of a plane, then it's useless to gather intelligence on terrorists.
> when we really need to be applying a bit more low tech, hands-on investigative work
That was done ! However, they weren't detected when boarding planes ! A face recognition and even name match system would have stopped them !!!
- sigs are for wimps.
I was talking about Richard Stallman, you should never let him on a plane, these kind of GNU extremists are capable of everything. If he learns that the flight control uses non-free software he might want to crash it just to prove the superiority of his beliefs. Plus the guy never washes and in a closed space with recycled air like an airplane, that could have a very uncomfortable consequences on other passengers.
Je t'aime Stéphanie
I think alot of people are missing the point here. This system is supposed to 'stop terrorists by identifying potential terrorists'. The only way to catch a potential terrorist is if that individual has been caught or spotted and had his/her picture taken to compare. Of the 19 suspected terrorist that commited the Sept. 11 attacks only TWO of them had any kind of profile the rest were unknowns. So, someone please explain to me how exactly biometrics would have helped us here. Sure 2 of the terrorists would have potentialy been stoped, but the other 17 terrorists would have boarded the plane without much of a problem. Im sure biometrics might stop things for a small amount of time, but the terrorists will adapt quickly and all we are left with is a billion dollar step twords big brother is watching. There are sleeper agents all over the world, guys who have never been seen talking to a known terrorist, have been living in thier respective country for 5-10-15 years, have wives, kids, successfull careers, just waiting for thier 'phone call'. How exactly is a biometrics system going to solve that problem?
Classification failure are usually split into false positives and false negatives. Different cost analysis applies to each failure mode.
Let us talk about eg. shoplifters. First time shoplifters will not be picked up by such a system. Retcurrent shoplifters who have not been caught in the act will not be identified and thus not filtered.
As with antimissile technology, a case can be made that defeating the system requires much less effort on the part of the baddies than erecting it requires for the angels.
This is not a signature.
... the objective of a facial recognition system is not to be 100% accurate - or anywhere near for that matter.
The objective is to provide a tool that gives law enforcement the ability to *better* determine someone's true identity - and keep a terrorist off your flight.
How on earth does that interfere with my civil liberties? Even if there was a false alarm, the truth would be discovered soon. Do you think that if the system makes a match to a suspected bad person it shoots you on sight?
Personally, I have nothing to hide. If my facial scan was a false match and I had to spend a couple hours (or a day for that matter) in the airport getting cleared, I'll be happy knowing that something better than minimum wage security workers is keeping me and my family safer.
I've seen several comments that "If the system gives a false positive only 1 in 1000 times, then it must be pretty good!". This demonstrates that many people have no clue about how to properly apply probability - what is called Baysian math.
.1 terrorist will be mis-identified. So we will assume that all 100 of the terrorists trip the alarm.
.9999, so we will assume that one innocent person gets fingered as a terrorist.
You have to start out with two probabilities that are based on the system: probability of a false positive (Pp) and probability of a false negative (Pn).
A false positive is mis-identifying a non-terrorist as a terrorist. Let us say that a collection of 1 million non-terrorists are run through a system, and it fingers one of them as a terrorist. That system has a Pp of 1 in a million, or 1E-6.
A false negative is mis-identifying a terrorist as not being a terrorist. Let us say that we run a thousand known terrorists through the system, and let us say that only one is not detected. Then this system has a Pf of 1 in a thousand, or 1E-3.
Now, that is ALL that you can say about a system. You cannot state the actual number of false positives vs. the number of false negatives in real use without an additional piece of data, the probability of any given person in a crowd being a terrorist, Pt. Let us say that in any given crowd, one in ten thousand people are terrorists (Pt = 1E-4). This may seem very high, but the lower Pt, the worse the system will perform, and I am heavily weighting this in favor of the face scanner.
Now, let's run a million random people through the system, and see what happens.
First, out of that million people, 1E6 * Pt = 1E6 * 1E-4 = 1E2 = 100 of them are terrorists. We would expect that of that 100 terrorists, 100 * Pf = 100 * 1E-3 =
Now, out of the remaining 999,900 people, we would expect the system to finger 999,900 * Pn = 99,900 * 1E-6 =
Now, we had 101 trips, of which 1 was false, so the odds that you aren't a terrorist given that you were fingered are just under a percent. That's given the assumption that the system mis-identifies innocent people only one in a million times, and assuming that one person in ten thousand is a terrorist. Increase the false positive rate by a factor of ten (one in one hundred thousand innocents gets fingered), and decrease the terrorist population to a tenth of what we assumed (one terrorist in one hundred thousand) and you now have roughly fifty-fifty odds that a person fingered by the system is innocent.
And that, people, is why systems like this don't work.
www.eFax.com are spammers
For example, either Gore or Bush being declared the winner of the last election would have been mathematically valid. The expected error in vote count, from the known error rate of the voting machines/ballots, was larger than the difference in votes the two candidates received.
Best Slashdot Co
For some statistics based on a real system, try Face recognition useless for crowd surveillance, from which I quote: "to detect 90 per cent of terrorists we'd need to raise an alarm for one in every three people passing through the airport. It's absolutely inconceivable that any security system could be built around this kind of performance."
Darn! I musta bin trolled. You had me going there...
I think we all know this is the kind of technology that will expand once it is legal. Obviously the technology can't be that great yet, but they won't need to get permission to make it "work better". I'm still against it, but it won't be too terrible to just wear sunglasses everwhere 8-)
I could copywrite my face as well I guess.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
here's the simplified idea: you want to take a flight, they take a picture of your face, and a computer does the biometrics checks on it. then a checksum of the data is compared with the checksum of the pictures of known terrorists in a database.
:)
it's not a matter of comparing checksum of pictures (there are too many variables, such as light, shadows, colors, and so on to compare), but a matter of comparing checksums of biometric data - that should be the same, indipendently from the kind of light the picture is taken under. if I take a picture of my face under certain conditions of light, and then another one under other conditions, the pictures will probably be slightly different, but the checksums will be totally different. but once they are feed into a biometric system, the two pictures should return the same result [unless I got a plastic surgery on my face, but it's another issue]. better again, if I use the latter system, it isn't necessary to have the original picture to compare with the new one. The checksum does the same job, without me (or the government) having to have a picture that can be used to track me down for other purposes.
Let me explain better, if I can: with this checksum thing, like unix passwords, the 'system' doesn't know the password: it just compares it with some data calculated by some one-way function that cannot be easily reversed.
this could solve the problem of fearing that biometric pictures could be used for other purposes. the 'face' database can be stolen, but without a way to compare it with the real thing, nobody will know what to do with it.
now, the problems: the govn't could put cameras in pub and bars to check who's there, or maybe use our ID pictures to calculate checksums and know who has a checksum of what. but it's probably already done, so why bother? at least with the 'checksum' thing you could try to trust that the govn't had only the checksums of the terrorists, and not the pictures of all of us
just a thought. maybe I said a bunch of rant, but I'm posting here just to ask how it's done in reality.
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
i.e., some non-terrorists will be identified as terrorists.
Most of the arguments I hear against facial recognition technology fall into this same lame category. The system will not say "This Person is a Terrorist." The system will simply indicate that there is a possible match with a person on a watch list. I suspect that the grand majority of false positives will be resolved quickly with an ID check. In fact, I'm going to stop using the term 'false positive.' The match is in fact POSITIVE, meaning that the person going through the checkpoint does indeed look like a person on the watch list...and the humans will take over from there.
There is NO difference between using this technology and having a person with a notebook of mugshots sitting at the check point, except that the former is much more efficient. Come to think of it, why don't we hear arguments against standard mugshots in police departments, since they are so subjective and fallable? IT'S JUST A TOOL, PEOPLE! It's not a substitute for human judgment...it's an enhancement to that judgment.
Evil is the money of root.
Unfortunately, this is a horribly flawed argument. It is possible to recognize faces. Humans can do it. Computers can be taught to do what humans can do. They're called "Expert Systems" and covered in any intro AI course. Using computer inadequacy arguments gets us in the habit of adhering to these beliefs years after they have become outdated.
Never, ever, ever base arguments on the idea that computers are fundamentally unable to perform some task well (especially if they are doing a decent job of it at the current time). People that say those things almost always look like dolts several years later, unless they are already accomplished experts in the field.
Basically, having some mathematical theory that proves the inability of computers to perform a task is a good reason to say it can't be done. To decide that computers can't do something because you think that it would be hard is not.
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
Even if false positives are found, at least it would be better then false negitives...
Mysteriously, some of the video-tape is then edited and sold to television stations as entertainment. There have been cases of lives being utterly destroyed by such profiteering off misery.
These systems are linked to various national databases, BUT are monitored around-the-clock by Real People. It's NOT a fully-automatic system, rather it is a computer-assisted human system. As such, the track score (ignoring the abuses of the system) is not too bad. It's not brilliant, either, but it's certainly workable.
Using biometrics in an almost totally computerized system, though, is a potential disaster. A single false positive could mar an innocent person for life, irretrievably. A single false negative could, as we have already seen demonstrated, cost thousands of lives.
Biometrics are completely the wrong solution. I'm not even sure that the problem (as specified) is correct. The first rule on implementing a solution is to determine what the REAL problem is, ignoring whatever is expedient or would sit well with the PHB.
IMHO, the REAL problem is how to ensure that an aircraft, its crew and passangers, and (as far as is achievable) their luggage, get from A to B intact, regardless of who is onboard, or what device(s) they have.
That is an interesting problem, and it can't be solved by some puny, half-witted solution such as a thumb-print scanner, or video camera. You need to look at the aircraft itself, for an answer.
Bombs on-board are nasty, but not necessarily fatal. Many aircraft disintegrations at altitude do NOT kill the occupants. Frequently, it is the impact with land or water that is fatal. Another cause is when seats are thrown around in the cabin, causing severe head injuries.
Let's look at these one at a time, starting with the first. Rate of descent is trivial. All you need is the head-rest to contain a folded emergency parachute, and the problem is basically solved.
The head-injuries aren't any more of a problem. A roll-bar, mounted at an angle from the top of the seat, would protect the head against most impacts.
Then, we move onto someone with hostile intent flying the aircraft. Wouldn't biometrics help, there? Not if that someone =WAS= the pilot! Even one of the cabin crew could easily take control, even if the pilot were armed and stupid enough to pull a weapon in a pressurised, enclosed space.
The only way to prevent someone of hostile intent from flying the craft is to extend the concept already implemented on the A400 Airbus - "smart" controls capable of recognising a hazardous manoever. If the aircraft detects a building within a dangerous space (it has proximity sensors, this isn't something outside of current technology), then it is perfectly capable of turning away from it, overriding any pilot commands to go closer.
Here is a scenario where it truly doesn't matter who carries on what, or who does what. Crashes, such as those on Sep 11th, COULD NOT HAPPEN! The aircraft's onboard computer would forbid it. On-board explosions would be (largely) survivable, reducing such tragedies to major inconveniences for a fair percentage of those involved. Which is better? 100% dead, or 10% dead, 90% without spare underwear. Obviously, any dead is higher than anyone would like, but let's start with measures that might REDUCE the numbers, and worry about perfection later!
In fact, just to be annoying, I'll be a perfectionist now. Plenty of people have demonstrated (eg: by dropping eggs from the top of the Empire State Building) that shock-absorbing structures are not difficult to build. To prevent explosions in the hold from being catastrophic, you'd need some kind of honeycomb layer surrounding each crate, and another lining the hold itself. This would absorb the energy safely, so that even major incidents (such as the oxygen cylinders that blew a ValuJet out the sky, some time back) would not be nearly so severe. The chances are, only the contents of the one crate would be affected. Even in major incidents, there's a good chance that only the cargo would be affected, and not all of it at that. A major catastrophe becomes a minor nuicence.
Poor maintenance has caused far more jets to crash than terrorists, yet this has never been really targetted. Maybe because allowing people to see a human dimension to things would cripple the fear factor.
How, then, to deal with poor maintenance? IMHO, it partially goes back to the whole computer control systems. If the computer can conduct its own pre-flight checks, a-la those NASA's computers already do for rocket & shuttle missions, on a component-by-component basis, you'd pick up a lot of faults, long before they became life-threatening. Sure, you might increase take-off delays, but you'd also increase the odds of the aircraft actually landing where it's supposed to be, rather than over a five-mile radius.
These measures are either very basic material science, or simple extensions of already-implemented technological solutions. They don't care, or NEED to care, what is brought on-board, who will do what, or whether the cheese is fresh.
In comparison, biometrics is a largely experimental field with low success rates, and an even lower impact rate.
If I had to choose between an airline that went with the simple, basic solution, or one which went with the complex, biometric solution, I'd go for the former. Sure, there might be a terrorist on every other seat. There might be for the other airliner, too. The point is, in the first case, I don't need to give a damn.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Because with my luck I'll look exactly like some wanted felon, and then fourteen times a day, every time I walk past a security camera, the alarms will go off and the cops will bust in and I'll wind-up handcuffed on the floor before they realize I'm not the droid they're looking for.
"renowned security expert Bruce Schneier"
Oh please... you write "security" as if it encompasses everything. Isn't this the same misunderstanding people make when they assume that a C programmer can make them a web site, fix their Excel spreadsheet, upgrade memory in a SparcStation 20 or design a network topology?
Only a troll would intentionally contradict the article. Yes, facial recognition systems would be good in airports.
If they worked. That's the problem. They don't work.
Even under ideal conditions (close range, white background, no sunglasses or beards, and looking straight at the camera) there's too many false alarms. Try it in its intended environment (large distant crowds, sunglasses, hats, beards, people not looking straight at the camera) and you'll get more false alarms than there are security officers to check them.
OK, this is not the same as face recognition,1 2. pdf
but still, they are actually building the booths in the Customs area; I'm sure they trust and in terestingly, I read somewhere that 60% of the
business travelers for whom this is meant are supportive.
See
http://www.iaae.org/publications/pdf/iaae_2000_
(couldn't find a more recent quote).
I believe that Biometrics at airports can work if we give it a backbone.
Obviously this requires a nationwide database of pictures for everyone. This may seem impossible to compile except when you consider we already do it in the form of driver's licenses! So basically we need to nationalize the driver's license process and create a central database of the photos.
I think it would be doable.
The larger problem, as in history, is the issue of oversight. How would the list of undesireables be generated? Would it extend to others aside from unilaterally proclaimed terrorists, or could it be used for, say, traffic ticket holders, dead beat parents, tax evaders, draft dodgers, members of the minority political parties, reporters from suspicious non-syndicated news agencies, dark-skinned immigrants.....
If you are saying it wouldn't happen, just ask yourself how ludicrous you sound when these assurances are regularly reviewed with embarrassment, guilt, shame, and pledges of 'never again' for decades afterwards in our country's recent history time and time again.
So if I wanted to hijack an airplane, I'd need to find someone who looked very much like me, and then kill him, take his ID, and use that to board a plane.
Which is basically exactly what the 9/11 terrorists did, minus the sophisticated system that wouldn't have helped at all.
Given that facial recognition is not accurate enough to nail terrorists to the exclusion of non-terrorists, why would one assume that's how the technology is to be used?? Security guards already do profiling of passengers to decide which ones will have their luggage searched or swiped. I would predict biometrics will be used in the same way: a positive result on the face scan will just mean your luggage and personal effects get closest scrutiny, regardless of whether other characteristics about you match the terrorist profile. Now I'm just using logic here -- I don't *know* that this is how the authorities plan to use biometrics, but it certainly makes sense to me and I would be quite comfortable with this approach. So why would such an expert as BS miss the opportunity to point out how useful biometrics can be? Does he have personal investments in some other technology besides face scanning? IMHO he really missed the boat on this!
I'd say they're pretty effectively preventing us from getting vaccinated.
You didn't state your position on the facial recognition, so I don't know if I am directing this at the right person, but this statement within the general tone of this particular discussion sounds a little contradictory to me. On the one hand, government efforts to stop people from killing the general populous are seen as "invasion of privacy," while the government NOT vaccinating everybody is seen as tantamount to PREVENTING us from getting vaccinated. It's a minor point, but I don't think it's accurate to say that the government in PREVENTING us from being vaccinated. By the way, where do the veterinarians get their vaccine? Are they also preventing us from getting vaccinated?
You seem like a decent person, and I'm not trying to be nasty. I just don't care for the implication that the government are the bad guys in this. There's simply not enough vaccine (yet.)
Evil is the money of root.
Unless Bruce also suggests that we do away with metal detectors and x-ray machines then false positives aren't a problem.
Anyone who has flown any significant number of times has seen a bag search or a person being wanded. Most have probably seen a person taken away to the back rooms for a more thorough going over.
Does Bruce suggest doing away with metal detectors because they are *far* less than 99.99 percent accurate, of course not. So why suggest avoiding better tech?
In both cases the person flagged wouldn't be immediately locked up. In both cases the people running security must be counted on to not become complacent in the face of 'the boy who cried wolf'. In both cases the bar against terrorism is raised.
"Thanks to modern technology and tremendous advances in processing power, we now have a device that can accurately (four nines) identify a potential criminal."
It's nice that you are so happy that one in 1,000 people will be falsely fingered. You realise that that level of accuracy would mean that for the state of Oregon, (using the 1999 population estimate) that would mean roughly 3,301 would be incorrectly identified as terrorists. For Portland Airport, That would have been 4,115 people in the first quarter of 2000 alone that would have been labelled as "possible criminals" FALSELY.
I believe that the figure of 99.99% accuracy is under "perfect" conditions, so it could be a lot worse. Having said that, assuming that the percentage of False Negatives is the same, 99.99% accurate. Then 4,115 terrorists and criminals could have passed through Portland Airport in just four months last year without being caught.
"Facial recognition cameras will take an additional burden off of our already overworked police departments, while at the same time, making the streets safer for our children. How can anyone NOT like the idea?"
Well, apart from the research that has been done in the UK showing that increased video surveillance did not reduce violent crime, how is this going to help the police departments?
Imagine, you are one of the unfortunates who just happens to look like a criminal. Every time you walk anywhere, the police get called out to investigate. Now, the police get even more extra work checking up on you, you get continually harrassed by them, the police start ignoring the warnings, the streets are no safer.
If 1 in 1,000 people generate a false positive alert then in even a VERY small town this is going to go off too often to be taken seriously.
Why not try and build a sense of community in your community. Don't ostracise strangers, talk to your neighbours, get to know one another. That way your streets will be safer because your children will know who they can ask for help from. Your friends and neighbours will know who lives in the area and will be able to ask people that don't belong why they are watching your children play, or staring at houses...
Nah, I guess that would never work, it doesn't use technology and it might drag people away from their TV sets for a few minutes.
Z.
-- Under/Overrated is meta-moderation, and therefore is Redundant.
My exposure to this technology came through the tv broadcast industry. An unnamed company with pretty feathers has a gazillion beta tapes warehoused with potentially useful recording on them turning to dust. Wouldn't it be cool to digitize all that and look for pics of Bill and Monica together using this cool software technology?
I evaluated the Viisage product and two others. I must respectfully disagree about it its reliability. None of the products worked any better than an intern guessing at timecodes on random tapes(as of three months ago). They perform slightly better on MPG encoded data common to video servers in broadcast. But not by much. Something about the Profile XP's flavor of MPG also improves the results a small amount.
The real time face recognition abilities were easily fooled by simple makeup around the eyes. Not whore style, just some of that skin colored stuff the women leave all over the bathroom. The theory was: we can't change the lighting, can we change the effect of the lighting? It was trivial.
All of the tests were done under extremely generous conditions (hey, I wanted the money, too).
I will say that the the Viisage product was the best. From a software perspective, it was robust and easy to use. Well engineered, documented and supported. Really cool technology to play with. (Imagine a cubicle answering machine that detects who has walked in and gives them the proper answer as to where you are? Now imagine that it gets it wrong sometimes.)
This software has its uses, but the 'Boy Crying Wolf problem' with its use in catching terrorists may actually make the problem worse. When you factor in the opportunity costs, there are much better solutions. (Its the cockpit door, stupid!)
You should realize that 48.5 million international travelers visited the United States in 1999 and 610,628,716 total passengers flew domestically in 1999. Therefore you're talking about roughly 5000 false positives per year occuring mostly at the major airport hubs. That comes out, on average, to about .57 false positives per hour, or 1.14 false positives per 2 hours! If an average check-in takes 3 hours, you'll most likely see at least 1 _innocent_ person get hauled away for questioning by the time you board your plane (that innocent person could of course be you!)
Remember, they flew the routes beforehand. They had studied the routes and passenger loads, picking the flights that would have the fewest passengers thereby minimizing their risk of failure?
So, the question becomes, if your on a Government list are you allowed to use mass transportation? Would we stop at terrorist? What about know protesters for major events? Say if some G7/G8 meeting or IMF meeting is going on, do we monitor or prevent know organizers of the protests that follow? What if they had violent behaviour before?
Really, the only security that I wouldn't mind in an airport is similar to that portrayed in the Total Recall, where everyone walks past a screen which highlights solid objects. Its totally fair and cannot be considered intrusive for it doesn't violate you.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Which leads to a good point. How "suspect" do I have to be before you restrict my ability to move around and basically live a normal life?
If you stick to putting only known foreign terrorists in the database, fair enough. If you put known escaped US felons and bail jumpers in as well, again fair enough.
But the September the 11th terrorists were only suspects; we knew they were here, but they were here legally and openly, so we had nothing to charge them with. These are the people we want to stop, so we have to put them in and, what? Stop them flying? Search and question them? OK, lives are at stake, let's do that. it sucks, but it's necessary.
So, what's the criteria for putting a US citizen in? You don't have enough evidence to charge me. Am I an acknowledged activist, spouting anti-American slogans and calling for the end of US involvement in the Holy Land (pesky old 1st Amendment)? Or do I just have an uncle in Afghanistan who likes to send me encrypted mail? What are the criteria?
Do you stop me flying altogether, or do you just search me every time? If I'm not trusted on a plane, am I trusted with a gun? With access to explosives, or the materials to make them? Do you stop me using encryption? Or do you just watch me closely? Do I even know that I'm in the database at effectively wearing a big "suspicious" label because of my ethnicity, religion, family or political leanings?
I'm not against this technology (assuming we can get it to work), but I am very concerned that there be a clear, open procedure for who goes in the database. Specifically, I want to know:
If you were blocking sigs, you wouldn't have to read this.
Not. What you want is a system that will increase the likelyhood that a particular follow on procedure would be more effective. In the case of a facial recognition system, the follow on procedure would be: we should check out this person a little more carefully.
We can't check out all passengers thoroughly but we can check out certain ones more carefully than others.
We had a good decade without hijackings or airline bombings. Because of good airport security? No, because there was an effective myth of good security. The myth about the scanners and inspections was good enough that the hijackers evidently relied on confederates getting jobs at the airports to plant the box cutters in the planes, rather than simply carrying them through the checkpoints as they borded. They didn't realize (1) that boxcutters were legal under the rules (less than 3-inch blades) and (2) that they probably wouldn't have been spotted anyway.
Look, any terrorist stupid enough to believe that Allah is going to see their goodness and take them to Heaven is also going to be paranoid enough to believe that the Machinery of the Great Satan is diabolical enough to see them and take them to Hell. So help spread the myth of the infinite capability of our machines, while knowing that our own civil liberties are not so threatened, seeing as the stuff doesn't really work. Think Wizard of Oz.
"Only those, the believers who know the life after death and the reward after death, would be the ones who will be seeking death." - Mohamed Atta
"with their freedom lost all virtue lose" - Milton
99.999%? Not enough. 99.9999%? Getting there, but you've still got work. 99.99999% One more. 99.999999%. Ye gods.
What can't this work? HUMANS can't hope for that level of accuracy. At that level of accuracy, MOST PEOPLE will never have had a false positive. But you know for a fact that you've false-positived people before. You're accuracy is probably somewhere around 99.99%, which is the one Bruce used. (Might I add that if it was your job to be this airport system, A: Your accuracy would be worse then that (adverse conditions) and thus B: You'd adjust by declaring everybody negative, which, under the circumstances, is the most rational answer... even for a computer system.)
We're requiring a computer system to be vastly better then a human at a face-recognition task? Michael is right, and Bruce played soft-ball in more then one way; the simple fact of the matter is that system isn't just "impossible", it's impossible . The computer system that says "Nobody is a terrorists" is vastly more accurate then any conceivable system, even one with humans in the loop.
I read the article, and I don't know where you got that 1 in 3 figure. Can you elaborate?
Evil is the money of root.
Apparently things have changed with Viisage's FR products.. I appreciate the update. It certainly sounds like things have changed a bit, because the system I helped prototype definately wasn't fooled by makeup. Of course, it depends on the threshold levels (which used to be configurable, I don't know now).
Of course, we're not exactly talking about a machine playing jury, judge and executioner. It's an aid, a tool. The person would be checked by a trained professional with a copy of the top x photos they matched so that an assesment can be made.
The Dopester
"Yes, I'm a Karma Whore, but I'm doing it to pay my way through school."
To me, a facial recognition system would be less invasive than a metal detector. How many people get stopped at the metal detector? 50%?
Install a facial recognition system at a security checkpoint, and assign an officer to it. He makes sure to get a good facial shot, then hits the button.
If the software finds a match, it does not ring the gong, set off the red light, anything of the sort. It puts up on a screen (visible only to the facial recognizer officer) that shows the picture it believes the person matches. Likely, it brings up a brief bio containing information helpful to apprehending said person--is he a crack shot, a mad bomber, a black belt?
Now, the facial recognition officer uses his or her own eyes to decide whether the person looks like the photograph. If he doesn't, the person gets waved through as if nothing happened--because it didn't. If the officer decides that the person looks like the bad guy in the photograph, he can detain the person.
Note this scenario. The software cannot order people to detain anybody. It can only suggest a possible match. If a person is detained, it is because a human security officer believes that the person looks like a known terrorist/criminal/bad guy. And this is no different from being stopped because the officer remembers your mug shot.
Effectively, the software is reduced to a gigantic version of the wall at the post office that has mug shots of known public enemies. It jogs the memory, as it were.
--The basis of all love is respect
IANAM (I am not a mathmatician) but...In his example, he suggests one flyer out of a BILLION might be a terrorist. I don't have industry figures on numbers of people flying or flights...but this strikes me as way low. If we assume that there are 400 terrorists we have pictures of and want to track (that's the number of kamikazi volunteers Laden supposedly has-though I'd be surprised if we have all their pictures) and assume that they all travel by air once a year, then that suggests that there are four hundred BILLION discrete flyers per year using Bruces figures. Uh, I doubt it. Plug in your own figures and play with it. I'd guess the figures we should be starting with are more on the order of 1 in 500,000, not one in a billion....and that makes a BIG difference in the number of false positives.
That being said, Bruce seldom get's things wrong (and I reccomend his monthly email encryption newsletter to everyone) and even if the figures are off, the basic concept is right...that things like this will erode civil liberties without any resonable gain in the fight against terrorism. Actually, that's MY conclusion...Bruce concludes that it is unworkable, also true.
Ah....but who will Moderate the Meta Moderators?
Even if they only get 50 % of suspected terrorists
and falsely identified some people. so F'in what. Id rather know that there is a better *chance* of airport security finding someone then not having biometrics in airports.
Which is exactly what he's doing. These arguments are necessary, because otherwise we'd be employing every half-baked idea that anyone can hawk. Everyone is so caught up in the hysteria, that very few people are stopping to actually consider whether the actions suggested are beneficial or harmful. If you have a 'problem' with that because they don't offer a solution, then you're only getting half the point.
It's not only important to have a solution, but it's equally important to NOT have an ineffective solution. If you're gonna do it, do it right. Or, as Franklin has been frequently paraphrased as of late, those who would give up essential liberty for temporary security will end up with neither.
OK, here's a crazy idea I just got while reading your post. How about if we have airline "memberships," issuable by any domestic airline (using rigid standards for how the process is carried out.) A 'member' would be issued a photo ID entitling him or her to pass through security on par with current standards. Non-members would be subjected to more rigid security checks, including biometrics, database queries using whatever ID is presented, etc. The database of members would be bounced off of arrest records, intelligence reports, etc periodically.
This would basically equate to a "license to fly." For those who would say that this is an egregious invasion of privacy, please note that we have never had a "right" to fly, and that this program would not, in fact, prevent anyone from flying. A membership simply indicates that a person has been "pre-screened." I don't think this would be much more difficult to implement than frequent flyer programs...they'd just have to add a database query and a central registration.
Evil is the money of root.
You missed my point fact of the matter when you fly your a molecule of water in droplet that falls into a bucket of water that is everyone flying. Now you can see everyone in the drop of water and your perspective is based upon that. You know that a thimble will draw out water from this bucket. Your scared because the thimble is so much greater then your drop, everyone you see and meet. However, it's extremely small compared to the whole. Your say 1 person per hour ok fine but spread that over the entire country, then spread that by the people in your airport, now take the percentage of people you see in said airport. Got it? Your really really small part of the whole you see very little of what goes on. You blow up the number but not your perspective. Perspective is everything.
I think everyone is trying to go about solving this problem the hard way.
Remember the full-body scanning systems that are now coming into use? If they can make it so you can scan a person in one second, it would immediately tell you everything on the person right down to what type of spare change being carried. Similar technology could make it possible to scan carry-on bags to find anything against a known database of contraband including small knives, ceramic knives, nail files, nail clippers, etc. If there is something hidden behind a bag that the scanner can't see the carry-on bag can be automatically flagged for closer visual inspection.
Its 1 in 3 in laboratory conditions with controlled lighting and camera settings
I wish people would stop quoting the figures from the first article as if they were somehow true. He made them up to prove his point - the real figures are even more ridiculous and if he knew them he wouldn't even have to have bothered with his article.
"to detect 90 per cent of terrorists we'd need to raise an alarm for one in every three people passing through the airport. It's absolutely inconceivable that any security system could be built around this kind of performance," - The Register
Get your facts staight!
None of the hijackers were known terrorists.
Some of them came form germany.
They lived here for many years as good citizens.
They even payed their "tv-fees", something
very unusual for students.
I believe that the figure of 99.99% accuracy is under "perfect" conditions, so it could be a lot worse. Having said that, assuming that the percentage of False Negatives is the same, 99.99% accurate. Then 4,115 terrorists and criminals could have passed through Portland Airport in just four months last year without being caught.
Which works out very roughly as two false alarms every hour. And since the average rate is not 1 in 1000 but 1 in 3 I'm not even going to bother working out how often they would be going off.
First Day At Work
"What's that constant whining noise Bob"
"Oh, don't worry about that, its just our terrorist detector. After a couple of days it'll fade into the background, in the meantime you can borrow my old earplugs"
Why not get the most uncomfortable part of mandatory airport security set up right now?
Rectal Probes
10% of the population will love that, and the rest will call it either a neccesary evil, or cite previous experience with rectal probing by aliens.
The colonic map is one of the most individual biometrics available, and at the same time you can keep fighting the war on drugs with a handy rod instead of a lubed up glove.
"Look at me, I invented the stove!" -- Ben Franklin
Such phrasing implies that a "right" arises out of the size of an investment. I'd rephrase the above by saying that because of the costs of the planes, it's understandable that the airlines find it economically useful to know who's boarding so they can reduce their risks. If the discussion turns to rights as consequences of what is at stake for a given party, then I'd argue that as a passenger I have a right to review psych/medical/religious documentation regarding the pilots, the maintenance crews, and the control tower folks.
- First they ignore you, then they laugh at you, then ???, then profit.
They have a system like this at several US airports (JFK, O'Hare, and I think Newark, maybe others), called INSPass. It's designed for US citizens who are frequent int'l travelers. You fill out a form, they check your passport, take a biometric palm scan, and issue you a plastic card. When you enter immigration, you go into the INSPass line, put your card into the machine, and put your hand on the scanner. Light turns green, turnstile unlocks, welcome home. Voluntary signup, quite cool.
I've always wondered why people use the expression 'talking about a person behind their back', when that would clearly be talking about them in front of them?
It's not a question of how much they spent. It's a question of they are allowing people to make use of their property, they don't have the right to know who on the plane, they have the RESPONSIBILITY to find out who is getting on the plane, they are responsible to me, the passenger, and the investors who paid for the plane. It's their plane, not public property.
Nothing to say here... move along
If there is breast recognition software ....
....
hm
I see a new Fox/UPN TV show on the horizon
-- www.globaltics.net
Political discussion for a new world
I saw them years ago when they opened for Iron Maiden. My left ear is a little deaf from that show, learned the hard way to keep a little space between me and the stacks.
AC's cheerfully ignored
Of course I don't know how the technology works, but given that the number of false positives is so high, I'm guessing the algorithms are liberal in what they accept as a match. So my hunch is the number of false negatives would be much, much lower than the number of false positives.
Jason.
bryguy
microsoftword.mp3 - it doesn't care that they're not words...
It never ceases to amaze me what use people will put AI-type technology to. The other day I came across www.howgoodinbed.com which purports to predict how good someone is likely to be in bed! Hard to believe it is accurate but it is quite amusing.
I was king code-monkey on the original implemenation of INSPASS. A system designed to expedite one's wait as they enter the U.S. from a "friendly" country. It was designed to reduce the lines so that INS inspectors had more time to focus on bad guys and people from "unfriendly" countries.
... and a far girthier size. Imagine, I walk into an airport. I scans my face, or fingerprint. From there the image is sliced and diced into various quadrants. Even with a beowolf, there are thousands of minutea points I share with the rest of the worlds population.
... where it's easy for a bad guy to take advantage of the overworked employees with managers demaning they keep the line moving.
... that can also be used to confirm my baggage on the flip side.
It was essentially a "good guy" system. Meaning, I'd swipe my card, which claimed I was "Joe Smoe". I then put my hand in the box and had it's geometry scanned. If it passed, it would "confirm" my identity and send me along to the Customs line. If it threw a false result, I was compelled to stand in the long line with everyone else.
Using biometrics to determine "bad guys" is a horse of a much different color
So up comes a list of "close matches". Then human intervention comes along and finishes the job. This is a poor-man's quick and dirty explanation of our current "bad-guy" systems work to match figerprints. Like I said, a far girthier and much colored horse.
If biometrics were to be implemented as an airport, I would see it as again, a "good guy" system to expedite the long lines currently at the airport
I would think it better to be a system provided by the airlines. Heck, credit cards are already putting my face and other info on smartcards, why not a frequent flyer plan along with it
We'll see.
healyourchurchwebsite.com - WWJB?
This might be cheaper and less inconvenient than implementing facial recognition systems, or at the very least would make an effective compliment to those systems to improve accuracy.
It may already be here.
If we do implement facial recognition systems, perhaps we could put in some anti-government abuse measures, like deleting the records of the passenger's faces after a successful flight.
-Rene
See you on the playa.
Which is why I never figured out what they do with people with prosthetic limbs...
I mean...a prosthetic leg could EASILY house a handgun of many calibers/sizes etc...
Find a big fat bin ladin fanatic...
chop his leg off...
get him a prosthetic...
let him walk through...
sure they have metal in them for support right?
so that's what triggers the alarm..piece of cake..
then they board and hi-jack the plane...
but maybe they make them remove the limb and put it through the xray machine thingie..*shrugs*
Just seems simplex to me..
"Just Smile and Nod." --Huck
I was the principle developer at Ethentica for a couple of years.
I can tell you that fingerprint verification is very very good if you're doing 1 person to 1 fingerprint matching. (In other words, you claim you are bob, and your fingerprint proves it.) The biggest problems are simply getting the print!
Start developing search lists, and then you get into pretty treacherous territory. But anyone who is in biometrics will tell you to avoid the crowd. Even if we can have a good enrollment identifier, this will prove useless in search lists of hundreds.
Ohh, and fingerprint recognition is atleast 10-20% better than face. Plus, it is a choice. You can choose not to drop your finger on the detector.
We used chain verified stong SSL connections to protect biometrics in movement, and split biometrics into 4 geographically separate servers for storage. All matching was done in isolated, shielded rooms, on servers with no persistant storage at all. (No HD's, etc..) Our system was designed for large scale world-wide use. I doubt many others have developed such precautions.
If you loose "who you are" (you're biometric identifiers) then there could be problems in the future.
I worry about the shabby and sloppy installations I've been hearing about.
Pan
I said no... but I missed and it came out yes.
I have a friend who is blind. His dog's harness contains a considerable amount of metal, enough to set off the detectors at airports without fail. When he goes through and sets the thing off, what is the first thing they do? They take the dog and hold him off to the side while they have the guy walk through again. They have never ever searched the dog he says. He could have two handguns strapped to the bottom of the dog's harness. Not that he'd be able to use them, but he could certainly pass them off to a sighted person once on the plane.
My Mistake, I used 1:1,000 instead of 1:10,000...
Still, in 4 months that gives 411 people incorrectly being fingered as terrorists.
My guess is that the number of Terrorists/Criminals to Innocent Civilians is closer to 1 in 10,000 than 1 in 100. So, I don't think the number of false negatives would be artificially reduced by increasing the number of false positives. (i.e. making the match looser).
Of course we can make the system even more secure if we don't care about false positives. Think of it, software with a 0% false negative rate. The False positive rate will be close to 100% but that's acceptable if we're going to stamp out terrorism isn't it.
If 1 in 10,000 people is a terrorist or criminal then the false positive rate would only be 99.99%. We can live with that can't we?
For those people who said yes, please line up over there for your body cavity search. Thank you.
Z.
-- Under/Overrated is meta-moderation, and therefore is Redundant.
And this my friends is why /. should DEFINITELY think about my idea stated here:
6 509
;)
http://slashdot.org/comments.pl?sid=21770&cid=234
This guy deserves to get public attention. Nice job!
Please don't moderate down this posting too much ( I know it's slighty OT, but it's a good example), I'm just trying to push the community a bit forward
The FRENCH goverment informed the old FBI that it had a bunch of terrorists running about and the FBI did... nothing, nadda, zip. In fact they had to ask the French for the information again. Maybe if the FBI and the CIA got off their fat arses and got dirty and tried to infiltrate these organisations they might actually get somewhere.
They had information, they did nothing.
An Eye for an Eye will make the whole world blind - Gandhi
The basic problem presented here is the very small chance of a hit. 1/1,000,000,000 terrorist population.
But these cameras won't just be looking for terrorists! Sooner or later, they will be looking for ANYBODY with a warrant out for their arrest in any jurisdiction.
People with unpaid parking tickets. People in arrears on child support. People who got a fixit ticket and forgot to have it signed off. People who beat their spouse and skipped bail.
The number of THESE guys in comparison to the general population would easily make "four nines" - 99.99% very well worth it.
Oh, and we might catch a terrorist or two...
The real question is - what about false identifications? (This will happen daily to people with common features) What about extradition treaties? What about differing crime types?
Putting swastikas on the outside walls of your house in Germany is a crime. In the U.S. it's "freedom of speech".
This not only can happen, it WILL. I've said it before and I'll say it again.... this is the most insightful article I've ever read on this subject.
You'd do very well to read it!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
It's already being used in Iceland:h tm l
www.visionics.com/newsroom/press/PRs/2001/0619.
From the article:
So let's get this straight:
Under the scenario presented, the software prevents all terrorists from boarding every plane.
Across the country there are about 10,000 false positives scattered throughout the 500-odd airports on a yearly basis (assuming a billion travellers a year).
This comes to about 20 false alarms per U.S. airport per year. Or about two false alarms per month. (Actually this is simplifying, it would really depend on the airport traffic - heavily used airports might get two or three per week, lightly used ones none at all.)
Wow. Security is really overwhelmed with this "boy who cried wolf" technology.
I'm not particularly impressed with the math presented in the article.
These systems will do little to find people who
aren't in the databases anyways. And there is
certain fraction of the US population that makes
a considerable effort to stay as undocumented as possible.
Some examples of "undocumented people":
(1) The 2000 Census couldn't count about 4% because
people intentionally avoided it.
(2) 10% of the SS# on North Carolina's drivers
licenses are bogus (todays LA Times).
(3) 14% of the accidents in southern CA involve
people without valid car registration or drivers
licenses,
and so on.
Being an identical twin it scares me that I may someday be :)
harassed for something my brother may do or has done!
Can you see Iron City here?
You're sick. Get a brain.
Fight hunger. Filet a politician and send him to a 3rd world country of your choice.
This device has spectroscopic properties. It sees atomic number. It can distinguish tobacco, drugs, and explosives from clothing and human bodies, not just detect metals.
A big complaint about that unit is that it's too good. Look at the images on that site. It generates a good nude image of the person scanned. A technical paper, which includes bigger images, gives an idea of just how good it is. Civil liberties groups have complained. The manufacturer is looking into suppressing the body outline in the video processing.
Surprisingly, this device doesn't generate much of an X-ray exposure.
A competitive unit, the CONPASS Total Recall Body Scanner not only detects weapons, but diagnoses breast and lung cancer. It's a human-sized version of the line scanners used for luggage.
Until recently, these elaborate scanning units were considered too expensive for widespread deployment. But now, we'll probably see many more of them.
Maybe we'll even see one on the Internet. Some nightclub that uses weapon detection might do that.
Here's what I wrote:
I am writing to you today about the use of face scanners in airports. There have been calls by many (mostly makers of face scanners) to put these devices in airports in order to catch suspected terrorists. This sounds like a good idea, but there's on problem: it won't work.
Makers of face scanners claim that their accuracy will be as good as 99.99%. As an engineer who has worked with boimetrics before, I seriously doubt these claims. But even if their claims are accurate, the systems will not work well. Bruce Schneir, a well-respected security expert, has written an excellent article on the subject, which is available at http://www.extremetech.com/article/0,3396,s%253D10 24%2526a%253D15070,00.asp . In it, he shows that even a face recognition system with excellent accuracy will call 10,000 innocent people terrorists for each terrorist it spots. A police force that arrested 10,000 people for each conviction it got would be in a heap of trouble, yet that's what airport face recognition systems would do.
The boy who cried "wolf" only had to do it three times before people started ignoring him, imagine a system that cried "terrorist" 5,000 times before spotting a single one. And this, mind you, is under ideal conditions. I've looked at the pictures of the terrorists that the FBI has released, and many of these are far from ideal. Photographs of other terrorists are not likely to be even as good as these.
In short, putting face scanners in airports is one of the worst ways for combatting terrorists. Simply increasing the pay of airport security personnel would probably be a much better use of that money.
The analysis in the article is flawed. Passengers entering airports are in individual situations in two seperate scenarios. First, when the passenger is checking in at a desk, second, when passing through the metal detectors at the security stops. Therefore, passengers can be scanned there, including finger prints scans, facial scans, or whatever else they come up with. Anything that can provide a reasonable expexctation of keeping passengers safe without requiring a body cavity search. Unless you want one.
Had they had the proper technology in place a few weeks ago with better trained personnel, there would have been an excellent chance, according to what has been written, they would have stopped these people. Notice all the "nice photos" just releases of the hijackers? If you enter areas where security is paramount, such as airports, then it is certainly not unreasonable to require the forfeiture of some privacy.
There are thousands of doctors working in the black market of medicine, including plastic surgeons, no doubt. If they don't want a paper trail, they won't need one. Security is an illusion, specially in a country the size of the USA. That was the point the WTC attacks were trying to demonstrate, but deluded americans have skewed it so much, they're ready to sacrifice their freedoms for a nonexistant cause. Tear down the statue of liberty, while you're at it. At this rate of opression, the very word liberty will be unknown to your children. Think about the world you're creating for them.
Here's an idea combining the two:
The government has publicly stated that it's goal is to have 1 sky marshal for every ten flights. According to informed sources, the realistic ratio of sky marshals to flights will be closer to 1 in 20.
If I were a suicidal terrorist then a 1 in 10 chance of getting a sky marshal, or better yet a 1 in 20 chance, is good odds. Especially if my group is trying to capture 5 planes at the same time.
So what if we combine the two measures? Have face recognition software which flags *possible* terrorists and then takes a sky marshal from the pool available at that airport and puts the marshal on *that* flight? The odds of getting a marshal onto a flight with terrorists would be substantially higher (assuming you had pictures of the terrorists in question) than through random assignment.
Just a thought.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
A really well thought out paper against facial recognition systems in public places can be found here.
It makes all the problems with public facial recognition quite clear.
The CDC reports taht the vaccine is 93% effective. Which is much better than the 5% who survive without it, but it still sounds like even with a vaccinated US the terrorists could kill a fair number of people. Even according to the military the vaccine has some side effects that sound pretty nasty, but then I have no medical training so I have no idea how it compares to other vaccines. The military also reports that antibiotics can be effective if administered before symptoms appear. I have no idea how often or if it's true. I must admit I'm puzzled why there's so much trouble producing the vaccine. Louis Pasteur made an anthrax vaccine for animals in the 19C and the current human vaccine isn't looking to be a spring chicken either so it seems like pretty established tech. Seems more like the blocks are more incomptenance and buracracy.
In many ways I find smallpox scarier than anthrax, because it can be person to person transmitted. On this one, however, the US government does not appear to be completely asleep at the switch. It has ordered up 40 million doses of vaccine, but they won't be ready till 04. Oh well, hope the terrorists wait three years and I'm one of the lucky ones.
I posted and all I got was this stupid sig
Aha...Lord Acton was the perceptive one who said this!
299,792,458 m/s...not just a good idea, its the law!
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
My god. Since when did you have the right to live anonymously?(I know, I'm posting as anonymous coward. Haha.) The government is only infringing on your right to privacy, pronounced 'right to break the law'. I honestly don't see why people are so crazy about keeping secrets from the government. My opinion is that 90% of the time, the only reason people want privacy is because they are breakin the law, or they plan to. And before you ask, I could care less what the government knows about me. I don't do anything that I'm not proud of, and even if i did, it would be anyone's right to know about it. If they're only doing it to protect you(or atleast the community as a whole, if you're a terrorist), then what's the harm? It's not like the government has secret plans to know all your secrets so they can sell them to China or something. Honestly, you privacy zealots are so stupid.
I guess Schneier is not much into the mathematical aspect of encryption. His model of an indentification system is rather embarassingly inconsistent.
If the system correctly identifies a terrorist 99.99% of the time, we may assume it produces a correct identification about that often, since there are very few (known) terrorists in the world.
But that means it will provide the wrong identification at most 0.01% of the time. However, these people are not all misidentified as terrorists! They are simply marked as being someone who they are not. If one out of every thousand Americans is suspected to be a terrorist, then the probability of being stopped by the system in error is 0.00001%, or one in ten million.
I'm surprised no one else has seen this elementary error in the article. Even if the system were only 99.0% accurate, it would still provide a much smaller rate of false alarms than he is complaining about.
Furthermore, Schneier doesn't seem to realize that there are already a great many more "false alarms" that already happen when travellers happen to have the same name and similar description to a fugitive. This is exactly what security personnel at international airports spend most of their time handling.
Perhaps he should stick to what he is good at: writing popular books about cryptography.
zactly - they have already confirmed that /bin/ladens egytian counterpart ahs gone through plastic surgery and is not recognizable as no one is aware of his new face.
if osama really wanted to hide, he would cut his hair and beard and get a nose job and move to the US.
Bruce was kind enough to reply concerning this post by email. I won't post the reply because I don' t have his permission, but the gist was that my comment was correct, but that even using different figures (he is using 1 in ten million after further research) and even assuming a wildly optimistic accuracy rate of 99.99, you STILL get 1000 false positives for every terrorist. He also supplied the following url to an additional article on this subject: http://www.theregister.co.uk/content/4/21916.html
Ah....but who will Moderate the Meta Moderators?
I've listen for some time now to those sceptics in here, this technology is already in use on Iceland's Keflavik Airport. It seems to work rather good, and if someone innocent is caught they will notice it. After searching them for suspicious stuff they are free to go again. Ok I know after all this math that if the system gives a false positive only 1 in 1000 times it isn't good. But if humans can check this guys caught by this technology, I think it would work rather fine.
But thats not so important, the important stuff is whether or not those 11th September terrorists would be caught by it or not. I think that they would be caught, if they where listed in the database. But these guys where not in _ANY_ database, they werent suspected for anything at all.
This is why these kind of terrorists can do their dirty actions, its because they are people without criminal records. A terroristleader would be rather stupid if he sent rough-mannered criminals on the trip. So he does it the smart way, he searches for ordinary people with the exception that this people are fanatic in their beliefs. Those kinda guys are free to move everywhere, so there will be no problem. And we cant stop every person thats known to have a fanatic belief, can we?
The most important thing to notice is that any person is a dangerous weapon, but he can be handled by the people on the plane. But if this dangerous person have a weapon, you cant stop him. So we must stop people with dangerous weapons and not focus on those with dangerous faces. What really could have stopped the terrorists would be if there was a restriction in bringing 10 cm knives on the planes. But there were no such regulation at all at that time...
2 reptiles beneath your current threshold.
I agree with Bruce's math, but disagree strongly with his conclusions. I think that facial biometrics are one dimension of a multidimensional problem. A security analytics system must be put in place that knows
1) whether your name is on a list of known or suspected terrorists
2) whether your face is possibly on the list
3) whether you'd recently travelled to a country supporting terrorism
4) whether you'd recently entered the country
5) whether you're paying with cash, have a one-way ticket, etc. etc. etc.
This is the way some crimes are currently solved - facts are put in a crime computer, correlations are made and suspects come out. Any one dimension in this equation may be far less that 99% reliable, but together you have something that is both potentially far less intrusive than a national identity card, and far more reliable than what we have now.
Also, the false positive number you quote is misleading - how hard would it be to incorporate a feedback mechanism so that once an innocent person had struck a falso positive and you're cleared of being on the list (by going on a retinal scan or further standard means of verification), the security system would retain knowledge of that fact? I would strongly suspect that even disregarding algorithmic and hardware improvements, the awful numbers you accurately give for face recognition would fall rapidly.
So I definitely think there's a role for the technology, and the standalone strawman you poke holes in is not a real world scenario that proves otherwise.
If we are not smart enough to figure out an identification system that would both protect our privacy and catch criminals, then we deserve to die. It's natural selection, and isn't natural selection politically correct these days???