Slashdot Mirror
UK To Start Biometric Passport Trials
pearljam145 writes that the "UK is planning to test biometric passports that will include face and iris or fingerprint recording and recognition for a 6 month period on 10000 volunteers. Read here for more details. A face recognition chip is going to be the primary biometric and iris or fingerprint scanning will be use as a secondary biometric. However face recognition might not be the perfectly viable solution since it has produced too many false positives in the past. Face recogntion to this date is not robust enough to support real time recognition in a crowd (more failures?). Only with cooperation of the subject does this system produce good results. So will face recognition join fingerprint and iris recognition in a long list of obtrusive recognition techniques?"
...with their attempts to get J2EE certified. SchlumbergerSema, that is. Cool.
The Army reading list
I really don't feel comfortable with all of that. Personally I feel that if some one is going to beat the system, they are going to do it no matter how secure it is. With that many people it is impossible to not let some one slip through the cracks. I think a piece of paper, a stamp, and a few good forms of ID is enough.
404
Sadly, this doesn't surprise me, being a UK citizen. It's like 1984 over here.
Well, heck. There's been 'face recognition' biometric data on most people's passports for over a century already. As long as said 'biometric data collection' methods have existed, there have been people, i.e. the Amish, who've objected to it.
This isn't really anything more, other than possibly higher resolution recordings.
A Good Intro to NetBS
Three words:
Cost, Cost, COST!
I don't think anyone wants to stick thier neck out that far for a feasability study.
From what I read in the article, this is a proof of concept if anything else.
--sig fault--
So will face recognition join fingerprint and iris recognition in a long list of obtrusive recognition techniques?
Passports are inherently obtrusive. You walk up to the person in the uniform behind the desk, hand over your passport, and wait for them to decide if it matches you. Matching a face by camera at this point is no more of a bother. (Well, if you don't pass the scan, it is...but that's a different subject.)
Plus, the people manning the desk control the lighting and the positioning of your face. If you don't take off your sunglasses and look straight ahead, you don't pass. This will improve the performance of the software far above the 'scan the crowd' attempts. You'll still have some false positives, of course; but all systems dealing with humans do.
And maybe they'll have contact lens in 2007 that will fake out a retinal scan... but the scanners made in 2009 will penetrate at different angles, showing up the lens with no problem.
And the problem with a data hack is the location and the timing - these machines are going to be installed at security checkpoints with (at least in the U.S.) armed guards in airports, train stations, and major ports - and I'm sure they're going to ask some questions if you start pulling panels off of their thirty thousand dollar biometric scanner. And as far as getting into the (I'll hope extremely) secure database with the 'master copy' of all the biometric data... well, if you can get into that, I don't think you're going to be worrying about stealing my identity.
Have you been touched by his noodly appendage?
Becuase you can change your password a whole lot easier than you can change your DNA.
That's nice, but it has nothing to do with what they're doing.
Passwords are authentication. Passports are identification. Identification and authentication are not the same. This use of biometrics would be more analagous to the username than the password.
Keep in mind, also, that this is being used with passports. Passports, unlike ATM cards, are usually presented manually for verification. When the security guard wipes your fingers with an alcohol wipe and mashes them against the machine, spoofing the machinery (e.g., jelly fingers) is a bit harder.
This might even fix the achilles heel of identification (licenses, passports, etc) which is that it is too easy to forge or bribe your way to a fake one. If the big ol' biometric databases notes that Mr. Hakim Faisal is registering for a second passport as Mr. Jorge Fuentes, then that should throw up a flag.
How is it worse or more error-prone or more insecure than eyeballing the passport photo and comparing with the guy in front of you? How many people actually look unmistakably like their passport photos?
The difference is that when they screw up your passport info, nobody's going to believe it. You really will need a new face.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
"One of the reasons we are doing this with passports first is because the U.S. government has said it will require biometric passports for people wishing to enter the United States,"
That's rather interesting, considering how much money it would cost to set up such an infrastructure in a country. Looks like if you're not from a first world country, we don't want you here. Mexico who?
That's rather interesting, considering how much money it would cost to set up such an infrastructure in a country. Looks like if you're not from a first world country, we don't want you here. Mexico who?
As soon as they're done postponing the date for requiring biometric passports, they'll start reading the biometrics of the countries that have them, and spend more time harassing the people from other countries. This will in turn give us a false sense of security. The worst criminals can spontaneously appear out of nowhere, biometrics won't change too much. The only case this will affect positively is that of someone who already has a criminal record which includes biometric data, has the resources to acquire a fake passport, but does not have the resources to fool a biometric sensor.
I am curious why they are using facial recognition as the primary, iris and fingerprint are much easier to scan and much more reliable, although not practical at a distance. I've read the reports of fingerprints being spoofed and I suppose the same can be done with a contact lense for the iris. Facial recognition spoofing could be harder just because it relies on size and shape and not just lines, but that's pretty weak. So I'm curious why they would use the least reliable one as the primary . Any views? I read the article, well, actually I skimmed, it, but I didn't notice the answer, so is it just the marketing factor of facial recognition?
Actually, I was born in the USSR. I moved to the US years ago, though, with most of my family. I was lucky enough to get out of there at a fairly young age, but the stories my parents and grandparents have told me about what they've gone through... I really hope that kind of thing doesn't happen anywhere else in the world.
:)
So yes, I'm an American and glad. This country may suck, but it sucks a lot less than most other countries.
I claim first use of "Error No. 0B" - or "No. 0B error." It'll be the new ID 10T!
"The only case this will affect positively is that of someone who already has a criminal record which includes biometric data, has the resources to acquire a fake passport, but does not have the resources to fool a biometric sensor."
Not even. I don't know about other countries, but I know my US passport is good for ten years. So even if the US required biometrics tomorrow, we'd still have to wait until the end of 2013 for the change to have any real effect.
What would be more productive (and probably cheaper) than requiring biometrics would be better ways of verifying the passport itself. The Bureau of Engraving and Printing is doing all sorts of things to make US paper currency more secure, but even paper currency from the 1980s is more difficult for counterfeiters to reproduce than your typical passport. Heck, driver's licenses and state ID cards are harder to forge. And let's not forget birth certificates while we're at it.
The only thing requiring biometric information on passports accomplishes is it allows the US government to collect and store the biometric information, from citizens as well as foreign nationals.
Didn't they see Gattaca? Once we start using biometrics, it will become this all knowing system where once you are biometrically identified, you will be considered the real thing even if it seems like you probably aren't. It will be like that guy from the 80s movie saying "Computers never lie, kid."
I can just imagine my biometric record getting screwed up because of some random computer bug, and guys with shotguns and big dogs coming out when I show my passport the next time I travel internationally...
Your signatures belong to me.
Now there would be an incentive for faked passports or human smuggling.
I remember the last time my face was stolen for my passport picture, I had to get my face changed. Thus they should remove the photos from passports too. Get real.
Biometrics won't replace password authentication (at least not anytime soon). But there's a lot of places that you DON'T have a registered account that they can just do a password lookup. It's just not practical to have an international database of people and passwords (or a series of individual databases). With all the bureacracy and red tape, do you seriously think it'll be more secure?
So when the comparison is done by customs clerk comparing your face to your photo... or a computer and a clerk (probably trying less now) doing the comparison.. which is more secure?
False Positives? There will be obviously be a lot less then before... And yes if it's for criminal intent, it'll still result in the passport holder getting investigated (but how is this different then what happens with photos?).
False Negatives? I'll admit, I have no idea what kind of threshholds they'll use, so these can be lower or higher then before. But the consequences are basically the same, they have to take you aside and verify who you are.
Oh ya that guy that stole your face/fingerprints/DNA... how many times do you think he can use that before he gets caught. Isn't it convenient that he'll be standing in the middle of a bunch of guards. He's not sitting halfway across the country in some kinko's. In the meantime (before the guy gets caught) the victim can be given a temporary password or other verification card to distinguish you from the criminal.
There's times when biometrics are appropriate and this is one of them. It's a completely different risk model.
About 30 years ago, Frederick Forsyth wrote The Day of The Jackal (and it was then made into a superb film - well recommended if you haven't seen it).
In the book and film, the Jackal (a hired assassin) applies for a copy of the birth certificate of someone who had died as a child. When he gets it, he uses that to apply for a passport in the name of that person.
A year or so ago, some investigative reporters used a similar method to get hold of Frederick Forsyth's ID and get credit cards, etc, in his name. Amazingly, they even got a driving licence in the identity of David Blunkett, who, as the home secretary, is the political head of the department that controls the UKs security services - and who is also widely known to be blind (i.e. why would he be applying for a driving licence?).
Details are here.
When confronted with this information, an astonished Frederick Forsyth said "30 years ago I exposed to the authorities a loophole in their own security and I presumed they would stop it - they didn't."
I cannot see anything in the use of biometric passports themselves that would prevent this trick from working. If you have the means to apply for a passport in the name of a dead person, how is supplying your own fingerprint or iris scan possibly going to help ? Yes, it might stop convicted terrorists applying for passports if their fingerprints or iris scans are on record, but there are huge numbers of people with no convictions. And I'm sure others will point out all the other problems with biometric IDs.
Indeed, if biometric identification means that passports become more "trusted" than previously, then they seem to be making the security situation worse, rather than better - i.e. people will place more of their trust in the biometric ID, to the exclusion of other factors.
From another BBC report, the government estimates that about 1500 issued passports a year are fraudulent (an estimate which is described as "conservative").