Slashdot Mirror
UK To Start Biometric Passport Trials
pearljam145 writes that the "UK is planning to test biometric passports that will include face and iris or fingerprint recording and recognition for a 6 month period on 10000 volunteers. Read here for more details. A face recognition chip is going to be the primary biometric and iris or fingerprint scanning will be use as a secondary biometric. However face recognition might not be the perfectly viable solution since it has produced too many false positives in the past. Face recogntion to this date is not robust enough to support real time recognition in a crowd (more failures?). Only with cooperation of the subject does this system produce good results. So will face recognition join fingerprint and iris recognition in a long list of obtrusive recognition techniques?"
The UKPS will carry out the trials at "various locations" throughout the UK, using four fixed, one mobile, and one portable unit, with one of the locations being a passport office.
... but damn, they have a world of international travel going through, and only four permanent stations (!) to test with.
It seems like their trial might be a little limited in scope, don't you think? I understand from the article that this trial is being run by the Passport Service, so presumably the various test stations will be deployed for use in areas of entry to and egress from the UK
I wonder why the numbers are so small.
Other curious questions involve what you'd use a mobile station for -- not portable, but truly mobile, i.e., mounted in a vehicle or similar; stop someone on the street randomly to see if they have a passport and if they're participating in the trial?
Becuase you can change your password a whole lot easier than you can change your DNA.
The flip side of not being able to lose or forget your biometrics is that you can't change it when it gets stolen. And, yes, people will find ways to spoof biometric authentication schemes into believing that they have your data. Whether it's fake fingerprints, or (more likely) some sort of data hack that sendst the computer the right bitstream for a given person's biometric data, once yours is gone, you're just hosed forever.
If your password or PIN gets stolen, you can make a new password, or get a new ATM card and a new PIN, and cancel the old ones. Once your biometric info is stolen or spoofed, you have the choice of cancelling it and not being able to authenticate anywhere, or just accpeting that your identity is stolen and will stay stolen.
Biometrics are great if *combined* with a password. But by themselves, they're foolish for strong authentication. Just because your fingerprints are on your hand doesn't mean that there isn't a pattern there that could be stolen and stored somewhere by bad actors.
As NTK pointed out last week, MORI are looking for people to take part and raises a point on skewed statistics, maybe?..
"Pollsters MORI will be ensuringthat the Digitised 10K will be a representative sample the UK population: and here's where it gets interesting. MORI are inviting people to apply. Assuming that those most worried about biometrics in society aren't going to leap at the chance to be fingerprinted in advance of the giant Orwellian (etc) database, why not help the sample from getting a bit too skewed? Plus who wouldn't want to mess with cool, hackable, potentially dystopian gadgets?"
Seems a oppotune time to get my passport renewed, perhaps.
Earlier this year when homeland security reported a new secure VISA system, this was what I had in mind - iris and fingerprint data along with the usual photo & dental records on one smart card. Then the Bush admin went ahead and put a year (or more) delay into whatever they do think was secure, supposedly so as not to disturb the busy european terro^h^h^h^h, er, tourist season. I guess keeping citizens safe isn't real big on Bush's agenda.
I think it just makes sense to push for a full biometric smart card for an international VISA/passport system. We have the technology, we have the knowledge, we have the money, and every country that participates fully will be a little safer. Take this along with full background checks and no 'favored' nation nonsense. Limit diplomatic passes to only those people needing them and yank it if the person even gets a jaywalking ticket.
You either get seriously tough on security, or admit defeat. You can't show you are securing the country if kids can still buy pot, crack and smack.
It's a long story, but I don't have stable fingerprints; scarring interferes with them. Any time I've needed a fingerprint check (for example, my concealed-carry permit), it was problematic producing 'acceptable' fingerprints in the first place, and thereafter difficult to match current fingerprints to old ones. Although this could make me a great secret agent or something, I'm going to have trouble if any future employer of mine moves to simple fingerprints biometrics as a means of identification.
I'd be much more comfortable with using a smart card that stored my biometric info inside itself. It may not fit into the whole "a-passport-is-a-way-to-track-you-and-privacy-gets -in-the-way" mindset, but I definitely wouldn't feel comfortable with the government scanning any kind of biometrics off me just to board a goddamn plane to Canada, whether it's fingerprints or retina scans, or anything else.
If I make no sense in this post, you'll have to excuse me. I'm a little intoxicated tonight.
I claim first use of "Error No. 0B" - or "No. 0B error." It'll be the new ID 10T!
How will this effect movie stars and other famous people such as Michael Jackson? People who alter their faces like I change my socks will obviously be having problems.
On a more serious note, how does this effect people who are the result of severe burns, car accidents, plastic surgergy, radioactive mutations, aging, etc? Obviously if someone's face is altered they will have some problems.
---
Never criticize religion on Slashdot. You will be modded down for "Troll" no matter how factual it is.
It's good to know that your government takes your personal opinion so seriously.
Or, just perhaps, given that the US is in effect demanding that all other countries do what it wants, it was giving them a little bit more reasonable an ammount of time to implement a system that has little point beyond jingoistic technobable-like 'look, look, we're doing something, please re-elect us' politico-speak.
Possibly, but if it's too US-led, people will see it (however correctly) as an attempt to erode their sovereignty in favour of America.
You might have the money, but does, say, Rwanda, or Indonesia? Can there not be made an argument that this is effectively protectionism as to the kind of people economically 'allowed' in to the country to conduct business, &c.?
Apart from the obvious cost implications, well, countried get 'favored' status for a reason - they have (what are regarded as) 'sufficiently' thorough security on the other side. Indeed, having seen my fair share of airport security, I'd say that the laxest I ever saw was for a (domestic, but even so) flight from Denver to Washington (pretty much nothing beyond my bag getting spot-checked for explosives' residues), as compared to a flight out of Sri Lanka (including what felt like a highly competent mandatory body pat-down - thrice - and canon emplacements around the airport).
Yeah, sure, let's dispose of several hundred years of diplomacy because it's a system that can be exploited.
You either get seriously tough on security, or admit defeat. You can't show you are securing the country if kids can still buy pot, crack and smack.
Yes, because it's well known that kids who do drugs grow up to die in terrorist-related activitiy. What?
Back on-topic, I see no reason for people to object to the use of computer-read, rather than human-read, biometric data (height 182 cm, weight 72 kg is biometric data, after all), as long as it is used for a reasonably good, but not necessarily perfect, confirmation of identity - after all, if the data matches, all that means is that the person is who the database says they are claiming to be, but not necessarily who they actually are...
James F.
I don't know about you, but I need protection.
There are rapists and killers our there.
If we need to be herded like cattle at an abattoir to obtain a little more safety, so be it.
Where can I sign up for a government run life?
Will they wipe my ass, and tell me what job I get?
My identity is my choice- right now I'm a good little citizen... but biometric IDs won't help if I turn to "Falling Down".
The day gets closer.
Only in very unusual circumstances (such as loosing one's passport). Do you mean, perhaps, visas?
If you mean that people should only be allowed into the US on pre-accepted visas, well, OK, but I (as a citizen of the European Union) can move freely between 15 (and soon to be 25) countries with ease, and normally without a check of my passport in the first place (unless travel is by air, that is, as there aren't European terminals as well as international ones), and in practice, also into and out of Switzerland - I once went from Austria -> Switzerland -> Italy -> France -> Switzerland -> Germany -> France -> United Kingdom, and only got my passport checked on arrival in the UK.
It is widely believed that this freedom of movement has benefitted the EU's member states greatly (especially economically), and that security has, if anything, been increase, by concentrating on intelligence rather than rote scanning of all incomers. Why could this system of trusted others be kept in use in the US/.
James F.
He also has an interesting article dealing specifically with biometrics in airports, specifically facial recognition. Without explicitly showing the math, he applies Bayes rule to calculate the false positive rate of a fantastically accurate system. Since the frequency of terrorists is quite small, the rate of false positives is incredibly high and it such a system would simply train the human operators to ignore its positives.
Wouldn't growing a giant beard throw biometric readings off? Perhaps if I wore my glasses too?
I think the only reliable method of biometric data would be to include a DNA sample in one's passport and then use a device a la the ones in the Gattaca movie to take a small blood/hair/skin sample at the airport or where ever. The others are either too simply faked (fingerprint testing) or open to abuse (face recognition) unless only used as confirming factors in a passport, not as a replacement for the actual passport itself.
In other areas, not. Contrary to many other countries, the UK doesn't have a central database of all citizens for instance. You don't need to have a passport. You don't need to be registered for national insurance (equivalent to being registered for social security in the US). You don't need to be registered with Inland Revenue (equivalent to the IRS), and in fact the Inland Revenue really don't do much if they don't have your right address (in Norway it's a criminal offense not to report to the tax authorities when you move...). You don't need to be on the electoral roll (needed if you want to vote). You don't need to have a drivers license. And even if you do, these registers aren't cross linked, and no non-governmental agencies have access to any of them except for the electoral roll, and if you choose it will only be accessible for very limited use such as credit checks.
You can easily build credit based on fake details, because most of the credit scoring is done based on your time living at a particular address (or rather, the amount of time you have been able to receive mail addressed to a particular address), and your behaviour towards other creditors, but if you manage to get one account with false details you'd easily get a new accounts based on your credit records.
The Inland Revenue doesn't need to, or want to, know about your bank accounts. You are responsible for reporting your revenue, not the details about what you have in which accounts (whereas in many other countries, including Norway, the banks are required to give the tax authorities details about all accounts you hold)
In general, the UK system is a whole lot looser coupled than what you'll find in quite a few countries. From the above, for instance, you can see that there is no one safe unique identifier you can use to identify a UK citizen, and since there is no one complete registry you can obtain most of the documents above if you manage to get hold of a couple of faked documents, and use them to build on eachother, while in Norway for instance you would need to find a valid, registered, personal identification number that match you reasonably well (birth year and gender is part of the number) to get anywhere, or you can live without most or all of the documents if you want to stay anonymous.
John Daugman from Cambridge, UK. Wrote in this weeks New Scientist that, The Ministry Of The Interior in the UAE has been using iris recognition to detect those expelled for Visa violations entering through all 17 air,land and sea ports. The ministry has a database of 293,406 iris' and according to the ministry they have run 1,011,876 searches against the database and the 3684 positive hits have all been confirmed by other means.