Our own Ron Kaczorowski has an essay up at Longwoods.com.
Thesis:
“In healthcare, delivering value – measured by client-centric outcomes for dollars spent – is a constant and dynamic challenge. For those vendors who focus on the healthcare market, and who strive for sustainable success, their strategies and programs must appeal to a diverse stakeholder community – healthcare providers, payors, policy makers and, most importantly, patients.”
How one health system saves $90,000 per patient (Healthcare IT News)
NAH [Northern Arizona Healthcare] saw hospitalizations drop from 3.26 mean per patient to 1.82 and days hospitalized drop from 13.98 mean per patient to 5.13 and, based on the health system’s data about the first 50 patients six months prior to enrollment and six months after enrollment, that added up to savings of approximately $92,000 per patient.
The “biometrics” discussed in the article aren’t biometrics for identification, but ID biometrics will certainly be a part of the picture as these kinds of technologies are adopted more widely.
Column: Why fingerprints, other biometrics don’t work (USA Today)
The Apple announcement has pushed interest in biometrics to new heights and we couldn’t be happier. It has also given renewed attention to those who are sceptical, or even hostile to the technology. I won’t go so far as to point fingers (rubber, gummi, or otherwise) at the sources for the articles out there because they usually bring up valid points and treat the subjects in which they are interested in a holistic manner. That sometimes gets lost in journalistic translation.
Other times the breakdown happens between reporters and headline writers (see: iPhone 5S: Thieves may mutilate owners in bid to gain access to fingerprint-reading handsets, expert warns).
Concerns about biometric revocability, secrecy, and how accuracy changes with database size are valid. Unsurprisingly people interested in biometrics have been dealing with these issues for as long as biometric technologies have existed. The existence of those challenges, however, does not justify the assertion that “biometrics don’t work.” Subjected to the same standards, no security measure works. ID cards don’t work. Passwords don’t work. House keys don’t work. Police departments don’t work. Security guards don’t work.
ID and security isn’t about perfect. It’s about return on investment, or cost-benefit analysis if you prefer. We’ve covered the subject from various angles over the last few years. The piece linked below is as good a place to start as any for interested readers.
Please see:
Biometrics & ID infrastructure: Perfect is the enemy of good
Readying Iris Recognition for Prime Time (Bank INfo Security)
Federal researchers have reconfirmed the reliability of the iris as an authentication factor. But we’re at least three years away from using iris scanning as an advanced method of user authentication for IT systems.
What’s holding back iris recognition as an authentication tool to access information on IT systems? Several experts I spoke with this week narrowed the reasons to three: size, cost and culture.
Stay tuned on all three. Size and cost are coming down. Culture is less predictable. Could ROI be a useful proxy? The article gets to this question eventually. Read the whole thing.
Almost 80,000 voted by face-only verification – Afari – Gyan (Ghana Web)
The Chairman of the Electoral Commission (EC), Dr. Kwadwo Afari-Gyan on Thursday May 30, 2013, told the Supreme Court in the election petition trial that there were close to 80, 000 voters who were designated as ‘Face-Only’ (FO) voters because the biometric registration machines failed to capture their finger prints during the registration exercise.
…
Explaining himself further in Court on Thursday, at the start of his evidence-in-chief for the second respondent, Dr. Afari Gyan said among those classified as FO voters were eligible voters who had suffered “permanent trauma” and “temporary trauma”.He explained permanent trauma to mean voters who had no fingers at all for which reason their fingerprints could not have been captured by the biometric verification machine.
Temporary trauma sufferers, according to Dr. Afari-Gyan, were those who had fingers alright, but nonetheless did not have fingerprints to have been captured by the machine.
He said those two categories of voters were captured in the register as people who could only be identified by their faces before voting since their fingerprints could not be captured by the biometric verification equipment.
Any identification system has to plan for exceptions. This is true whether the ID measure in place is a metal key, an ID card, a PIN, a fingerprint or any combination of ID technologies.
A Ghana Web article on exception planning published in early 2012 is here, so the subject of unverifiable biometrics isn’t a surprise.
Instead, let’s deal with the numbers.
According to the article quoted above 80,000 (and that seems to be an upper bound rather than a firm total) voters were given blank ballots without fingerprint ID verification. Some portion of that number would have been definitively established during the voter registration process as people missing hands and fingers as they completed the voter registration process.
The image below (also from Ghana Web) shows candidates, percentage of votes received, and. more importantly for our purposes, raw vote total:
The combined number of votes in parentheses below each candidate’s name comes to 10,995,262. Eighty thousand votes represents 0.73% of the almost eleven million votes cast. The margin of victory between the top two vote-getters was 325,863 votes and they were separated by 2.96% of the total vote.
As far as elections go, having the margin of error less than the margin of victory is a good thing. In this case 0.73% < 2.96% means that the 80,000 unverified votes could not have affected who received the most votes.
Moreover, no one yet asserts that votes cast without fingerprint biometric verification could have favored any one candidate either because there was a systematic attempt to circumvent the biometric verification for fraudulent purposes or because of a geographic disparity in the 80,000 (maximum) exceptions that might have favored one candidate over another.
The bigger story appears to be:
99.27% of the votes in the recent election were cast by biometrically verified legitimate voters.
The last time there was a presidential election, that number was zero and given increased familiarity with the technology and expected improvements in both biometric hardware and software, expect that 99.27% number to increase for the next election.
Ghana, and other countries contemplating fully biometric elections should be heartened by these results.
Roughly one-third of the surveyed companies from the financial sector do not measure return-on-investment (ROI) on their physical security investments. Security of data, assets, clients, and employees is top priority; thus, ROI measurement is sometimes not a neccessity. In cases for which ROI is measured, it is typically done via indirect measures (e.g., general increase of safety), and generally managers do not employ quantitative indices.
CLEAR Speeds Millionth Traveler Through Airport Security (Press release via PR Web)
Certified by the Department of Homeland Security as Qualified Anti-Terrorism Technology, CLEAR transforms the travel experience by allowing members to use their biometrics (fingerprint or iris) to speed through security at major US airports.
“We estimate that CLEAR members have saved over 30 million minutes that would have been spent waiting in line at airport security,” said Allison Romano, Director of Member Services. “The predictability of CLEAR is crucial for our members. Since 42% of members travel at least once per month, 15% travel once per week, and 50% travel during peak hours, CLEAR has a significant impact on their travel experience. That means more time living and less time waiting.”
Top 5 Reasons Businesses Increasingly Switching To Biometrics (Minute Hound Press Release via San Francisco Gate)
The press release extols the virtues of Minute Hound’s solution but the bullet points covered in it are relevant to any discussion of biometrics for time-and-attendance and ROI.
Notice, they don’t claim perfection, just improvement – the true standard of ROI.
Britain’s passport and ID service seeks facial recog tech suppliers (The Register)
The Home Office plans to spend up to £16m on facial recognition technology for the Identity and Passport Service.
A tender notice in the European Union’s Official Journal (OJEU) popped up this week that showed that Theresa May’s department was now on the hunt for providers of a Facial Recognition Engine and a Facial Recognition Workflow for the IPS.
The article then proceeds to a brief discussion of the pros and cons of the tender. The pros follow the benefits of a facial database search before issuing new photo ID documents (click for a good example). In this case the ID documents are British passports. The cons presented in the article come in two flavors, price and performance.
The money issues are common to any governmental expenditure.
The performance issue in the article that I want to address is “false reject rate.” The false reject rate of a facial recognition system in the case at hand should be taken apart and put into two categories. The first category is the performance of the core face-matching technology, the second category is the performance of the entire Home Office organization.
What constitutes a “false reject” in the core technological sense is any “match” made by the face recognition system between a submitted image and the images in the searchable database that turns out to be an incorrect/inaccurate match. In other words, “matches” that aren’t real matches are false rejects.
But in this case, the Home Office is ultimately judged, by how many bad passports it issues (false accept), not by the perfection of one mechanism in a rigorous process by which the organization arrives at its go/no-go decision. After all, if my name is John Smith and I submit my passport application to the Home Office, they will probably search their databases for “John Smith.” If they find several, does that constitute an automatic false reject? Does that mean I can’t get a passport? Of course not. Someone will look at the list of John Smith’s to see if I’m pretending to be someone else with the same name.
Here, facial recognition is used to add an image capability to go along with the search the Home Office already does with new passport applications. It is not an automated decision-making engine. Even though facial recognition systems at very large scales or in chaotic environments are very difficult to automate, they can be extremely useful investigative tools for trained users.
Humans are pretty good at matching faces with small data sets. The processes people use to identify other people with high confidence levels are extremely complex and may take into account all sorts of information that facial recognition software doesn’t. People, however, aren’t very good at identity management among large numbers of people they don’t know.
In biometrics, the software takes in a mere fraction of the information people use. It doesn’t make any inference about it, and it does its job extremely quickly by treating the problem in a way that closely resembles Nikola Tesla’s famous critique of Thomas Edison: “If Edison had a needle to find in a haystack, he would proceed at once with the diligence of the bee to examine straw after straw until he found the object of his search.”
When dealing with people we don’t know, humans are relegated to the needle-in-the-haystack process and unfortunately, they do it so slowly as to make it impractical with large data sets. Even if you believe that computers running facial recognition software aren’t very good at recognizing people, they’re way better at dealing with the problem of large populations than people are.
The assumption buried in the “false reject” critique for this face-rec application is that narrowing a list of 300,000 down to ten possible matches represents 9 failures. More accurately, because pre-face-rec no image-based comparison is being conducted at all, it represents 299,991 successes
When biometric software is used to sort a large population according to the probability of a match, then to present the list of top candidates to a person trained to detect fraudulent passport applications, the result is a fraud-detecting capability that did not exist before. So, even though facial recognition software by itself may have a “false reject” rate, it does not operate in a vacuum and will almost certainly help the organization as a whole reduce the inappropriate issuance of passports, i.e. its “false accept” rate
So we finally arrive where we should have been attempting to go all along — Return on Investment (ROI). ROI can be hard to calculate in security applications. It can also be hard to calculate for government expenditures, but ROI is where the rubber meets the road. The proposition does not turn on whether facial recognition can dictate to human beings whether or not to issue a passport. It can’t, and even if it could, most people would probably be uncomfortable giving up their right to appeal to a person in a decision-making capacity. Facial recognition can certainly help people make better decisions, though, and biometrics and ID are ultimately all about people.
Security Concerns No Longer Drive Biometric Technologies (AFCEA) — “We’re looking at this change from a security focus to a convenience, automation and cost-savings focus. That’s driving the market today. Commercial organizations will drive the market for the next 10 years,” Potter stated.
No good work whatever can be perfect, and the demand for perfection is always a sign of a misunderstanding of the ends of art.
—John Ruskin
Everybody knows that there’s nothing perfect in this world, yet plenty that is imperfect also happens to be very useful.
Identity management is one of these. Conducted by people to account for people, with human beings on both sides of the equation, perfection is out of the question. Only someone who misunderstands the ends of the art of ID can reject a certain solution because it falls short of perfection.
Is using a name to identify a person perfect?
Some people can’t speak. Some people can’t hear. Some people can’t read. Some can’t write. Many people share the same name.
A token?
Tokens are lost, stolen, counterfeited.
Maybe a photo then?
Some people can’t see.
Fingerprints, then?
Some people don’t have hands, at all.
Iris?
Some people don’t have eyes.
People cope with imperfection in all aspects of their lives including identity management. Planning for exceptions to the routine ID management transaction is something all existing ID management systems already do. Biometrically enabled ID management systems are no different.
None of the above ID techniques is perfect yet (especially when combined) they are all useful. In this context, a proper understanding of Ruskin’s “ends of art” is Return on Investment, not perfection. The economic value of something does not lie in its perfection. It lies in its ability to help improve things by a measure exceeding the sum of its costs.
What distinguishes biometric systems from earlier ID management techniques, especially in the development context, is that they are an extremely effective and affordable means of establishing a unique identity for individuals among populations that have not been highly organized in the past.
Low access to education? High illiteracy? Poor birth records? Highly transient populations? Recent wars left high numbers of orphans or displaced people? New democracy? For countries answering “yes” to any of these or other similar questions, biometric systems are about the only economically viable choice for developing the ID infrastructure that people who can already verify their identity take for granted.
Additionally, when compared to the investments made by the powers of the Industrial Age to develop their ID management systems — investments still out of reach for the governments of billions of people — biometrics while cheaper, seem capable of outperforming Industrial Age systems. We know this because existing systems using the best Industrial Age techniques have been audited using biometrics. When the older systems are audited with biometric techniques all sorts of errors and inconsistencies are discovered, errors whose numbers would have been reduced significantly, had biometrics been used in the creation of new profiles in the relevant ID systems.
Direct benefit transfer: Not a panacea, but a likely game changer (VC Circle)
Here’s the conclusion:
Yet, the basic idea of providing entitlement benefits directly to the beneficiary bank account through technologically superior, cheaper and more efficient distribution channels can hardly be questioned. The process is likely to have large positive macroeconomic externalities. Unfortunately, rather than deliberating on the larger issues, the ongoing debate on DBT is getting bogged down in the discussion of ulterior motives, teething and implementation concerns and thereby missing the wood for the trees.
I’d emphasize “cheaper”. The discussion of the macroeconomic externalities is something you don’t see too much of when UID is discussed.
This is one of those times where the temptation to just poach the whole article is strong. Click through and read the whole thing. There’s not a wasted paragraph among the eight in this compact and thoughtful piece.
[ed. This post reflects a substantial rewrite of an earlier post of January 24, 2013: Not the bee’s knees]
Every once in a while a version of the following paragraph finds itself in the news…
Biometrics Using Internal Body Parts: Knobbly Knees in Competition With Fingerprints (Science Daily)
Forget digital fingerprints, iris recognition and voice identification, the next big thing in biometrics could be your knobbly knees. Just as a fingerprints and other body parts are unique to us as individuals and so can be used to prove who we are, so too are our kneecaps. Computer scientist Lior Shamir of Lawrence Technological University in Southfield, Michigan, has now demonstrated how a knee scan could be used to single us out.
Forget digital fingerprints, iris recognition and voice identification, the next big thing in biometrics could be your ______________.
Heartbeat?
Rear-end?
Ear?
Bone structure or electric conductivity?
Footsteps?
Nose? (ed. Link added later. I forgot about that one.)
Body odor?
Brain prints?
Lip movements?
Kneecap?
While I suspect that any definable aspect of the human anatomy could be used as a biometric identifier — in instances where teeth are all that is known about an individual, they are used for high confidence identification — I’m afraid that, for the foreseeable future, the cards are stacked against any new biometric modality catching on in any big way.
The reasons for this are both scientific (research based) and economic (market based).
On the science side, a good biometric modality must be: unique, durable, and easily measurable. If any of these are missing, widespread use for ID management isn’t in the cards. If something is unique and durable but isn’t easily measurable, it can still be useful but it isn’t going to become ubiquitous in automated (or semi-automated) technology. Teeth and DNA fit this model. Teeth have been used to determine the identity of dead bodies with a high degree of certainty for a long time, but we aren’t going to be biting any sensors to get into our computers any time soon — or ever. Likewise with DNA.
There is also the challenge of proving that a modality is in fact unique, durable and easily measurable which requires a whole lot of experimental data and (especially regarding uniqueness) a healthy dose of statistical analysis. I’m no statistician, and from what I understand, the statistical rules for proving biometric uniqueness aren’t fully developed yet anyway, so let’s just leave things in layman’s terms and say that if you’re wanting to invent a new biometric modality and someone asks you how big a data set of samples of the relevant body part you need, your best answer is “how many can you get me?”
In order to ascertain uniqueness you need samples from as many different people as you can get. For durability you need biometric samples for the same person taken over a period of time and multiplied by a lot of people.
Ease of measure is more experiential and will be discovered during the experimentation process. The scientists charged with collecting the samples from real people will quickly get a feel for the likelihood that people would adapt to a given ID protocol.
For two common biometric modalities, face and fingerprint, huge data repositories have existed since well before there was any such thing as a biometric algorithm. Jails (among others) had been collecting this information for a hundred years and the nature of the jail business means you’ll get several samples from the same subject often enough to test durability, too, over their criminal life. For face, other records such as school year books exist and were readily available to researchers who sought to test the uniqueness and durability of the human face.
The first hurdle for a novel biometric modality is the competition for the attention of scientists and researchers. Getting the attention of science and technology journalists by making a pronouncement that the space between the shoulder blades is the next big thing in biometrics is one thing. Getting academic peers to dedicate the time and research dollars to building the huge database of interscapular scans required for algorithm development is quite another. Any new modality has to offer out-sized advantages over established modaities in order to justify the R&D outlay required to “catch up”. This is highly unlikely.
On the market side, in order to displace established (finger/hand and face/eye) biometric modalities in wide scale deployments, the academic work must be complete and the new technology must produce a return on investment (ROI) in excess of that offered by existing technologies designed to accomplish the same function.
That’s not to say that modalities that didn’t have the advantage of a 100 year head start on data collection are impossible to bring to market. Iris, voice, and the vascular biometrics of the hand (palm, finger) have joined face and fingerprint biometrics in achieving commercial viability despite the lack of historic data repositories. But there were several things recommending them. They either occupy prime real estate on the head and the end of the arm (Iris, vein) making them easy to get at, or they are the only biometric that can be used over a ubiquitous infrastructure that simply isn’t going anywhere (voice/phone), or they offer advantages over similar established modalities. With hand vascular biometrics: they’re harder to spoof than fingerprints; no latency; avoidance of the “fingerprinting = criminality” stigma; can work with gloves; users can avoid touching the sensor, etc. With iris: harder to copy than the face; harder to spoof; easier to measure than retina vasculation; and extremely low/no latency. Yet even despite gaining the required academic attention, iris and voice have had great difficulty overcoming the market (ROI) hurdle, which brings us back to knees.
Is there any database of kneecaps of significant size to allow researchers to skip the time-consuming task of building such a database themselves reducing the cost of development? Is there any deeply embedded ubiquitous infrastructure that is already an ideally suited knee-sensor? Is there any objection to modalities that have a head start on knees that knee biometrics would overcome? Is there any conceivable, repeatable, scalable deployment where a potential end user could save a whole lot of money by being able to identify people by their knees? I’m at a loss but these are exactly the kind of questions any new biometric modality must be able to answer in the affirmative in order to have any hope for wide-scale deployment.
So, it’s pretty clear that knee biometrics are not something the average person will ever come into contact. Does that mean there is no value in exploring the idea of the kneecap as a feature of the human anatomy capable of being used to uniquely identify an individual? Not necessarily.
In order to thrive as high value-added tools in highly specialized deployments a novel modality just needs to help solve a high value problem. This has heretofore been the case with teeth & DNA. The analysis of teeth and DNA is expensive, slow, requires expert interpretation, and is difficult to completely automate, but has been around for a long, long time and isn’t going anywhere anytime soon. That’s because the number of instances where teeth and DNA are the only pieces of identifying information available are frequent enough, the value of making the identification is high enough, and the confidence level of the identification is high enough that people are willing to bear the costs associated with the analysis of teeth and DNA.
Beyond teeth and DNA, any biometric modality can be useful, especially when it is the only piece if information available. The CIA and FBI even invented a completely novel biometric approach in an attempt to link Khalid Shaikh Mohammed to the murder of Daniel Pearl using arm veins. But how likely is something like that ever to be the case for any of these novel modalities, knees included? It’s possible that the situation could arise where a knee bone is discovered and there is an existing x-ray or MRI of a known person’s knee and a comparison would be useful. That, however, is not enough to make anyone forget about any already-deployed biometric modality.
INDIA: SDMC staff misusing biometric attendance system (Jagran Post)
According to the sources, most of the Municipal Corporation staff has given their fake thumb impressions to their colleagues who mark their attendance in their absence. Some workers raised the issue before the higher authorities but all the efforts went in vain.
SOUTH AFRICA: Council pays for unused system (Independent Online)
The costs are mounting, yet an electronic time management system installed to provide efficiency and control in the Hibiscus Coast municipality, almost three years ago, has still not been used. The biometric system which reads the fingerprints of workers to record what time they start and finish, was supposed to replace the current manual attendance register.
A lot of biometric ID management installations come down to managerial, rather than technical, challenges. This is especially true for biometric time-and-attendance systems.
Technically, biometric time-and-attendance systems are pretty straightforward but they can’t manage a business all by themselves. An organization that wants to maximize its Return on Investment in biometric ID management systems, will view the technology as a tool supporting able managers, not as a substitute for managerial skill.
For similar thoughts and other examples, see:
Business Management & Biometric Time-and-Attendance (I took the two paragraphs just above from this one);
UK pays £22.5 million for ‘questionable’ Democratic Republic of Congo election; and
Technology and Management working together can help improve public payments system
St. Peter’s Hospital moves to biometric patient ID (Independent Record – Helena, MT)
St. Peter’s Hospital has begun using a biometric identification system it says will eliminate the need for patients to show identification with each visit while improving the certainty that medical providers will access the medical records of the correct patient.
UPDATE:
See (listen) also this interview: Biometric Patient ID Technology with M2SYS President, Michael Trader (HIT Consultant)
Lots of good discussion of the ROI available to health care providers through biometric patient ID.
Fingerprints for financing: Removing some risk from lending in Africa (PhysOrg)
Read the whole thing or at least watch the video below.
They were paprika farmers in Malawi participating in a new study that shows fingerprinting can help encourage borrowers to repay their loans. Like many impoverished countries, Malawi lacks a national identification system. Most of the population lives in rural areas with few government services. Even ID as basic as a birth certificate is rare in the southeastern African nation.
Another amazing thing abuot the study is that it found a 234% ROI on biometric spending and that loan performance among the riskiest contracts nearly doubled.
Biometrics can be a leapfrogging technology for building better institutions in the developing world.
Anonymous donation puts biometric scanner in LPD’s tool box (Laurel Outlook)
This is another one of those occasions where a local newspaper — this time in Laurel, Montana — provides great insight into the real contributions biometrics can make to an organization’s efficient operation.
It’s not CSI television magic. The machine doesn’t analyze and match prints backed by a catchy electro-industrial soundtrack as seen in prime-time police investigation shows. But, it does dramatically reduce processing time, helps to eliminate human error by comparing the slap to individual prints and offering prompts for correct information, and electronically transfers the file. “It allows us to capture all the prints and information we’d put on a fingerprint card,” said Wells.
Part of the scanner’s appeal is its ability to capture prints under less than ideal conditions. The scanner glass platen is topped with a patented silicone membrane. This allows the capture of high-quality images from a wide cross-section of people, including those with very fine, worn, scarred or cracked fingerprint ridges and varying degrees of skin moisture content, with minimal pressure. The result is less distortion and more accurate, high-quality images.
“As good as our officers are — and we print a lot for the public and criminal processing — the fingerprint cards do get sent back,” said Musson. “There are so many things that go on with fingerprinting: too darkly inked, too oily, too dry. This should alleviate that.”
Bottom line benefits of identity management (IT Web) – Identity management is about more than security; it is a financial and compliance imperative as well.
The new system is dramatically reducing SASSA’s operating costs. Until now, it has cost SASSA between R26 ($3.25) and R35 ($4.38) per grant to pay beneficiaries. Under the new agreement, disbursement costs will be capped at R16.50 ($2.07) per payment, enabling the agency to save up to R3bn ($375m) in operating costs over the next five years. This means that the agency will be able to spend its budget allocation more effectively in the future, making a meaningful difference in the lives of more South Africans.
“The early success of the project rollout affirms MasterCard’s vision to create a world beyond cash, as electronic payments using debit MasterCards opens up a world of financial inclusion for many South Africans who have previously not had access to banking products,” says Dries Zietsman, Country Manager, MasterCard South Africa.“With over 2.5 million cards already issued since rollout in March 2012, it is clear that the cards are already being widely accepted by beneficiaries who are realising the benefits of a cashless environment,” he concludes.