UK

face, public, surveillance, UK

UK: Leicestershire police trial face recognition at music festival

Download Festival: Facial recognition technology used at event could be coming to festivals nationwide (The Independent)

Around 90,000 people attending the five-day rock event in Derby will have their faces scanned by “strategically placed” cameras, which are then compared with a database of custody images across Europe.

The force has trialled the system since April 2014 in “controlled environments”, but this is the first time the portable NeoFace surveillance technology, made by NEC Corporation, is being used outdoors in the UK on this scale.

Leicestershire police said it hoped the system would enable them to find organised criminals who prey on festivalgoers who are often victims of theft.

This sounds a lot like the ‘Snooper Bowl’ deployment we had a role in back in 2001.

Facial recognition surveillance in an uncontrolled environment with non-participating individuals still presents significant technical challenges. Among them are lighting, pose angle, and perhaps most significantly, training users on how to evaluate the information the facial recognition system generates.

See also: Leicestershire Police defend facial recognition scans (BBC)

fingerprint, India, travel, UK, visa

Security and Service

Concerns raised over mandatory fingerprinting for India visas (Travel Weekly)

The High Commission of India states on its website that, after outsourcing the process to a company called VFS, all applicants will need to be physically present at India Visa and Consular Services centres to submit an application and biometric data.

It says: “Biometric data collection, including fingerprint data and facial imagery will be a mandatory requirement for all visa applicants soon. As a result, all visa applicants will need to first apply online and, thereafter, be physically present (mandatorily) at India Visa and Consular Services centres, by appointment, for submission of visa application and biometric data enrolment.”

All security applications must strike a balance between the effectiveness of the security measures and the needs of the entity seeking enhanced security. As anyone who has ever seen a waste basket propping open an office door could tell you, better security usually requires sacrifices to efficiency. More security with more convenience is a tall order.

The article linked above highlights a case where the enhanced security of biometric visas for travelers to India from the UK has made the visa application process more complex and time consuming. In one sense, it’s bound to. Collecting more information takes more time. In the India visa case, however, it is taking a whole lot more time. So much more that people involved in Indian tourism are growing worried.

The unfortunate irony is that their ability to increase security and convenience at the same time is one of the things that make biometrics such a disruptive technology.

banking, fingerprint, payments, point of sale, UK

Fingerprint credit cards headed to the UK

New Biometric MasterCards Take Norway; Britain is Next (findBIOMETRICS)

So next year the card is going to make its debut in Britain, a country that seems to have recently come around to the benefits of biometric technology, having fully embraced biometric airport screening after a disastrous initial go of it a decade ago. The fingerprint scanners in MasterCard’s new credit cards are, of course, for authentication purposes, and will replace the PIN system currently in use in Britain.

air travel, Australia, border, eGates, UK

Smartgates and the tightening of UK & Australia borders

AUSTRALIA: ‘Foreign fighter’ laws leave door open on biometric data collection (Computerworld)

The government’s second tranche of national security legislation, the Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill 2014, includes measures that potentially allow a significant increase in the types of biometric data collected at Australian airports.

Provisions in the bill also extend to Australian travellers data collection practices that have previously been confined to non-citizens.



UK: New biometric border controls at Stansted Airport at heart of terrorism fight (Herts and Essex Observer)

“We are using resources and intelligence to ensure the border is as strong as we can make it.”

He said the Government was also committed to tackling the problem of those travelling from the UK to the Middle East to join the IS jihadists and a new counter-terrorism Bill was set to include measure to temporarily remove the passports of those suspected of being radicalised and ready to fight abroad.

banking, mobile, NFC, UK

NFC + Mobile + Biometrics = The Future of Payments

British Banking Association reports on UK’s banking ‘revolution’ (NFC World)

“The revolution in the way we spend, move and manage our money is not over,” the report says. “Banks are looking at a range of new technologies to make banking even easier and more flexible. Biometric data could make accounts safer and security features more straight forward for legitimate transactions.

“Near field technology could end the need for taking your card out of your wallet or purse to make a purchase. Banks will strive to innovate because they know it’s a way to win new customers.”

The combination of mobile handheld device hardware (i.e. the perfect token), biometric ID verification, and NFC provides the tools for building extremely powerful ID management regimes.

Banks appear to be realizing that systems like these could make for happier customers and pose a real threat to the credit card/debit card/clearing house/merchant bank model of card-based payments provided by organizations such as Visa and Mastercard.

It’s possible that banks that successfully negotiate this opportunity could begin to take back some of the 3% of credit card transaction value (a massive amount of money) collected by credit card companies, but in order to do that banks will have to figure out how to make an extremely secure mobile app that that lives on a device that has a massive attack surface.

Elsewhere in the news, Norwegian start-up Zwipe is trying to solve this riddle with dedicated hardware. As compared to networked mobile devices such as smartphones, the Zwipe device has a tiny attack surface in that users can’t download viruses to it via cellular signals, wifi or SMS. But in the name of security, the Zwipe device lacks some of the connectivity attributes that make smart devices so attractive for true e-commerce transactions rather than “point-of-sale only” transactions.

No matter how all this shakes out, this is a trillion dollar riddle and biometrics are a near certainty to factor in the solution.

history, ID, standards, UK

Perspecitves on ID in earlier- vs. later-developing countries

The Government and the UK’s National Technical Authority on Information Assurance (CESG) have published new guidance on ‘identity proofing’ and verification. (Pinsent Masons)

“Within the UK there is no official or statutory attribute or set of attributes that are used to uniquely identify individuals across Government,” the joint Cabinet Office and CESG guidance document said. “Neither is there a single official or statutory issued document whose primary purpose is that of identifying an individual. Without such attributes or documentation it is difficult for any person to be absolutely certain of the identity of another.”

“This guide is designed to demonstrate how a combination of the breadth of evidence provided, the strength of the evidence itself, the validation and verification processes conducted and a history of activity can provide various levels of assurance around the legitimacy of an identity,” it said.

The whole piece is interesting.

The first quoted sentence above really jumps out, though.

The early industrializers/bureaucratizers typically developed their ID schemes in an ad hoc fashion. The church kept its records for its purposes. The military kept its records for its purposes. Schools, for theirs. Service providers, etc. The system generally works. In the end, error rates and whether or not the costs of the ID errors exceed what it would cost to fix them rule the day. Political and financial considerations factor in.

It is precisely this patchwork ID environment that later-developing countries are choosing to leap-frog with more centralized (United Arab Emirates) or ecosystem (India) approaches involving biometrics. Outside observers from the earlier developing countries are often surprised that their political perspective on government-backed ID isn’t universally shared while observers in later-developing countries may be equally surprised that the most developed countries in the world have such patchwork ID systems.

access control, ID management, industry, infrastructure, IT, security, UK

The changing face of security and access control

Gary Hills, Head of capital development at the British Broadcasting Corp. (BBC) had some interesting things to say at the recent FMP London event. [ed. I’m pretty sure FMP stands for Facility Management Professional, but I was shocked to see how popular the acronym is.]

The BBC is considering using biometric access controls at its buildings. (FM World)

Hills said the first phase of the BBC’s review had seen 15 control rooms consolidated into one.

He added: “Access ID is used – not biometrics yet, but [we are] looking at it for the second phase. [We] think it will be more acceptable now as they have it in schools and colleges.

“Security is now more a building management role and the information that comes through the control room can be used more widely for building management.”

Adam Vrankulj at Biometric Update ties the story back to recent industry forecasts for the access control market.

I predict some real upheaval in the market for security systems and access control. So far, large security providers have been able to keep their market walled off from competition from the providers of other types of networked information technology. If increasing numbers of facilities management professionals see the world as Gary Hills does, those days are numbered.

crime, database, EU, ID management, law enforcement, management, SecurLinx, UK

Law enforcement interoperability, though little discussed, is a big deal

Tyneside jewellery heist could lead to DNA sharing (Chronicle Live)

A jewellery heist on Tyneside has sparked a review of DNA sharing across Europe that could force police to hand over criminal records to foreign counterparts.

Specialists in Newcastle will spearhead a £1.2m effort to design a database that profiles crimes committed across the continent as part of a controversial EU information sharing treaty.

It comes just 12 months after a convicted murderer and his armed gang from Eastern Europe were convicted of carrying out an armed raid at a Newcastle jewellers.

Led by convicted murderer Marek Viidemann, the ring was linked to at least 150 armed robberies across the UK and Europe before being eventually jailed for a total of more than 30 years.

First, DNA is likely to be a small part of whatever system improvements emerge.  It’s expensive and slow compared to just about any other biometric modality or combination of modalities such as finger, face and iris.

From a management standpoint it seems that if you want to have a free flow of people, you need to have a free flow of law enforcement information. This is easier said than done. It’s often a challenge even when dealing with adjacent counties in the same state in the US much less, as in the European context, two different countries.

The term for this system compatibility and ability to effectively cooperate among departments is interoperability. It is a managerial and technical challenge that is rarely dealt with in popular depictions of how law enforcement works but, especially as the complexity of the law enforcement challenge increases, it is of critical importance.

Often, there are good systems in place for passing information “up the chain of command,” i.e. from street cop all the way up to a state or national information repository, but the information doesn’t always flow as freely back down again in the other direction. For various reasons, the formal links between street-level law enforcement officers in neighboring jurisdictions run up through a centralized authority and then back down again, though there are often informal links that bypass the up-and-back-down information flow model. The implications for efficient multi-jurisdictional law enforcement are clear.

Some of these issues came up a couple of years ago in a post. Usefulness of Biometrics in Law Enforcement: Who is the Customer? The analysis there can be extended from biometrics to all sorts of law enforcement IT systems and it has a great deal of bearing on issues like the ones raised by the Newcastle jewelry heist by international criminals.

Many police professionals put a lot more into databases of all types than they ever get out of them. Through biometric technologies and other integration services, SecurLinx works hard to balance that out a bit for our law enforcement customers.

border, government, ID management, immigration, management, technology, UK

Britain’s immigration system since 2000

Immigration issues have been hot topics in both the US and the UK.

Visa consultancy WorkPermit.com provides a short recap of the history of the United Kingdom’s border management this century.

Former UK immigration boss says system has been out of control since 2000

It’s a pretty grim assessment. Turning the situation around will require talented managers operating within a more flexible political environment applying the best technology to the task. Easy for me to say. The technology part, while difficult, is by far the most easily met of those three preconditions for success.

border, Home Ministry, immigration, law enforcement, politics, UK, visa

UK: Immigration politics and biometrics

The United States isn’t the only place where immigration politics — and the role of biometrics — are coming to the fore. They’re very timely issues in the UK, as well.

WorkPermit.com covers Prime Minister David Cameron’s policy prescriptions like the dew covers Dixie, here: Cameron announces tough reforms to UK immigration.

The Guardian provides some analysis here: Immigrants’ residents permits: how would they work?

The repeated refusal of GPs, social housing officers and social security staff to act as immigration officers also means that if more robust residence tests are to be introduced for other EU nationals then an easy and authoritative way is needed of checking how long they have been in the country and what their immigration status is.

Ministers have confirmed that they are looking at plans to take fingerprints and other biometric data to be stored on a card with a photograph and electronic signature from new arrivals from next year.

It is within this context that the beleaguered UK Border Agency is being broken up (BBC). The UKBA is currently responsible for border protection, visa & passport issuance, asylum cases, immigration law enforcement, etc.

face, government, Home Ministry, passport, ROI, technology, UK

Face rec false rejects, organizational false accepts and ROI

Britain’s passport and ID service seeks facial recog tech suppliers (The Register)

The Home Office plans to spend up to £16m on facial recognition technology for the Identity and Passport Service.

A tender notice in the European Union’s Official Journal (OJEU) popped up this week that showed that Theresa May’s department was now on the hunt for providers of a Facial Recognition Engine and a Facial Recognition Workflow for the IPS.

The article then proceeds to a brief discussion of the pros and cons of the tender. The pros follow the benefits of a facial database search before issuing new photo ID documents (click for a good example). In this case the ID documents are British passports. The cons presented in the article come in two flavors, price and performance.

The money issues are common to any governmental expenditure.

The performance issue in the article that I want to address is “false reject rate.” The false reject rate of a facial recognition system in the case at hand should be taken apart and put into two categories. The first category is the performance of the core face-matching technology, the second category is the performance of the entire Home Office organization.

What constitutes a “false reject” in the core technological sense is any “match” made by the face recognition system between a submitted image and the images in the searchable database that turns out to be an incorrect/inaccurate match. In other words, “matches” that aren’t real matches are false rejects.

But in this case, the Home Office is ultimately judged, by how many bad passports it issues (false accept), not by the perfection of one mechanism in a rigorous process by which the organization arrives at its go/no-go decision. After all, if my name is John Smith and I submit my passport application to the Home Office, they will probably search their databases for “John Smith.” If they find several, does that constitute an automatic false reject? Does that mean I can’t get a passport? Of course not. Someone will look at the list of John Smith’s to see if I’m pretending to be someone else with the same name.

Here, facial recognition is used to add an image capability to go along with the search the Home Office already does with new passport applications. It is not an automated decision-making engine. Even though facial recognition systems at very large scales or in chaotic environments are very difficult to automate, they can be extremely useful investigative tools for trained users.

Humans are pretty good at matching faces with small data sets. The processes people use to identify other people with high confidence levels are extremely complex and may take into account all sorts of information that facial recognition software doesn’t. People, however, aren’t very good at identity management among large numbers of people they don’t know.

In biometrics, the software takes in a mere fraction of the information people use. It doesn’t make any inference about it, and it does its job extremely quickly by treating the problem in a way that closely resembles Nikola Tesla’s famous critique of Thomas Edison: “If Edison had a needle to find in a haystack, he would proceed at once with the diligence of the bee to examine straw after straw until he found the object of his search.”

When dealing with people we don’t know, humans are relegated to the needle-in-the-haystack process and unfortunately, they do it so slowly as to make it impractical with large data sets. Even if you believe that computers running facial recognition software aren’t very good at recognizing people, they’re way better at dealing with the problem of large populations than people are.

The assumption buried in the “false reject” critique for this face-rec application is that narrowing a list of 300,000 down to ten possible matches represents 9 failures. More accurately, because pre-face-rec no image-based comparison is being conducted at all, it represents 299,991 successes

When biometric software is used to sort a large population according to the probability of a match, then to present the list of top candidates to a person trained to detect fraudulent passport applications, the result is a fraud-detecting capability that did not exist before. So, even though facial recognition software by itself may have a “false reject” rate, it does not operate in a vacuum and will almost certainly help the organization as a whole reduce the inappropriate issuance of passports, i.e. its “false accept” rate

So we finally arrive where we should have been attempting to go all along — Return on Investment (ROI). ROI can be hard to calculate in security applications. It can also be hard to calculate for government expenditures, but ROI is where the rubber meets the road. The proposition does not turn on whether facial recognition can dictate to human beings whether or not to issue a passport. It can’t, and even if it could, most people would probably be uncomfortable giving up their right to appeal to a person in a decision-making capacity. Facial recognition can certainly help people make better decisions, though, and biometrics and ID are ultimately all about people.

Australia, Canada, Five Country Conference, New Zealand, UK, US

Is the Five Country Conference hitting its stride on ID?

The US, UK, Canada, Australia, New Zealand (Five Country Conference) share information, including biometrics, on foreign visitors. Reading between the lines of the article linked below, they appear to hitting their stride.

Biometrics has “just completely changed the way we do business,” DHS director of US-VISIT. (Fierce Homeland Security)

See also:
Privacy Impact Assessment for the US-VISIT Five Country Joint Enrollment and Information-Sharing Project (2009 pdf at DHS.gov)

database, face, law enforcement, UK

Police to get UK-wide facial search capability

PND: Facial Search Upgrade Being Introduced (Police Oracle)

The chief officer pointed out that the move will allow specialist officers and staff to input the photos of suspects into the database – and check matches across the UK.

Once they are compared to the custody photos logged in the PND a number of matches, each with their own percentage success rate, would flash up.

“Obviously some investigations will still be needed by officers themselves after the matches come through,” said CC Barton, of Durham Constabulary.

The above linked article is very good. I recommend it highly. Then, if you’re still interested in facial recognition, large databases and law enforcement, you might want to check out the two posts below where we discuss how the technology fits into police work.

(Facial Recognition vs Human) & (Facial Recognition + Human)

Canadian border guards want face rec

ID, ID assurance, private, UK

More on the UK’s new Identity Assurance Approah

Identity, Privacy and Trust: How I learned to stop worrying and love identity assurance (Computer Weekly)

The past week has seen a surge in media coverage of the government’s new Identity Assurance (IDA) programme, as the Department for Work & Pensions prepares to announce the first group of Identity Providers (IDPs) to be awarded services under their procurement framework. Those who know me will be aware that I played a minor role in trying to persuade the last government to change it’s plans for ID Cards, and that I became known as an opponent to that scheme; but for the past two years I’ve been engaged by the Post Office to support the shaping activities around the the development of the Identity Assurance programme.

So what persuaded me that IDA is a good idea?

Read the whole thing.

drivers license, government, ID, Postal Service, UK, US, visa

Post Offices Streamlining Government Services with Biometrics

The UK Post Office is active in the ID management industry, serving as a clearing house between individuals residing in Britain and various government bureaucracies dealing with ID and now Post Office Limited has processed the biometric information of more than one and a half million applicants through its Applicant Enrollment Identification (AEI) service.

The UK Post Office serves as a customer service link between individuals and the Driver Vehicle Licensing Authority (DVLA) and the UK Border Agency, capturing applicant information such as fingerprints, photographs, and digital signatures and charging a fee of £19.20.

The DVLA uses the AEI service to allow drivers to renew their drivers’ licenses. By capturing drivers’ photographs and digital signatures at Post Office branches, the service has automated the renewal process that occurs every ten years. Using AEI, the renewal process takes an average of 3.5 – 5 minutes.

The UK Border Agency uses Post Office branches to record and securely transmit biometric information and other applicant data for those wishing to extend their visas. Once the digital signature, photograph, and fingerprints are received and checked by the UK Border Agency and they are satisfied with all aspects of the immigration application, the UK Border Agency issues the foreign national a Biometric Residence Permit.

Here’s how it works…

National post offices are in a unique position to offer services like these. Some have been better than others at managing through the information revolution. Australia blazed a trail that the UK followed. The template is there for others to follow.

Unfortunately it’ll be difficult to pull off in the United States because most ID is administered at the state, rather than at the national level. The US Postal Service does provide passport services for first-time passport requests and charges $25 for the service, but it’s largely locked out of the more lucrative ID business the state’s have carved out for themselves.

See also: 3M’s press release about its relationship with Post Office Limited

border, documents, fraud, passport, UK

Technology Helps Reduce Number of Fake UK Passports

Fewer fake passports being found by UK’s border force (BBC)

The number of forged passports detected at ports and airports across the UK has almost halved in the past five years.

A Freedom of Information request by the BBC showed that border officials spotted 1,858 forgeries last year compared to 3,300 in 2007.

The UK’s border force said this was partly down to improved security measures and fraud checks.

Those improved security measures now include more sophisticated technology such as biometrics. Of course, there are some who assert that fewer detections result from less looking but professional security outfits usually know their business better than that.

Detections dropped 44%. Does anyone assert that they did 44% less looking? Of course not.

government, ID management, UK

UK: Government Abandons Major ID Management Projects

IT recruitment in public sector hits rock bottom (PC Advisor)

Major government projects involving the heavy use of IT contractors, that have been cancelled over the last two years, include the NHS national electronic database, second generation biometric passports, the ID cards programme, the Contact Point child protection database, and the development of new defence technologies.

Judging by the short description here, three of the four cancelled projects mentioned are related to ID management. Even the fourth, defence technologies, could have a large ID management component.