Re-posted from archive of infinite ideas machine 2004:
Last Thursday’s article in the Times, ‘Long eyelashes and watery eyes thwart ID card technology’ and Lucy Sheriff’s take on it in El Reg report a (predicted) 7% failure rate in the iris recogniton part of the current UKPS biometric trials.
Hardly reassuring, even at this early stage of testing – but clear indication of why the Government wants multiple biometrics to be stored in the National Identity Register and on ID cards. This sort of failure rate scaled up across the population and number of identifications / authentications would seem to make for a system that was actually worse than useless!
You begin to see where the Government, like many others before them, (including myself, the first time I encountered biometrics / smartcards in systems design) may have got their security model wrong.
To get around these ridiculous failure rates, they think (or are told), why don’t we put a copy of a good biometric reading on a smartcard? Its digital, therefore a perfect reproduction, and can then easily be compared with a record in the NIR – where we get impressively low failure rates – even if we can’t get a good reading from the person who has presented the card to us on that particular occasion.
Wake up! You’ve just created a system vulnerable to (even inviting) precisely the sort of fraud you are attempting to eliminate – but just because you’re using these fancy new biometrics, you think you’ve created a more secure system. So you promote it in ignorance – believing in the ‘magic’ of technology, while flying in the face of logic.
Here’s how it really goes:
The minute you capture a biometric – e.g. fingerprint, iris scan, facial photograph – and make a copy of it, you are turning a ‘something you are’ into a ‘something you (or I) have’. If, and only if, the sole copy of that record is kept safely locked up, and is accessed just to do direct comparisons with freshly-captured biometrics from people asserting to have that identity can you – WITHIN THE LIMITS OF THE TECHNOLOGY – authenticate a particular person at a particular time in a particular place.
Giving an individual a copy of his/her biometric records on a smartcard defeats the entire object of biometrics by turning something that ONLY one person can provide (‘something you are’) to authenticate him/herself into something that potentially anyone can provide (‘something you have’). Its like handing out ‘fraud tokens’… literally!
Stick with me.
So in introducing different ‘modes’ or ‘levels’ of authentication – e.g. locally to the card (no reference to NIR), card to NIR (even if local authentication fails) – you have utterly broken the reliability of your system. Someone can present a valid ID card and subvert the local biometric reader, or present a fake card at a session that they know will not reference the NIR with impunity.
Thus your system, which people have to use in their daily lives and in which they must trust completely – because it holds the key to their identity – is, in fact, creating a false sense of security.
The ultimate irony is that Blunkett and Blair seem to be driven by a need to be seen to be doing something about certain problems – terrorism, illegal immigration, etc. – but their solution is actually going to make things a whole lot worse, and not just in those areas!
And we – the citizens of the UK – are, of course, going to end up worse off than when we started with billions of pounds down the drain, stuck with a database and card system that permits criminals and terrorists to actually ‘prove’ they are us (while everyone has been told that this is now impossible) and allows certain authorities with sweeping remits, e.g. SOCA?, to surveil our movements and activities (even if we have done nothing wrong ourselves) to an unprecedented degree.
I’m not even getting into the fact that NIR records themselves could quite possibly get screwed up – as reported in today’s piece in The Register, ‘DHS and UK ID card biometric vendor in false ID lawsuit’.
So, finally, and just to explain the meaning / message of my t-shirt design [below]: I object to and oppose the creation of a National Identity Register and to the principle of putting digital biometric records into ID (smart)cards.