Can Biometric Identification Schemes Help Keep us Safe

1
Can Biometric Identification Schemes Help Keep us
Safe?
Spot the threat?

• Andrew Clement
• Information Policy Research Program
• Faculty of Information Studies
• University of Toronto

Centre for Science Studies Lancaster
University January 20, 2005
2
Tell me something I don't know Vivienne Parry
chooses 10 scientific discoveries we should have
made by the end of 2005 Thursday January 13,
2005 The Guardian

• 7. How effective biometric ID data is (and
  whether it prevents terrorism)
• Hi-tech passports containing biometric data
  are to be introduced in Britain next year, five
  years ahead of the international deadline, so
  that the UK can remain in the US visa waiver
  programme. This requires passports with embedded
  electronic chips containing a log of up to 1,800
  facial characteristics which can be compared
  electronically to those held on an international
  database.
• Failure rates of up to 10 have already
  been reported in the technology and there are
  doubts that the system it will do much more than
  validate the honest. (Life p.9)

3
Overview

• Biometric ID schemes A post-9/11 revival
• How do they work?
• Provide correct identification? Not reliably
• Protect against terrorist threat? No!
• Civil liberties tradeoffs? Premature at best
• Why the push, with no proof? Opportunism
• Needed now? A real public debate!

4
Post 9/11, a flurry of activity

• USA
• National ID card gifts
• Larry Ellison, Oracle Scott McNealy, Sun
• Am. Assoc. of Motor Vehicle Administrators
• De facto national ID card proposal??
• Public hearings
• US Congress, California State Assembly
• Non-Americans first - US VISIT
• Policy laundering via ICAO
• US biometric passport being phased in

5
Post 9/11, a flurry of activity

• Canada

• 80 of Canadians would submit themselves to
  providing fingerprints for a national identity
  card that would be carried on your person at all
  times to show police or security officials on
  request (Globe Mail, Oct. 6, 2001).
• Canadian House of Commons Standing Committee on
  Citizenship and Immigration recommends against
  proceeding with ID card (March 2004)
• PM announces biometric passport just prior to
  Washington visit (April 2004)

6
Post 9/11, a flurry of activity

• UK
• 86 in the UK backed the introduction of some
  form of ID card (2001)
• ID card proposals
• anti-crime (Howard)
• citizen's access (Straw, 1997)
• entitlement (Blunkett, 2002)
• Identity Cards Bill (Nov 2004)
• Facial image, finger print other biometric
  (iris?)
• Passed 2nd Reading (Dec 20)

7
Biometric travel documents

• Smart Borders (Canada-US)
• Common standards for (multiple) biometric
  identifiers (Dec 2001)
• ICAO (International Civil Aviation Organization)
• ... If a state is putting biometrics on its
  travel documents, the incorporation of a facial
  image is mandatory ( May 19, 2003)
• US-VISIT (based on USA PATRIOT Act)
• Digital scans of both index fingers and facial
  image are required of non-Americans (January 5,
  2004)
• Canadian Biometric Passport (for 2005)
• Facial image stored on an embedded chip
• EU Proposed biometric ID
• Finger print and facial image - 'Draft Council
  Regulation on standards for security features and
  biometrics in passports and travel documents
  issued by Member States'.

8
Defining Biometrics

• Biometrics are understood to be
• machine-assisted systems (including all of the
  hardware, software, firmware, and the supporting
  information management and retrieval
  infrastructure)
• used in the process of individuation of human
  beings
• based on surrogates (or images)
• of physical and/or behavioural characteristics
• (Hope-Tindall, 2004).

9
Biometric Basics

• A Biometric system has three basic functions
• Enrolment is the process of establishing a
  template for a particular real world entity
  (Clarke, 1994)
• Authentication involves the one to one (11)
  match of a claimed identity to one in the system
  database. Authentication is a true/false test
  for identity that compares the input at the user
  interface to a specific template
• Identification is the process of recognizing a
  real world entity (Clarke, 1997). Unlike
  authentication where the system checks the new
  input against a single specific template, the
  process of identification requires the system to
  check an unknown to all of the templates in its
  database (1N). Identification, is a specific
  function of biometric systems.

10
Enrollment
Person Image Template
Scan
Encode
0110100100010010
01101 01000 10010
0110100100010010
0101011000110010
0110100100010010
ID token (card, passport)
Database
11
Authentication (11 match)
Person Image Template
Scan
Encode
0110100100010010
Match?
NO
YES
0110100100010010
Are you who you claim you are ?
01101 01000 10010
ID token
12
Identification (1N search)
Person Image Template
Scan
Encode
0110100100010010
Match?
NO (not found)
YES (found)
0110100100010010
Who are you? Are you in our database?
0110100100010010
0101011000110010
0110100100010010
Database
13
Comparing the 3 main biometrics
Chosen by ICAO as the international standard for
passports (?!?)
Adapted from OECD (Hope-Tindall, 2004). 1N
the suitability of the current technology to
reliably perform processes of identification.
14
HumanID at a Distance
http//infowar.net/tia/www.darpa.mil/iao/HID.htm
15
Biometric ID scheme processes

• Population registration
• Biometric sample taken, stored and compared
• ID token issued/denied, based on existing records
• Data-matching and profiling
• Ongoing, behind the scenes
• Data gathering database linkages
• Individual Authentication/Identification (at
  control points)
• Identity match between body and ID token
• Database checks (personal data, watch list)
• Request denied or approved

16
Not so fast!

• Serious and sustained analysis and discussion
  of the complex issues presented by national
  identity systems are needed. Understanding the
  goals of such a system is a primary
  consideration.
• IDs Not That Easy
• U.S. National Academy of Sciences Committee on
  Authentication Technologies and Their Privacy
  Implications (2002)

17
Enhanced post 9/11 security is the principal
rationale. But will this work? Can a biometric
ID/passport meet its (implied) promises?

• Securely and reliably identify everyone?
• Intercept potential 9/11 attackers?

18
1. Securely and reliably identify everyone?

• A. The biometrics component
• Immature technology
• Varied results, depending on conditions
• Especially automated facial recognitions
  inadequacies
• Lack of public, operational testing
• comparing the performance of biometric systems
  is difficult due to the lack of transparent
  publicly available independent reports (OECD,
  04)
• Inherent biometric limits
• False positives versus false negatives
• E.g. Brandon Mayfield
• Varying or missing bio features
• Masquerade, deceptions

19
1. Securely and reliably identify everyone?

• B. The rest of the identification apparatus
• Unreliable, inscrutable, vulnerable data systems
• e.g. No-fly, watch lists (T.Kennedy, Y Islam, M.
  Arar)
• Insecure, unreliable base documentation
• The weakest link?

20
What about these guys?
?
?
Ted Kennedy Yusuf Islam
(aka Cat Stevens)
21
And these?
?
?
Maher Arar Ahmed Ressam
(aka Millenium Bomber
22
Which 9/11 attackers would be stopped?
American Airlines 11
?
?
?
?
?
American Airlines 77
?
?
?
?
?
United Airlines 93
?
?
?
?
United Airlines 175
?
?
?
?
?
23
2. Intercept 9/11 attackers?

• Everyone with a clean record passes
• Most 9/11 attackers had NO record of suspicion
• Terrorist training manual fit in as normal
• Can repeatedly test screening system, then only
  need to pass once!
• The positive identification of individuals does
  not equate to trustworthiness or lack of criminal
  intent. (emphasis in original)
• (Ben Shneiderman, USACM testimony at the
  Congressional Hearings on National Identification
  Card Systems, Nov 2001)

24
Security is NOT mainly about biometrics or even
identification more generally!A biometric
ID/passport would NOT be effective as a
protective measure. risks false sense of
security incurs great costs
25
What about our civil liberties?

• Many serious threats to civil liberties from such
  schemes
• False suspicion gt arrest, ..
• Ethnic and racial profiling
• Massive surveillance apparatus,cope creep
• In the absence of a convincing case that the
  security measures would be effective, the
  burden of proof should be on scheme promoters,
  not civil liberty advocates
• Discussing pre-maturely possible civil liberty
  tradeoffs, concedes a fundamental point, and may
  unnecessarily weaken liberties.

26
In the absence (impossibility) of a strong case,
why the push to biometric ID/passports?

• A combination of
• Frightened, willing, uniformed, superstitious?
  public
• Superficial comfort of high tech identity proof
• Shared security worldview on mass identity
  management (by IT experts, public safety,
  administrative apparatus)
• IT/biometric industry (self-)promotion
• Imperial manipulative reach
• Political expediency
• Compliant news media
• Dis-connected academic research
• Fledgling civil society advocacy movement

27
We do need a public debate!

• Proponents of such a (NIDS) system should be
  required to present a very compelling case.
• (National Academy of Science, 2002)
• Very high stakes, but
• No clear explication of any proposed scheme
• Little political interest
• Limited opportunity for public input

28
What should a public debate over biometric
ID/passports look like?

• Full public disclosure
• Honest discussion of threats and risks
• Identify clear purposes and justification
• Distinction between security, administrative
  and entitlement purposes
• Background studies accessible to public,
  including alternatives and privacy impact
  assessments
• Burden of proof resting with the promoters
• Removal of civil liberties tradeoff threat
• Adequate time frames (years, not weeks)
• Transparent, accountable, facilitated process
• Authentic, linked to action

29
Further information

• Privacy International http//www.privacyinternatio
  nal.org/
• Computer Professionals for Social Responsibility
  (CPSR) http//www.cpsr.org
• Electronic Privacy Information Centre (EPIC)
  http//www.epic.org/
• Information Policy Research Program (IPRP)
• http//www.fis.utoronto.ca/research/iprp

30
References

• Clement, A., Guerra, R, Johnson, J., Stalder,
  F. National Identification Schemes (NIDS) A
  Remedy Against Terrorist Attack? Proceedings of
  the Sixth Conference on Human Choice and
  Computers HCC6, IFIP World Computer Congress,
  Kluwer, Dordrecht, Netherlands,2002, pp 195-205
• The UK Identity Card proposals, Privacy
  Internationals background and analysis of the
  scheme http//www.privacyinternational.org/issues/
  idcard/uk/id-card-review-1204.pdf
• Roger Clarke, Biometrics and Privacy 2001
  http//www.anu.edu.au/people/Roger.Clarke/DV/Biome
  trics.html