European migrant crisis spurs interest in biometrics

Migrant crisis: EU considers locking up more failed asylum seekers (Financial Times)

EU countries should lock up more failed asylum seekers, according to hardline plans the bloc is considering to increase the number of deportations from Europe.

The proposal is one of a series of tough measures — ranging from increased use of fingerprints to more funding for detention centres — that interior ministers from across the EU will discuss at a meeting in Luxembourg on Thursday.

Pakistan: Ghost workers in Sindh

Over 25,000 ‘ghost’ teachers identified in Sindh Education department (Geo.TV)

Sources said that, during investigation carried out by AG Sindh office and Education Department, about 25,000 out of 155,000 recorded employees have been identified as ‘fake’ in the Sindh Education and Literacy Department.

They added that ghost employees were identified by the Deputy Accountant General Education, security and examination committee with the support of biometric system.

We haven’t posted on ghost workers lately, but a 16% fake employee rate is noteworthy.

A balanced view on authentication

Here’s why the password isn’t going anywhere (IT Pro Portal)

There’s no point in arguing about which security solution is the “best”. It’s pretty clear that the future lies with individuals using a combination of security options, each making up for the weaknesses of the others…

So rather than try to prove that a new technology is the Holy Grail and should replace passwords, it’s time to educate the public to use more than one factor of authentication. Using multiple factors will certainly increase a user’s security more than using one factor alone, no matter how secure we believe that one factor may be.

Kyrgyzstan: Fingerprint parliamentary elections

Kyrgyzstan: Nation Awaits Results as Hi-Tech Election Sets New Standard for Region (Eurasianet)

Kyrgyzstan has gone hi-tech in its efforts to ensure as clean an election as possible.

Voters received their ballot papers only after undergoing an electronic fingerprint check. As the information was processed, the voter’s image popped up on a monitor. The screen flashed red when any irregularity was registered.

Atambayev said clean and honest elections were indispensable.

“We cannot have it so that one party or one family rules the country. It is important that we protect genuine democracy and that we have a strong civil society,” he said.

There were sporadic reports of technical difficulties with the electronic system, which was being used for the first time.

While limiting opportunities for ballot-rigging, the painstaking voting procedures did also slow things down and large lines were observed across the country throughout the day.

Payment biometrics growing rapidly

Biometrics to Secure over $5.6 Trillion of Payments by 2020 (Investorideas)

“Biometric vendors are experiencing tremendous growth on the back of the escalation of consumer-led adoption of biometric security. The adoption for payment purposes is a major contributor to this growth and Goode Intelligence forecasts that by 2020 it will contribute US$5.6 billion in revenue from $5.6 trillion worth of payments for companies involved in delivering biometric systems to the payments industry.”

The full report from Goode Intelligence is available here.

Payments: Visa’s chip-on-card biometrics

Visa develops a new spec that enables palm, voice, eye and facial biometrics with chip card payment. (Visa – Tech Matters)

Here’s how it works: Visa’s new architecture enables fingerprints to be securely accepted by a biometric reader, encrypted, and then validated. The specification supports “match-on-card” authentication where the EMV chip card validates the biometric so that it is never exposed or stored in any central databases. Issuers can optionally validate the biometric data within their secure systems for transactions occurring in their own environments, such as their own ATMs.

US: Office of Personnel Management raises assessment of biometric hack to 5.6 million individuals

OPM: Stolen biometric data list grows by 4.5 million (Fedscoop)

The Office of Personnel Management underestimated the number of people who had their biometric data stolen in this year’s high-profile hack, with an additional 4.5 million people being affected.

In a Wednesday press release, an OPM spokesman said the subset of individuals whose fingerprints have been stolen has increased from approximately 1.1 million to 5.6 million. That number, according to the agency, comes after OPM and the Defense Department identified archived records containing additional fingerprint data that were not previously analyzed.

Security vs Privacy discussion matures…

Roundtable: Identity and access management (SC Magazine)

It’s a line that’s hard to walk, the one between usability, security and privacy – one that might get harder and harder to walk if things keep going the way they are. Increasingly, businesses depend on personal information offered by customers, Chandler reminds us: “We’re going on to a shared business environment, where we share information in order to make the community better.” With the growth of wearables, sensors and the Internet of Things – voice-activated TVs for instance – this trend might be hard to mitigate.

US: Iowa, Morpho Trust, and prototype digital ID’s

Iowa DOT Using Digital ID’s (WHOtv)

Iowa Department of Transportation Director Paul Trombino says Iowa is the first state to offer a prototype for digital licenses currently being used by Iowa DOT employees. The new licenses which will only be optional and not mandatory are fitted with even more secure technology than the card version.

Trombino explained, “I use a fingerprint to open up my phone that can help authorize that. You may have to make a facial movement so it`s not just looking at a picture in order to open up the biometric perspective, so only you can open that up.” If that isn’t secure enough, “The picture physically moves, so it`s not a static picture like your regular driver`s license,” said Trombino.

Australia funds national face recognition capability

Govt funds $18.5m Aussie facial recognition database (iTnews)

It will allow law enforcement agencies to share citizens’ facial images to identify unknown individuals and verify identities.

The ‘national facial biometric matching capability’ will match a facial photograph to images on passports, visas and driver’s licences, and will initially offer functionality to match the identities of known individuals. It will later be able to match unknown individuals, the AGD said last month.

It will be targeted towards identity theft, fraudulent identity documents and “other serious criminal activity”, AGD said.

Another Illinois Facebook face recognition lawsuit

Gillen v Facebook (Scribd)

Note: BIPA = Biometric Information Privacy Act

I have removed two footnotes in original.

NATURE OF ACTION

1. Plaintiff brings this action for damages and other legal and equitable remedies resulting from the illegal actions of Facebook in collecting, storing and using Plaintiff’s and other similarly situated individuals’ biometric identifiers and biometric information (referred to collectively at times as “biometrics”) without informed written consent in violation of the BIPA.

2. The Illinois Legislature has found that “[b]iometrics are unlike other unique identifiers that are used to access finances or other sensitive information.” 740 ILCS 14/5(c). “For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”

3. In recognition of these concerns over the security of individuals’ biometrics – particularly in the City of Chicago, which was recently selected by major national corporations as a “pilot testing site[] for new applications of biometric-facilitated financial transactions, including finger-scan technologies at grocery stores, gas stations, and school cafeterias,” 740 ILCS 14/5(b) – the Illinois Legislature enacted the BIPA, which provides, inter alia, that a private entity like Facebook may not obtain or possess an individual’s biometrics unless it: (1) informs that person in writing that biometric identifiers or information will be collected or stored, see id.; (2) informs that person in writing of the specific purpose and length of term for which such biometric identifiers or biometric information is being collected, stored and used, see id.; (3) receives a written release from the person for the collection of his or her biometric identifiers or formation, see id.; and (4) publishes publically available written retention schedules and guidelines for permanently destroying biometric identifiers and biometric information, see 740 ILCS 14/15(a).

4. In direct violation of each of the foregoing provisions of § 15(a) and § 15(b) of the BIPA, Facebook is actively collecting, storing, and using – without providing notice, obtaining informed written consent or publishing data retention policies – the biometrics of its users and unwitting non-users.

5. Specifically, Facebook has created, collected and stored over a billion “face templates” (or “face prints”) – highly detailed geometric maps of the face – from over a billion individuals, millions of whom reside in the State of Illinois. Facebook creates these templates using sophisticated facial recognition technology that extracts and analyzes data from the points and contours of faces appearing in photos uploaded by their users. Each face template is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person.

6. Plaintiff brings this action individually and on behalf of all others similarly situated to prevent Facebook from further violating the privacy rights of Illinois residents, and to recover statutory damages for Facebook’s unauthorized collection, storage and use of unwitting non-users’ biometrics in violation of the BIPA.

A wrinkle in this lawsuit is that the plaintiff is not, and never has been, a registered Facebook user and therefore could not have agreed to Facebook’s terms of service.

Serious ROI in remote patient monitoring

How one health system saves $90,000 per patient (Healthcare IT News)

NAH [Northern Arizona Healthcare] saw hospitalizations drop from 3.26 mean per patient to 1.82 and days hospitalized drop from 13.98 mean per patient to 5.13 and, based on the health system’s data about the first 50 patients six months prior to enrollment and six months after enrollment, that added up to savings of approximately $92,000 per patient.

The “biometrics” discussed in the article aren’t biometrics for identification, but ID biometrics will certainly be a part of the picture as these kinds of technologies are adopted more widely.

New DHS plans for biometrics should inform current corporate CIO’s

DHS Outlines Plans to Enhance Use of Biometric Tech (Find Biometrics)

America’s Department of Homeland Security has released a new strategic framework on how it plans to move forward implementing biometric technologies. Entitled “DHS Vision Statement on Enhanced Biometric Capabilities”, the document indicates a tightening embrace of the technology.

The full DHS vision statement can be downloaded here [.pdf; 13 pages].

Interesting excerpt:

The DHS Office of Biometrics and Identity Management (OBIM) operates and maintains the DHS Automated Biometric Identification System (IDENT) and provides identity management services and expertise across DHS. Front‐end capabilities (i.e. biometric collection devices, applications, interfaces and supporting infrastructure) are each managed and maintained independently by the components, with limited collaboration. National Security Presidential Directive (NSPD)‐59 / Homeland Security Presidential Directive (HSPD)‐24 “Biometrics for Identification and Screening to Enhance National Security,” charges federal executive departments and agencies to use mutually compatible methods and procedures in the collection, storage, use, analysis, and sharing of biometric information. Access to external federal biometric databases however, through bilateral interoperability agreements, is not fully implemented, requiring DHS components to employ mission centric solutions for integrating certain biometric exchanges with the Federal Bureau of Investigation (FBI) and the Department of Defense (DoD). This requires DHS components to work independently with the FBI and DoD to integrate with each biometric system for access to data that assists in identifying and adjudicating subjects. The current IDENT system, although able to store multi‐modal biometrics, offers matching capability for fingerprints only, limiting operational components’ ability to implement the use of alternate biometrics that may better suit operational needs. Current DHS Component systems tend to be encounter‐based – instead of person‐centric – requiring biometrics collection processes to be repeated, rather than just verified. Connectivity for systems that collect biometrics in the field is inconsistent, often not allowing real‐time access to federal biometric databases. Further, existing biometric collection systems in the field are dated, many are at end‐of‐life, impacting the quality of the biometrics collected, which affects overall performance.

Current and prospective CIO’s should reread that paragraph. The future of identity management is large-scale, multimodal, interconnected and updated as soon as possible, and provides access to virtual and physical resources. The earliest adopter of large-scale biometrics is coming to grips with the challenges of biometrics 2.0. At SecurLinx, we have designed our technology and approach to help our customers cope with the dead-ends and cult-du-sacs associated with gradual adoption of new ID technologies and provide them the flexibility to take advantage of the opportunities afforded by emerging technology.