Law enforcement interoperability
Law enforcement, NIST making fingerprint files easier to search (GCN)
Not all AFIS are alike, however. State and local agencies often maintain their own databases, and although there can be some interoperability in a vertical hierarchy of local, state and federal databases, there is very little interoperability horizontally between neighboring jurisdictions. To search different databases, examiners must mark distinctive features for fingerprints manually for different systems, using different coding, notation methods and data definitions.
The con is mightier than the hack
‘If you stopped 10 people in the street with an appropriate story you’d get one or two to give their passwords up.’ Be afraid, very afraid (The Examiner – Tasmania)
Brazilian ghost doctors have rubber fingers
Note: all links in this post go to Portuguese language sources. Translations are a collaboration between Google and me.
My brother in São Paulo tipped me off to a rubber finger scandal in the Greater S.P. health service.
Doctor busted in SP for falsifying colleagues fingerprints with silicone (Floha de S. Paulo – Portuguese)
A doctor was arrested red-handed on Sunday, March 10 for using silicone fingers to fake the fingerprints use to mark the attendance of colleagues. She and the other doctors are employees of Samu Service (Emergency Medical Care) for Ferraz de Vasconcelos, in Greater São Paulo.
According to police, Thauane Nunes Ferreira, 28, registered the attendance of 11 doctors and 20 nurses. She told police she practiced the irregularity because she was coerced by her boss.
Greater SP: Doctors suspected of faking attendance are removed (Floha de S. Paulo – Portuguese)
Six Samu Service (Emergency Medical Care) doctors in Ferraz de Vasconcelos, Greater São Paulo, paid R$ 4,800 [ed. $2,450 US] to the coordinator of the service in the city, Jorge Luiz Cury, in order to avoid working four 24-hours shifts per month for which they were paid, City Hall says. Police are investigating the case. The city pulled the servers allegedly involved in the fraud.
The day before yesterday [ed. see above], when the scheme was discovered, doctor Thauane Nunes Ferreira, 28, was arrested in the act of using mock fingers with silicone fingerprints to mark the attendance of six colleagues.
Where they have been adopted, biometrics have made ghostbusting easier. In this case, with time-and-attendance biometrics deployed someone had to create and use 31 rubber fingers (pictured at both links above). That draws attention. Without biometrics, scaling up the time-and-attendance fraud while decreasing the risk of detection would have been much easier. If this allegedly corrupt boss was willing to go up to at least 31 rubber fingers, how many paper employees would he have tried?
According to Wikipedia, Ferraz de Vasconcelos, where the fraud took place, is second-poorest of Greater São Paulo’s 39 municipalities. Congratulations to all involved for stopping this instance of the corrupt stealing resources meant to provide health care to people far less fortunate than the doctors and administrators involved.
UPDATE:
[Via] Drudge and the BBC are now on the story. If you didn’t want to wade through the Portuguese pieces linked above, you may be interested in these.
UPDATE II:
Upon closer examination of the the photos of the fake fingers used, another thought comes to mind. It certainly appears as though the fake fingers were created with the participation of their owners, making them evidence for the prosecution that they were complicit in the fraud. As it is, the fake fingers used in the fraud come from a variety of live finger models. In the two examples pictured below, the one on the left appears to belong to a male and the one on the right appears to belong to a female. If the counterfeiter wasn’t working from live models, there would be no reason to add a fingernail to the back of the fake finger.
 |
| Image edited from original photo at Folha de S. Paulo |
Had the doctors’ prints been somehow lifted via subterfuge and placed onto a silicone finger without their knowledge, we might expect all of the fake fingers to look very similar as the finger counterfeiter might have used his own finger as a model and simply placed the doctors’ prints on it. Alternatively, as with The Old Gummi Bear Trick, the item bearing the fingerprints needn’t look much like a finger at all.
Without biometrics (and with a more careful set of individuals), it might have been very difficult to prove that the doctors involved weren’t just victims of identity theft by a corrupt official. With the evidence on hand (!) it should be a simple matter to determine if the fake fingers match those of the ghost doctors.
A larger question is whether this story argues for or against the adoption of biometric systems for time-and-attendance. Nobody should claim that biometrics or any other security or ID management measure is perfect and infallible. Nothing is infallible. In this case, however, it appears that having a biometric rather than a paper-based time-and-attendance system increased the costs and complexity of committing the fraud. It made executing its daily function (clocking in) more difficult to do without being noticed. And (at least in this case) it forced those complicit in the scheme to create pretty significant evidence of their involvement.
As a manager or law enforcement official, which case would you rather prosecute: one with rubber fingers or one with only a paper trail?
Note: This post has undergone a few revisions for the purposes of updating the post, correcting typographical or grammatical errors and to add clarity.
New Dell tablet appears to have a static fingerprint reader
Judging by one of the photos accompanying this item at GottaBeMobile.com, the new Dell Latitude 10 tablet incorporates a static fingerprint reader on the back.
The “static” part of static fingerprint reader refers to the finger as the user interacts with the hardware. With a static reader the finger is held stationary against the sensor. The swipe reader requires the user to drag a finger across the sensor. Though the software behind the swipe reader sensor has improved over time, I’ve found the swipe sensors more difficult to use than static sensors. Nevertheless, probably due to cost considerations and the availability of real estate available for situating the sensor hardware, the swipe fingerprint readers were preferred by the first generation of hardware manufacturers to incorporate fingerprint sensors into mobile devices like laptops and mobile phones.
So, it seems like some combination of the following statements must be true:
-The hardware cost of the static sensors, compared to swipe sensors, has come down*;
-The static reader hardware has gotten smaller;
-The market demand for fingerprint biometrics on mobile hardware has risen;
-And I’m not the only one who prefers using static readers.
Another observation:
It’s difficult to tell from the photo, but the fingerprint reader still looks awfully small — roughly the size of the cell phone camera also visible in the image.
Here’s a good static vs. swipe summary.
*To keep this apples to apples we’re going to leave optical scanners out of this discussion altogether.
Ukraine mulls biometric voter verification for Members of Parliament
UDAR suggests taking fingerprints of MPs (forUm) “A new voting system, which reads fingerprints of MPs must be introduced in the Parliament, deputy leader of the UDAR Party faction Vitali Kovalchuk said on the sidelines of the Verkhovna Rada, ForUm correspondent reports.”
Piecing this together from a couple of places at http://en.for-ua.com. The main story linked above is very short. There is also a photo gallery of the event where the press was invited to witness “the working of the voting system ‘Rada-4′”.
I took the above photo from that gallery. Is that an optical fingerprint reader illuminating the hand in the photo?
If so, and I realize I’m piling speculation atop a mere suggestion, it would mark an interesting development in the administration of legislative bodies.
The São Paulo City Council instituted a biometric time and attendance system, but I’m not aware of a biometric system used in a legislative body to ensure that the person casting a vote is a member and that the member in question isn’t going around to all the empty desks and voting in the place of his absent colleagues.
Pakistan may require a fingerprint check to purchase a cell phone
Pakistan is considering requiring a fingerprint check as part of the process of purchasing a SIM (Subscriber Identity Module) card as a way of more definitively tying mobile phones to their purchasers.
Nigeria implemented a similar system beginning in 2010.
There are several reasons that countries would want to do this, most related to making it easier (or even possible) to investigate crime. Mobile phones are critically important tools in such criminal enterprises as ransoming kidnapping victims and organized robbery. Terrorists depend upon mobile phones both for communication and to detonate explosive devices.
Tele-operators briefed on biometric system (The Nation)
“NADRA being the sole custodian of biometrics of over 96 percent total population of the country, has offered the biometric solution in the wake of Interior Ministry’s grave security concerns over the use of cellular devices in terrorist plots,” the spokesperson said. It should be noted that on December 1, 2012, the Prime Minister, after taking notice of insecure sales mechanism for issuance of SIMs, directed all telecom companies to employ biometric verification for SIMs issuance within two months’ time.
Biometrically enabled encrypted external hard drive.
Pretty Sweet (Softpedia)
 |
| Click here for story at Softpedia.com |
Industry report on fingerprint biometrics
Growing Security Concerns to Drive Global Market for Fingerprint Biometrics, According to New Report by Global Industry Analysts, Inc. (Press Release via Yahoo)
The ever present threat of security concerns like terrorist attacks, campus violence, random shootouts, burglary and physical assaults, will continue to offer a steady flow of opportunities for the conventional AFIS fingerprint biometrics by way of government compulsions in investing to beefing up security infrastructure. Non-AFIS Fingerprint Biometrics in m-commerce applications is forecast to drive strong gains in the market.
Advancements in technology, increasing accuracy and performance levels, reducing complexity and declining prices, are key factors responsible for expanding the application possibilities of fingerprint identification technologies beyond the government sector. Fingerprint identification systems are already being deployed in enterprises, particularly in large organizations with huge number of employees and continuous flow of visitors. Companies engaged in processing of sensitive information such as banking and financial institutions and research laboratories are also using fingerprint identification recognition extensively for monitoring visitor and employee movements. Non-AFIS fingerprint scanners are especially finding increased adoption in the business segment. Government regulations mandating stringent security measures for key commercial centers such as office buildings, malls, hospitality and healthcare facilities will also add to the market demand.
More interesting findings at the link, including falling costs for silicon based fingerprint sensors, which are small enough to be useful on mobile devices (laptops & hand-helds) but have been much more expensive than optical fingerprint readers.
India: Biometric system discovers ghost residents and diners in student dwellings
Biometric system in Karnataka hostels busts scam (DNA India)
Thanks to the installation of biometric machines at hostels run by the social welfare department, a scam involving officials of the department in collusion with contractors has been exposed.
The department, which had installed biometric systems (thumb impression devices) at 280 hostels in various parts of the state, found that only 35% of the students were actually staying in these hostels.
However, officials were found creating false bills for the supply of food items in nexus with contractors, claiming that all the students were residing in the hostels. The state government, waking up to the situation, has now decided to install biometric systems in all 4,144 hostels in the State.
More at the link.
Erroneous prisoner release due to “out of order” biometric hardware, Detroit edition
How can the Wayne County jail be overcrowded if beds are empty? (My Fox Detroit)
And last week’s boner. Rocky Marquez, a fugitive found in Detroit with a loaded assault rifle, escaped from county lockup by switching identity with another inmate. How did that happen? The fingerprint identification machine was out of order.
“That is the most basic tool in the world to be able to verify a man’s identity biometrically by his fingerprint. We don’t have it,” said a person who didn’t want to be identified.
“It is a critical piece of equipment that needs to be fixed and we will get it fixed,” Napoleon said.
Canada: Details on new biometric policies for certain visas
Canada to begin collecting biometric data from certain foreign nationals (International Law Office)
From 2013 temporary resident visa, study permit and work permit applicants from certain visa-required countries and territories seeking to enter Canada will be required to have their biometric information (ie, fingerprints and photograph) collected overseas before arriving in Canada. Canadian citizens and permanent residents will not be subject to the proposed regulations.
Fingerprints collected abroad will be sent to the Royal Canadian Mounted Police for storage and will be checked against the fingerprint records of refugee claimants, previous deportees, persons with Canadian criminal records and previous temporary resident applicants before a visa decision is made. The biometric identity established abroad will then be checked by a Canada Border Services Agency (CBSA) officer at a Canadian port of entry when the temporary resident applies for admission to Canada.
Much more: which countries; what types of visa; and implementation dates at the link.
A couple of municipal fingerprint time-and-attendance deployments going badly
INDIA: SDMC staff misusing biometric attendance system (Jagran Post)
According to the sources, most of the Municipal Corporation staff has given their fake thumb impressions to their colleagues who mark their attendance in their absence. Some workers raised the issue before the higher authorities but all the efforts went in vain.
SOUTH AFRICA: Council pays for unused system (Independent Online)
The costs are mounting, yet an electronic time management system installed to provide efficiency and control in the Hibiscus Coast municipality, almost three years ago, has still not been used. The biometric system which reads the fingerprints of workers to record what time they start and finish, was supposed to replace the current manual attendance register.
A lot of biometric ID management installations come down to managerial, rather than technical, challenges. This is especially true for biometric time-and-attendance systems.
Technically, biometric time-and-attendance systems are pretty straightforward but they can’t manage a business all by themselves. An organization that wants to maximize its Return on Investment in biometric ID management systems, will view the technology as a tool supporting able managers, not as a substitute for managerial skill.
For similar thoughts and other examples, see:
Business Management & Biometric Time-and-Attendance (I took the two paragraphs just above from this one);
UK pays £22.5 million for ‘questionable’ Democratic Republic of Congo election; and
Technology and Management working together can help improve public payments system
IAFIS: Biometrics ID some rough customers crossing the New Mexico border
New Mexico border agents arrest 2 convicted murderers; seize pot (Las Curces Sun-News)
On Saturday agents assigned to the Lordsburg station encountered a group of people who illegally entered the United States. Biometric information was submitted into the Integrated Automated Identification System (IAFIS), which revealed that one subject, later identified as 40-year old Inocencio Noveron Sostenes from Mexico, was convicted of murder in 2004, and served several years in prison. The subject will be criminally prosecuted on a prior order of removal and returned back to Mexico after re-instatement.
The following day, agents assigned to the Interstate 10 checkpoint west of Las Cruces encountered a Jamaican national traveling in a rental vehicle to Los Angeles. The subject’s biometric information was submitted into the IAFIS Data Base. It revealed 44-year-old Sirano Thompson had an extensive criminal history to include, but not limited to, a conviction for attempted first degree murder in Florida.
Droid Hamsters!
SecuGen Corporation announces Android compatibility of SecuGen Hamster Fingerprint Readers (Press Release via California News Wire)
SecuGen’s soon-to-be released SDK for Android will allow developers to create mobile applications secured by a user’s fingerprint. This SDK for Android will incorporate SecuGen’s MINEX certified, FIPS 201/PIV-compliant fingerprint template extraction and matching algorithms. The SDK will also include drivers and APIs for image capture and processing of fingerprints scanned by the Hamster Plus and Hamster IV readers as well as the iD-USB SC and the iD-USB SC/PIV fingerprint and smartcard combination devices. SecuGen’s biometric products are widely recognized for being rugged, accurate, and affordable and are sold through reseller partners worldwide.
India: UID going multi-modal
Iris scan to add layer to Aadhaar authentication (Business Standard)
Iris One of the biggest purported flaws of the Unique Identification Authority of India (UIDAI)’s Aadhaar programme was the risk of deterioration of beneficiaries’ fingerprint quality, especially given the country’s large farm worker population, among the main target groups.
But, almost in sync with the government’s plan of rolling out the ambitious direct benefits transfer (DBT) scheme nationwide, starting with 20 districts from January 1, the UIDAI is finishing work on introducing iris-based authentication in the first quarter of 2013, said a senior UIDAI official.
Fingerprint sensors market $255 million by 2018
Global fingerprint sensors market the most popular form of biometric technology — The global fingerprint sensors market has been forecast to hit a value of US$255 million by 2018, driven by technological advancements and growth in several Internet applications. Social networks’ demand for a robust mechanism for securing the digital identity of users represents another important growth driver. (Companies & Markets)
Ghana announces steps toward fingerprint passports
Biometric Passport Project Launched (Ghana.gov)
The Biometric Passport – This passport captures a holder’s facial features especially the iris as well as biometric data of finger-prints which link the holder to the passport. The mode of application and acquisition is that the owner’s biometric data is initially covered and later verified to ensure the right ownership on delivery. Biometric data of finger-prints, eyes and hand geometry are scientifically person-specific and scarcely vary in the life time of individual human beings.
United States: Happy Election Day!
Today is Election Day in the United States and — as I was reminded upon pulling in at our nearly-empty local parking garage — it’s a state holiday here in the State of West Virginia and also in Delaware, Hawaii, Kentucky, Montana, New Jersey, New York, Ohio, and the territory of Puerto Rico.
While most of us, if we live in a representative democracy, think about election day as happening every so often. Other people are always thinking about elections, not from a partisan or even a political perspective but from the technical and scientific aspects of how to engineer better electoral mechanisms.
The E-Lected blog is the work of one group of people answering the description above. They do good work. Check them out by clicking their logo below.
Today they have a timely contribution: Technological solutions to the problems of voter authentication. The closing paragraph is quoted below but it’s well worth reading the whole thing, and if you’re interested in nuts-and-bolts electoral issues, e-lected is worth a regular visit.
As a blog advocating for the implementation of the electronic technologies to strengthen modern democracies, we are convinced that, if a polling station has a reliable electronic poll book with a robust database which includes biographic and biometric information of every eligible voter in, and the voters are authenticated by means of a fingerprint-based biometric device, both problems can be solved and election integrity and legitimacy guaranteed.