UK To Start Biometric Passport Trials

pearljam145 writes that the "UK is planning to test biometric passports that will include face and iris or fingerprint recording and recognition for a 6 month period on 10000 volunteers. Read here for more details. A face recognition chip is going to be the primary biometric and iris or fingerprint scanning will be use as a secondary biometric. However face recognition might not be the perfectly viable solution since it has produced too many false positives in the past. Face recogntion to this date is not robust enough to support real time recognition in a crowd (more failures?). Only with cooperation of the subject does this system produce good results. So will face recognition join fingerprint and iris recognition in a long list of obtrusive recognition techniques?"

Favorite quote...

[gloth]

"One of the reasons we are doing this with passports first is because the U.S. government has said it will require biometric passports for people wishing to enter the United States," the government spokesperson says. "At first that was to begin in October 2004, but that has be delayed to an unspecified date in 2005."

Also covered in The Economist

[richg74]

The Economist, in its Technology Quarterly section, has an article on biometrics, including face recognition.

Among other things, the article makes the very good point that there are two ways to use biometrics: for identification (i.e., who is this J. Random Person), and for authentication (i.e., is this really Rich, as he claims to be).

Tests of face recognition for the first purpose have basically been miserable failures, as far as I can see. (As I'm sure most Slashdotters know, facial recognition is computationally a vey hard problem, even though we clever apes do it all the time.) For the second application, face recognition or fingerprints would seem more promising, since one is comparing them with, in effect, a known right answer.

The article also points out that all of this is being sold as a way to "increase security" -- but it would have done exactly nothing to prevent 9/11, since the hijackers entered the US and traveled as themselves.

/Rich

On Fingerprints and other biometrics

[Net+Spinner]

Read an interesting take on biometrics in the last Cryptogram that Schneier puts out. If you think about it, biometrics really have NO positive impact on actual security. They're more of a placebo for the average non-security minded person. This is precisely why you see a great deal of hype around them and very little real security. Government officials, last I checked, aren't the most savvy people in the world. Especially the ones who graduated last in their class...

Blurb out of the Cryptogram:

"So it is our opinion, that as long as the manufacturers of fingerprint equipment do not solve the live detection problem (i.e. detect the difference between a live finger and a dummy), biometric fingerprint sensors should not be used in combination with identity cards, or in medium to high security applications. In fact, we even believe that identity cards with fingerprint biometrics are in fact weaker than cards without it. The following two examples may illustrate this statement.
1. Suppose, because of the fingerprint check, there is no longer visual identification by an official or a controller. When the fingerprint matches with the template in the card then access is granted if it is a valid card (not on the blacklist). In that case someone who's own card is on the blacklist, can buy a valid identity card with matching dummy fingerprint (only 15 minutes work) and still get access without anyone noticing this.
2. Another example: Suppose there still is visual identification and only in case of doubt--the look-alike problem with identity cards--the fingerprint will be checked. When the photo on the identity card and the person do not really match and the official asks for fingerprint verification, most likely the positive result of the fingerprint scan will prevail. That is, the "OK" from the technical fingerprint system will remove any (legitimate) doubt.
It is our opinion that especially the combination of identity cards and biometric fingerprint sensors results in risks of which not many people are aware."

Full article is here:
http://www.schneier.com/crypto-gram-0311.ht ml

Re:The rich and famous...

[Jon+Chatow]

I believe that, at this point, you get a new passport (under UK law, at least, you are required to update your passport if your appearance changes - biometrics would just be another facet of your 'appearence').

This is mandated by the US

[vidarh]

The reason the UK, and the rest of Europe, is moving to biometric information is passport is that the US government demands that passports with biometric information start being issued to all citizens of countries that can enter the US without a visa.

So in the near future it's either biometrics, or having to apply for a visa to get into the US.

Re:Full biometric data should be on all passports.

[vidarh]

And to add to that, the reason you got checked in the UK is that the UK isn't a member of Schengen, which is the passport cooperation.

Re:The thing about passports

[mikerich]

There is one significant difference: We have a reasonable expectation that in most cases that only limited information is kept about us. If the passport system contains detailed biometrics, there are no more technical barriers (such as lack of data with the current system) stopping the government of whatever country we're entering (including our own) from tracking our movements and in general invading our privacy in any way they see fit.

The UK government has already proposed linking all government databases (in contravention of the Date Protection Act), and is also proposing to create a trans-European database.

And I was told that 1984 wouldn't be like '1984'.