Politech facecam archive: http://www.politechbot.com/cgi-bin/politech.cgi?name=facecam Politech biometrics archive: http://www.politechbot.com/cgi-bin/politech.cgi?name=biometrics --- Date: Wed, 13 Feb 2002 19:05:14 -0500 To: declanat_private From: dana hawkins <dhawkinsat_private> Subject: article on biometrics for politech readers? hi declan. politech readers might be interested in this... hope you're doing well. in this week's magazine, i take a close, hard look at the biometrics industry. learn about gummy dummies, replay, and bioprivacy, by reading... "Body of Evidence: Biometrics turns your hand, face, or eye into your badge of identity": http://www.usnews.com/usnews/issue/020218/tech/18biometrics.htm and here's a sidebar on a new type of biometric: "This little light of mine": http://www.usnews.com/usnews/issue/020218/tech/18biometrics.b.htm (you'll find the actual text for below for both articles.) best, dana Science & Technology 2/18/02 Body of Evidence Biometrics turns your face, hand, or eye into your badge of identity BY DANA HAWKINS 'Please-move-forward . . . a- lit-tle," a robotic yet oddly sultry female voice commands. A camera whirs to focus on the eyeball of a visitor to Thales Fund Management, on the 45th floor of an ebony tower in Lower Manhattan. "We-are- sorry. You-are-NOT-identified," says the disembodied voice. "We like the Star Trek feel," grins Laurel Galgano, who manages the automated security system. "And it impresses the investors." They're not the only ones taken with biometrics. Iris scanners are among the sexiest of these technologies, which convert distinctive biological characteristics, such as the patterns of the iris or fingertip or the shape of a hand or face, into a badge of identity. Even before the September 11 terrorist attacks, the industry was growing sharply as scanners and software became cheaper and more accurate. The International Biometric Industry Association estimates that sales reached $170 million in 2001, a 70 percent jump over the previous year. Now, the IBIA predicts that sales will rise to $1 billion by 2004, propelled in part by new security worries at airports and other critical facilities. Thousands of systems are being tested or are already up and running. Employees at some businesses punch in and out by placing their hand on a reader, and digital finger-scan devices verify thousands of schoolchildren's enrollment in lunch programs. At a handful of airports, face scanners are scrutinizing passengers, and the New York State lottery uses iris scanners for employee access to a secured room containing its data system. Nothing's perfect. Yet biometrics experts and even some vendors worry about promising too much, too soon. In theory, when your fingerprint or face structure becomes your identity card, you no longer have to worry that it will be lost or stolennor does an employer, a government agency, or anyone else with a stake in knowing who you are. But biometrics systems, like traditional ID cards, can be fooled, and some, like hand and face scans, are less accurate in practice than in theory. "The people who say biometrics provides foolproof, fail-safe, positive identification are just wrong," says Jim Wayman, director of biometric research at San Jose State University. What's more, face scanning can be done without people's permission, raising privacy concerns and prompting calls for laws that would regulate how biometric data could be collected and used. Some biometric systems have been a hit, providing a real boost in security and convenience. At a Gristedes grocery store in Manhattan, a hand reader has replaced the time clock. "You can't cheat the boss, and he can't accuse you of buddy punching," says a store clerk. It takes just minutes for New York State to enroll an applicant for public assistance in a digital fingerprint system, which has boosted arrests for attempted fraud. To allay privacy concerns, legislation prohibits the state from sharing the data with the FBI unless it is subpoenaed. And travelers laud INSPASS. The program allows over 65,000 passengers who regularly fly abroad to breeze by immigration lines at nearly a dozen airports by passing through a hand-scan reader, linked to a database of known travelers. There's an appealing backup system, too. When a hand reader fails, the passenger gets to cut to the front of the customs line. But the technology has glitches. Digital fingerprint readers can draw a blank on some people, such as hairdressers who work with harsh chemicals, and the elderly, whose prints may be worn. Recent tests by the independent research and consulting firm International Biometric Group showed that some systems are unable to collect a finger scan from up to 12 percent of users. And the IBG found that the performance of face-scanning systems can be dismal. Six weeks after test subjects had "enrolled" with an initial face scan, some systems failed to recognize them nearly one third of the timeand that was under ideal conditions. The companies say they've since upgraded their software. Yet an increasing number of airports, including Boston's Logan, Fresno, St. Petersburg-Clearwater, Palm Beach, and Dallas-Fort Worth, are testing or deploying the face-scan technologyin some cases at security checkpoints but also for covert crowd scanning. The systems compare passing faces against a database of images from FBI lists of suspected terrorists and wanted felons. Independent privacy and security expert Richard M. Smith, who has studied these systems, says that because they are so easily fooled by changes in lighting, viewing angle, or sunglasses, they serve merely as a deterrent. "The camera in the ceiling is like the man behind the curtain in the Wizard of Oz. It's all for show," says Smith. "Crowd scanning can be problematic," says Tom Colatosti, CEO of Viisage Technology, a face-scan company. "If you're talking about an airport, you need a chokepoint" for scanning people one by one. Gummy dummies. Many systems can be deliberately fooled. A new study from Yokohama National University in Japan shows that phony fingers concocted from gelatin, called "gummy dummies," easily trick fingerprint systems. Manufacturers of some systems claim to guard against such tactics by recording pupil dilation, blood flow in fingers, and other evidence that the biometric sample is "live." And although some makers assert that biometrics solves the problem of identity theftno one can steal your iris or hand, after allmany experts disagree. A hacker who broke into a poorly designed system might be able to steal other people's digital biometric templates and use them to access secure networks. This trick, called "replay," could take identity theft to a whole new level. "Your fingerprint is uniquely yours, forever. If it's compromised, you can't get a new one," says Jackie Fenn, a technology analyst at the Gartner Group. Privacy concernsalthough they seem less pressing to many these daysmay also slow public acceptance of the technology. Yet in some cases, biometrics can actually enhance privacy. A finger-scan system for controlling access to medical records, for example, would also collect an audit trail of people who viewed the data. But face scanning, with its potential for identifying people without their knowledge, has alarmed privacy advocates. Last month, for example, Visionics Corp.'s face-scanning system was redeployed as an anticrime measure in a Tampa, Fla., entertainment district. Detective Bill Todd says the system had been taken down two months into its 12-month trial because of a bug in the operating system, but it has been upgraded and is now back in use. The 36-camera system is controlled by an officer at the station, who can pan, tilt, and zoom the cameras to scan faces in the crowd so that the software can compare them with faces in a database. While Todd says the database contains only photographs of wanted felons, runaways, and sexual predators, police department policy allows anyone who has a criminal record or might provide "valuable intelligence," such as gang members, to be included. So far, according to a report by the American Civil Liberties Union, the technology has produced many false matches. And Todd confirms that it hasn't identified any criminals. "We have our limitations," says Frances Zelazny, spokesperson for Visionics. "It's an enhancement to law enforcement, not a replacement." At times, the privacy problem is more perception than reality. The Lower Merion school district near Philadelphia had installed finger-scan devices for school lunch lines. Students would place their finger on a pad to verify their identity, and money would be deducted from their account. The optional program was instituted to make lines move faster, and to spare embarrassment to students entitled to free or discounted meals. But even though the system did not capture a full fingerprint image, but rather a stripped-down digital version, some parents felt that it came uncomfortably close to traditional fingerprinting. After a spate of bad press, the program was killed last year. Forty other school districts still use the system. Bioprivacy. Such privacy dust-ups are causing some biometrics experts and vendors to call for laws to govern the fledgling industry. Samir Nanavati, a partner at IBG, says his company stresses "bioprivacy" rules Tell people what data you're collecting and why; minimize the amount gathered; use the data only for the purpose originally stated; and give users a chance to correct their records. Nanavati also worries that the technology is not always used to best advantage. On a recent, informal tour of biometric installations in Manhattan, where the dapper consultant lives, it was easy to see what he meant. At a New York University dorm, the hand-scan access system seemed to offer little security benefit. Fewer than half the students used it. The others gained entry the old-fashioned way, slightly faster and a lot less secureby casually flashing an ID card to the friendly security guard. And at New York-Presbyterian Hospital, where long queues sometimes form at hand-scan readers, frustrated employees smashed machines two weeks in a row last month. Yet Joe Salerno of New York-Presbyterian says every building has a hand reader. He speculates that employees may be upset about the rigorous timekeeping. The real trick, says Nanavati, is to choose the right biometric system and design it with both security and convenience in mind. And sometimes that means no system. One client, who desired the cachet of owning the most secure, high-tech residence on Manhattan, hired IBG to set up an iris-reader system for tenants of his 24-hour doorman building. "I told him it was already very secure," Nanavati laughs. "Biometric access would've only cost money and annoyed people." Sometimes, Star Trek just isn't the answer. Science & Technology 2/18/02 NEW MEASURES This little light of mine BY DANA HAWKINS What makes you unique? Is it the ridges beneath your fingernails, the creaking of your bones, the shape of your ears, your very own odor? The biometric frontier, where researchers are looking for new and better markers, is not exactly the stuff of poetry. Except, perhaps, for a little silver device called a light print sensor. Among the most promising of the new approaches, it works by measuring the play of many-colored light through your skin. Skin layer thicknesses, capillaries, and other structures all affect the light, creating a distinctive pattern of changes. The system works on any skin surface and is unaffected by cuts, burns, and dirt. Only about 500 people have been tested, but so far each light print has been unique, "even identical twins," says Rob Rowe, cofounder of Lumidigm, the Albuquerque, N.M., company developing the technology. Smart gun. By the end of the year, a Lumidigm sensor could actually be in use. Combined with a hand reader, it would control access to the University of New Mexico's new hazardous-biomaterials lab. The sensor has also caught the eye of engineers at Smith & Wesson, which is working with Lumidigm to build a "smart gun." A light print sensor built into the grip would prevent the gun from being fired except by authorized users. One challenge now, the gunmaker says, is to get the sensor to authorize a user in under a secondit currently takes two. If light prints aren't a flash in the pan, embedded sensors could someday say "hands off" to all but the rightful owner of cellphones, laptops, PDAs, and even cars. ENDIT Dana Hawkins, Senior Editor U.S. News & World Report 1050 Thomas Jefferson St., NW Washington, D.C. 20007 (202) 955-2338, dhawkinsat_private www.usnews.com ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Feb 13 2002 - 17:49:52 PST