Monday, 2 April 2007

Biometric Identification

Kim Cameron is doing a nice job of keeping both the technical and social implications of fingerprinting or other biometric identification visible so that we do not get led astray by the relative ease of delivering a biometric identification system. Way back when I was designing systems for IBM360s and the like, identification of people for the systems was always a significant part of the work and often we would call for everybody to be tattooed with a bar code at birth. Somehow this never caught on... damn liberals! Now we have extremists in governments of significance who have brought gunboat diplomacy to new levels and who view state collection of information about the individual as a natural part of keeping the world safe.
It may not be clear what the issue is ... why shouldn't governments, law enforcement, and lunch monitors require you to be registered on a database of good guys (or bad guys) in order for you to receive your rights or go about your lawful business? Even if the systems were 100% trustworthy and secure, governments; law enforcement officers; and lunch monitors certainly are not.
In The Honest Truth on Biometrics in Schools (but not the whole truth), Mitch Johns states:

How do school lunch biometric systems work and do they protect privacy?
In most school lunch biometric systems, students place a forefinger on a small fingerprint reader by the register. In seconds, the system translates the electronic print into a mathematical pattern, discards the fingerprint image, and matches the pattern to the student’s meal account information. Food Service Solutions (FSS) biometric software, for example, plots 27 points on a grid that correspond with the fingerprint's ridges to achieve positive identification, but saves no actual fingerprint image.
When school lunch biometric systems like FSS's are numerically-based and discard the actual fingerprint image, they cannot be used for any purpose other than recognizing a student within a registered group of students. Since there's no stored fingerprint image, the data is useless to law enforcement, which requires actual fingerprint images. As there’s no way for any fingerprint or computer expert to extract a record and reconstruct a person's fingerprint image from purely numerical data, privacy is protected.

Kim gives him the benefit of the doubt
I hope your statement is the product of not having thought through the potential uses ...

I think it is straightforward marketing obfuscation. A concern is admitted and addressed, as though it is the only possible concern (in this case that someone will reconstruct a fingerprint from the stored data). This distracts from the other issues that cannot be so easily dealt with.

Strictly the fingerprint expert compares an unknown fingerprint with a known and states that they are the same on the basis of similarity across a number of points. The more points of similarity, the more likely the identification. Where the bulk of the population is fingerprinted conventionally or through DNA, a system could be devised to provide a subset that includes the target of an investigation to a very high degree of probability. The size of the subset is determined by the confidence that you wish to have in stating that the target is inside. In the fictional world of CSI, we would see this happening in the twinkling of an eye with only a few false arrests but in the real world, we can expect some serious cock-ups as police, security, librarians and lunch monitors react to False Rejects or False Accepts of the identity.

The use of an encrypted biometric does address the issue of law enforcement scooping up large sections of the population on the basis that there is a 50% chance that the bad guy is in the scoop but encrypted biometric systems must be implemented with a very high level of integrity and trust. Certainly relying on a school to manage the acquisition and storage of such sensitive data as identity is not sensible. We barely trust schools to do their core business of teaching.

4 comments:

Unknown said...

Kim has certainly been on a tear recently with biometrics - good stuff, particularly some of the stuff happening in the UK. In Australia, we've gained some breathing room over the "access card" that the Howard government has proposed, but I've no doubt we'll be facing this sort of situation soon enough.

Unknown said...

By the way, Dave - I notice the last couple of posts don't have their "own" link (whereas an earlier on did) - is this deliberate? I wanted to tag this post in del.icio.us, but can only "tag" the blog as a whole.

David French said...

New to this ... will try to do better

Unknown said...

Dave - it's obviously working! Tagged this post in del.icio.us successfully ...