Slashdot Mirror
Biometrics in Airports
asv108 writes: "Extremetech has an article by renowned security expert Bruce Schneier about why face recognition in public places such as airports is not a good idea." Schneier is being generous - real world results show that facial recognition systems are a lot less than 99.99% accurate even under laboratory conditions (people posing for the camera under ideal lighting).
See:
m l
http://www.theregister.co.uk/content/4/21916.ht
These sigs are more interesting tha
Top 5 ways to have fun with an airport face scanner
/bin/laden mask to the back of someone's back and watch the fireworks
5: Wear a Nixon mask and watch the security guys do a double-take looking at their computer readout
4: Attach a
3: Sell time on the system to Oil of Olay to spot oily, reflective skin
2: Adapt it to seek out hot chicks
1: Link it to Am I Hot Or Not!
Ah, computer dating -- it's like pimping, but you rarely have to use the phrase "upside your head" -- Bender
There is also this vendor nuetral test
Bottom line is that this is merely a marketing opportunity for someone to get capital for products that are NOT ready for prime time.
This has actually been examined by the US Department of Defense (DoD) Defense Advanced Research Projects Agency (DARPA), which sponsored the Facial Recognition Vendor Test (FRVT) 2000, the test linked to above
Under live conditions in an uncontrolled enviroment, the best false detection rate (FDR) was 33 per cent, with a false acceptance rate (FAR) of ten per cent. This means that to detect 90 per cent of terrorists we'd need to raise an alarm for one in every three people passing through the airport.
I would say it is somewhat unacceptable.
"It is a greater offense to steal men's labor, than their clothes"
Biometrics are much easier to implement when the person's alledged identity is known. If the person claims to be X, the system need only compute B(X) and compare that to a precomputed data base entry B'(X). These values will almost never be identical due to noisy real world systems (different lighting, microphone noise, dirt on the fingerprint/retina scanner, etc.). Instead a statistical comparison must be made. If B(X) is statistically similar to B'(X), admit entry, otherwise call the firing squad.
In the article, Bruce assumes his readers understand this. His explanation of why face recognition systems cannot find the rare targets in large populations is quite good. The same logic applies to voice matching for projects like Eschelon.
And, of course, this wouldn't prevent individuals from using their own valid IDs to access public areas. The assumption of most security systems is that the intruder wants to commit a crime and get out while minimizing the probability of detection. A suicidal terrorist does not have this goal. He/she seeks to enter an area, commit a crime, and then die in the attempt. The tools developed for normal security may not be appropriate for suicidal terrorists or individuals on shooting sprees.
Given one hour to live, the student replied: "I'd spend it with professor FP who can make an hour seem like a lifetime."
The fact that only a few people will be inconvenienced isn't the real problem. The problem is that the users of the system will mistrust it.
If only one in 10000 positives is really a terrorist, then most airport security personnel will never see one. They'll stop and inspect a few people each day, and in every case, they will be false positives. That will lead to a tremendous mistrust of the system.
Imagine if you were running airport security, and every day the computer told you that you should detain someone because they looked like a terrorist, and in every case it turned out to be false. You'd feel like a fool.
It would be just like having false fire alarms a couple of times a day, every day. You wouldn't evacuate every time, would you?
In the same way, the airport security people would stop responding as diligently after months of false alarms. Then the system wouldn't work.
A system that people don't trust isn't worth having. It's just a waste of time and money.
I understand your frustration with people who aren't open to ideas without having any to replace them. However, I'm going to do just that. The converse of that idea is that we just do anything regardless of whether it helps or not.
I'm terrified by the reaction of this country far more than terrorists. I'm wondering what "terrorist" means. The wierd totalitarian things that have happened here have fueled my paranoia. The White House issuing a statement telling people they have to "watch what they say" has me wondering if "terrorist" might mean anyone who dares dissent.
I'd rather let things cool down for awhile. The way terrorist cells operate is that after an action everybody flees and goes back into cover. We have awhile to think about this. I think it would be a very good thing to let these decisions come at a more cool headed time.
I've seen several comments that "If the system gives a false positive only 1 in 1000 times, then it must be pretty good!". This demonstrates that many people have no clue about how to properly apply probability - what is called Baysian math.
.1 terrorist will be mis-identified. So we will assume that all 100 of the terrorists trip the alarm.
.9999, so we will assume that one innocent person gets fingered as a terrorist.
You have to start out with two probabilities that are based on the system: probability of a false positive (Pp) and probability of a false negative (Pn).
A false positive is mis-identifying a non-terrorist as a terrorist. Let us say that a collection of 1 million non-terrorists are run through a system, and it fingers one of them as a terrorist. That system has a Pp of 1 in a million, or 1E-6.
A false negative is mis-identifying a terrorist as not being a terrorist. Let us say that we run a thousand known terrorists through the system, and let us say that only one is not detected. Then this system has a Pf of 1 in a thousand, or 1E-3.
Now, that is ALL that you can say about a system. You cannot state the actual number of false positives vs. the number of false negatives in real use without an additional piece of data, the probability of any given person in a crowd being a terrorist, Pt. Let us say that in any given crowd, one in ten thousand people are terrorists (Pt = 1E-4). This may seem very high, but the lower Pt, the worse the system will perform, and I am heavily weighting this in favor of the face scanner.
Now, let's run a million random people through the system, and see what happens.
First, out of that million people, 1E6 * Pt = 1E6 * 1E-4 = 1E2 = 100 of them are terrorists. We would expect that of that 100 terrorists, 100 * Pf = 100 * 1E-3 =
Now, out of the remaining 999,900 people, we would expect the system to finger 999,900 * Pn = 99,900 * 1E-6 =
Now, we had 101 trips, of which 1 was false, so the odds that you aren't a terrorist given that you were fingered are just under a percent. That's given the assumption that the system mis-identifies innocent people only one in a million times, and assuming that one person in ten thousand is a terrorist. Increase the false positive rate by a factor of ten (one in one hundred thousand innocents gets fingered), and decrease the terrorist population to a tenth of what we assumed (one terrorist in one hundred thousand) and you now have roughly fifty-fifty odds that a person fingered by the system is innocent.
And that, people, is why systems like this don't work.
www.eFax.com are spammers
Which leads to a good point. How "suspect" do I have to be before you restrict my ability to move around and basically live a normal life?
If you stick to putting only known foreign terrorists in the database, fair enough. If you put known escaped US felons and bail jumpers in as well, again fair enough.
But the September the 11th terrorists were only suspects; we knew they were here, but they were here legally and openly, so we had nothing to charge them with. These are the people we want to stop, so we have to put them in and, what? Stop them flying? Search and question them? OK, lives are at stake, let's do that. it sucks, but it's necessary.
So, what's the criteria for putting a US citizen in? You don't have enough evidence to charge me. Am I an acknowledged activist, spouting anti-American slogans and calling for the end of US involvement in the Holy Land (pesky old 1st Amendment)? Or do I just have an uncle in Afghanistan who likes to send me encrypted mail? What are the criteria?
Do you stop me flying altogether, or do you just search me every time? If I'm not trusted on a plane, am I trusted with a gun? With access to explosives, or the materials to make them? Do you stop me using encryption? Or do you just watch me closely? Do I even know that I'm in the database at effectively wearing a big "suspicious" label because of my ethnicity, religion, family or political leanings?
I'm not against this technology (assuming we can get it to work), but I am very concerned that there be a clear, open procedure for who goes in the database. Specifically, I want to know:
If you were blocking sigs, you wouldn't have to read this.
Add some factual information, indeed.
h ra x.htm
Per your link to the CDC:
"Inhalation: Initial symptoms may resemble a common cold. After several days, the symptoms may progress to severe breathing problems and shock. Inhalation anthrax is usually fatal."
Yes, anthrax is treatable. They can give you an IV of 2 million units of penicillin every two hours and you will die anyway, the vast majority of the time. Note that I didn't say all anthrax is fatal, just inhalational. I am unsure about gastrointestinal or cutaneous infection, but it is my understanding that it can be treated with good success.
Per the Defence Journal
"Within twenty-four to thirty-six hours, the victim experiences the rapid onset of shock and subsequent death. Inhalation anthrax has a mortality of 95-100% despite antibiotic treatment."
Per the Biological Weapons FAQ
"Some authors maintain that anthrax is an even more deadly agent. According to one study, in principle, if its spores were distributed appropriately, a single gram would be sufficient to kill more than one-third of the population of the US. Of course, the authors were quick to point out that an attack of such magnitude would not be feasible. However, more realistic, smaller-scale scenarios still posit large numbers of casualties. For example, the US Law Enforcement Assistance Administration reported in March 1977 that a single ounce of anthrax introduced into the air-conditioning system of a domed stadium could infect 70-80,000 spectators within an hour). And a 1972 study by the Advanced Concepts Research Corporation of Santa Barbara, California, postulated that an aerosol attack with anthrax spores on the New York City area would result in more than 600,000 deaths."
I agree wholeheartedly that getting hysterical is not going to solve anything. However, it is just as naive to discount real, viable threats as it is to fret about weak or unlikely threats. Certainly it is true that anthrax is not going to cause a plague; it doesn't really spread very well. But it just as certainly is true that anthrax is a very potent, low-tech weapon for the psychotically discontent when spores are directly blown into the air.
Certainly it is not safe to produce biological weapons. I think that goes without saying.
Thanks for the link to Bioport, btw! I hadn't found that. And thanks also for the note about Aum Shinrikyo. I hadn't known of any publicized anthrax attacks in modern times. The sources I've looked at so far casually mention that he tried one attack. If it is in fact true that there is some factor that I haven't seen yet that invalidates anthrax as such an easy and potent weapon, I would love to know about it so I can find something else to worry about : )
More links on anthrax:
http://www.metrokc.gov/health/phnr/prot_res/ant