[LINK] SMH Blurb tries to help ailing biometrics industry - 1

Roger Clarke Roger.Clarke at xamax.com.au
Wed Feb 20 09:04:41 EST 2008


[SOOT  ...  Sort-Of Off Topic.  But of some relevance to the list.]


[This email contains an article from the SMH/Age Next section.

[The next contains my not altogether complimentary comments about it.]


Born-again biometrics
February 19, 2008
Next
The Sydney Morning Herald
http://www.smh.com.au/news/technology/bornagain-biometrics/2008/02/18/1203190738826.html?page=fullpage#contentSwap1

With the change in government it appears that the federal smartcard 
has been killed by fears of cost overruns and privacy risks. But the 
biometrics field is pushing on, writes Beverley Head.

HALF a decade before the twin towers fell in New York, Ted Dunstone 
completed his PhD exploring how computers and biometrics could be 
used to detect terrorists at airports.  [COMMENTS 1, 2]

Today he's still working out how biometrics can be harnessed to 
ensure the right people get access to sensitive locations, equipment 
and information.

Biometrics involves capturing information about something unique to 
an individual - their voice, face, iris, fingerprint or even the 
pattern of their veins. That information is stored on a database or 
token and when an individual wants to access a computer system, enter 
premises or cross a border, they speak, show their face, eye, finger 
or wrist. If it matches the information captured about that 
biometric, in they go.  [COMMENTS 3, 4]

This was supposed to be the year that biometrics hit its straps; the 
year Australia phased in a biometric access card, replacing 17 card 
or voucher systems. If you wanted to access government services you'd 
need one.  [COMMENT 5]

Privacy advocates were rehearsing their stump speeches, IT 
integrators were rubbing their hands in anticipation of a flood of 
consultancy and implementation dollars. The access card was the 
golden goose.

And it's dead. Or is it? Citing concerns about privacy and a mismatch 
between the cost of the project compared with the savings it might 
deliver, Senator Joe Ludwig, Minister for Human Services, has canned 
the $1.3 billion four-year program and confirmed "there are no plans 
to revisit the access card in the future. Spending over $1 billion on 
a magic card is not the solution."

However, he has carefully left the door open for possible future 
projects. "We will examine the role that smartcards can play to 
reduce fraud," he says. "But any proposals that I bring forward will 
not rest their hopes on a magic card to solve all the Government's 
problems."  [COMMENT 6]

Given that biometrics involves little or no magic, it seems a safe 
promise to make.  [COMMENT 7]

Some biometrics researchers have heaved a sigh of relief at this turn 
of events, Ted Dunstone among them.

The chief executive of Biometix, and chairman of the technical panel 
of the Biometrics Institute, Dr Dunstone explains: "I think there 
were some real concerns about the way the previous access card had 
been managed, especially regarding privacy. There were some cavalier 
aspects to it and an aggressive timeframe that was a little 
unrealistic.

"This isn't a setback for biometrics - what would have been a setback 
would have been a big program that failed."

Jack Gijrath, Singapore-based director of business development for 
Philips security spin-off NXP, believes the Australian Government's 
cancellation of the access card is more a political issue than a body 
blow against biometrics.

"This world is going electronic. With the proper infrastructure, a 
lot of government services can be provided over the web. This is not 
a debate about whether the technology is ready, it's a political 
debate about budget."

For some of the companies that had won roles on the project, it's 
been a costly political debate with both KPMG, which developed the 
original business case and had a four-year contract to monitor the 
implementation of the project, and Booz Allen Hamilton, which was 
appointed as the project lead adviser, seeing several years' worth of 
hefty fees evaporate with the arrival of the Rudd Government. Both 
refused to comment for this article and Senator Ludwig says contracts 
are being terminated according to their terms.  [COMMENT 8]

Although the access card could have been the poster child for 
Australian biometrics, its cancellation won't stall other biometric 
projects.

Proponents of biometrics say they raise the bar on security and 
reduce the opportunity for identity theft. Biometrics add another 
level of access control. To a card, plus PIN or password, biometric 
identification adds a third factor to prove identity.

Dr Dunstone believes three-factor authentication is the way of the 
future for accessing government services.

"It is fairly inevitable that we will end up with components of the 
access card, for example on a scaled-up Medicare card. Components of 
the access card will live on and will quite likely have components of 
biometrics." To some groups, this is not good news. Stephen Blanks, 
secretary of the NSW Council of Civil Liberties, says the creation of 
databases storing biometric identifiers generates a privacy risk and 
in fact "increases the opportunity for identity theft". "Experience 
has shown that no matter how secure databases are, breaches can 
occur," he says.

In a speech to the Biometrics Institute late last year, Timothy 
Pilgrim, deputy privacy commissioner, agreed that "the availability 
of unique identifiers can enable greater surveillance and heighten 
the risk of identity theft". The Australian Law Reform Commission has 
proposed that biometric information be classed as sensitive, and 
hence afforded special treatment under the Privacy Act.

Admittedly no system is invincible - but biometrics technology is not 
standing still. The latest systems can tell the difference between a 
warm, moist, living human fingerprint and a gelatinous copy.

Research from the University of Texas comparing human and machine 
face recognition has shown that when the performance of seven 
different face-matching algorithms was pitched against the 
performance of humans matching faces, a handful of the algorithms 
consistently outperformed the humans.  [COMMENT 9]

Experts say biometrics must be tailored to the situation. Call 
centres, obviously, tend to use voice identification, where border 
control tends to involve facial recognition. Fingerprint monitoring 
might have negative connotations for some cultural groups; vein 
patterning may be more challenging for some ethnic groups and 
burqa-wearing women would need to be identified by iris rather than 
full face recognition.

The Government continues to trial the SmartGate facial 
recognition-based border control system while Centrelink's trials of 
voice authentication in its call centres is expected to lead to 
widespread deployment this year.  [COMMENT 10]

Sixty methadone clinics across Australia, including St Vincent's 
Hospital in Sydney, dispense doses of the drug only after patients 
are identified by having their iris scanned.

Banks are also testing the water. Westpac's outgoing head of 
operations and technology, Michael Coomer, was reported last year 
saying "I don't think society is ready for biometrics", but Dr 
Dunstone countered "there is a lot of behind-the-scenes interest from 
the banks".

Dr Dunstone believes the new Anti Money Laundering/Counter Terrorism 
Finance legislation, which came into force in December, could prompt 
financial institutions to take a fresh look at biometrics. A range of 
biometric solutions are being touted to help organisations comply, 
including a voice-based authentication framework released recently by 
VeCommerce specifically to support AML/CTF compliance.

Dr Dunstone also notes that, while the Australian Government's 
Authentication Framework (an alternative to the 100-point check for 
organisations doing online business with the Government) does not 
predicate biometric identification, it would be an option.

He believes part of the banks' reticence to openly discuss biometrics 
is that they see a potential commercial advantage in being a first 
mover.

Speaking at a finance sector conference late last year, Geoff 
Wenborn, NAB's general manager of technology and innovation, 
confirmed the bank was looking at biometrics but added "we are not in 
a position to say when. The biggest challenge is not the device, but 
how it would integrate with the back end - so there is no deadline."

He admitted also that the banks were concerned about "the Big Brother 
implications, even though this is information we would have. We are 
putting a toe in the water at this stage." Jeff Smith, the chief 
information officer of Suncorp, said the firm was only just starting 
to look at two-factor authentication "so it's a bit early for 
three-way ID" but he acknowledged some R&D was already being 
conducted into biometrics.

Biometrics isn't just for the big boys. When the supermarket chain 
Champion IGA Group decided to install fingerprint scanning in its 19 
stores it forked out about $25,000 for the system and $3500 a 
scanner. The system has operated since July and chief executive 
Brendon Goddard expects it will deliver annual payroll savings of 
about $600,000.  [COMMENT 11]

Previously the supermarkets had manual time sheets with staff signing 
in on arrival, and out as they left. Payroll processing was handled 
by a bureau. While Mr Goddard is clear that staff had no ill intent, 
mistakes were made, having an impact on the wages bill.

A WorkBuddy fingerprint scanning system, linked to an Attache payroll 
system, has allowed him to bring payroll processing back in house and 
shave 0.5% from the $110 million annual wages bill.

"I have one person come in on a Monday and Wednesday for 16 hours to 
do all the payroll," he explains, adding that it has also allowed 
more efficient rostering. There was some scepticism about the system 
from staff. "One of my butchers asked me if he chopped off his finger 
could he use that to scan. His manager said he's always dead when he 
comes to work so what's the difference?"


-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW


More information about the Link mailing list