Slashdot Mirror
World's Largest Biometric Database
An anonymous reader writes "In the last two years, over 200 million Indian nationals have had their fingerprints and photographs taken and irises scanned, and given a unique 12-digit number that should identify them everywhere and to everyone. This is only the beginning, and the goal is to do the same with the entire population (1.2 billion), so that poorer Indians can finally prove their existence and identity when needed for getting documents, getting help from the government, and opening bank and other accounts. This immense task needs a database that can contain over 12 billion fingerprints, 1.2 billion photographs, and 2.4 billion iris scans, can be queried from diverse devices connected to the Internet, and can return accurate results in an extremely short time."
Your social security number just won't cut it in the future.
Wired had an article running about it already last year http://www.wired.com/magazine/2011/08/ff_indiaid/all/1.
Surely having a record of all digits and eyes ensures that a person can be identified even if they lose a finger or an eye.
And I suppose your dBase application can do an index on a HUMAN_IRIS(2) field type?
When the system breaks, at least getting connected to tech support in India won't seem like such a bad thing...
A few ideas come to mind:
1. Pastebin doesn't have anywhere near the space needed to paste these
2. Pastebin doesn't have fingerprint, iris, faecal sample support (yet?)
3. Even if you did expose the entire database, it would still be useless without write access to alter the data - so you can claim to be somebody else.
Number 3 is also a case for every nation that issues ID cards or biometric passports today. But only the government has any access to the database. I.e. it's not sold to 3rd parties for marketing purposes (like the electoral roll is in the UK for example). You then use government issued documents to prove your identity to everybody else. And there's also a chance for corrupt officials to mess your stuff up, no matter how high- or low-tech the identity system is.
(another AC)
http://www.theverge.com/2012/5/28/3046726/iris-patterns-change-over-time-research
"The biometric iris recognition scans used at many security checkpoints may be less reliable than previously believed, researchers at the University of Notre Dame have found. "
For those who are interested to know more, here is their quite detailed website http://uidai.gov.in/ More than anything else, it conveys the logistical and bureaucratical complexity of executing a project of this dimension across a country like India.
Plus when they start finding duplicate fingerprints, they're going to need to check more than one finger.
This is a good idea in a way because it should resolve the question of how common fingerprint matches really are.
They'll run out in a few centuries, and then what?
Next time, go hexadecimal from the start.
Where does India outsource /their/ IT jobs for managing things like this database?
A "HUMAN_IRIS" is just a 2048 bits field. Read about IrisCode (pdf warning) some time. It's a really elegant solution.
English is not my first language. Corrections and suggestions are welcome.
So when the data gets out could it be used to make fake fingerprints and irises?
I was going to suggest something along the lines of saying hashing the data, but then I realized you want to scan someone's iris and then compare that scan in the database.... Hashing won't work here. DCT would likely work, but is sloooow, the more I think about it the more I realise this is not an easy problem, though really it is if you change the problem:
Every person gets a GUID. They present the GUID as their ID. You query the DB for the GUID and submit their iris scan as the authenticator. You don't need to parse the iris data for a lookup (that is what the GUID is for, then you just do a DCT on the scan you took and the stored scan in the DB. if the result is .90 or better it is likely your person.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
India is a messed up 3rd world country with too much corruption and too much of losses to the middlemen. For example, discounted food supplies sent to the poorer sections of the society are misappropriated by the distribution stores. Very small percentage of the poorer population has bank accounts or even an identity card of any sort, or often times even a birth certificate. ( so think of trying to do something in the US without a state id.. or ssn!)
Yes there is a chance that this will get hacked - but this has to be weighed against the good that this will do. The govt plans to create bank accounts directly from these user-ids and directly wire them money, or use it to give out benefits etc. A huge huge deal for a large country with no real social network in place!
Uh, I don't think so.
Iris scanning actually works in a way similar to a hash. You take the iris picture and find a 2048-bit number, the "IrisCode" or wherever you wanna call it. If you want to make a comparison, then you find the IrisCode for the other picture, and compute the Hamming distance between two. The threshold for match or no-match is actually a function of the database size. (I read the paper a while ago and I'm probably made a few mistakes describing it, but it works along those lines). John Daugman site has more details.
English is not my first language. Corrections and suggestions are welcome.
This is a good idea in a way because it should resolve the question of how common fingerprint matches really are.
This is the best piece of text Slashdot had to offer in quite a while. High five, insightful internet person!
I rarely respond to comments. Also, don't ask for clarifications: a brain and Google are faster, believe me!
Usually it's all 10 fingers and palms too so 12 x 1 billion people = 12 billion prints. Easy.
Indeed, fingerprints are not unique.
Last two times I've been fingerprinted for CCW & work reasons it has been each finger, all 10 fingers (minus thumbs) together and palm of both hands.
Is buying a Harley Davidson as your first motorcycle since you were 16 at age 49 a midlife crisis issue?
What if you get severely burned and then have no irises, fingerprints, and your face looks different? They should be incorporating DNA too.
Exactly, but some organizations also use everything including DNA. I'm guessing India is using all 10 digits and both palms to come up with that number. Thumbs are good to have as many prints will be those.
Thumbs are good to have as many prints will be those.
Thumbs are good to have not just for identification but to allow us to tie our shoelaces more easily and handle knives and forks, etc. Also press the space bar on normal keyboards. Not just thumbs, but opposable thumbs.
We believe fapping isn't in your top 3. Sure we do.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
More thumb prints seem to be around crime scenes maybe?
No there wasn't. My number is lower than yours is. If you want something to be modded funny, it actually has to be funny and NOT take too damned long to read.
I have to agree on one thing though, many more people will MOD you down just for disagreeing, which I don't quite think is too cool. In any case the "Funny" MOD does not really help your karma at all.
And yes I do read at -1 and yes I read both of them that we slightly different. We'll it was a good troll. You got a reply at least.
Most searching is done with 4 or 6 fingerprints. Index fingers plus thumbs for the 4 print systems add in middle fingers for the 6 print systems. Those fingers tend to have the most minutiae points. When they records are captured you know where the finger positions are so you only search those finger positions. Iris searching is way way faster then fingerprints, so you search all of the records with iris then take the top 10% or so and search those fingerprints. That way you will not have to spend so much time searching fingerprints.
> I'm guessing India is using all 10 digits and both palms to come up with that number.
Which number they came up with? The 12 billion fingerprints? That is, the (1.2 billion Indians) x (10 fingerprints per person)? That number?
I speak England very best
Biometrics are not just fingerprints: Apple's Siri and whatever imitation was made available for Android do one thing very well: they export a pristine, digital quality voiceprint with owner details to the US every time they are used.
It's the second largest successful intelligence intercept ever - the first one being WhatsApp and iMessage tapping what was formerly harder-to-get SMS traffic..
Insert
Just wonder how useful iris scans are going to be: http://www.i-programmer.info/news/149-security/4278-irises-change-over-time-problem-for-biometric-testing.html
. if the result is .90 or better it is likely your person.
So what you're saying is, with a copy of the database I could impersonate 1 in 10 people in India. How... very... secure. Point of note: People's irises change over time, unlike fingerprints.
#fuckbeta #iamslashdot #dicemustdie
This was covered before. IIRC every 6000 or so prints you'd get one match. Or some really low number.
This is not an index.
Sure anyone can tell you that 0001010101010101001 = 0001010101010101001
Now what if I tell you that 110010101001010101 has an extremely high score towards being the same person.
Your lil dBase index is currently scratching its head.
Actually Fingerprint is only a secondary search in India. Iris is the primary form of identification. They actually do face as well although it's not really used.
Indian's have a big problem with missing fingerprints (lots of manual labor leads to worn off prints) so in their case very much yes Fingerprint is not a good identifier.
It is actually important to capture all the fingerprints because you do not know which finger will be the best over a period of time. Often the best finger for transactions ends up being the little finger since it is the least likely to have damage or get worn off over time.
Plus the real cost of the system is having to capture all the data in the field. The incremental cost is minimal to capture 1 vs 10 and the improved de-duplication and long term viability of the system is improved by capture all.
We are just using all 10 fingers... 4-4-2 slap scanners... we authenticate via a single finger
I am from India and had my scanning done a week back. The software seemed to be a qt hackjob loaded on multiple ubuntu laptops. The photo came out funny but the 10 finger and iris scans were detailed enough to make me feel uneasy. Not to mention the fact that every piece of identification from graduation certificates to driving licenses to bank account numbers are linked to this single database. Bah.. Its India.. who cares for data privacy here...
faecal sample support
(yet?) What did you mean by that ? Please explain.
It was recently reported that Irises actually change over time. This begs the question of how accurate this data will be in 5 years? 10 years?
Maybe so, but I can't read minds unfortunately.
I'm assuming that maybe there are that many babies that slip through the cracks. I dunno what age they fingerprint at but I bet they get a palm printd too.
Maybe so, security around here gets the palms too.