Security and Service

Concerns raised over mandatory fingerprinting for India visas (Travel Weekly)

The High Commission of India states on its website that, after outsourcing the process to a company called VFS, all applicants will need to be physically present at India Visa and Consular Services centres to submit an application and biometric data.

It says: “Biometric data collection, including fingerprint data and facial imagery will be a mandatory requirement for all visa applicants soon. As a result, all visa applicants will need to first apply online and, thereafter, be physically present (mandatorily) at India Visa and Consular Services centres, by appointment, for submission of visa application and biometric data enrolment.”

All security applications must strike a balance between the effectiveness of the security measures and the needs of the entity seeking enhanced security. As anyone who has ever seen a waste basket propping open an office door could tell you, better security usually requires sacrifices to efficiency. More security with more convenience is a tall order.

The article linked above highlights a case where the enhanced security of biometric visas for travelers to India from the UK has made the visa application process more complex and time consuming. In one sense, it’s bound to. Collecting more information takes more time. In the India visa case, however, it is taking a whole lot more time. So much more that people involved in Indian tourism are growing worried.

The unfortunate irony is that their ability to increase security and convenience at the same time is one of the things that make biometrics such a disruptive technology.

Biometrics for the financial “last mile”

Kenya: Biometric technology eases banking in rural areas (KBC) — Kenyans in rural areas can now open and get access to their bank accounts with ease following the roll out of a biometric technology…

Somalis panic as cash flow dries up after US remittance lifeline cut

Somalia’s remittance crisis has been intensifying for years. Britain’s Barclays Bank closed its accounts with Dahabshiil, the largest Somali money transfer company, in 2014.

In Australia, Westpac, the only bank partnering with Somali remittance companies, is due to close their accounts at the end of March, the report said.

“We are just lurching from crisis to crisis”, said Ed Pomfret, Oxfam’s Somalia campaign manager. “These governments need to take action.”

Britain has been working with the World Bank on a “Safer Corridor” initiative to tighten the scrutiny of Somali money transfers through measures such as biometric identity cards for recipients in Somalia.

The “last mile” problem is usually reserved for describing the challenges of connecting retail customers with physical infrastructures such as plumbing, electricity or wired communications.

It’s also a real challenge in connecting recipients of aid and remittances to the global financial system. In the Somali case above, the global financial system appears to end at Somali money transfer companies. The Kenya efforts (linked above) and others, such as India’s UID project, are two examples of how people are using biometrics to extend the benefits of the global financial system to people who desperately need them.

UK: Banks accommodating mobile fingerprint biometrics

Is the UK banking sector ready to sideline passwords? (Information Age)

RBS and NatWest have been the first banks to announce that they are soon to allow customers to access accounts on their smartphones using fingerprint recognition technology.

The move is a seminal one for UK financial institutions, and an indication that the era of passwords may be finally drawing to a close.

Fingerprint authentication protects youngsters from themselves (Computer Weekly)

Both the Royal Bank of Scotland and MasterCard have recently made announcements regarding fingerprint authentication services and, if research from Visa Europe is anything to go by, the technology could be the best way to help users keep their bank details secure.

The research revealed those aged between 16 and 24-years-old are very liberal with personal details.

For example, 34% of this age group have shared their debit or credit card pin numbers with someone, compared with 23% for all age groups. Some 32% have shared their smartphone password and 20% have shared internet banking passwords.

Windows 10 and biometrics

Microsoft Announces FIDO Support For Windows 10 (The Verge)

Soon, you may be able to log in to Outlook with a fingerprint or an eyescan. At the Stanford Cybersecurity Summit on Friday, Microsoft announced that Windows 10 would support the next version of the Fast Identification Online (FIDO) spec, allowing devices to work with a wealth of third-party biometric readers and providing an easy framework for any hardware makers that want to build extra security into a laptop or phone.

The amazing durability of password technology

You Might Want To Take Another Pass At Your Passwords (GPB News)

Cormac Herley is in the 95 percent who don’t. He’s principal researcher with Microsoft Research, an arm of the software giant.

“Passwords are the worst system in the world, except for all the other systems,” he says.

Herley recommends assigning different tiers to passwords. Using your best, most complex ones for work and banking, but devoting less effort to those that don’t matter as much. But even that can be a lot to ask, even for him.

“I write the passwords down and have a photocopy at home and a photocopy in the office and a couple copies here and there.”

But, could all that be compromising security?

“Well, I mean, um, yes,” he says.

I also love Harley’s repurposing of the democracy quote often attributed to Winston Churchill.

Forecast: Health care biometrics worth US $5B by 2020

Special Report: Biometrics in Healthcare (Biometric Update)

This report examines how biometric technology is applied to the health care industry, mainly in the United States. This report notes that “health care biometrics” is utilized for access control, identification, workforce management or patient record storage. Biometrics in health care often takes two forms: providing access control to resources and patient identification solutions. The growing demand for biometrics solutions is mainly driven by the need to combat fraud, along with the imperative to improve patient privacy along with health care safety. Biometrics are also increasing being used for medical monitoring and mobile health care.

– Rawlson O`Neil King Lead Researcher, Biometrics Research Group, Inc.

Also, and unlike with most of these market analyses, Biometrics Research Group has made the entire report available for free via download at the link above.

“Get me some biometrics, stat!”

How biometrics could improve health security (Fortune)

For the last two years, the health industry suffered the highest number of hackings of any sector. Last year, it accounted for 43% of all data breaches, according to the Identity Theft Resource Center. To help prevent these costly issues, medical companies have begun adopting an array of biometrics security systems that use data from a patient’s fingerprint, iris, veins, or face.

There really isn’t an identity management challenge that health care doesn’t have.

India: What happens with lost UID numbers?

UIDAI devises a method to retrieve lost Aadhaar numbers (Business Standard)

A government official said as a person can only enrol for Aadhaar once, there needed to be a mechanism to retrace the number in case the person has misplaced all possible links to it.

“Enrolling again is not an option, as the system automatically rejects biometric details that have been registered once,” said the official.

Under the new method, a person can put in the biometrics and the system will keep prompting for more demographic details till the back-end server zeros down to 10 possible matches.

During the entire process, none of the details of the Aadhaar holders will be shown to the person or the operator till the time an exact match has been found.

This has been done keeping in mind the design of the Aadhaar project, where the system doesn’t reveal any information about the resident and only tries to authenticate the identity replying with a yes or no.

It might be a while

Smart Guns: How Close Are We Really? (Government Technology)

[…M]any topics surrounding smart guns were approached and many questions were fielded, but finding conclusions or consensus began to feel like a photographer’s pursuit of the sunset. Smart guns are a topic so mired in political dispute, technological uncertainty, arcane legal policy, and institutional avoidance and denial that each pursuit of an answer simply presented a sound of hemming and hawing that was accompanied by a new set of questions.

The challenge of smart guns is interesting on many levels.

First, the basic function of a firearm — a mechanical force applied to a primer and igniting a propellant that forces a projectile from a tube at high speed — hasn’t changed much in the last hundred and fifty years and it doesn’t require electricity. The energy used in the function of a firearm is provided kinetically, by cocking it, and then chemically in the ignition of the primer and powder.

Adding biometrics or other 21st century security technologies to a system like this requires a power source and the power sources that come with the basic function of the firearm aren’t obviously well suited to powering microprocessor-based identity solutions.

So adding ID technology to firearms requires either a way of harnessing the energy already available to power the ID technology, or adding a power source that can supply the ID technology with the energy it needs to work. Those are both fairly significant challenges. The preferred solution to the power supply issue in smart guns seems to be the addition of a battery for the ID technology. But a battery-reliant firearm is a very different piece of hardware than current models that can be left stored, ready for instant use, more or less indefinitely. That feature of the current hardware set-up is highly relevant to the way many firearms are used by their current owners. “Wait, I need to charge my gun” probably isn’t something most firearm owners are looking forward to saying.

Then, there’s the corollary to the fact that modern firearms are essentially a nineteenth century technology: Actual firearms manufactured in the nineteenth century still perform their intended function just fine. Since firearms are fairly easy to maintain, it’s not clear how long it might take for smart guns to account for any significant proportion of the total number of firearms.

Given these challenges (and there are others), it seems pretty clear that smart guns are destined to be a niche product. There still may be a niche or two where smart guns make a lot of sense. But what would that niche look like?

People in frequent contact with a unique firearm would be accustomed to maintaining it frequently and would not be constrained by having to “enroll” on new hardware so often as to cause annoyance. Many who use a firearm in the course of their profession fit this description.

Professionals who carry firearms along with other rechargeable electronic equipment (flashlights, walkie-talkies, handheld computers, etc.) might not find plugging another piece of hardware into a recharger at the end of a day’s work too inconvenient.

People who are at a heightened risk of having their own firearm used against them might find smart gun technology more valuable than those with lower risk.

Those interested in smart guns should keep niches like these in mind as potential early adopters of smart gun technology. If the cost/benefit of the technology doesn’t work there, it’s hard to see it taking off anywhere.

For other firearm owners interested in using new ID technologies to make owning a firearm safer, there are a range of solutions and the good news is they’re backward compatible for use with dumb guns.

India: Iris to replace thumb print for pensioner verification in one district

‘Iris recognition system’ for pensions to be launched in Andhra Pradesh (Niti Central)

A biometric ‘Iris identification system’ for distribution of pension will be soon launched in Krishna district of Andhra Pradesh.

At present, the pensions are being paid by taking a thumb impression of the pensioners, Krishna District Collector A Babu said in an official release. However, sometimes the illegible thumb impressions create problems, he said.

This is perhaps the first time I’ve seen one biometric modality displace another one in an existing ID management application.

The performance expectations for iris must be substantially higher than what the existing fingerprint system is producing because it looks like there will have to be a new enrollment process for pensioners in the 100 political villages and municipal wards undertaking the change.

A discussion of facial recognition in retail stores

Is Facial Recognition The Next Privacy Battleground? (Fast Company)

While much recent retail technology buzz has focused on the promise and peril of Apple’s iBeacons, another identity tech has matured: facial recognition. It’s now powerful enough to let stores use cameras to link customers’ faces to information stored in databases—but it’s also finding use in industrial and transportation settings, where it can be used to keep people away from sensitive areas. But are we ready for this tech to start linking personal data with our faces without our knowledge?

Legally, there’s nothing stopping American businesses from doing so. A recent BBC article posited the future concern that retail businesses could compare photos taken in-store with databases drawing from data found on the Internet—like databases of social media or Facebook users…

The piece is worth reading in its entirety.

US: New Mexico legislator proposes biometrics for voter ID

Thumbs Up? New Mexico to Study Biometrics to ID Voters (University of Minnesota)

Senate Minority Whip William Payne introduced a proposal this week that calls for the state’s top elections officials to study the feasibility of bringing biometrics into the mix. That could mean anything from retinal scans to the thumbprint-imaging technology used to access smartphones.

After hearing the same debate year after year, the Albuquerque Republican said he wanted to find a way to take some of the “venom” out of the argument that requiring photo identification would lead to voter suppression.

I don’t like to see so much made of retina biometrics but because this is big enough news, I’m linking it anyway.

That explains things a bit

It’s Apple’s fault that the Nexus 6 doesn’t have a fingerprint sensor (The Verge)

Former Motorola CEO Dennis Woodside has confessed that the dimple at the back of the Nexus 6 was originally intended to play host to a fingerprint sensor. Back in 2011, Motorola was a pioneer in bringing fingerprint recognition to its Atrix 4G smartphone, however the company it used then, Authentec, was purchased by Apple a year later for a price of $356 million. Authentec were, in Woodside’s judgment, the best supplier around and “the second best supplier was the only one available to everyone else in the industry and they weren’t there yet.”