[LINK] SMH Blurb tries to help ailing biometrics industry - 1
Roger.Clarke at xamax.com.au
Wed Feb 20 09:04:41 EST 2008
[SOOT ... Sort-Of Off Topic. But of some relevance to the list.]
[This email contains an article from the SMH/Age Next section.
[The next contains my not altogether complimentary comments about it.]
February 19, 2008
The Sydney Morning Herald
With the change in government it appears that the federal smartcard
has been killed by fears of cost overruns and privacy risks. But the
biometrics field is pushing on, writes Beverley Head.
HALF a decade before the twin towers fell in New York, Ted Dunstone
completed his PhD exploring how computers and biometrics could be
used to detect terrorists at airports. [COMMENTS 1, 2]
Today he's still working out how biometrics can be harnessed to
ensure the right people get access to sensitive locations, equipment
Biometrics involves capturing information about something unique to
an individual - their voice, face, iris, fingerprint or even the
pattern of their veins. That information is stored on a database or
token and when an individual wants to access a computer system, enter
premises or cross a border, they speak, show their face, eye, finger
or wrist. If it matches the information captured about that
biometric, in they go. [COMMENTS 3, 4]
This was supposed to be the year that biometrics hit its straps; the
year Australia phased in a biometric access card, replacing 17 card
or voucher systems. If you wanted to access government services you'd
need one. [COMMENT 5]
Privacy advocates were rehearsing their stump speeches, IT
integrators were rubbing their hands in anticipation of a flood of
consultancy and implementation dollars. The access card was the
And it's dead. Or is it? Citing concerns about privacy and a mismatch
between the cost of the project compared with the savings it might
deliver, Senator Joe Ludwig, Minister for Human Services, has canned
the $1.3 billion four-year program and confirmed "there are no plans
to revisit the access card in the future. Spending over $1 billion on
a magic card is not the solution."
However, he has carefully left the door open for possible future
projects. "We will examine the role that smartcards can play to
reduce fraud," he says. "But any proposals that I bring forward will
not rest their hopes on a magic card to solve all the Government's
problems." [COMMENT 6]
Given that biometrics involves little or no magic, it seems a safe
promise to make. [COMMENT 7]
Some biometrics researchers have heaved a sigh of relief at this turn
of events, Ted Dunstone among them.
The chief executive of Biometix, and chairman of the technical panel
of the Biometrics Institute, Dr Dunstone explains: "I think there
were some real concerns about the way the previous access card had
been managed, especially regarding privacy. There were some cavalier
aspects to it and an aggressive timeframe that was a little
"This isn't a setback for biometrics - what would have been a setback
would have been a big program that failed."
Jack Gijrath, Singapore-based director of business development for
Philips security spin-off NXP, believes the Australian Government's
cancellation of the access card is more a political issue than a body
blow against biometrics.
"This world is going electronic. With the proper infrastructure, a
lot of government services can be provided over the web. This is not
a debate about whether the technology is ready, it's a political
debate about budget."
For some of the companies that had won roles on the project, it's
been a costly political debate with both KPMG, which developed the
original business case and had a four-year contract to monitor the
implementation of the project, and Booz Allen Hamilton, which was
appointed as the project lead adviser, seeing several years' worth of
hefty fees evaporate with the arrival of the Rudd Government. Both
refused to comment for this article and Senator Ludwig says contracts
are being terminated according to their terms. [COMMENT 8]
Although the access card could have been the poster child for
Australian biometrics, its cancellation won't stall other biometric
Proponents of biometrics say they raise the bar on security and
reduce the opportunity for identity theft. Biometrics add another
level of access control. To a card, plus PIN or password, biometric
identification adds a third factor to prove identity.
Dr Dunstone believes three-factor authentication is the way of the
future for accessing government services.
"It is fairly inevitable that we will end up with components of the
access card, for example on a scaled-up Medicare card. Components of
the access card will live on and will quite likely have components of
biometrics." To some groups, this is not good news. Stephen Blanks,
secretary of the NSW Council of Civil Liberties, says the creation of
databases storing biometric identifiers generates a privacy risk and
in fact "increases the opportunity for identity theft". "Experience
has shown that no matter how secure databases are, breaches can
occur," he says.
In a speech to the Biometrics Institute late last year, Timothy
Pilgrim, deputy privacy commissioner, agreed that "the availability
of unique identifiers can enable greater surveillance and heighten
the risk of identity theft". The Australian Law Reform Commission has
proposed that biometric information be classed as sensitive, and
hence afforded special treatment under the Privacy Act.
Admittedly no system is invincible - but biometrics technology is not
standing still. The latest systems can tell the difference between a
warm, moist, living human fingerprint and a gelatinous copy.
Research from the University of Texas comparing human and machine
face recognition has shown that when the performance of seven
different face-matching algorithms was pitched against the
performance of humans matching faces, a handful of the algorithms
consistently outperformed the humans. [COMMENT 9]
Experts say biometrics must be tailored to the situation. Call
centres, obviously, tend to use voice identification, where border
control tends to involve facial recognition. Fingerprint monitoring
might have negative connotations for some cultural groups; vein
patterning may be more challenging for some ethnic groups and
burqa-wearing women would need to be identified by iris rather than
full face recognition.
The Government continues to trial the SmartGate facial
recognition-based border control system while Centrelink's trials of
voice authentication in its call centres is expected to lead to
widespread deployment this year. [COMMENT 10]
Sixty methadone clinics across Australia, including St Vincent's
Hospital in Sydney, dispense doses of the drug only after patients
are identified by having their iris scanned.
Banks are also testing the water. Westpac's outgoing head of
operations and technology, Michael Coomer, was reported last year
saying "I don't think society is ready for biometrics", but Dr
Dunstone countered "there is a lot of behind-the-scenes interest from
Dr Dunstone believes the new Anti Money Laundering/Counter Terrorism
Finance legislation, which came into force in December, could prompt
financial institutions to take a fresh look at biometrics. A range of
biometric solutions are being touted to help organisations comply,
including a voice-based authentication framework released recently by
VeCommerce specifically to support AML/CTF compliance.
Dr Dunstone also notes that, while the Australian Government's
Authentication Framework (an alternative to the 100-point check for
organisations doing online business with the Government) does not
predicate biometric identification, it would be an option.
He believes part of the banks' reticence to openly discuss biometrics
is that they see a potential commercial advantage in being a first
Speaking at a finance sector conference late last year, Geoff
Wenborn, NAB's general manager of technology and innovation,
confirmed the bank was looking at biometrics but added "we are not in
a position to say when. The biggest challenge is not the device, but
how it would integrate with the back end - so there is no deadline."
He admitted also that the banks were concerned about "the Big Brother
implications, even though this is information we would have. We are
putting a toe in the water at this stage." Jeff Smith, the chief
information officer of Suncorp, said the firm was only just starting
to look at two-factor authentication "so it's a bit early for
three-way ID" but he acknowledged some R&D was already being
conducted into biometrics.
Biometrics isn't just for the big boys. When the supermarket chain
Champion IGA Group decided to install fingerprint scanning in its 19
stores it forked out about $25,000 for the system and $3500 a
scanner. The system has operated since July and chief executive
Brendon Goddard expects it will deliver annual payroll savings of
about $600,000. [COMMENT 11]
Previously the supermarkets had manual time sheets with staff signing
in on arrival, and out as they left. Payroll processing was handled
by a bureau. While Mr Goddard is clear that staff had no ill intent,
mistakes were made, having an impact on the wages bill.
A WorkBuddy fingerprint scanning system, linked to an Attache payroll
system, has allowed him to bring payroll processing back in house and
shave 0.5% from the $110 million annual wages bill.
"I have one person come in on a Monday and Wednesday for 16 hours to
do all the payroll," he explains, adding that it has also allowed
more efficient rostering. There was some scepticism about the system
from staff. "One of my butchers asked me if he chopped off his finger
could he use that to scan. His manager said he's always dead when he
comes to work so what's the difference?"
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link