New DHS plans for biometrics should inform current corporate CIO’s

DHS Outlines Plans to Enhance Use of Biometric Tech (Find Biometrics)

America’s Department of Homeland Security has released a new strategic framework on how it plans to move forward implementing biometric technologies. Entitled “DHS Vision Statement on Enhanced Biometric Capabilities”, the document indicates a tightening embrace of the technology.

The full DHS vision statement can be downloaded here [.pdf; 13 pages].

Interesting excerpt:

The DHS Office of Biometrics and Identity Management (OBIM) operates and maintains the DHS Automated Biometric Identification System (IDENT) and provides identity management services and expertise across DHS. Front‐end capabilities (i.e. biometric collection devices, applications, interfaces and supporting infrastructure) are each managed and maintained independently by the components, with limited collaboration. National Security Presidential Directive (NSPD)‐59 / Homeland Security Presidential Directive (HSPD)‐24 “Biometrics for Identification and Screening to Enhance National Security,” charges federal executive departments and agencies to use mutually compatible methods and procedures in the collection, storage, use, analysis, and sharing of biometric information. Access to external federal biometric databases however, through bilateral interoperability agreements, is not fully implemented, requiring DHS components to employ mission centric solutions for integrating certain biometric exchanges with the Federal Bureau of Investigation (FBI) and the Department of Defense (DoD). This requires DHS components to work independently with the FBI and DoD to integrate with each biometric system for access to data that assists in identifying and adjudicating subjects. The current IDENT system, although able to store multi‐modal biometrics, offers matching capability for fingerprints only, limiting operational components’ ability to implement the use of alternate biometrics that may better suit operational needs. Current DHS Component systems tend to be encounter‐based – instead of person‐centric – requiring biometrics collection processes to be repeated, rather than just verified. Connectivity for systems that collect biometrics in the field is inconsistent, often not allowing real‐time access to federal biometric databases. Further, existing biometric collection systems in the field are dated, many are at end‐of‐life, impacting the quality of the biometrics collected, which affects overall performance.

Current and prospective CIO’s should reread that paragraph. The future of identity management is large-scale, multimodal, interconnected and updated as soon as possible, and provides access to virtual and physical resources. The earliest adopter of large-scale biometrics is coming to grips with the challenges of biometrics 2.0. At SecurLinx, we have designed our technology and approach to help our customers cope with the dead-ends and cult-du-sacs associated with gradual adoption of new ID technologies and provide them the flexibility to take advantage of the opportunities afforded by emerging technology.

Large company CTO’s should read the DHS biometrics RFI

The Office of Biometric Identity Management (OBIM) of the Department of Homeland Security (DHS) stores and analyzes biometric data, digital fingerprints and photographs, and links that data with biographic information to identify/enroll identities and subsequently match or verify the established identities. OBIM is proactively addressing its next-generation architecture and capabilities for replacing the current biometric system. The vision for this activity represents a major investment to ensure that OBIM can continue to accommodate the expected growth of populations and new applications of multimodal biometric identity screening based on OBIM mission and our customers’ identity service needs.

Below are some of the things the government is interested in learning more about [warning: link downloads a .pdf file]. Reading through the items below, scalability, interoperability, accuracy and integration with other systems seem to be real priorities for DHS.

It’s also worth noting that while these issues have become pressing for this early adopter of large-scale biometric technologies, all large-scale biometrics deployments will have to meet some or all of these challenges eventually. Strategic planners in some of the larger organizations contemplating biometric solutions would be wise to consider the following as early in their development process as possible and to plan for the future.

A. Identity Deconfliction:
OBIM desires a system that has the ability to determine a person’s unique identity based on a combination of biometric and biographic traits and contextual data. Respondents should also detail the best approach to determine a level of confidence based on the combination of traits used in the identification, and should provide methods for continuous identity management, including enrollment of identities, splitting/merging of identities, and updating identity confidence levels based on new information.

B. Advanced Biometric Matching:
OBIM is requesting information on a system through the application of state- of-the-art techniques that can improve the accuracy and efficiency of its biometric services. Specifically, OBIM is interested in learning about:

1. Approaches and architectures for leveraging multiple biometric modalities in very large-scale systems to improve accuracy and identity assurance and to decrease failure-to-enroll rates. The provided information must address multimodal fusion techniques and include the known benefits and architectural limitations of such approaches.
2. Methods to reduce the computational requirements of biometric matching without decreasing accuracy. Examples of such techniques could include ways to decrease the need for full gallery searches (1:N), decrease the penetration rate of 1:N searches, and leverage multiple modalities to reduce computational intensity.
3. Approaches and architectures for decreasing operations and maintenance (O&M) costs for large-scale systems, including system virtualization, footprint, energy usage, and licensing costs.

C. Advanced Biographic Searching:
OBIM is requesting information on a system through the application of state- of-the-art techniques that can improve the accuracy and efficiency of its biographic pre-verify services. OBIM is interested in various approaches for using biographic information to assist in the deconfliction and disambiguation of identity information. The biographic information would typically contain various elements and combinations of biographic information, including name, birth date and location, gender, and citizenship. In particular, OBIM is interested in performance in terms of accuracy, speed, and other performance profiles and products in production or currently in technical readiness testing and evaluation to facilitate more 1:1 transactions.

D. High-Performance Transaction Processing:
OBIM requests information on the status, trends, and direction of large-scale biometric and biographic transaction processing systems and related technologies, including processing speeds and high-volume, high-reliability, and high- availability systems and architectures. Information should also be provided on demonstrated scalability and managing a high volume of transactions with varying response requirements.

E. Business Intelligence Capabilities:
Respondents should provide information on business intelligence architectures, techniques, and software where these capabilities provide better historical, current, and predictive analysis of available biometric and biographic information, including the analysis of both operational and content data.

F. Storage:
Respondents should provide information on current capabilities, trends and alternatives to store, index, and correlate structured and unstructured data in all formats regardless of type or size. In addition respondents should present their ability for organizing and retrieving large quantities of data and/or images (>109). This should also include hardware specifications. The Government is interested in industry’s experience and offerings for tiered and/or distributed storage and in minimizing processing and storage overhead, while maximizing input/output performance, the retrieval of data, application independence, portability, and data integrity.

G. Information Linking:
OBIM seeks information on the best methods and techniques to link data items to unique identities, and to maintain the linkage on an ongoing basis, including capturing additional links, removing links, and providing linkage information to stakeholders as permitted according to a predefined set of business rules. Linked information could be made available in a variety of ways, including publish/subscribe methods. It is assumed that the actual data would still reside in separate systems/databases within and outside DHS.

H. International Biometrics:
Respondents should provide information on developing an architecture capable of supporting and managing a federated international biometric and identity- verification schema with multiple stakeholders worldwide that ensures responsiveness while tailoring privacy, security, and person-centric data to individual stakeholder needs. An analogous business and technical construct might be the topology for international automated teller machines, banking, clearinghouses, and credit/debit cards.

US: DHS sets sights on new biometric database

At Planet Biometrics…

The US Department of Homeland Security’s Office of Biometric Identity Management will receive US$20 million in extra funding to keep its existing identification system operating while a new database is developed, a senior OBIM official confirmed to Planet Biometrics at the Global Identity Summit in Tampa.

The official confirmed that the new database is required because the 20-year-old system is currently dealing with 300,000 transactions a day (hitting a database of 173 million unique identities) in comparison to 220,000 (hitting a database of 150 million unique identities) a year ago.

A tipping point for DHS?

A tipping point for biometrics? (FCW)

In May, DHS issued a request for proposals to add facial, fingerprint and iris recognition capabilities to its ID system as part of a $102 million upgrade. The agency is seeking a new contractor to take over the ID management project currently overseen by XTec and establish a new biometric-based card system that complies with Homeland Security Presidential Directive 12 (HSPD-12). The contractor would replace 161,924 personal identity verification (PIV) cards by the end of 2013 and another 116,172 in 2014, DHS officials said.

According to the agency, the winning contractor would also install enrollment and issuance stations at as many as 300 DHS locations to manage at least 300,000 PIV cards. Those locations could include sites outside the United States.

Accenture Federal Services, Booz Allen Hamilton, Deloitte, General Dynamics Information Technology, Northrop Grumman, Science Applications International Corp. and Unisys have all expressed interest in the project.

US visa overstays: An ID problem or a management problem?

Everyone except the Department of Homeland Security (the US Congress apparently mandated a biometric exit logging system over a decade ago) seems to agree that a biometric check in/check out system is the way to go, but according to:

U.S. Struggles to Nab Visitors Who Overstay (Yahoo)

The department is no longer focused on implementing a biometric system, one relying on fingerprints or other unique personal markers, to make sure someone leaving the country is the same person who entered on a particular visa. Instead, the department has begun comparing lists of people with expired visas with lists of foreigners who depart through airports and seaports.

In order to be appropriately bewildered, one really must read the article in its entirety. For example: Among the reasons cited by the Secretary on behalf of the famously frugal DHS is that a biometric system would be “extraordinarily expensive.”

FBI, DHS team up to nab border intruders with iris biometrics

FBI and DHS team up to nab border intruders with iris biometrics (NextGov)

The FBI is partnering with the Homeland Security Department to identify border trespassers by exchanging digital eye scans of booked offenders, bureau officials said.

Iris recognition — which matches a digital image of the unique, colored portion of an individual’s eye against archived photos — quickly ensures authorities have fingered the right crook, advocates say. Critics say iris capture invades privacy and wrongfully pulls immigrants into the deportation system.

“Rapid” DNA: Not super rapid. Still really cool. More steak than sizzle.

FBI eager to embrace mobile ‘Rapid DNA’ testing (PC Advisor)

It’s been the FBI’s dream for years — to do near-instant DNA analysis using mobile equipment in the field — and now “Rapid DNA” gear is finally here.

Really!? Near instant? Mobile equipment? Are FBI agents are running around with hand held DNA devices that give instant feedback?

Not really.

According to the article, “…[T]he Rapid DNA device can spit out an individual’s DNA data within 90 minutes… measures about 27-by-24-by-16 inches, costs about $245,000.”

Compared to other biometric deployments, this isn’t particularly rapid or mobile.

Though I’ve made some sport with rapid DNA in the past, there are some applications where only DNA analysis will do and the applications that government bodies have in mind for “rapid DNA” don’t exactly lend themselves to breathless reporting or Gattaca* references.

First, the FBI wants faster and cheaper DNA analysis to help clear cold cases where the state possesses DNA evidence by comparing the DNA of arrestees with an evidence database.

We discussed this very point with Mike Kirkpatrick in a recent twitter Biometric Chat.

Q4: Then, if the Big Three of biometrics are Face, Finger/palm print & Iris – Where does DNA fit in?

A4: There’s an ongoing multi-agency effort on rapid DNA, which will put a “quick” DNA capability at the booking stations. We should see this in the market within the next couple of years. It’ll help solve alot of cases. DNA in many ways is the ultimate biometric but still has many privacy issues associated with it as well as the past relative slowness in getting results. It can prove someone innocent as easily as proving someone guilty, which is good as all in criminal justice should be searching for the truth. [ed. formatting edited to de-twitter the Q&A]

Then, there are other government ID applications where only DNA will suffice such as this one, having to do with immigration and whether certain individuals are related by family, described in a very interesting Computerworld article from about a year ago (blog post here).

One pent-up need for a rapid DNA analysis kit is coming for the Department of Homeland Security’s citizenship and emigration services, according to Christopher Miles, biometrics program manager at DHS.

The uncomfortable realization that the government might be wasting a huge amount of time reading fraudulent documents and listening to lies was a lesson learned a few years ago in trying to help refugees in Kenya that wanted to emigrate to the U.S. In that instance, the U.S. government took about 500 DNA samples, did a lab analysis to verify family relationships, and found out 80% were fraudulent, Miles said.

If all you have is a DNA database or if you need to find out if two people are related, DNA is the only biometric modality that can help. In these cases, and compared to what went before it: 90 minutes really is fast; $1,500 per transaction (a guess) really is cheap; and something the size of a microwave oven really is mobile.

*The article’s author, while suspected of the former, is innocent of the latter. As for Gattaca, I enjoyed the film but I can’t believe it was released fifteen years ago: October 24, 1997.

Biometrics Uncover 825,000 ID Inconsistencies in DHS Database

Fingerprint Records Reveal 825,000 Immigrants With Multiple Names (Mashable)

Many of the situations involved women who legally altered their names. “We found that nearly 400,000 records for women have different last names for the same first name, date of birth and [fingerprint identification number],” he wrote. “These instances are likely women who changed their names after a marriage.”

During the study, auditors examined records covering 1998 through 2011.

Most of the time, US-VISIT personnel try to resolve cases in which people who appear to be one and the same have different information listed in records, the auditors found. The researchers are not specifically targeting scams, Deffer explained. Accidental typos, the fact that various immigration-related agencies use incompatible data formats and other keying mistakes are factors they look for when probing mismatches. During the course of typical procedures, US-VISIT has picked up on only two instances of fraud, agency officials reported to the IG.

The enormity of the conflicting data, however, may obscure actual fraud. “These inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud,” he wrote.

As they grow and age databases can get really junked-up. Biometrics, in this case fingerprint biometrics, can be extremely helpful in maintaining their integrity. The database involved here is the on maintained by the US Department of Homeland Security US-VISIT program. It contains (wait for it) information, including a fingerprint, on all visitors to the US. The fingerprint has been the linchpin of the audit that discovered 825,000 database errors because it is the only  piece of truly unique and durable, personal information stored.

Before automated fingerprint ID systems (AFIS), combinations of data were used to reduce ID error rates to some reasonable approximation of zero. While names, birth dates, and other descriptors aren’t unique, multiplying them together works pretty well for a while. Working against this system are legal name changes and human typographical errors in data entry which have the database effect of creating a whole new person,  which runs counter to the reasons for keeping such a database in the first place.

See Biometric “Fix” Identity which takes on this issue from the angle of intentional fraud.

Why is the TWIC So Expensive?

TWIC Relief Proposal Unanimously Approved by Homeland Security Committee (TMCnet)

Over the past five years, roughly 2.1 million longshoremen, truckers, merchant mariners, and rail and vessel crew members have undergone extensive background checks and paid a $132.50 fee to obtain these cards. Unless Congress or the Administration acts, starting this October, workers would be required to go through the time and expense of renewing their TWICs. Compelling hardworking Americans to undertake the expense and hassle of renewing their cards is not justifiable given that the basic requirements for biometric readers to match these cards with the cardholders have not been issue by the Department of Homeland Security.

Five years on, the earliest Transportation Worker Identification Credentials (TWICs) will be expiring soon and renewing them isn’t cheap.

From TSA.gov:

The fee for a renewal TWIC (valid for 5 years) is the same amount as the initial enrollment fee, which is currently 129.75* since another security threat assessment will be performed and a credential issued those individuals who successfully undergo this assessment. Individuals also have the option to enroll with a comparable credential and pay a reduced fee. * Effective March 19, 2012, the enrollment cost was reduced from $132.50 to $129.75 due to a FBI fee decrease.

Transportation workers are peeved that they pay for an ID with all sorts of biometric technology bells and whistles while the ID management systems that they use daily don’t take advantage of the card’s capabilities.

But the TWIC is expensive for reasons other than biometric enrollment. The TWIC applicant must provide: biographic information, identity documents, biometric information (fingerprints), a digital photograph and pay the fee. A TSA employee has to go through all this stuff.

Then, the TSA conducts a security threat assessment on the TWIC applicant sending pertinent parts of the enrollment record to the FBI and the Department of Homeland Security (DHS) so that appropriate terrorist threat, criminal history, and immigration checks can be performed.

This, to say the least, is not a cheap process and my guess is that the labor costs, not technology cost, of issuing a TWIC accounts for a huge proportion of the total. The opportunity cost inflicted on the applicant also seems pretty high (i.e. getting a TWIC is a major annoyance).

So then, what of the Homeland Security Committee desire to remove the TWIC renewal requirement? I guess that depends upon why it was originally determined that the TWIC should be renewed every five years.

According to the TSA: “The renewal process consists of the same steps as the original enrollment process (optional pre-enrollment, in-person enrollment, and card activation.) These steps are required since a security threat assessment is required on all applicants, confirming they still meet eligibility requirements” (emph. mine).

If the cards are expensive because the processing costs are high and background checks are expensive. Are the costs unacceptably high? Is $26 per year too expensive? How much does it cost other entities (FBI, military) to keep ID’s current? Who should pay: the worker, their employer, the government, or some combination of the three?