Transcript Biometric Identification

Positive Personal Identification
A Comprehensive Systems
Analysis Workshop
Presented to the
Minnesota Futurists
June 7, 2008
Bill Peter & David Keenan
Comprehensive Systems Analysis
Workshop
10:00am Global Review of Biometric ID technology
- Dave Keenan
10:15am Special video presentation from the ACLU
(and discussion)
10:25am Workshop on alternative futures for
“Tamper-proof Biometric Personal ID”
- Bill Peter
11:30am Door Prizes
11:35am Reflections on the workshop approach
- Group
11:45am Departure
Biometrics
• Measurement of living systems
• Currently – the study of methods for
uniquely recognizing humans based upon
one or more intrinsic physical or
behavioral traits.
• Our Context
– We will concentrate our attention on biometric
systems for positive personal identification
Classification of some
biometric traits
Two main classes
Physiological - related to
the shape of the body
–
–
–
–
–
–
–
–
–
–
Fingerprints used >100 years
Palm prints
Hand geometry
Hand veins
Iris recognition
Retina scan
Ear canal
Face recognition
Facial thermogram
DNA
• Behavioral - related to
the behavior of a person.
– Signature
– Keystroke dynamics
– Voice
Components of a Biometric System
• A sensor that detects the characteristic
being used for identification
• A computer that reads and stores the
information
• Software that analyzes the characteristic,
translates it into a graph or code and
performs the actual comparisons
State of the Art of
Biometric Recognition Systems
Biometrics
Equal False False
Error Accept Reject Subjects
Ratio Ratio Ratio
Face
n.a.
1%
10%
37437
Fingerprint
n.a.
1%
0.1%
25000
Fingerprint
2%
2%
2%
100
Hand geometry
1%
2%
0.1%
129
Iris
< 1%
0.94%
0.99%
1224
Iris
0.01% 0.0001% 0.2%
132
Keystrokes
1.8%
7%
0.1%
15
6%
2%
10%
310
Voice
Comment
Varied lighting,
indoor/outdoor
US Government
operational data
Rotation and exaggerated
skin distortion
With rings and improper
placement
Indoor environment
Best conditions
During 6 months period
Text independent,
multilingual
Reference
FRVT (2002)
FpVTE (2003)
FVC (2004)
(2005)
ITIRT (2005)
NIST (2005)
(2005)
NIST (2004)
Fingerprint Identification
• Fingerprints remain constant throughout life.
• In over 140 years of fingerprint comparison
worldwide, no two fingerprints have ever been
found to be alike, not even in identical twins.
• Good fingerprint scanners have been installed
in PDAs like the iPaq Pocket PC; so scanner
technology is also easy.
• Requires clean hands.
• Fingerprint identification involves comparing
the pattern of ridges and furrows on the
fingertips, as well as the minutiae points of a
specimen print with a database of prints on file.
Images from
Consumer Guide Products and Elecom
Hand and Finger Geometry
•
Hands and fingers are unique -- but not as
unique as other traits, like fingerprints or irises.
•
Systems that measure hand and finger
geometry use a digital camera and light. A
camera takes one or more pictures of your
hand and the shadow it casts. It uses this
information to determine the length, width,
thickness and curvature of your hand or
fingers.
Strengths and Weaknesses
• Since hands and fingers are less distinctive
than fingerprints or irises, some people are less
likely to feel that the system invades their
privacy.
• However, many people's hands change over
time due to injury, changes in weight or
arthritis.
Photo courtesy IngersollRand
Vein Geometry
• A person's veins are completely unique.
• Many veins are not visible through the skin,
making them extremely difficult to counterfeit
or tamper with. Their shape also changes very
little as a person ages.
• Place your finger, wrist, palm or the back of
your hand on or near the scanner. A camera
takes a digital picture using near-IR light. The
hemoglobin in your blood absorbs the light, so
veins appear black in the picture.
•
Image from HowStuffWorks.com
and Fujitsu
Facial Recognition
• Identix®, a company based in Minnesota, is one of many developers of facial
recognition technology. Its software, FaceIt®, can pick someone's face out of a
crowd, extract the face from the rest of the scene and compare it to a database of
stored images.
• Every face has numerous, distinguishable landmarks,
the different peaks and valleys that make up facial features.
FaceIt defines these landmarks as nodal points.
Each human face has approximately 80 nodal points.
Some of these measured by the software are:
–
–
–
–
–
Distance between the eyes
Width of the nose
Depth of the eye sockets
The shape of the cheekbones
The length of the jaw line
• These nodal points are measured creating a numerical code,
called a faceprint, representing the face in the database.
Photo © Identix Inc.
Iris Scanning
• Iris scanning - uses both visible and near-IR light to take a
clear, high-contrast picture of an iris.
• The iris is a visible but protected structure, and it does
not usually change over time. Most of the time, people's
eyes also remain unchanged after eye surgery, and
blind
people can use iris scanners as long as their
eyes
have irises. Eyeglasses and contact lenses
typically
do not interfere or cause inaccurate readings.
• When you look into an iris scanner, either the camera focuses
automatically or you use a mirror or audible feedback from the
system to make sure that you are positioned correctly. Usually,
your eye is 3 to 10 inches from the camera. When the camera
takes a picture, the computer locates:
– The center of the pupil
– The edge of the pupil
– The edge of the iris
– The eyelids and eyelashes
– It then analyzes the patterns in the iris and translates them into a code.
Photos courtesy Iridian Technologies
Privacy Concerns
• Some people object to biometrics for cultural or religious reasons.
• Others imagine a world in which cameras identify and track them as
they walk down the street, following their activities and buying
patterns without their consent. They wonder whether companies will
sell biometric data the way they sell e-mail addresses and phone
numbers. People may also wonder whether a huge database will
exist somewhere that contains vital information about everyone in
the world, and whether that information would be safe there.
• At this point, however, biometric systems don't have the capability to
store and catalog information about everyone in the world. Most
store a minimal amount of information about a relatively small
number of users. They don't generally store a recording or real-life
representation of a person's traits -- they convert the data into a
code. Most systems also work in only in the one specific place
where they're located, like an office building or hospital. The
information in one system isn't necessarily compatible with others,
although several organizations are trying to standardize biometric
data.
Other Concerns
In addition to the potential for invasions of privacy, critics raise
several concerns about biometrics, such as:
• Over reliance: The perception that biometric systems are
foolproof might lead people to forget about daily, commonsense security practices and to protect the system's data.
• Accessibility: Some systems can't be adapted for certain
populations, like elderly people or people with disabilities.
• Interoperability: In emergency situations, agencies using
different systems may need to share data, and delays can
result if the systems can't communicate with each other.
• Cleanliness: Does the fingerprint scanner or iris scanner
have germs or some debris from previous uses
Electronic Freedom Foundation
Concerns
• Biometric technology is inherently individuating and interfaces
easily to database technology, making privacy violations easier
and more damaging. If we are to deploy such systems, privacy must
be designed into them from the beginning, as it is hard to retrofit
complex systems for privacy.
• Biometric systems are useless without a well-considered threat
model. Before deploying any such system on the national stage, we
must have a realistic threat model, specifying the categories of people
such systems are supposed to target, and the threat they pose in light
of their abilities, resources, motivations and goals. Any such system
will also need to map out clearly in advance how the system is to work,
in both in its successes and in its failures.
• Biometrics are no substitute for quality data about potential risks.
No matter how accurately a person is identified, identification alone
reveals nothing about whether a person is a terrorist. Such information
is completely external to any biometric ID system.
Electronic Freedom Foundation
Concerns
• Biometric identification is only as good as the initial ID. The quality of
the initial "enrollment" or "registration" is crucial. Biometric systems are
only as good as the initial identification, which in any foreseeable system
will be based on exactly the document-based methods of identification
upon which biometrics are supposed to be an improvement. A terrorist with
a fake passport would be issued a US visa with his own biometric attached
to the name on the phony passport. Unless the terrorist A) has already
entered his biometrics into the database, and B) has garnered enough
suspicion at the border to merit a full database search, biometrics won't
stop him at the border.
• Biometric identification is often overkill for the task at hand. It is not
necessary to identify a person (and to create a record of their presence at
a certain place and time) if all you really want to know is whether they're
entitled to do something or be somewhere. When in a bar, customers use
IDs to prove they're old enough to drink, not to prove who they are, or to
create a record of their presence.
Electronic Freedom Foundation
Concerns
• Some biometric technologies are discriminatory.A nontrivial
percentage of the population cannot present suitable features to
participate in certain biometric systems. Many people have fingers that
simply do not "print well." Even if people with "bad prints" represent 1%
of the population, this would mean massive inconvenience and
suspicion for that minority. And scale matters. The INS, for example,
handles about 1 billion distinct entries and exits every year. Even a
seemingly low error rate of 0.1% means 1 million errors, each of which
translates to INS resources lost following a false lead.
• The cost of failure is high. If you lose a credit card, you can cancel it
and get a new one. If you lose a biometric, you've lost it for life. Any
biometric system must be built to the highest levels of data security,
including transmission that prevents interception, storage that prevents
theft, and system-wide architecture to prevent both intrusion and
compromise by corrupt or deceitful agents within the organization
Electronic Freedom Foundation
Concerns
• The chronic, longitudinal capture of biometric data is useful for
surveillance purposes. Biometric systems entail repeat surveillance,
requiring an initial capture and then later captures.
• Another major issue relates to the "voluntariness" of capture.
• Some biometrics, like faces, voices, and fingerprints, are easily
"grabbed."
• Other biometrics, at least under present technology, must be consciously
"given."
• It is difficult, for instance, to capture a scan of a person's retina or to
gather a hand geometry image without the subject's cooperation.
• Easily grabbed biometrics are a problem because people can't control
when they're being put into the system or when they're being tracked.
But even hard-to-grab biometrics involve a trust issue in the biometric
capture device and the overall system architecture.
Electronic Freedom Foundation
Concerns
Tracking
• By far the most significant negative aspect of biometric ID systems
is their potential to locate and track people physically. While many
surveillance systems seek to locate and track, biometric systems
present the greatest danger precisely because they promise
extremely high accuracy. Whether a specific biometric system
actually poses a risk of such tracking depends on how it is designed.
• Why should we care about perfect tracking? EFF believes that
perfect tracking is inimical to a free society. A society in which
everyone's actions are tracked is not, in principle, free. It may be a
livable society, but would not be our society.
• EFF believes that perfect surveillance, even without any deliberate
abuse, would have an extraordinary chilling effect on artistic and
scientific inventiveness and on political expression. This concern
underlies constitutional protection for anonymity, both as an aspect
of First Amendment freedoms of speech and association, and as an
aspect of Fourth Amendment privacy.
Some Current Biometric Initiatives
• Sec. 403(c) of the USA-PATRIOT Act specifically requires the
federal government to "develop and certify a technology standard
that can be used to verify the identity of persons" applying for or
seeking entry into the United States on a U.S. visa "for the purposes
of conducting background checks, confirming identity, and ensuring
that a person has not received a visa under a different name."
• The recently enacted Enhanced Border Security and Visa Entry
Reform Act of 2002, Sec. 303(b)(1), requires that only "machinereadable, tamper-resistant visas and other travel and entry
documents that use biometric identifiers" shall be issued to aliens by
October 26, 2004. The Immigration and Naturalization Service (INS)
and the State Department currently are evaluating biometrics for use
in U.S. border control pursuant to EBSVERA.
Australia
• Smartgate system, linking individuals to
their visas and passports.
• Biometric data are already collected from
some visa applicants by Immigration.
• Australia is the first country to introduce a
Biometrics Privacy Code, which is
established and administered by the
Biometrics Institute.
• Since 2000, user ID cards.
Brazil
• The ID cards are fully digitized using a 2D bar code with information
which can be matched against its owner off-line. The 2D bar code
encodes a color photo, a signature, two fingerprints, and other
citizen data.
• Brazilian citizens will have their signature, photo, and 10 rolled
fingerprints collected during passport requests.
• All of the data is planned to be stored in ICAO E-passport standard. This
allows for contactless electronic reading of the passport content and
Citizens ID verification since fingerprint templates and token facial
images will be available for automatic recognition.
Germany
In May 2005 the Germany approved the implementation of the ePass, a
passport issued to all German citizens which contain biometric
technology. In circulation since Nov. 2005, it contains a chip that holds a
digital photograph and one fingerprint from each hand. A third
biometric identifier – iris scans – could be added at a later stage.
• New requirements for visitors to apply for visas within the country.
The new work visas will also include fingerprinting, iris scanning, and
digital photos.
Iraq
• Biometrics are being used extensively in Iraq to catalog as
many Iraqis as possible providing Iraqis with a verifiable
identification card, immune to forgery.
• Additional information can also be added to each account
record, such as individual personal history. This can help
American forces determine whether someone has been
causing trouble in the past.
• One major system in use in Iraq is called BISA. This
system uses a smartcard and a user's biometrics
(fingerpint, iris, and face photos) to ensure they are
authorized access to a base or facility.
Israel
•
Biometrics have been used extensively in Israel for several years.
•
The border crossing points from Israel to the Gaza Strip and West Bank are
controlled by gates through which authorized Palestinians may pass.
Upwards of 90,000 Palestinians pass through the turnstiles every day to
work in Israel, and each of them has an ID card which has been issued by
the Israeli Military at the registration centers.
•
The ID card is a smartcard with stored biometrics of fingerprints, facial
geometry and hand geometry. In addition there is a photograph printed
on the card and a digital version stored on the smartcard chip.
•
Tel Aviv Ben Gurion Airport has a frequent flyer's fast check-in system which
is based on the use of a smartcard which holds information relating to the
holders hand geometry and fingerprints. For a traveller to pass through the
fast path using the smartcard system takes less than 10 seconds.
•
The Immigration Police at Tel Aviv Airport use a system of registration for
foreign workers that utilizes fingerprint, photograph and facial geometry
which is stored against the Passport details of the individual. There is a
mobile version of this which allows the police to check on an individual's
credentials at any time.
Japan
• Several banks in Japan have adopted palm vein
authentication technology on their ATMs.
• This technology which was developed by Fujitsu,
among other companies, proved to have low
false rejection rate (around 0.01%) and a very
low false acceptance rate (less than 0.00008%).
Here at Home
• The United States government has become a strong advocate of
biometrics with the increase in security concerns since 9/11.
• Starting in 2005, US passports with facial (image-based) biometric data
were scheduled to be produced. Privacy activists in many countries
have criticized the technology's use for the potential harm to civil
liberties, privacy, and the risk of identity theft.
• Currently, there is some apprehension in the United States (and the
European Union) that the information can be "skimmed" and identify
people's citizenship remotely for criminal intent, such as kidnapping.
• There also are technical difficulties currently delaying biometric
integration into passports in the United States, the United Kingdom, and
the rest of the EU. These difficulties include compatibility of reading
devices, information formatting, and nature of content (e.g. the US
currently expect to use only image data, whereas the EU intends to use
fingerprint and image data in their passport RFID biometric chip(s)).
Here at Home
• The speech made by President Bush on May 15, 2006,
live from the Oval Office, was very clear: from now on,
anyone willing to go legally in the United States in order
to work there will be card-indexed and will have to
communicate his fingerprints while entering the country.
• "A key part of that system [for verifying documents and
work eligibility of aliens] should be a new identification
card for every legal foreign worker. This card should use
biometric technology, such as digital fingerprints, to
make it tamper-proof." President George W Bush
(Addresses on Immigration Reform, May 15, 2006)
Here at Home
• The US Department of Defense (DoD) Common Access
Card, is an ID card issued to all US Service personnel
and contractors on US Military sites. This card contains
biometric data and digitized photographs. It also has
laser-etched photographs and holograms to add
security and reduce the risk of falsification. There have
been over 10 million of these cards issued.
Links
• Basics
http://en.wikipedia.org/wiki/Biometrics
• NIST consortia http://www.biometrics.org/
• US Government http://www.biometrics.gov/
• Tech Explained science.howstuffworks.com/biometrics.htm
• More Explained electronics.howstuffworks.com/facial-recognition.htm
• Privacy Concerns http://www.eff.org/wp/biometrics-whos-watching-you
• More basics
http://www.technovelgy.com/ct/TechnologyArticle.asp?ArtNum=13
• 2008 Conference http://www.biometrics.org/BC2008/index.htm
ACLU Pizza
• Click Here
Privacy versus Convenience Analysis
What are the present “reasonable” personal identification requirements?
1. LIGHTNING ROUND !!!!
2. Buying a book from Amazon.com
3. Obtaining a driver’s license
4. Obtaining a license plate for a car
5. Obtaining a mortgage for a house
6. Applying for a job
7. Flying on an airplane
8. Removing $$ from your bank acct.
9. Purchasing gas for your car
10. Registering to vote
11. Voting on election day
12. Ordering a drink at a bar
13. Applying for a fishing license
14. Purchasing a gun
15. Purchasing a house
16. Obtaining unemployment benefits
17. Filing an insurance claim for a damaged car
18. Applying for Medicare/Medicaid payments
19. Purchasing groceries
20. Purchasing clothing
21. Being admitted to a hospital
22. Attending a baseball game at an arena
23. Riding on a train
24. Purchasing stocks and bonds
25. Purchasing cigarettes or alcohol
26. Traveling outside the U.S.
27. Buying life insurance
28. Becoming a U.S. citizen
Workshop Guideline Reminder
1.
2.
3.
4.
Focus on the Topic
Respectful Discussion
One Person Talking at a Time
Strive for a group consensus on
alternative future strategies
Group Impression
of US data privacy today
Complete
Privacy
0
Complete
Transparency
1
2
3 4 5 6 7 8 9 10
Votes
0 0
0
0 0 2
4 2 6 1 3
Tamper-proof Biometric
Identification
2007
Documents
-------------------------------Birth certificate
Driver’s license
Social security card
Credit card
Bank card
Health insurance card
2008 – 2010
PPID Card
----------------------------
Name–signature
Address
Photograph
Finger print
Iris scan
2020 – 2030
Implant
-----------------------------
Name–signature
Address
Photograph
Finger print
Iris scan
DNA
Human genome
Positive Personal Identification
via the 2010 U.S. Census
One innovative solution helps to solve five major problems
A challenge facing the United States is to provide a
comprehensive management process for positive personal
identification (PPID) using tamper-resistant biometrics to greatly
reduce crime, terrorist threats, violation of the immigration
laws, voter fraud, and identity theft.
When every person in the U.S. is fully identified and carries a
tamper-proof biometric identification card from their local
community, criminals will be much less likely to commit crimes.
Positive Personal Identification
via the 2010 U.S. Census
One innovative solution helps to solve five major problems
Initiate PPID management systems in 2008 and 2009 and
have them fully completed by 12/31/2010, as part of the
2010 U.S. Census. All U.S. citizens, all residents of the U.S.
and all visitors will be included in this management process.
Every single citizen, every resident and every visitor
(including children over four years old) will be included in this
comprehensive 2010 U.S. Census process.
Each person will receive a PPID card containing his/her
name, U.S. address, signature, photo, fingerprint, and iris
scan. This will positively identify each U.S. citizen, resident
and visitor. No financial information, social security
number, or driver’s license information will be included
on this PPID card!!! There will be no national data base!!!
(perhaps States Databases?)
Positive Personal Identification
via the 2010 U.S. Census
One innovative solution helps to solve five major problems
The large private sector companies, such as large retailers
like WalMart and Target should be an important part of the
implementation process in 2008.
All registrations for a PPID card will be voluntary in the
early test phases. People who choose not to participate, for
whatever reason, certainly have that right.
As the registration proceeds, the state laws may make the
possession of a PPID card mandatory.
Between now and 12/31/10, as part of the 2010 U.S.
Census, extensive public discussions will be held across
the United States to develop a country-wide consensus.
Positive Personal Identification
via the 2010 U.S. Census
One innovative solution helps to solve five major problems
It can be expected that criminals and law breakers will not
want to be identified with tamper-proof biometric
documentation of their identity, but they need to be, to protect
the rights of all law-abiding citizens, residents and guests.
All criminals in federal and state prisons will also absolutely be
required to have a PPID card as part of the 2010 U.S.
Census.
E-mail for information
Bill Peter, Consultant/Futurist
[email protected]
www.2020and2035.com
Alternative Future Scenarios
Goal: finally select the best three strategies
Potential
Strategies
Likelihood
of Success
(10% to 90%)
Anticipated
Barriers
Potential
Adverse
Consequences
1. WalMart/Target
(combined 8,600 locations and 2.2 million US employees)
2. Google/Microsoft
3. Homeland security
4. State-by-state
5. Independent party
6. U.S. census
7. Do nothing
8.
9.
10.
Example barriers include Cost, Legal Challenges, Time, Political will
Example adverse consequences include Political, Consumer, Employee
backlash
Conclusion