mrz
21-06-03, 10:37
How do I know who you are?
Photo: Tim Archibald
If your eyes move too fast, or are damaged, forget it. If you've got an extra finger, forget it. And being bald could turn you invisible. People are the problem for the new biometrics that governments are under pressure to use as global security systems get tougher. James L. Wayman of San Jose State University, California, worries about this. He's a key biometrics adviser to the UK and the US - a far cry from his dream to play with the Beach Boys. Wayman talked to Wendy M. Grossman about the problems in building a biometric future
Tighter security has become a mantra worldwide for all sorts of reasons. Do governments see biometrics as their lifeline?
There has been great enthusiasm for biometrics since 1961. It sounds like such a great idea, but people fail to understand how difficult it is. Take the Enhanced Border Security and Visa Entry Reform Act of 2002 for example. This requires biometric identification on the travel documents of everyone entering the US after 26 October 2004, even for visa waiver countries. This has thrown a lot of governments for a loop: how will they comply? The International Civil Aviation Organization argues that there is already a biometric on passports, a photograph. But what about those people who don't have that? Are you going to say we're going to come up with one biometric measure? The act, if you read it carefully, doesn't require that the system actually works, just for it to be there. I don't think we are going to make the deadline, so something is going to hit the fan come October 2004. A woman from Australian customs told me straight: "In Australia we will not give fingerprints to the US for the purpose of visa entry, we absolutely do not give fingerprints." Her response was there would be no travel from Australia to the US.
That sounds crazy: forcing governments to use biometric systems that may not work?
Some people say it's like barcodes, which didn't work in the early days. Biometrics will get better, it's true. But it's a bad analogy because barcodes can be controlled in manufacturing. If a checker has to type in the code too many times they make the manufacturer redesign the can. Human beings can't go to God. No one technology is going to provide the magic bullet. People are different in ways that you could never imagine. They never have what you think they are going to have where you think they are going to have it.
For example?
It never, ever, occurred to me that people can have polydactylism: one fellow had two right thumbs. I have a friend who has a hard time with facial recognition systems: he is very light-skinned, with very light hair but mostly bald. Against a light background, the computer couldn't find the outline of his face, and it said: "There's nobody here." Another guy I knew didn't have a round pupil because he had damaged his eye. You couldn't use iris recognition on that one eye. And then there are people with one glass eye. Or take privacy advocate Simon Davies, whose irises move constantly. He can't be successfully iris-scanned.
But surely fingerprints work?
Everybody learns from reading Mark Twain's Pudd'nhead Wilson that fingerprints are unchanged from cradle to grave and that everybody has unique fingerprints. But despite this, there remains a tremendous controversy over the admissibility of fingerprints as evidence. I've been an expert witness on this. Fingerprinting is very defendable, but the government has used some of the most stupid, crazy, spurious and non-scientific scientific arguments to try to defend it. We do lack the scientific basis, and that's what we're trying to make up for now.
What about DNA samples?
DNA is not biometrics, it's not automatic unless you touch a machine and it takes a sample, like in the movie Gattaca. But there are a couple of problems. First, you are invading my privacy by asking me to touch a machine and by removing something from my body. I find that disgusting. Secondly, there may be information in that DNA analysis that tells you something about me as a person. Other biometrics don't give any information about a person at all. You may argue that they can be used to link records, such as health records, but it's much easier to use a social security number.
How is face recognition doing?
Face recognition still seems to be the holy grail. Perhaps it's more acceptable to people than being fingerprinted or iris-scanned. And often if we have any information at all on terrorists, the face may be the only thing we have.
But there are many problems. Take the London mayor, Ken Livingstone, and his idea that you can point a camera at a car and do facial recognition of the occupants. We did that at a Mexico border crossing in Otay Mesa. The immigration service tried to automate the crossing by installing facial recognition cameras in a system called SENTRI, but the driver had to stop and look into the camera. That was highly problematic because the height of the cars varied, and window frames obscured the faces. The state of this technology is we are still trying to teach the cameras that the two people in each scene are the same person.
So how do I know you're you? After all, you have just failed to get into your office and we have had to go to a Denny's restaurant.
You have no clue who I am, and I could give you my fingerprint and you still wouldn't know who I am. That's a fundamental flaw in all the legislation. Biometrics says nothing about whether I'm a terrorist or not. Right now, your best information that I am who I say I am is what I know. We lack good definitions of security.
Don't we also need international standards?
In 1996, it occurred to governments that companies who make these systems were being asked to meet different requirements for every country and that made no sense. They set up the Common Criteria so if you met the requirements for one country you met them all. The hot question is, can the Common Criteria be extended to cover security for biometrics? We are only just getting to the point of being able to test how good biometrics are for government security applications.
Will we use biometrics to track people?
We'll never use biometrics to track somebody. I've got a really good idea for tracking people: you ask them to carry radio transmitters...
Like my mobile phone?
How much do they pay you to carry that? You pay them! So right now the government can track you within metres. That's a much better way to track people.
So what are biometrics good for?
For negative identification. To prove I don't know you - that you are not on my wanted list - I have no choice but biometrics. If you want to prevent the issuing of multiple driver's licences to a single driver, you have to do biometrics. For positive identification, such as the UK immigration programme, it's really hard to know if you are talking to the same person as a couple of months ago, particularly with multiple interviewers and because of the "other race" problem - it's hard for people of one race to distinguish people of another race.
Are there systems that work?
There's a nice project in Australia, where custom officers are using facial recognition at border crossings for Qantas airline representatives. They're very clever: they keep the photos current, they don't take one photo but five using a special camera with five lenses - that's how they handle the pose angle - and they ask everybody to use a neutral expression. When you go through customs, they have three cameras, so one of the three has to match one of the five, and they control the lighting. If the system fails, they have a back-up plan, you just go to the clerk. They claim very low error rates, and I believe them.
Any other good ones?
Hand geometry. It's used in the US Immigration and Naturalization Service's INSPASS system. It's an automatic system that speeds you through customs and immigration. INSPASS just works and works, and the error rates can be very low even with people who are not used to it.
What's the snag?
I have my INSPASS here, based on my hand geometry. Error rates are very low but there's a problem. The card has a lifetime of one year and to issue me this card takes about half an hour: I have to go in, I have to get my picture taken, my hand geometry measured, I have to declare I'm not a convicted drugs smuggler and give them a fingerprint so they can run it against records. When I come through showing my passport, they take maybe 30 or 60 seconds to process me. Every time I use my INSPASS, the immigration service saves a minute because it is automatic. But during that year I have to come through the system 30 times or it never pays for itself. It pays for itself for me, though.
Does anything else work - economically speaking?
The system at Disney World, which is based on finger geometry, has had 12 million transactions in the past five years and is working extremely well. But neither of these systems can be used for negative identification on a large scale. For that we need systems such as iris recognition but we have limited experience of working with it. The problem is whether you could run a large-scale operation just based on irises. Keep in mind that the largest national identification system in place that's working is the Philippines social security system, which has about 4 million people enrolled.
Is the key to testing these systems to test the biometrics themselves?
It isn't that easy. Biometric tests are not like tests of computer security because in biometrics you are testing people - and people are extremely expensive to test. We have seen that recently with the results from a facial recognition test sponsored by the US Department of Defense and conducted by the National Institute of Standards and Technology (NIST). Two of the companies involved came forward and said "We've improved our product, those results don't apply to us." How would they know? No one has tested the new product. And tests are so expensive that they can't afford them. We see this in biometrics all the time.
What about national test centres?
There are a lot of government groups that do biometric testing: there's NIST doing facial and voice recognition systems, a group at the University of Bologna in Italy that tests fingerprint verification devices, the Army Research Laboratory, Sandia National Labs and so on. But they are not coordinated. That would require central funding, and each group has its own money so they are not required to coordinate with anybody. It takes literally an act of Congress to get tests going. The British government is forcing the issue. They say: we've got all these tests going on, but none of them uses the same protocols, none of them reports the same way, maybe we should develop a standard. It's badly needed.
What are you working on now?
I'm really excited about research I'm doing at the University of Minnesota at Duluth. One of the big issues is, what happens if you combine biometrics? Maybe we'll have multiple systems: say, fingerprint and iris recognition. Combining biometric systems raises some huge problems. Can you imagine trying to enrol people in such a system? But the mathematics gets absolutely fascinating. We call it the "cotton-ball squishing problem".
The what?
OK, in hand geometry, you get nine measurements. In facial recognition you get 128. Why don't we just concatenate them? It turns out the mathematics is really, really hard. If you throw cotton balls into a shoebox with no gravity, what is the probability that there will be a collision? The probability of a collision increases as you get more balls, the smaller the box gets or the bigger the cotton balls are. Then suppose we change the dimension: so that they are not cotton balls but the shadows of cotton balls on the floor of the box. The shadows may be colliding while the cotton balls are not colliding. Can we put together a mathematical formula that tells us how increasing the dimensions of the system decreases the probability of collisions? In biometrics, a collision is a false match.
How did you get into biometrics? Didn't you say you were surfer and a musician?
My dad was a civil engineer for the city of Los Angeles and my mother was a modern girl with a BSc in a new field called home economics from the University of California at Los Angeles. They bought a little shack above Malibu beach with pasteboard walls and running cold water and a toilet that just flushed into an underground pit. We'd live there in the summer and weekends.
Did you have any success as a musician?
Yes, it doesn't take any talent to be a rock and roll musician, and I had even less than that. I did a Tony the Tiger Sugar Frosted Flakes commercial with my rock and roll band when I was 15. During the Vietnam war I toured with a United Services Organization show. Then I played in a revival of a group called The Diamonds that sang Little Darling, and we did lots of Las Vegas.
But the Beach Boys were your big passion?
I thought, oh, I've got to get into this. There were two young guys: Jeff Foskett and his buddy who played and sang together. They went around playing Beatles and Beach Boys songs in the local bars in the 1970s and they were very good. One of the founding members of the Beach Boys, Mike Love, lived in Santa Barbara, and he recruited Foskett to play with him on a tour. He made his way into the Beach Boys, and from 1980 to the present day Foskett has played with Brian Wilson. Just an ordinary guy like me. I want to be Jeff Foskett. In my dream, it's me and Brian Wilson. I have this dream very often that I'm playing with the Beach Boys.
http://www.newscientist.com/opinion/opinterview.jsp?
Oud nieuws mag ik hopen.
Photo: Tim Archibald
If your eyes move too fast, or are damaged, forget it. If you've got an extra finger, forget it. And being bald could turn you invisible. People are the problem for the new biometrics that governments are under pressure to use as global security systems get tougher. James L. Wayman of San Jose State University, California, worries about this. He's a key biometrics adviser to the UK and the US - a far cry from his dream to play with the Beach Boys. Wayman talked to Wendy M. Grossman about the problems in building a biometric future
Tighter security has become a mantra worldwide for all sorts of reasons. Do governments see biometrics as their lifeline?
There has been great enthusiasm for biometrics since 1961. It sounds like such a great idea, but people fail to understand how difficult it is. Take the Enhanced Border Security and Visa Entry Reform Act of 2002 for example. This requires biometric identification on the travel documents of everyone entering the US after 26 October 2004, even for visa waiver countries. This has thrown a lot of governments for a loop: how will they comply? The International Civil Aviation Organization argues that there is already a biometric on passports, a photograph. But what about those people who don't have that? Are you going to say we're going to come up with one biometric measure? The act, if you read it carefully, doesn't require that the system actually works, just for it to be there. I don't think we are going to make the deadline, so something is going to hit the fan come October 2004. A woman from Australian customs told me straight: "In Australia we will not give fingerprints to the US for the purpose of visa entry, we absolutely do not give fingerprints." Her response was there would be no travel from Australia to the US.
That sounds crazy: forcing governments to use biometric systems that may not work?
Some people say it's like barcodes, which didn't work in the early days. Biometrics will get better, it's true. But it's a bad analogy because barcodes can be controlled in manufacturing. If a checker has to type in the code too many times they make the manufacturer redesign the can. Human beings can't go to God. No one technology is going to provide the magic bullet. People are different in ways that you could never imagine. They never have what you think they are going to have where you think they are going to have it.
For example?
It never, ever, occurred to me that people can have polydactylism: one fellow had two right thumbs. I have a friend who has a hard time with facial recognition systems: he is very light-skinned, with very light hair but mostly bald. Against a light background, the computer couldn't find the outline of his face, and it said: "There's nobody here." Another guy I knew didn't have a round pupil because he had damaged his eye. You couldn't use iris recognition on that one eye. And then there are people with one glass eye. Or take privacy advocate Simon Davies, whose irises move constantly. He can't be successfully iris-scanned.
But surely fingerprints work?
Everybody learns from reading Mark Twain's Pudd'nhead Wilson that fingerprints are unchanged from cradle to grave and that everybody has unique fingerprints. But despite this, there remains a tremendous controversy over the admissibility of fingerprints as evidence. I've been an expert witness on this. Fingerprinting is very defendable, but the government has used some of the most stupid, crazy, spurious and non-scientific scientific arguments to try to defend it. We do lack the scientific basis, and that's what we're trying to make up for now.
What about DNA samples?
DNA is not biometrics, it's not automatic unless you touch a machine and it takes a sample, like in the movie Gattaca. But there are a couple of problems. First, you are invading my privacy by asking me to touch a machine and by removing something from my body. I find that disgusting. Secondly, there may be information in that DNA analysis that tells you something about me as a person. Other biometrics don't give any information about a person at all. You may argue that they can be used to link records, such as health records, but it's much easier to use a social security number.
How is face recognition doing?
Face recognition still seems to be the holy grail. Perhaps it's more acceptable to people than being fingerprinted or iris-scanned. And often if we have any information at all on terrorists, the face may be the only thing we have.
But there are many problems. Take the London mayor, Ken Livingstone, and his idea that you can point a camera at a car and do facial recognition of the occupants. We did that at a Mexico border crossing in Otay Mesa. The immigration service tried to automate the crossing by installing facial recognition cameras in a system called SENTRI, but the driver had to stop and look into the camera. That was highly problematic because the height of the cars varied, and window frames obscured the faces. The state of this technology is we are still trying to teach the cameras that the two people in each scene are the same person.
So how do I know you're you? After all, you have just failed to get into your office and we have had to go to a Denny's restaurant.
You have no clue who I am, and I could give you my fingerprint and you still wouldn't know who I am. That's a fundamental flaw in all the legislation. Biometrics says nothing about whether I'm a terrorist or not. Right now, your best information that I am who I say I am is what I know. We lack good definitions of security.
Don't we also need international standards?
In 1996, it occurred to governments that companies who make these systems were being asked to meet different requirements for every country and that made no sense. They set up the Common Criteria so if you met the requirements for one country you met them all. The hot question is, can the Common Criteria be extended to cover security for biometrics? We are only just getting to the point of being able to test how good biometrics are for government security applications.
Will we use biometrics to track people?
We'll never use biometrics to track somebody. I've got a really good idea for tracking people: you ask them to carry radio transmitters...
Like my mobile phone?
How much do they pay you to carry that? You pay them! So right now the government can track you within metres. That's a much better way to track people.
So what are biometrics good for?
For negative identification. To prove I don't know you - that you are not on my wanted list - I have no choice but biometrics. If you want to prevent the issuing of multiple driver's licences to a single driver, you have to do biometrics. For positive identification, such as the UK immigration programme, it's really hard to know if you are talking to the same person as a couple of months ago, particularly with multiple interviewers and because of the "other race" problem - it's hard for people of one race to distinguish people of another race.
Are there systems that work?
There's a nice project in Australia, where custom officers are using facial recognition at border crossings for Qantas airline representatives. They're very clever: they keep the photos current, they don't take one photo but five using a special camera with five lenses - that's how they handle the pose angle - and they ask everybody to use a neutral expression. When you go through customs, they have three cameras, so one of the three has to match one of the five, and they control the lighting. If the system fails, they have a back-up plan, you just go to the clerk. They claim very low error rates, and I believe them.
Any other good ones?
Hand geometry. It's used in the US Immigration and Naturalization Service's INSPASS system. It's an automatic system that speeds you through customs and immigration. INSPASS just works and works, and the error rates can be very low even with people who are not used to it.
What's the snag?
I have my INSPASS here, based on my hand geometry. Error rates are very low but there's a problem. The card has a lifetime of one year and to issue me this card takes about half an hour: I have to go in, I have to get my picture taken, my hand geometry measured, I have to declare I'm not a convicted drugs smuggler and give them a fingerprint so they can run it against records. When I come through showing my passport, they take maybe 30 or 60 seconds to process me. Every time I use my INSPASS, the immigration service saves a minute because it is automatic. But during that year I have to come through the system 30 times or it never pays for itself. It pays for itself for me, though.
Does anything else work - economically speaking?
The system at Disney World, which is based on finger geometry, has had 12 million transactions in the past five years and is working extremely well. But neither of these systems can be used for negative identification on a large scale. For that we need systems such as iris recognition but we have limited experience of working with it. The problem is whether you could run a large-scale operation just based on irises. Keep in mind that the largest national identification system in place that's working is the Philippines social security system, which has about 4 million people enrolled.
Is the key to testing these systems to test the biometrics themselves?
It isn't that easy. Biometric tests are not like tests of computer security because in biometrics you are testing people - and people are extremely expensive to test. We have seen that recently with the results from a facial recognition test sponsored by the US Department of Defense and conducted by the National Institute of Standards and Technology (NIST). Two of the companies involved came forward and said "We've improved our product, those results don't apply to us." How would they know? No one has tested the new product. And tests are so expensive that they can't afford them. We see this in biometrics all the time.
What about national test centres?
There are a lot of government groups that do biometric testing: there's NIST doing facial and voice recognition systems, a group at the University of Bologna in Italy that tests fingerprint verification devices, the Army Research Laboratory, Sandia National Labs and so on. But they are not coordinated. That would require central funding, and each group has its own money so they are not required to coordinate with anybody. It takes literally an act of Congress to get tests going. The British government is forcing the issue. They say: we've got all these tests going on, but none of them uses the same protocols, none of them reports the same way, maybe we should develop a standard. It's badly needed.
What are you working on now?
I'm really excited about research I'm doing at the University of Minnesota at Duluth. One of the big issues is, what happens if you combine biometrics? Maybe we'll have multiple systems: say, fingerprint and iris recognition. Combining biometric systems raises some huge problems. Can you imagine trying to enrol people in such a system? But the mathematics gets absolutely fascinating. We call it the "cotton-ball squishing problem".
The what?
OK, in hand geometry, you get nine measurements. In facial recognition you get 128. Why don't we just concatenate them? It turns out the mathematics is really, really hard. If you throw cotton balls into a shoebox with no gravity, what is the probability that there will be a collision? The probability of a collision increases as you get more balls, the smaller the box gets or the bigger the cotton balls are. Then suppose we change the dimension: so that they are not cotton balls but the shadows of cotton balls on the floor of the box. The shadows may be colliding while the cotton balls are not colliding. Can we put together a mathematical formula that tells us how increasing the dimensions of the system decreases the probability of collisions? In biometrics, a collision is a false match.
How did you get into biometrics? Didn't you say you were surfer and a musician?
My dad was a civil engineer for the city of Los Angeles and my mother was a modern girl with a BSc in a new field called home economics from the University of California at Los Angeles. They bought a little shack above Malibu beach with pasteboard walls and running cold water and a toilet that just flushed into an underground pit. We'd live there in the summer and weekends.
Did you have any success as a musician?
Yes, it doesn't take any talent to be a rock and roll musician, and I had even less than that. I did a Tony the Tiger Sugar Frosted Flakes commercial with my rock and roll band when I was 15. During the Vietnam war I toured with a United Services Organization show. Then I played in a revival of a group called The Diamonds that sang Little Darling, and we did lots of Las Vegas.
But the Beach Boys were your big passion?
I thought, oh, I've got to get into this. There were two young guys: Jeff Foskett and his buddy who played and sang together. They went around playing Beatles and Beach Boys songs in the local bars in the 1970s and they were very good. One of the founding members of the Beach Boys, Mike Love, lived in Santa Barbara, and he recruited Foskett to play with him on a tour. He made his way into the Beach Boys, and from 1980 to the present day Foskett has played with Brian Wilson. Just an ordinary guy like me. I want to be Jeff Foskett. In my dream, it's me and Brian Wilson. I have this dream very often that I'm playing with the Beach Boys.
http://www.newscientist.com/opinion/opinterview.jsp?
Oud nieuws mag ik hopen.