October 2014

crime, ID, law enforcement

Biometrics against criminal aliases

Suspect in deputy deaths arrested in Utah in 2003 (Boston Herald)

Police in West Valley City, Utah, said they took a fingerprint from a man using the name Marcelo Marquez during a misdemeanor hit-and-run arrest in 2003. Court records show that he pleaded guilty, received a year of probation and was fined about $500.

However, Utah authorities never connected him to his real name or his previous criminal record.

In Utah, fingerprint data is entered into a biometric database for all people booked into jail. But for those who are cited and released, police take a print from a single finger that’s kept in state criminal records.

Unless there’s a request from an investigator, the print is not run against the biometric database to determine whether the person has a prior record outside Utah or is using an alias, said Alice Moffat, director of the Bureau of Criminal Identification.

Biometrics are a great way to root out criminal aliases, but only if procedures are in place to run the biometric search.

fingerprint, law enforcement, mobile, New York

NYPD getting mobile fingerprint tech

NYPD Equips Officers With Biometric Smartphones (Government Technology)

New York Police Department officers and vehicles are to be outfitted with new technology as part of a $160 million program that will lead to fewer arrests and more summonses after being fully implemented next year, Mayor Bill de Blasio told reporters on Oct. 23.

All 35,000 NYPD officers will be equipped with smartphones that allow officers to search databases, view wanted posters and scan suspects’ fingerprints.

face, Interpol

Interpol meeting to discuss facial recogntion

INTERPOL to begin the process of developing international facial recognition standards (Eurasia Review)

The two-day meeting (14 and 15 October) gathered 24 technical and biometrics experts and examiners from 16 countries who produced a ‘best practice guide’ for the quality, format and transmission of images to be used in facial recognition. It will be circulated to all 190 INTERPOL member countries to serve as a guideline for improving the quality of images necessary for accurate and effective facial recognition.

law enforcement, Los Angeles

LA County: Stop and Scan

The Pasadena Weekly has just published an article purporting to describe LA County’s plans to populate the FBI’s next generation ID system with data gathered in the field.

On Sept. 15, the FBI announced that the Next Generation Identification System was fully operational. Now that the central infrastructure is in place, the next phase is for local jurisdictions across the country to update their own information-gathering systems to the FBI’s standards.

When the system is up and running in L.A., any law enforcement official working in the county, including the Los Angeles Police Department, would collect biometric information on people who are booked into county jails or by using mobile devices in the field.

This would occur even when people are stopped for lesser offenses or pulled over for minor traffic violations, according to documents obtained by The Center for Investigative Reporting through a public records request.

Officials with the Sheriff’s Department, which operates the countywide system, said the biometric information would be retained indefinitely — regardless of whether the person in question is convicted of the crime for which he or she was arrested.

If this report is corroborated, I suspect we’ll be hearing a lot more about this.

ID, national ID, Turkey

Turkey looks to biometrics to enable structural change

Upcoming reforms in Turkey to ban any actions against statehood (Trend)

UPDATE:
Via twitter, @canmutlu writes that the article linked above refers to biometric national ID cards rather than (as the article states, twice) passports.

This rings true from a practical standpoint, and based upon this short article from Planet Biometrics: Turkey’s PM unveils biometric ID card plan.

We very much appreciate his pointing this out.

UPDATE II:
It looks like someone at Trend got the message, as well.

New biometric identity cards to be issued in Turkey (Trend)

access control, database, hack, logical

Protecting customer data

After Massive Data Breaches, Businesses Move to Make ID More Personal (ABC News)

The cost of a data breach is terrifyingly high. Home Depot estimates that the massive data breach that affected 56 million customers this summer will cost the company several hundred million dollars—and that’s the figure they are using to assuage fears on the Street. The reality is probably much higher. Target’s breach may top out at the $1 billion mark. While the jury hasn’t even been empanelled as to what the JPMorgan breach will cost, it will leave a mark that will no doubt make news down the line.

With so much to lose, the implementation of biometrics-based consumer authentication may be the cheaper option for companies that handle the kinds of information hackers find so irresistible.

We’ve been saying it for years. All databases containing sensitive customer information should be biometrically protected. It’s just good business.

air travel, Australia, passport

Australia: “Foreign fighters” bill invites debate

Opposition grows to storage of photo and biometric data (Sydney Morning Herald)

The legislation specifically clears the way for all Australians as well as foreigners to be photographed when they leave Australia and when they return if they go through automated passport gates – which are set to become far more commonly used.

The department estimates that between 40 and 60 per cent of the 35 million travellers leaving and entering Australia each year would be photographed, many millions of them Australians.

The department can also share the biometric information for “specified purposes” according to the bill’s explanatory memoranda, though it does not explain what these purposes are.

“Critics say the danger of such information being hacked is profound, given many personal electronic devices are now secured by fingerprints and iris scans.”

A couple of points that we’ve made before come to mind here.

First, if the government of Australia is incapable of keeping citizen information secure from hackers, is the biometric information of international travellers really a top-order concern? Surely, the government already secures information that is much more valuable to hackers than that.

Second, passports are interesting in that they aren’t just ID’s. They’re also an interoperability technology, a way two governments facilitate their agreement related to the treatment of civilian citizens traveling abroad. They only work unless there’s a government on both sides of the equation and any government on its site of the border can collect just about whatever information it desires as a condition of allowing a non-citizen entry into its territory.

Even if Australians reject the “foreign fighters” bill, they will still be subject to the information requested of them by the countries they visit, and that information can be shared back with Australia on a government-to-government basis.

With globalization and the lowering of cultural boundaries among the international travel set, it can seem like international travel is no big deal. Brussels is, in many ways, a lot like Washington, DC. But international travel is not without security risks to the visited country and international travelers should always be aware that their legal status outside their home country is very different than it is at home.

banking, UAE, voice

Abu Dhabi bank to introduce voice recognition technology

UAE: End of the Pin number? ADCB to launch voice recognition service (The National)

The biometric technology used by ADCB works by comparing the caller’s voice to a pre-recorded sample given by the client, ADCB said.

That will allow customers to get on the phone with a bank representative quicker while reducing the chances of fraud.

“In this competitive environment we need to make sure that customer convenience and ease of access are effectively balanced with information and transaction security,” said Ravi Nair, the head of customer experience at ADCB. “The voice biometrics technology will play a vital role in ensuring increased security and convenience at the same time, while making client calls shorter and reducing our overall cost to serve.”

banking, voice

No need to mischaracterize voice biometrics in call centers

Amidst all the attention banks are receiving over the use of voice biometrics to prevent fraud, It’s worth noting a couple of things.

First, according to the widely linked AP article, “The technology, sometimes called voiceprinting, is aimed at bad guys rather than legitimate customers, but legal and privacy experts alike still have reservations about the practice.” So, the systems in place seem to work by collecting information on known and suspected fraudsters and placing them on a watchlist (listenlist?). This makes sense. Technically, it’s far easier to be on the lookout for a handful of persons of interest than it is to make a positive ID on every single caller.

Second, there are a lot of way over-hyped headlines out there that make it appear as though financial institutions are collecting voice biometric information on unwitting customers on a vast scale.

Take:
Some Banks Collect Voiceprints During Service Calls to Identify You (Salon) 

 Technically, this Slate headline isn’t even true since according to the source it cites, the voiceprints are being used to identify fraudsters, not to verify the identities of account holders.

Then there’s this.

Banks Harvest Callers’ Voiceprints to Fight Fraud, which is the unfortunate headline of the very AP article that acknowledges that the systems function as criminal watchlists rather than a “harvest” of biometric information.

banking, telephone, voice

Banks Use Callers’ Voiceprints to Fight Fraud

Computers with voice recognition are being used–sometimes discreetly–to add extra security during calls with customers. (Inc.)

“We lost everything,” she said. “Can you send me a card to where we’re staying now?”

The card nearly was sent. But as the woman poured out her story, a computer compared the biometric features of her voice against a database of suspected fraudsters. Not only was the caller not the person she claimed to be, “she” wasn’t even a woman. The program identified the caller as a male impostor trying to steal the woman’s identity.

The mechanics of how the banks are using voice analysis are pretty interesting. By focusing on known or suspected fraudsters, it reminds me a little bit of the Nevada Gaming Commission’s Excluded Person List.

passwords

Maybe one day

The White House Cybersecurity Czar Wants to Kill Your Password (Roll Call)

Michael Daniel, the White House cyber czar, says he isn’t just worried about bad passwords as a security liability. He doesn’t even want the password around anymore at all as a big part of computer security.

“Frankly, I would really love to kill the password dead as a primary security method, because it’s terrible,” Daniel said Thursday.

I reckon the password will live a good while longer, yet. Simply put, it does so much work for so little effort. It’s return on investment is through the roof. Also, we’re at a point where things that aren’t people need to identify themselves to computer systems and they don’t have biometrics.

Biometrics can be used to eliminate passwords in many applications. For higher security identifications, biometrics can be used to stem the tide of increasingly complex passwords and move back toward the simplicity of the PIN.

See also: More on the Awesomeness of Passwords

air travel, security

Airline biometrics for security & convenience

Forget E-Tickets, Alaska Air Mulling E-Thumb for Boarding (Bloomberg)

Alaska Airlines (ALK) is exploring using passengers’ fingerprints to replace travel documents, driver’s licenses and credit cards now needed to navigate from airport curbs to jetliner seats. If successful, it would be the first U.S. carrier to employ biometrics for boarding passes and inflight purchases and could spur wider adoption across the industry.

Biometrics can add security and convenience at the same time. It looks like people are starting to recognize it.

Hungary, palm, palm vein, stadium

Hungary: Some fans bristle at stadium palm vein scanners

Soccer-Ferencvaros fans upset by biometric ‘intrusion’ (Yahoo!)

Szebasztian Huber, editor of the Fradi fan website ulloi129.hu said many fans also fear that technological developments would help clubs pass Hungarian Football Association fines — which they regard as too strict — on to them.

Stricter stadium rules also puzzle fans because the number of violent incidents in and around Hungarian stadiums is much lower than 10 or 20 years ago, he added.

“The culture of soccer fans is different everywhere, in some countries (vein scanners) would be tolerated, while elsewhere fans could be upset,” Huber said. “Launching the system highlighting its comfort functions could increase tolerance.”

air travel, Australia, border, eGates, UK

Smartgates and the tightening of UK & Australia borders

AUSTRALIA: ‘Foreign fighter’ laws leave door open on biometric data collection (Computerworld)

The government’s second tranche of national security legislation, the Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill 2014, includes measures that potentially allow a significant increase in the types of biometric data collected at Australian airports.

Provisions in the bill also extend to Australian travellers data collection practices that have previously been confined to non-citizens.



UK: New biometric border controls at Stansted Airport at heart of terrorism fight (Herts and Essex Observer)

“We are using resources and intelligence to ensure the border is as strong as we can make it.”

He said the Government was also committed to tackling the problem of those travelling from the UK to the Middle East to join the IS jihadists and a new counter-terrorism Bill was set to include measure to temporarily remove the passports of those suspected of being radicalised and ready to fight abroad.

government, India, time-and-attendance, UID

More on India’s public employees time-and-attendance portal

Big Brother Modi is watching bureaucrats (Reuters)

“This is Big Brother stuff but very effective. It’s not just the central government. The state governments are trying to emulate this.”

The Prime Minister’s Office will also take part in the scheme, said Dash, although it was not clear whether Modi would be enrolled.

Project mastermind Sharma, who holds the rank of secretary at the government’s Department of Electronics and Information Technology, could not immediately be reached for comment. The Biometric Attendance System showed he had signed in at work at 13:55:16 p.m. on Thursday.

Screen grab: attendance.gov.in

Meet the man who built the awesome online attendance system for India’s government officials (Quartz India)

Now, 59-year old Sharma is building an attendance system for India’s central government employees that is inexpensive, publicly available on the internet—and potentially, a simple tool that could revolutionise governance in the country.

The entire system is searchable, down to the names of individual central government employees, and all the data is available for download. And with that single step—making the entire platform publicly accessible—the government has introduced a level of accountability and transparency that India’s sprawling bureaucracy is unaccustomed to.