Presentation on theme: "Positive Personal Identification A Comprehensive Systems Analysis Workshop Presented to the Minnesota Futurists June 7, 2008 Bill Peter & David Keenan."— Presentation transcript:
Positive Personal Identification A Comprehensive Systems Analysis Workshop Presented to the Minnesota Futurists June 7, 2008 Bill Peter & David Keenan
Comprehensive Systems Analysis Workshop 10:00am Global Review of Biometric ID technology - Dave Keenan 10:15am Special video presentation from the ACLU (and discussion) 10:25am Workshop on alternative futures for “Tamper-proof Biometric Personal ID” - Bill Peter 11:30am Door Prizes 11:35am Reflections on the workshop approach - Group 11:45am Departure
Biometrics Measurement of living systems Currently – the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. Our Context –We will concentrate our attention on biometric systems for positive personal identification
Classification of some biometric traits Two main classes Physiological - related to the shape of the body –Fingerprints used >100 years –Palm prints –Hand geometry –Hand veins –Iris recognition –Retina scan –Ear canal –Face recognition –Facial thermogram –DNA Behavioral - related to the behavior of a person. –Signature –Keystroke dynamics –Voice
Components of a Biometric System A sensor that detects the characteristic being used for identification A computer that reads and stores the information Software that analyzes the characteristic, translates it into a graph or code and performs the actual comparisons
State of the Art of Biometric Recognition Systems
Fingerprint Identification Fingerprints remain constant throughout life. In over 140 years of fingerprint comparison worldwide, no two fingerprints have ever been found to be alike, not even in identical twins. Good fingerprint scanners have been installed in PDAs like the iPaq Pocket PC; so scanner technology is also easy. Requires clean hands. Fingerprint identification involves comparing the pattern of ridges and furrows on the fingertips, as well as the minutiae points of a specimen print with a database of prints on file. Images from Consumer Guide Products and Elecom
Hand and Finger Geometry Hands and fingers are unique -- but not as unique as other traits, like fingerprints or irises. Systems that measure hand and finger geometry use a digital camera and light. A camera takes one or more pictures of your hand and the shadow it casts. It uses this information to determine the length, width, thickness and curvature of your hand or fingers. Strengths and Weaknesses Since hands and fingers are less distinctive than fingerprints or irises, some people are less likely to feel that the system invades their privacy. However, many people's hands change over time due to injury, changes in weight or arthritis. Photo courtesy Ingersoll- Rand
Vein Geometry A person's veins are completely unique. Many veins are not visible through the skin, making them extremely difficult to counterfeit or tamper with. Their shape also changes very little as a person ages. Place your finger, wrist, palm or the back of your hand on or near the scanner. A camera takes a digital picture using near-IR light. The hemoglobin in your blood absorbs the light, so veins appear black in the picture. Image from HowStuffWorks.com and Fujitsu
Iris Scanning Iris scanning - uses both visible and near-IR light to take a clear, high-contrast picture of an iris. The iris is a visible but protected structure, and it does not usually change over time. Most of the time, people's eyes also remain unchanged after eye surgery, and blind people can use iris scanners as long as their eyes have irises. Eyeglasses and contact lenses typically do not interfere or cause inaccurate readings. When you look into an iris scanner, either the camera focuses automatically or you use a mirror or audible feedback from the system to make sure that you are positioned correctly. Usually, your eye is 3 to 10 inches from the camera. When the camera takes a picture, the computer locates: – The center of the pupil – The edge of the pupil – The edge of the iris – The eyelids and eyelashes – It then analyzes the patterns in the iris and translates them into a code. Photos courtesy Iridian Technologies
Privacy Concerns Some people object to biometrics for cultural or religious reasons. Others imagine a world in which cameras identify and track them as they walk down the street, following their activities and buying patterns without their consent. They wonder whether companies will sell biometric data the way they sell e-mail addresses and phone numbers. People may also wonder whether a huge database will exist somewhere that contains vital information about everyone in the world, and whether that information would be safe there. At this point, however, biometric systems don't have the capability to store and catalog information about everyone in the world. Most store a minimal amount of information about a relatively small number of users. They don't generally store a recording or real-life representation of a person's traits -- they convert the data into a code. Most systems also work in only in the one specific place where they're located, like an office building or hospital. The information in one system isn't necessarily compatible with others, although several organizations are trying to standardize biometric data.
Other Concerns In addition to the potential for invasions of privacy, critics raise several concerns about biometrics, such as: Over reliance: The perception that biometric systems are foolproof might lead people to forget about daily, common- sense security practices and to protect the system's data. Accessibility: Some systems can't be adapted for certain populations, like elderly people or people with disabilities. Interoperability: In emergency situations, agencies using different systems may need to share data, and delays can result if the systems can't communicate with each other. Cleanliness: Does the fingerprint scanner or iris scanner have germs or some debris from previous uses
Electronic Freedom Foundation Concerns Biometric technology is inherently individuating and interfaces easily to database technology, making privacy violations easier and more damaging. If we are to deploy such systems, privacy must be designed into them from the beginning, as it is hard to retrofit complex systems for privacy. Biometric systems are useless without a well-considered threat model. Before deploying any such system on the national stage, we must have a realistic threat model, specifying the categories of people such systems are supposed to target, and the threat they pose in light of their abilities, resources, motivations and goals. Any such system will also need to map out clearly in advance how the system is to work, in both in its successes and in its failures. Biometrics are no substitute for quality data about potential risks. No matter how accurately a person is identified, identification alone reveals nothing about whether a person is a terrorist. Such information is completely external to any biometric ID system.
Electronic Freedom Foundation Concerns Biometric identification is only as good as the initial ID. The quality of the initial "enrollment" or "registration" is crucial. Biometric systems are only as good as the initial identification, which in any foreseeable system will be based on exactly the document-based methods of identification upon which biometrics are supposed to be an improvement. A terrorist with a fake passport would be issued a US visa with his own biometric attached to the name on the phony passport. Unless the terrorist A) has already entered his biometrics into the database, and B) has garnered enough suspicion at the border to merit a full database search, biometrics won't stop him at the border. Biometric identification is often overkill for the task at hand. It is not necessary to identify a person (and to create a record of their presence at a certain place and time) if all you really want to know is whether they're entitled to do something or be somewhere. When in a bar, customers use IDs to prove they're old enough to drink, not to prove who they are, or to create a record of their presence.
Electronic Freedom Foundation Concerns Some biometric technologies are discriminatory.A nontrivial percentage of the population cannot present suitable features to participate in certain biometric systems. Many people have fingers that simply do not "print well." Even if people with "bad prints" represent 1% of the population, this would mean massive inconvenience and suspicion for that minority. And scale matters. The INS, for example, handles about 1 billion distinct entries and exits every year. Even a seemingly low error rate of 0.1% means 1 million errors, each of which translates to INS resources lost following a false lead. The cost of failure is high. If you lose a credit card, you can cancel it and get a new one. If you lose a biometric, you've lost it for life. Any biometric system must be built to the highest levels of data security, including transmission that prevents interception, storage that prevents theft, and system-wide architecture to prevent both intrusion and compromise by corrupt or deceitful agents within the organization
Electronic Freedom Foundation Concerns The chronic, longitudinal capture of biometric data is useful for surveillance purposes. Biometric systems entail repeat surveillance, requiring an initial capture and then later captures. Another major issue relates to the "voluntariness" of capture. Some biometrics, like faces, voices, and fingerprints, are easily "grabbed." Other biometrics, at least under present technology, must be consciously "given." It is difficult, for instance, to capture a scan of a person's retina or to gather a hand geometry image without the subject's cooperation. Easily grabbed biometrics are a problem because people can't control when they're being put into the system or when they're being tracked. But even hard-to-grab biometrics involve a trust issue in the biometric capture device and the overall system architecture.
Electronic Freedom Foundation Concerns Tracking By far the most significant negative aspect of biometric ID systems is their potential to locate and track people physically. While many surveillance systems seek to locate and track, biometric systems present the greatest danger precisely because they promise extremely high accuracy. Whether a specific biometric system actually poses a risk of such tracking depends on how it is designed. Why should we care about perfect tracking? EFF believes that perfect tracking is inimical to a free society. A society in which everyone's actions are tracked is not, in principle, free. It may be a livable society, but would not be our society. EFF believes that perfect surveillance, even without any deliberate abuse, would have an extraordinary chilling effect on artistic and scientific inventiveness and on political expression. This concern underlies constitutional protection for anonymity, both as an aspect of First Amendment freedoms of speech and association, and as an aspect of Fourth Amendment privacy.
Some Current Biometric Initiatives Sec. 403(c) of the USA-PATRIOT Act specifically requires the federal government to "develop and certify a technology standard that can be used to verify the identity of persons" applying for or seeking entry into the United States on a U.S. visa "for the purposes of conducting background checks, confirming identity, and ensuring that a person has not received a visa under a different name." The recently enacted Enhanced Border Security and Visa Entry Reform Act of 2002, Sec. 303(b)(1), requires that only "machine- readable, tamper-resistant visas and other travel and entry documents that use biometric identifiers" shall be issued to aliens by October 26, 2004. The Immigration and Naturalization Service (INS) and the State Department currently are evaluating biometrics for use in U.S. border control pursuant to EBSVERA.
Australia Smartgate system, linking individuals to their visas and passports. Biometric data are already collected from some visa applicants by Immigration. Australia is the first country to introduce a Biometrics Privacy Code, which is established and administered by the Biometrics Institute.
Brazil Since 2000, user ID cards. The ID cards are fully digitized using a 2D bar code with information which can be matched against its owner off-line. The 2D bar code encodes a color photo, a signature, two fingerprints, and other citizen data. Brazilian citizens will have their signature, photo, and 10 rolled fingerprints collected during passport requests. All of the data is planned to be stored in ICAO E-passport standard. This allows for contactless electronic reading of the passport content and Citizens ID verification since fingerprint templates and token facial images will be available for automatic recognition.
Germany In May 2005 the Germany approved the implementation of the ePass, a passport issued to all German citizens which contain biometric technology. In circulation since Nov. 2005, it contains a chip that holds a digital photograph and one fingerprint from each hand. A third biometric identifier – iris scans – could be added at a later stage. New requirements for visitors to apply for visas within the country. The new work visas will also include fingerprinting, iris scanning, and digital photos.
Iraq Biometrics are being used extensively in Iraq to catalog as many Iraqis as possible providing Iraqis with a verifiable identification card, immune to forgery. Additional information can also be added to each account record, such as individual personal history. This can help American forces determine whether someone has been causing trouble in the past. One major system in use in Iraq is called BISA. This system uses a smartcard and a user's biometrics (fingerpint, iris, and face photos) to ensure they are authorized access to a base or facility.
Israel Biometrics have been used extensively in Israel for several years. The border crossing points from Israel to the Gaza Strip and West Bank are controlled by gates through which authorized Palestinians may pass. Upwards of 90,000 Palestinians pass through the turnstiles every day to work in Israel, and each of them has an ID card which has been issued by the Israeli Military at the registration centers. The ID card is a smartcard with stored biometrics of fingerprints, facial geometry and hand geometry. In addition there is a photograph printed on the card and a digital version stored on the smartcard chip. Tel Aviv Ben Gurion Airport has a frequent flyer's fast check-in system which is based on the use of a smartcard which holds information relating to the holders hand geometry and fingerprints. For a traveller to pass through the fast path using the smartcard system takes less than 10 seconds. The Immigration Police at Tel Aviv Airport use a system of registration for foreign workers that utilizes fingerprint, photograph and facial geometry which is stored against the Passport details of the individual. There is a mobile version of this which allows the police to check on an individual's credentials at any time.
Japan Several banks in Japan have adopted palm vein authentication technology on their ATMs. This technology which was developed by Fujitsu, among other companies, proved to have low false rejection rate (around 0.01%) and a very low false acceptance rate (less than 0.00008%).
Here at Home The United States government has become a strong advocate of biometrics with the increase in security concerns since 9/11. Starting in 2005, US passports with facial (image-based) biometric data were scheduled to be produced. Privacy activists in many countries have criticized the technology's use for the potential harm to civil liberties, privacy, and the risk of identity theft. Currently, there is some apprehension in the United States (and the European Union) that the information can be "skimmed" and identify people's citizenship remotely for criminal intent, such as kidnapping. There also are technical difficulties currently delaying biometric integration into passports in the United States, the United Kingdom, and the rest of the EU. These difficulties include compatibility of reading devices, information formatting, and nature of content (e.g. the US currently expect to use only image data, whereas the EU intends to use fingerprint and image data in their passport RFID biometric chip(s)).
Here at Home The speech made by President Bush on May 15, 2006, live from the Oval Office, was very clear: from now on, anyone willing to go legally in the United States in order to work there will be card-indexed and will have to communicate his fingerprints while entering the country. "A key part of that system [for verifying documents and work eligibility of aliens] should be a new identification card for every legal foreign worker. This card should use biometric technology, such as digital fingerprints, to make it tamper-proof." President George W Bush (Addresses on Immigration Reform, May 15, 2006)
Here at Home The US Department of Defense (DoD) Common Access Card, is an ID card issued to all US Service personnel and contractors on US Military sites. This card contains biometric data and digitized photographs. It also has laser-etched photographs and holograms to add security and reduce the risk of falsification. There have been over 10 million of these cards issued.
Links Basics http://en.wikipedia.org/wiki/Biometrics NIST consortia http://www.biometrics.org/ US Government http://www.biometrics.gov/ Tech Explained science.howstuffworks.com/biometrics.htm More Explained electronics.howstuffworks.com/facial-recognition.htm Privacy Concerns http://www.eff.org/wp/biometrics-whos-watching-you More basics http://www.technovelgy.com/ct/Technology- Article.asp?ArtNum=13 2008 Conference http://www.biometrics.org/BC2008/index.htm
Privacy versus Convenience Analysis What are the present “reasonable” personal identification requirements? 1.LIGHTNING ROUND !!!! 2.Buying a book from Amazon.com 3.Obtaining a driver’s license 4.Obtaining a license plate for a car 5.Obtaining a mortgage for a house 6.Applying for a job 7.Flying on an airplane 8.Removing $$ from your bank acct. 9.Purchasing gas for your car 10. Registering to vote 11. Voting on election day 12. Ordering a drink at a bar 13. Applying for a fishing license 14. Purchasing a gun 15.Purchasing a house 16.Obtaining unemployment benefits 17.Filing an insurance claim for a damaged car 18.Applying for Medicare/Medicaid payments 19.Purchasing groceries 20.Purchasing clothing 21.Being admitted to a hospital 22.Attending a baseball game at an arena 23.Riding on a train 24.Purchasing stocks and bonds 25.Purchasing cigarettes or alcohol 26.Traveling outside the U.S. 27.Buying life insurance 28.Becoming a U.S. citizen
Workshop Guideline Reminder 1.Focus on the Topic 2.Respectful Discussion 3.One Person Talking at a Time 4.Strive for a group consensus on alternative future strategies
Group Impression of US data privacy today Complete PrivacyTransparency 0 1 2 3 4 5 6 7 8 9 10 Votes 0 0 0 0 0 2 4 2 6 1 3
Tamper-proof Biometric Identification 2007 2008 – 2010 2020 – 2030 Documents PPID Card Implant -------------------------------- ---------------------------- ----------------------------- Birth certificate Driver’s license Social security card Credit card Bank card Health insurance card Name–signature Name–signature Address Address Photograph Photograph Finger print Finger print Iris scan Iris scan DNA Human genome
Positive Personal Identification via the 2010 U.S. Census One innovative solution helps to solve five major problems A challenge facing the United States is to provide a comprehensive management process for positive personal identification (PPID) using tamper-resistant biometrics to greatly reduce crime, terrorist threats, violation of the immigration laws, voter fraud, and identity theft. When every person in the U.S. is fully identified and carries a tamper-proof biometric identification card from their local community, criminals will be much less likely to commit crimes.
Positive Personal Identification via the 2010 U.S. Census One innovative solution helps to solve five major problems Initiate PPID management systems in 2008 and 2009 and have them fully completed by 12/31/2010, as part of the 2010 U.S. Census. All U.S. citizens, all residents of the U.S. and all visitors will be included in this management process. Every single citizen, every resident and every visitor (including children over four years old) will be included in this comprehensive 2010 U.S. Census process. Each person will receive a PPID card containing his/her name, U.S. address, signature, photo, fingerprint, and iris scan. This will positively identify each U.S. citizen, resident and visitor. No financial information, social security number, or driver’s license information will be included on this PPID card!!! There will be no national data base!!! (perhaps States Databases?)
Positive Personal Identification via the 2010 U.S. Census One innovative solution helps to solve five major problems The large private sector companies, such as large retailers like WalMart and Target should be an important part of the implementation process in 2008. All registrations for a PPID card will be voluntary in the early test phases. People who choose not to participate, for whatever reason, certainly have that right. As the registration proceeds, the state laws may make the possession of a PPID card mandatory. Between now and 12/31/10, as part of the 2010 U.S. Census, extensive public discussions will be held across the United States to develop a country-wide consensus.
Positive Personal Identification via the 2010 U.S. Census One innovative solution helps to solve five major problems It can be expected that criminals and law breakers will not want to be identified with tamper-proof biometric documentation of their identity, but they need to be, to protect the rights of all law-abiding citizens, residents and guests. All criminals in federal and state prisons will also absolutely be required to have a PPID card as part of the 2010 U.S. Census. E-mail for information firstname.lastname@example.org Bill Peter, Consultant/Futurist www.2020and2035.com
Alternative Future Scenarios Goal: finally select the best three strategies Potential Likelihood Anticipated Potential Strategies of Success Barriers Adverse (10% to 90%) Consequences 1. WalMart/Target (combined 8,600 locations and 2.2 million US employees) 2. Google/Microsoft 3. Homeland security 4. State-by-state 5. Independent party 6. U.S. census 7. Do nothing 8. Example barriers include Cost, Legal Challenges, Time, Political will Example adverse consequences include Political, Consumer, Employee 9. backlash 10.