Thursday, 17 September 2015

So where are we on astrology? 13 years late, UK government promises biometrics strategy by end 2015. Why?

In July 2002 Rt Hon David Blunkett MP, Home Secretary, issued a consultation document on introducing government-issued identity cards into the UK. One idea was to use biometrics to verify people's identity.

There was no proof at the time that mass consumer biometrics was reliable enough to do the job. 13 years later, there still isn't. The belief in the efficacy of mass consumer biometrics is akin to the belief in astrology.

In February 2015 the House of Commons Science and Technology Committee published a report, Current and future uses of biometric data and technologies. Biometrics was described as "the shoddiest science offered to the courts" and was said to be locked in a "cycle of failure".

The Committee declared itself to be worried about the privacy issues raised by biometrics and about the security of biometric databases. Which is odd. After all, if the technology doesn't work, there are no privacy issues. And the Committee doesn't (yet) seem to be worried about the storage facilities for horoscopes.

One way and another the Committee's report came up with 12 recommendations, to which the government's response has now been published.

"The Government biometric strategy is still in the early stages of development", they say (p.2). I.e. Whitehall was winging it for eight years with its promises for the benefits of ID cards between 2002 and 2010, when the Identity Cards Act 2006 was repealed. They now promise to publish their biometrics strategy "by the end of 2015" (p.3). What a mistake that will be, to publish a strategy for a shoddy science locked in a cycle of failure.

The strategy "should recognise that biometrics is fast-changing [trans: all over the place] and provides opportunities for better secure identity verification [how?], better public services [such as?], improved public protection [really?] and the ability to identify and stop criminals [all of them?]".

That was on p.4. Something must have changed since Chief Constable Chris Sims, representing the Association of Chief Police Officers, gave evidence to the Committee and said that he was "not aware of forces using facial image software at the moment" and that "the technology is not yet at the maturity where it could be deployed" (para.95).

When we learn on p.5 that "the core facial recognition algorithm used by the Police National Database ... was shown to be one of the best in terms of accuracy" presumably that just tells us, given the testimony of Chief Constable Sims, that all the other algorithms are even more useless.

Also on p.5 the government tell us that, just like astrology, "performance levels of biometric systems cannot be characterised by a single figure. Publicising detailed results of performance is an area requiring careful consideration, as not only is the accuracy testing of large scale biometric systems very complex, so is interpreting the data. System performance is very dependent on the specifics of the application, making direct comparisons between systems difficult and in many cases meaningless".

P.6: "The Home Office systems currently holding biometric data employ a range of defence in depth measures appropriate to the value of the data" – nil?

Privacy impact assessments and the government's ethical framework for astrology are covered on p.7 and then on p.8 they say that: "the government appointed a Chief Data Officer in March 2015, supported by a Government Data Standard to ensure transparency in the use of data by Government". They did indeed.

They appointed Public Servant of the Year ex-Guardian man Mike Bracken CBE CDO CDO, executive director of the Government Digital Service and senior responsible owner of the pan-government identity assurance programme now known as GOV.UK Verify (RIP), as chief data officer. He's leaving Whitehall in 13 days time on 30 September 2015 and is not known to have done anything about biometrics in the interim.

The Committee included in its February report the judgement of the High Court several years ago that the Metropolitan Police Service is breaking the law by retaining, on its biometrics database, the images of people not even charged with an offence, let alone convicted of one (para.99). Now we learn that "the Home Office is currently undertaking a policy review of the statutory basis for the retention of facial images" (p.10). This will surely be a very quick review – it can't take long to establish a policy on the police breaking the law.

"We are considering the role of the Biometrics Commissioner" (p.11). The Committee's report revealed that although the Commissioner is responsible for DNA and fingerprints, he has no locus on facial images (para.102), like an unfortunate soothsayer handicapped by being forbidden to mention Leo.

The Prime Minister promised several years ago to limit net immigration to an annual figure in the tens of thousands. Last year it exceeded 300,000, much to the amusement of the opposition parties and the Guardian newspaper. It is widely agreed that UK immigration is out of control.

And yet the government's astrologer says: "The biometrics landscape has operated with a number of widely adopted international standards for many years, this has been vital in ensuring that governments are able to share data, where allowed and required, and has achieved significant benefits including; solving crimes, finding missing people and controlling immigration" (p.11).

You can have a strong grasp of reality. Or you can have confidence in mass consumer biometrics. One or the other, but not both.

----------

Updated 17.9.15 18:45

We don't often set homework on DMossEsq. Readers tend to cheat and get their children to do it for them.

But let's make an exception. 500 words, please, on the distinction between James McCormick and the suppliers of biometrics "solutions". Mr McCormick is in prison for selling novelty golf ball detectors and pretending that they could be used to detect explosives. No-one from the public bodies which bought them is in prison for pretending to believe him.

You may find it useful to refer to the essay on biometrics written by three world-class experts who conclude that biometrics is not a science. It is "out of statistical control", they say. One of these experts has advised the US government, one of them the UK government and one of them both governments. They know what they're talking about.

500 words. On the DMossEsq desk. 9 a.m. Monday morning 21 September 2015.


Updated 9.4.16

Based on a leak, Kat Hall published the revelation yesterday that GDS has no real strategy for £450m budget pot, internal plan reveals.

She has acquired a copy of GDS's Transforming the relationship between citizens and the state: the Government’s transformation strategy and the Government Digital Service still doesn't have a clue how it's going to transform the relationship between people and the state. Instead, they're playing for time: "More detail about departments’ strategies for business transformation, enabled by digital, technology, data and security are due to be published in September 2016".

Playing for time, and repeating their nostrum about Government as a Platform (GaaP, the search for "promising clusters"): "an approach that involves developing a common core infrastructure of shared components, technology and standards on which it’s easy to build brilliant, user-centred government services".

This vacuous self-importance joins a long line of civil service reports. The excellent Jerry Fishenden, of whom more anon, has listed 80 similar documents published in the past 20 years. We're still waiting for a result and, without wishing to seem mean, it's not clear that the addition of a further £450 million is likely to induce progress.

Kat's article includes:
But the only detail of what [GaaP] will entail were examples of "common platforms" in the Home Office, which will develop a common biometrics platform for government and the Department for Work and Pensions, "which will lead work on a tool to pay money out from government."
Despite all their painful experience, the Home Office still haven't shaken off the hold of biometrics. It must be written in the stars. Their future is their past. They are doomed to re-live the pain apparently eternally.


Updated 11.4.16

Get a coconut

The UK Home Office's big idea for the future is to "develop a common biometrics platform". That will transform government. Make it digital. Expand the UK economy. Be green.

Or will it?

Take a look at India and its Aadhaar scheme. That's a common biometrics platform-and-a-half. They've registered around a billion people. And in the state of Rajasthan, the only way for the poor to collect their food ration is through Aadhaar.

How's that going?

Rajasthan presses on with Aadhaar after fingerprint readers fail: We’ll buy iris scanners:
“Yesterday, we had to send about a hundred people back when the internet did not work for six hours,” said Ali ...

Hanja Devi, an Antyodaya [maximum entitlement] beneficiary, failed to get 35 kilo foodgrain on her third trip in three days because of Aadhaar authentication failures ...

Of the nearly 860 beneficiaries who came to Aziz’s ration shop in December, he said, only half could get their fingerprint authenticated in one go ...

The biometric machine showed that the Aadhaar number of Santosh Devi, of Kesharpura village, belonged to someone else ...

The Rajasthan government made Aadhaar-based authentication mandatory at ration shops in December when the ration-seeding process [without which, digitally, you don't exist] was completed for less than half the ration beneficiaries ...

“From March 11 till 18, one week of the ration consumers’ fortnight, the servers were not working properly" ...

... all parts surrounded by the Aravalli hills had poor internet connectivity. “In Todgarh, which is also near the Aravalli hills, the ration dealer has to collect the beneficiaries 3 kilometres from the shop to catch signal" ...

... several families were trying to get their children’s biometrics registered ... because schools had ordered them to enrol for Aadhaar ...

Hansraj Yadav, who is additional director- Unique Identification Authority, said that to solve the problem of high rates of fingerprint authentication failure, the Rajasthan government is planning to install more biometric machines – this time, iris scanning machines ...
And here's Safran Morpho explaining how well Aadhaar is working, including Safran Morpho's biometrics systems:


No doubt the Home Office believe Safran Morpho's version and will pursue their big idea. The rest of us should prepare for Rajasthan's version.

That couldn't happen here, could it? Not in Blighty.

Believe what you like ...

... but we tried and failed to deploy the Basic Payment Scheme for farmers and our broadband couldn't cope ...

... and CloudStore, the old Digital MarketPlace has been known to be out of action for days and even weeks at a time ...


... and we're currently threatening to deploy GOV.UK Verify (RIP) even though it is thought that up to 30% of the low-paid can't have their identity verified ...

... and we're using Safran Morpho (SecureIdentity) as one of our eight "identity providers" for GOV.UK Verify (RIP) even though GDS themselves say that five of them – Barclays, CitizenSafe, Royal Mail, SecureIdentity and Verizon – are "unlikely to be able to verify you":


"Aadhaar" means platform in many of India's dozens of languages. The idea is that it provides a safe platform on which India can build public services. GOV.UK Verify (RIP), the UK's proposed identity assurance platform, looks just as rickety, in any language.

What's more, GOV.UK Verify (RIP) is due to go live this month. Some time in the next 19 days.

Apparently the Hindi for computer says no is "Aap ka Aadhaar sahi nahi hai". You'd better learn that before May.

And get a coconut. According to the Rajasthan article above, when one old woman couldn't have her identity verified, a bystander quipped: "Break a coconut first next time". It may help you when some idiot deploys electronic voting in the UK.


Updated 7.7.16

You will remember that the only prudent stance on mass consumer biometrics is scepticism. And that the House of Commons Science and Technology Committee were told, please see above, that no UK police force uses "facial image software" at the moment because "the technology is not yet at the maturity where it could be deployed".

You will therefore be amused to read today's Times newspaper:
CCTV riches for man who puts name to a face

... The Somerset-based SSL — Simulation Systems Ltd — a past recipient of the Queen’s Award for Enterprise, has been in the vanguard of developing CCTV equipment for major roads and devices, which it is claimed, can make out the faces of motorists in their vehicles two miles away even if there is mist, rain or snow. In clear weather viewing distances are claimed to be 15 miles ...
The men and women in blue can't get facial image software to work with photographs taken in a well-lit police station but Simulation Systems Ltd can recognise a face two miles away in the mist?

People want to believe in biometrics so much that they will accept any claim however ludicrous. They will even repeat these claims in serious newspapers.


Updated 12.8.16

It's mid-August and even the news has gone on holiday.

What to publish?

How about?
Boffins' blur-busting face recognition can ID you with one bad photo

Developers warn that scary people are out there doing this already

12 Aug 2016 at 03:58, Darren Pauli


Scientists have found a way to accurately identify completely obscured faces using recognition systems trained on only a handful of well-lit photos.

The work by Seong Joon Oh, Rodrigo Benenson, Mario Fritz, and Bernt Schiele of Max Planck Institute in Saarbrücken, Germany, finds faces can be recognised with up to 91.5 per cent accuracy when the system is fed with just 10 clear images of a target's face.

The Faceless Person Recogniser is up to 69.6 per cent accurate when working from just one image ...
Other numbers mentioned include 14.7, 4.65, ones, handful, 12, 83 and, more ambitiously, 40,000 and 2,000.

We've been here before ...

Updated 24.10.16

The Government Digital Service (GDS) don't have a published strategy at the moment. That doesn't stop them recruiting like mad and it didn't stop the Treasury promising them £450 million.

Still, it's embarrassing. So Kevin Cunnington, the new Director General, has taken to briefing journalists on the contents of GDS's strategy, which may be published before Christmas 2016.

All journalists report that Mr Cunnington sees a great future for GOV.UK Verify (RIP), GDS's identity assurance scheme that doesn't work. Rebecca Hill, writing for Public Technology.net, Kevin Cunnington reveals his ‘cunning plan’ for future of GDS, adds this gem:
In addition, Cunnington said he wanted GDS to offer more advice to departments and encourage innovation across Whitehall. He noted that the Home Office was doing some good work on biometrics, but that this sort of attitude to digital innovation should be broadened out further.
The House of Commons Science and Technology Committee were unable to discover any good work being done on biometrics, please see above. If Mr Cunnington is hoping that GOV.UK Verify (RIP) will be saved by biometrics, he's in for a great disappointment.


Updated 10.11.16

We are all still waiting for GDS's strategy to be announced but the other day at least we learned its mission – to "support, enable and assure".

What does "support" mean?

According to Kevin Cunnington, director general of GDS, among other things it means that GDS should "innovate with new ideas, and help departments to innovate. Things like biometric residence permits, which a team at the Home Office has been working on".

Quick reference to p.9 of your well-thumbed July 2006 copy of Identity Card Technologies: Scientific Advice, Risk and Evidence will remind you that:
The Home Office admitted that the timetabling of the programme was being reviewed by the IPS but said that it “remains committed to delivering the ID cards programme as soon as possible, starting with biometric residence permits for foreign nationals in 2008” ...
The programme whose timetable was being reviewed back then was the National Identity Scheme (subsequently the National Identity Service). The NIS was finally reviewed to death in December 2010 when the Identity Cards Act was repealed at which point IPS, the Identity & Passport Service, imploded. Which is why we Brits still don't have UK government-issued ID cards. But some foreigners do, and have done since November 2008 – biometric residence permits.

There was nothing innovative about biometric residence permits. Not in 2008. And not in 2006. By 2002, the Home Office was already issuing asylum seekers with biometric Application Registration Cards, please see p.114 of their consultation on entitlement cards (subsequently ID cards).

That's 14 years ago and nine years before GDS existed. GDS can hardly be said to be innovating new ideas in this case or even helping the Home Office to do so. Biometric residence permits are a rotten example for Mr Cunnington to give of GDS's mission to support.

Despite their failure, the Home Office still harbour a pathological craving for ID cards. A pathological craving which is quite clearly now being channelled through Kevin Cunnington ...

... which tells you what to expect on Christmas Day when you open your GDS strategy.

No comments:

Post a Comment