August 2012

Africa, Canada, elections, Kenya, procurement, vote, voter

Kenya Biometric Election Registration Update

The Kenya biometric voter initiative is still lurching along…

The big update is that there will be an update.

Kenya: State to Give Voter Kit Update, Says Eugene (The Star – Nairobi via All Africa)

Justice minister Eugene Wamalwa said the update will be made after a stakeholders’ meeting to be held before the end of this week.

He said the tender was expected to be complete “soon as possible” to enable the Independent Electoral and Boundaries Commission start voter registration in readiness for the next year’s general election. This statement is expected before Friday.

“I can comment about which company will be given the award since its the Canadian who will determine the winner of the tender,” said Wamalwa. Canadian firm, Code Inc, which was involved in the pilot BVR project of 18 constituencies in Kenya before the 2010 referendum is also among those said to be considered for the tender.

I think he means he “can’t comment.” It’s the only way the rest of the sentence makes sense.

See also: Strange Things Afoot in Kenya Biometric Voter Registration Procurement, which ends with this summary chronology…

1. IEBC solicits proposals

2. IEBC narrows list to four providers

3. For whatever reason, IEBC can’t choose among them.

4. IEBC cancels the project foreclosing any recourse to the bidders who followed the IEBC’s instructions.

5. Hilary Clinton offers Kenya free biometric registration kits.

6. IEBC rejects the offer citing (unstated) political implications that would have arisen from such a donation, and a lack of time to complete the process.

7. IEBC makes a request of the Cabinet to acquire biometric registration kits through a government to government arrangement (Ghana, perhaps. UPDATE: It turns out to be Canada).

8. Laws will be changed to ensure that there’s enough time.

9. Vendors scratch heads.

10. Still, nobody is sure where the kits will come from.

Since then, Kenya has received a KES 5.4B interest free loan from Canadian government.

4,600,000,000.00 KES
=
54,534,677.93 USD
1 KES = 0.0118554 USD
1 USD = 84.3500 KES

The government of Kenya has outsourced all decision making about the procurement to the Canadians, the political implications in point 6 above apparently mitigated.

credit card, government, ID assurance, ID management, payments

Biometrics and the Future of Payments

One of these two articles talks about payments to the individual from a source of income, the other talks about payments from an individual to a retail establishment — in this case a convenience store. The organizations on both sides of the individual envision adopting biometric identity management techniques as a growing part of payment authentication.

MasterCard notes growing trend in Govt Adoption of Electronic Payments (IndiaInfoline)

“By supporting governments around the world with electronic payment programs we are helping save money and improve efficiencies, but more importantly, together we are opening up a world of inclusion for those who have previously not had access to traditional financial services,” said Tim Murphy, Chief Products Officer of MasterCard Worldwide.

SASSA recipients are now able to use debit cards, issued by Net1 and Grindrod Bank, to pay for goods and to check their account balances free of charge. A key feature of the card is biometric functionality used to identify grant recipients using unique identifiers such as fingerprints, facial and voice recognition to prevent stolen card usage. The new system is already dramatically reducing SASSA’s operating costs and is expected to save the government more than ZAR3 billion (USD 360 million) over the next five years.

Next-Generation Tech Gains Traction (Convenience Store News)

Payment Systems & Automation
In-store payment systems for the majority of c-store chains include credit and debit (96 percent), prepaid/stored value card (48.4 percent) and electronic benefits transfer (42.2 percent). Less popular are electronic check verification, used by 32.8 percent of chains and continuing to decrease in popularity every year, and radio frequency identification (RFID) or contactless cards, adopted by 17.2 percent. Also, only 3.1 percent report using self-checkout and just 1.6 percent say they have biometric payment technology.

However, when asked what technology c-store retailers plan to implement in the next one to three years, RFID/contactless tops the list, with 12.5 percent contemplating the technology, followed by self-checkout (10.9 percent) and biometric payment (10.9 percent).

I highly recommend the Convenience Store News article. It’s full of charts and tables and it really gives the reader an appreciation for the complexity and efficiency required in that market. In order to be convenient, the stores have to be small all other decisions flow from there.

forecast, industry, security

US Security Industry Analyst Report

Security Products to 2016: US demand to rise 7.3% annually through 2016 (Press Release – SBWire)

This study analyzes the US security products industry. It presents historical demand data for the years 2001, 2006 and 2011, and forecasts for 2016 and 2021 by product (e.g., access controls, alarms, closed-circuit television, contraband detection, electronic article surveillance, automotive) and market (e.g., government and institutional, trade and distribution, industrial, air transport, financial institutions). The study also considers market environment factors, details industry structure, evaluates company market share and profiles industry players.

children, finger, iris, schools, technology, transportation

Hop on the Bus, Gus. Drop off the Key, Lee.

Biometric Technology Gets on the School Bus (Press Release via Benzinga)When children board or exit the bus the BlinkSpot iris scanning technology recognizes the child and sends real time reports to the school along with an individual email to each parent verifying the time and location of their child.

The effort combines Verizon, Eye-D, and 3M Cogent capabilities.

I’m curious to see how this works out. An application that provides real-time information on children’s interactions with the school bus system is, obviously, highly desirable.

Will the technology fit the deployment? How well will it work? How passive is the use model (i.e. must the children actively engage the system?). How much training will drivers and children require? How long does each transaction take? Will that cause traffic jams? What are the costs in money and time?

These are the questions that would-be customers and system developers need to ask, answer, and agree upon.

Thinking this one through, my hunch is that from a pure utility point of view, this is a finger app. But in the real world other considerations may apply. If some tech companies want to test their technology, their ability to work together, product design and feasibility, and they find a willing and supportive test environment — in this case a school and community — then that’s what will happen. Lessons will be learned and the state of the art will have been advanced.

Perfect; Good; Tech.; People; etc. It’s a fun landscape in which to participate.

government, ID, ID assurance, ID management, industry, NIST, standards

National Strategy for Trusted Identities in Cyberspace (NSTIC) Background and Progress Report

ID management: A matter of trust (Federal Computer Week)

In April 2011, the Obama administration launched a plan called the National Strategy for Trusted Identities in Cyberspace (NSTIC) to encourage the private sector to develop, with federal support and input, online ID and authentication systems that people could use and government agencies, other organizations and commercial players could accept without each needing to create their own vetting systems.

At this point, NSTIC supporters are making headway, though perhaps not in a headline-grabbing way. Earlier this month, the Identity Ecosystem Steering Group, a federally supported committee led by the private sector that will guide creation of NSTIC-style systems, met for the first time in Chicago to hash out plans for addressing privacy, standards, usability, contracts and other key components.

National Strategy for Trusted Identities in Cyberspace (NSTIC) is being run by National Institute of Standards and Technology (NIST) to encourage the development and adoption of standards for ID management. The recent Apple-Amazon hack points to why this is important.

In an environment where everyone has to create their own ID management system, it is inevitable that organizations will create exploitable gaps in the way they emphasize the importance of information. In this case, Amazon (like many other companies, just check your restaurant receipt) treated the last four numbers of a credit card as non-secure information, while Apple used the same information for logical access control.

Initiatives like NSTIC hope to facilitate companies and government agencies to work through ways to make this kind of thing less likely.

industry

Iris Company Gets Huge Cash Infusion

AOptix Closes $42 Million Series E Funding (Press Release) 

AOptix announced that it has closed a $42 million Series E round of funding. This brings the total investment in the company to date to $123 million. All of the company’s existing investors — Clearstone Venture Partners, DAG Ventures, Kleiner Perkins Caufield & Byers, Northgate Capital and W Capital Partners — participated in the round and were joined by a new investor, True Ventures. The proceeds will be used to support product development, sales and marketing as the company prepares to launch groundbreaking new products.

Password, PIN, technology

Strange and Unintended Brain-Computer Interface Applications

You shouldn’t believe everything you read in a headline. I’ve supplied one above that is far more accurate but far less alarming than the one provided by the original story below.

Scientists Successfully ‘Hack’ Brain To Obtain Private Data (CBS – Seattle, WA)

The scientists took an off-the-shelf Emotiv brain-computer interface, a device that costs around $299, which allows users to interact with their computers by thought.

The scientists then sat their subjects in front of a computer screen and showed them images of banks, people, and PIN numbers. They then tracked the readings coming off of the brain, specifically the P300 signal.

The P300 signal is typically given off when a person recognizes something meaningful, such as someone or something they interact with on a regular basis.

Scientists that conducted the experiment found they could reduce the randomness of the images by 15 to 40 percent, giving them a better chance of guessing the correct answer.

The case the author wants to make is way overstated, which it too bad because the topic is very interesting without over hyping it.

The controversial part of what the story describes (quoted above) is sort of a half-way house between the hack vs con discussion. I guess in the distant future, people will have to be more wary of street-corner magicians and psychologists but the PIN probably isn’t going anywhere any time soon.

This may be for a future post but I suspect that due to biometrics the PIN will become more common as complex passwords become more rare, even in the presence of brain-computer-interface wielding mountebanks.

India, UID

[CORRECTION] India: NGO [not NIAI] Sends UIDAI a Nasty-gram

Notice to UIDAI for issuing cards without due procedure (Deccan Herald)

The Unique Identification Authority of India (UIDAI) has been issued a legal notice for issuing Aadhaar cards even before the National Identification Authority of India (NIAI) Bill has even been tabled in Parliament.

CORRECTION:

@securlinx typo in tweet? Notice was not issued by NIAI. It was by one Matthew Thomas.
— Sastry Tumuluri (@sastrytumuluri) August 27, 2012

Thanks to alert reader Sastry Tumuluri for making me aware of my mistake. The letter was indeed sent by Matthew Thomas of the Citizens Action Forum. I couldn’t find a web site for the Citizens Action Forum. All I could find was this blog, last updated in 2005.

If I find their site, I’ll post it a link here.

ATM, banking, iris, modality, retina, vascular

Pro Tip to Journalists: Keep Your Eye on Iris v. Retina

What is it about journalists and the human retina? I’d estimate that at least 95% of the time a journalist uses the term “retina” in association with biometric identity management modalities, they actually mean “iris”. Does anybody know why this is?

After decades, ATMs still play key role in banking (Eagle Tribune – North Andover, MA)

He said tests are being conducted in Brazil on using biometric identification — scanning retinas or fingerprints — for ATMs. In Europe, he said, there are ATMs where customers can apply and be approved for a loan during their ATM sessions. “So the technology is there to do that,” Kerstein said.

You will never see a retina scanner in an ATM. As far as ATM deployments go retina is too expensive, and it takes too much time for people to get used to using it properly. Then there’s the fact that if vascular biometrics are the answer, the hand/finger is cheaper and easier and if eye biometrics are the answer, iris is cheaper and easier. For ATM’s the vascular/eye combo is overkill.

Iris (left) vs. Retina (right)

The iris (left), which gives people “eye color,” controls how much light enters the eyeball. The retina (right) is the structure laying along the inside, back surface of the eyeball that translates light into nervous impulses for the optic nerve to send to the brain.

In a camera analogy, the iris would be, well, the iris, since cameras have them, too. The retina would be the film, or in an even better digital analogy, the charge-coupled device (CCD) that translates light into ones and zeros for computer chips.

Both iris and retina are used as biometric modalities in identity management applications.

Iris biometrics match the iris’s unique surface features (similar to fingerprints). Retina biometrics use eye’s vascular network for matching.

Retinas have been in use as a biometric identifiers for far longer than iris (1984 vs 1995), but using the iris is far more common today. This is because using the iris makes for cheaper and easier identifications.

For more on the subject, I recommend this (If you’re a journalist, I can’t recommend it enough!). It was written in 2006. Both technologies will have improved since then, but iris technologies have improved faster.

round-up

Friday Quick Hits

Rsignia, Inc. Announces Partnership with West Virginia University Research Corporation (News Blaze)

Rsignia signed the agreement with WVURC as framework to undertake task orders with WVURC as it relates to big data visualization and incorporating biometric components into cyber security solutions.

Q&A: Why this guy implanted RFID tags in his hands, and what he does with them (Geekwire) – He’s not too high on biometrics, though.

RFID is Radio Frequency Identification, and its primary purpose is ID or identification. A lot of people think it’s for locating and it just doesn’t work that way. Basically when you boil it down, ID means access control. Every project that I ever wanted to implement or did implement is access control based.

Punching brings punctuality back (Deccan Chronicle) – Short article on Time-and-Attendance for Kochi, Kerala, India government employees.

FBI To Give Facial Recognition Software to Law-Enforcement Agencies – link-laden article at Slate.

AFIS, audit, database, DHS, fraud, ID, US

Biometrics Uncover 825,000 ID Inconsistencies in DHS Database

Fingerprint Records Reveal 825,000 Immigrants With Multiple Names (Mashable)

Many of the situations involved women who legally altered their names. “We found that nearly 400,000 records for women have different last names for the same first name, date of birth and [fingerprint identification number],” he wrote. “These instances are likely women who changed their names after a marriage.”

During the study, auditors examined records covering 1998 through 2011.

Most of the time, US-VISIT personnel try to resolve cases in which people who appear to be one and the same have different information listed in records, the auditors found. The researchers are not specifically targeting scams, Deffer explained. Accidental typos, the fact that various immigration-related agencies use incompatible data formats and other keying mistakes are factors they look for when probing mismatches. During the course of typical procedures, US-VISIT has picked up on only two instances of fraud, agency officials reported to the IG.

The enormity of the conflicting data, however, may obscure actual fraud. “These inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud,” he wrote.

As they grow and age databases can get really junked-up. Biometrics, in this case fingerprint biometrics, can be extremely helpful in maintaining their integrity. The database involved here is the on maintained by the US Department of Homeland Security US-VISIT program. It contains (wait for it) information, including a fingerprint, on all visitors to the US. The fingerprint has been the linchpin of the audit that discovered 825,000 database errors because it is the only  piece of truly unique and durable, personal information stored.

Before automated fingerprint ID systems (AFIS), combinations of data were used to reduce ID error rates to some reasonable approximation of zero. While names, birth dates, and other descriptors aren’t unique, multiplying them together works pretty well for a while. Working against this system are legal name changes and human typographical errors in data entry which have the database effect of creating a whole new person,  which runs counter to the reasons for keeping such a database in the first place.

See Biometric “Fix” Identity which takes on this issue from the angle of intentional fraud.

ARMM, elections, fraud, management, Philippines, Sierra Leone, voter

ARMM, Philippines: Lack of Legal Framework Undermines Biometric Voter Exercise

Doubts raised ARMM can purge voters’ list (Yahoo – Philippines)

In another case of how good management and good technology need to be in the same place at the same time in order to make a real difference, an apparent legal oversight means that the process of disqualifying fraudulent voter registrations in the Autonomous Region for Muslim Mindanao is to be so time consuming that it may be impossible to complete before the scheduled elections.

As far as I can tell, the laws governing the biometric voter registration in the ARMM don’t make any provision for rejecting multiple registrations. There also isn’t any mention of it being against the law to register multiple times. Given its electoral history it’s difficult to assume that local authorities can have been surprised by any of this.

The situation in the Autonomous Region for Muslim Mindanao stands in stark contrast to Sierra Leone. See Woman Sentenced for Double Voter Registration.