UK: Bye-Bye Biometrics

I missed this during the summer lull, but that handy invention, Twitter (in the form of Oliver Morton), has alerted me to this stunning take-down of the UK's Identity & Passport Service's plans to place biometric systems at the heart of its service:

Here at the end of the review, the adventitious question arises of why do politicians and civil servants all over the world continue to advocate the use of biometrics when the evidence simply doesn’t support them? There is no answer. Their behaviour is inexplicable.

One thing is clear, though, and that is that biometrics cannot deliver. Identification is not feasible. Verification is laughably unreliable. And the flat earther David Blunkett is wrong. So is Tony Blair when he says that “biometrics give us the chance to have secure identity”. And so is Gordon Brown when he says that biometrics “will make it possible to securely link an individual to a unique identity”.

The scale of the institutional fantasy which constitutes the NIS is grotesque. Biometrics cannot underpin the NIS and so, by IPS’s logic, the NIS cannot underpin the “interactions and transactions between individuals, public services and businesses”. Safeguarding Identity is a false prospectus – no properly managed stock exchange would allow its shares to be listed. The NIS is guaranteed to fail.

Assuming the many figures quoted in this detailed analysis are correct - and I have no reason to doubt that they are - I feel positively cheerful at the prospect of the total and utter collapse of this ill-advised and ill-thought-out scheme. It seems that the awesome laws of physics, if nothing else, will protect us against the awful laws of this demented and delusional government.

ID Cards Get Idiotically Insecure

Remember how those magic ID cards would provide strong forms of identity, thus protecting us against terrorists, people traffickers et al.? Well, those plans have been watered-down, somewhat:

High street chemists, post offices and photo shops are to be used to record the electronic fingerprints and other biometric data needed for the national identity card scheme, the home secretary, Jacqui Smith, is to announce today.

The decision to use high street shops sidesteps the need for the Home Office to set up a network of enrolment centres with mobile units to operate in rural areas.

Well, yes, it will save money, but it will also blast security holes through the entire scheme. Without rigorous oversight, it will be much easier to create fake ID cards - just what all those nasty terrorists, people traffickers and other ne'er-do-wells need. Which goes to show that the government isn't interested in increasing our security, just in gaining even greater control over us - and security go hang.

Uncle Brucie Frightens Me

Eek:

Measures such as ID cards are a temporary measure before biometric technology becomes ubiquitous; That was the warning from security guru Bruce Schneier this week who claims that surveillance technology will get more sophisticated and, more importantly, smaller and harder to detect. "We live in a very unique time in our society. The cameras are everywhere and you can still see them," said Schneier, BT's chief security technology officer. "Five years ago they weren't everywhere, five years from now you are not going to see them."

...

Biometric technologies such as face recognition, or systems based on a particular type of mobile phone owned or even clothes, may also be used for identity checks. The increase in background ID checks means that the current debate around national ID cards in the UK is only a short-term issue, according to Schneier. "I know there are debates on ID cards everywhere but in a lot of ways, they are only very temporary. They are only a temporary solution till biometrics takes over," he said.

Eventually, even airports won't actually require people to show ID, as the checks will just happen in the background while you queue for check-in or move through the terminal. "When you walk into the airport they will know who you are. You won't have to show an ID – why bother? They can process you quicker," he said.

More on Labour's Data Delusion

And so it goes on:

Every police force in the UK is to be equipped with mobile fingerprint scanners - handheld devices that allow police to carry out identity checks on people in the street.

The new technology, which ultimately may be able to receive pictures of suspects, is likely to be in widespread use within 18 months. Tens of thousands of sets - as compact as BlackBerry smartphones - are expected to be distributed.

The police claim the scheme, called Project Midas, will transform the speed of criminal investigations. A similar, heavier machine has been tested during limited trials with motorway patrols.

To address fears about mass surveillance and random searches, the police insist fingerprints taken by the scanners will not be stored or added to databases.

Yeah, pull the other one. The point is, given the current government's mentality that more is better, it is inevitable that these prints will be added. The irony is, this will actually make the system *less* useful.

To see why, consider what happens if there is a 1 in 100,000,000 chance of false positives using these new units. Suppose there are 1,000,000 fingerprints on the database: that means after 100 checks, there is likely to be a false match - bad enough. But now consider what happens when all these other fingerprints, obtained at random, are added, and the database increases to 10,000,000: a false positive will be obtained after every *10* checks on average. In other words, the more prints there are on the database, the worse the false positive rate becomes because of the unavoidable errors in biometrics.

This back of the envelope calculation also shows the way forward for biometric checks - of all kinds, since they are all subject to the same scaling problem. The government should aim to *reduce* the number of files it holds, but ensure that they are the ones that they are most interested in/concerned about. In other words, try to cut the database down to 100,000, say, but make sure they are *right* 100,000, not just random members of the public.

It's clear that the reason for Labour's data delusion is that it doesn't understood the technology that it is seeking to apply. In particular, it doesn't understand that the error rate sets a limit on the useful size of such databases. Super-duper databases are simply super stupid.

Hear, Hear...Here, Here

A fine, impassioned tirade here from Cory Doctorow about ID cards - now being rolled out to people like him - and how Labour has killed liberty in this country:

Many of my British friends act as if I'm crazy when I say that we must defeat Labour in the next election. We're all good lefties, and a vote for the LibDems is considered tantamount to handing the country over to the Tories. But what could the Tories do that would trump what Labour has made of the country? The Labour Party has made a police state with a melting economy, a place where rampant xenophobia makes foreigners less and less welcome -- where we are made to hand over our biometrics and carry papers as we conduct our lawful business. The only mainstream party to speak out against this measure is the LibDems, and they will have my vote.

To my friends, I say this: your Labour Party has taken my biometrics and will force me to carry the papers my grandparents destroyed when they fled the Soviet Union. In living memory, my family has been chased from its home by governments whose policies and justification the Labour Party has aped. Your Labour Party has made me afraid in Britain, and has made me seriously reconsider my settlement here. I am the father of a British citizen and the husband of a British citizen. I pay my tax. I am a natural-born citizen of the Commonwealth. The Labour Party ought not to treat me -- nor any other migrant -- in a way that violates our fundamental liberties. The Labour Party is unmaking Britain, turning it into the surveillance society that Britain's foremost prophet of doom, George Orwell, warned against. Labour admits that we migrants are only the first step, and that every indignity that they visit upon us will be visited upon you, too. If you want to live and thrive in a free country, you must defend us too: we must all hang together, or we will surely hang separately.

This is an issue beyond politics: if the only way to destroy the cancer is by destroying Labour in its current form, so be it.

Our Chains Will Make Us Free

How Orwellian is this:

UK Prime Minister Gordon Brown has defended the apparatus of the UK's emerging surveillance society as the means to bring liberty to the people.

Britain's infamous identity cards, CCTV, biometrics and DNA scanners will make people more free by making them more secure, he said yesterday in defence of his security strategy.

Brown has seriously lost it.

Of Lost IDs, ID Cards and Biometric IDiocy

One of the many outrageous aspects of the recent loss by HMRC of crucial data about half the UK population is how the UK government immediately tried to spin this as a reason why we needed ID cards. This follows in a long and dishonourable tradition in this country whereby every failure by the police to catch terrorists/criminals using their extensive powers of surveillance is turned into a justification for giving them even more such powers, when it ought to mean the opposite.

Fortunately a crushing refutation of the faulty logic behind the ID card argument has now been provided by some top academic security expects, who write:

biometric checks at the time of usage do not of themselves make any difference whatsoever to the possibility of the type of disaster that has just occurred at HMRC. This type of data leakage, which occurs regularly across Government, will continue to occur until there is a radical change in the culture both of system designer and system users. The safety, security and privacy of personal data has to become the primary requirement in the design, implementation, operation and auditing of systems of this kind.

The inclusion of biometric data in one's NIR record would make such a record even more valuable to fraudsters and thieves as it would - if leaked or stolen - provide the 'key' to all uses of that individual's biometrics (e.g. accessing personal or business information on a laptop, biometric access to bank accounts, etc.) for the rest of his or her life. Once lost, it would be impossible to issue a person with new fingerprints. One cannot change one's fingers as one can a bank account.

(Via The Reg.)

Infoethics, Open Access, ODF and Open Source

Now here's something you might not expect from UNESCO every day:

The Infoethics Survey of Emerging Technologies prepared by the NGO Geneva Net Dialogue at the request of UNESCO aims at providing an outlook to the ethical implications of future communication and information technologies. The report further aims at alerting UNESCO’s Member States and partners to the increasing power and presence of emerging technologies and draws attention to their potential to affect the exercise of basic human rights. Perhaps as its most salient deduction, the study signals that these days all decision makers, developers, the corporate scholar and users are entrusted with a profound responsibility with respect to technological developments and their impact on the future orientation of knowledge societies.

It touches on a rather motley bunch of subjects, including the semantic Web, RFID, biometrics and mesh networking. But along the way it says some sensible things:

One primary goal of infoethics is to extend the public domain of information; that is, to define an illustrative set of knowledge, information, cultural and creative works that should be made available to every person.

Even more surprising, to me at least, was this suggestion:

UNESCO should meanwhile support open standards and protocols that are generated through democratic processes not dominated by large corporations.

The use of OpenDocument Format and other open formats should also be encouraged as they help mitigate lock-in to certain technologies. Other initiatives to consider include pursuing free and open software, as well as the “Roadmap for Open ICT Ecosystems” developed last year.

(Via Heise Online.)

Tony's Message from the Gods

Iris is one of the messengers of the gods. Project Iris is a UK border biometric control system. Make that a failed UK border biometric control system:

An evaluation of the Home Office scheme to operate border controls via iris recognition "pretty much fails" Project Iris, according to Tory MP Ben Wallace. Wallace has been doggedly pursuing the results of the evaluation since autumn 2005, and these were quietly placed in the House of Commons library in late December. They reveal, according to Wallace, that Project Iris "failed half its assessments."

I think there's a message here for Tone and his ID card, one of whose utterly foolproof biometric control systems was, er, iris recognition.