Thursday, 17 September 2015

So where are we on astrology? 13 years late, UK government promises biometrics strategy by end 2015. Why?

In July 2002 Rt Hon David Blunkett MP, Home Secretary, issued a consultation document on introducing government-issued identity cards into the UK. One idea was to use biometrics to verify people's identity.

There was no proof at the time that mass consumer biometrics was reliable enough to do the job. 13 years later, there still isn't. The belief in the efficacy of mass consumer biometrics is akin to the belief in astrology.

In February 2015 the House of Commons Science and Technology Committee published a report, Current and future uses of biometric data and technologies. Biometrics was described as "the shoddiest science offered to the courts" and was said to be locked in a "cycle of failure".

The Committee declared itself to be worried about the privacy issues raised by biometrics and about the security of biometric databases. Which is odd. After all, if the technology doesn't work, there are no privacy issues. And the Committee doesn't (yet) seem to be worried about the storage facilities for horoscopes.

One way and another the Committee's report came up with 12 recommendations, to which the government's response has now been published.

"The Government biometric strategy is still in the early stages of development", they say (p.2). I.e. Whitehall was winging it for eight years with its promises for the benefits of ID cards between 2002 and 2010, when the Identity Cards Act 2006 was repealed. They now promise to publish their biometrics strategy "by the end of 2015" (p.3). What a mistake that will be, to publish a strategy for a shoddy science locked in a cycle of failure.

The strategy "should recognise that biometrics is fast-changing [trans: all over the place] and provides opportunities for better secure identity verification [how?], better public services [such as?], improved public protection [really?] and the ability to identify and stop criminals [all of them?]".

That was on p.4. Something must have changed since Chief Constable Chris Sims, representing the Association of Chief Police Officers, gave evidence to the Committee and said that he was "not aware of forces using facial image software at the moment" and that "the technology is not yet at the maturity where it could be deployed" (para.95).

When we learn on p.5 that "the core facial recognition algorithm used by the Police National Database ... was shown to be one of the best in terms of accuracy" presumably that just tells us, given the testimony of Chief Constable Sims, that all the other algorithms are even more useless.

Also on p.5 the government tell us that, just like astrology, "performance levels of biometric systems cannot be characterised by a single figure. Publicising detailed results of performance is an area requiring careful consideration, as not only is the accuracy testing of large scale biometric systems very complex, so is interpreting the data. System performance is very dependent on the specifics of the application, making direct comparisons between systems difficult and in many cases meaningless".

P.6: "The Home Office systems currently holding biometric data employ a range of defence in depth measures appropriate to the value of the data" – nil?

Privacy impact assessments and the government's ethical framework for astrology are covered on p.7 and then on p.8 they say that: "the government appointed a Chief Data Officer in March 2015, supported by a Government Data Standard to ensure transparency in the use of data by Government". They did indeed.

They appointed Public Servant of the Year ex-Guardian man Mike Bracken CBE CDO CDO, executive director of the Government Digital Service and senior responsible owner of the pan-government identity assurance programme now known as GOV.UK Verify (RIP), as chief data officer. He's leaving Whitehall in 13 days time on 30 September 2015 and is not known to have done anything about biometrics in the interim.

The Committee included in its February report the judgement of the High Court several years ago that the Metropolitan Police Service is breaking the law by retaining, on its biometrics database, the images of people not even charged with an offence, let alone convicted of one (para.99). Now we learn that "the Home Office is currently undertaking a policy review of the statutory basis for the retention of facial images" (p.10). This will surely be a very quick review – it can't take long to establish a policy on the police breaking the law.

"We are considering the role of the Biometrics Commissioner" (p.11). The Committee's report revealed that although the Commissioner is responsible for DNA and fingerprints, he has no locus on facial images (para.102), like an unfortunate soothsayer handicapped by being forbidden to mention Leo.

The Prime Minister promised several years ago to limit net immigration to an annual figure in the tens of thousands. Last year it exceeded 300,000, much to the amusement of the opposition parties and the Guardian newspaper. It is widely agreed that UK immigration is out of control.

And yet the government's astrologer says: "The biometrics landscape has operated with a number of widely adopted international standards for many years, this has been vital in ensuring that governments are able to share data, where allowed and required, and has achieved significant benefits including; solving crimes, finding missing people and controlling immigration" (p.11).

You can have a strong grasp of reality. Or you can have confidence in mass consumer biometrics. One or the other, but not both.

----------

Updated 17.9.15 18:45

We don't often set homework on DMossEsq. Readers tend to cheat and get their children to do it for them.

But let's make an exception. 500 words, please, on the distinction between James McCormick and the suppliers of biometrics "solutions". Mr McCormick is in prison for selling novelty golf ball detectors and pretending that they could be used to detect explosives. No-one from the public bodies which bought them is in prison for pretending to believe him.

You may find it useful to refer to the essay on biometrics written by three world-class experts who conclude that biometrics is not a science. It is "out of statistical control", they say. One of these experts has advised the US government, one of them the UK government and one of them both governments. They know what they're talking about.

500 words. On the DMossEsq desk. 9 a.m. Monday morning 21 September 2015.


Updated 9.4.16

Based on a leak, Kat Hall published the revelation yesterday that GDS has no real strategy for £450m budget pot, internal plan reveals.

She has acquired a copy of GDS's Transforming the relationship between citizens and the state: the Government’s transformation strategy and the Government Digital Service still doesn't have a clue how it's going to transform the relationship between people and the state. Instead, they're playing for time: "More detail about departments’ strategies for business transformation, enabled by digital, technology, data and security are due to be published in September 2016".

Playing for time, and repeating their nostrum about Government as a Platform (GaaP, the search for "promising clusters"): "an approach that involves developing a common core infrastructure of shared components, technology and standards on which it’s easy to build brilliant, user-centred government services".

This vacuous self-importance joins a long line of civil service reports. The excellent Jerry Fishenden, of whom more anon, has listed 80 similar documents published in the past 20 years. We're still waiting for a result and, without wishing to seem mean, it's not clear that the addition of a further £450 million is likely to induce progress.

Kat's article includes:
But the only detail of what [GaaP] will entail were examples of "common platforms" in the Home Office, which will develop a common biometrics platform for government and the Department for Work and Pensions, "which will lead work on a tool to pay money out from government."
Despite all their painful experience, the Home Office still haven't shaken off the hold of biometrics. It must be written in the stars. Their future is their past. They are doomed to re-live the pain apparently eternally.


Updated 11.4.16

Get a coconut

The UK Home Office's big idea for the future is to "develop a common biometrics platform". That will transform government. Make it digital. Expand the UK economy. Be green.

Or will it?

Take a look at India and its Aadhaar scheme. That's a common biometrics platform-and-a-half. They've registered around a billion people. And in the state of Rajasthan, the only way for the poor to collect their food ration is through Aadhaar.

How's that going?

Rajasthan presses on with Aadhaar after fingerprint readers fail: We’ll buy iris scanners:
“Yesterday, we had to send about a hundred people back when the internet did not work for six hours,” said Ali ...

Hanja Devi, an Antyodaya [maximum entitlement] beneficiary, failed to get 35 kilo foodgrain on her third trip in three days because of Aadhaar authentication failures ...

Of the nearly 860 beneficiaries who came to Aziz’s ration shop in December, he said, only half could get their fingerprint authenticated in one go ...

The biometric machine showed that the Aadhaar number of Santosh Devi, of Kesharpura village, belonged to someone else ...

The Rajasthan government made Aadhaar-based authentication mandatory at ration shops in December when the ration-seeding process [without which, digitally, you don't exist] was completed for less than half the ration beneficiaries ...

“From March 11 till 18, one week of the ration consumers’ fortnight, the servers were not working properly" ...

... all parts surrounded by the Aravalli hills had poor internet connectivity. “In Todgarh, which is also near the Aravalli hills, the ration dealer has to collect the beneficiaries 3 kilometres from the shop to catch signal" ...

... several families were trying to get their children’s biometrics registered ... because schools had ordered them to enrol for Aadhaar ...

Hansraj Yadav, who is additional director- Unique Identification Authority, said that to solve the problem of high rates of fingerprint authentication failure, the Rajasthan government is planning to install more biometric machines – this time, iris scanning machines ...
And here's Safran Morpho explaining how well Aadhaar is working, including Safran Morpho's biometrics systems:


No doubt the Home Office believe Safran Morpho's version and will pursue their big idea. The rest of us should prepare for Rajasthan's version.

That couldn't happen here, could it? Not in Blighty.

Believe what you like ...

... but we tried and failed to deploy the Basic Payment Scheme for farmers and our broadband couldn't cope ...

... and CloudStore, the old Digital MarketPlace has been known to be out of action for days and even weeks at a time ...


... and we're currently threatening to deploy GOV.UK Verify (RIP) even though it is thought that up to 30% of the low-paid can't have their identity verified ...

... and we're using Safran Morpho (SecureIdentity) as one of our eight "identity providers" for GOV.UK Verify (RIP) even though GDS themselves say that five of them – Barclays, CitizenSafe, Royal Mail, SecureIdentity and Verizon – are "unlikely to be able to verify you":


"Aadhaar" means platform in many of India's dozens of languages. The idea is that it provides a safe platform on which India can build public services. GOV.UK Verify (RIP), the UK's proposed identity assurance platform, looks just as rickety, in any language.

What's more, GOV.UK Verify (RIP) is due to go live this month. Some time in the next 19 days.

Apparently the Hindi for computer says no is "Aap ka Aadhaar sahi nahi hai". You'd better learn that before May.

And get a coconut. According to the Rajasthan article above, when one old woman couldn't have her identity verified, a bystander quipped: "Break a coconut first next time". It may help you when some idiot deploys electronic voting in the UK.


Updated 7.7.16

You will remember that the only prudent stance on mass consumer biometrics is scepticism. And that the House of Commons Science and Technology Committee were told, please see above, that no UK police force uses "facial image software" at the moment because "the technology is not yet at the maturity where it could be deployed".

You will therefore be amused to read today's Times newspaper:
CCTV riches for man who puts name to a face

... The Somerset-based SSL — Simulation Systems Ltd — a past recipient of the Queen’s Award for Enterprise, has been in the vanguard of developing CCTV equipment for major roads and devices, which it is claimed, can make out the faces of motorists in their vehicles two miles away even if there is mist, rain or snow. In clear weather viewing distances are claimed to be 15 miles ...
The men and women in blue can't get facial image software to work with photographs taken in a well-lit police station but Simulation Systems Ltd can recognise a face two miles away in the mist?

People want to believe in biometrics so much that they will accept any claim however ludicrous. They will even repeat these claims in serious newspapers.


Updated 12.8.16

It's mid-August and even the news has gone on holiday.

What to publish?

How about?
Boffins' blur-busting face recognition can ID you with one bad photo

Developers warn that scary people are out there doing this already

12 Aug 2016 at 03:58, Darren Pauli


Scientists have found a way to accurately identify completely obscured faces using recognition systems trained on only a handful of well-lit photos.

The work by Seong Joon Oh, Rodrigo Benenson, Mario Fritz, and Bernt Schiele of Max Planck Institute in Saarbrücken, Germany, finds faces can be recognised with up to 91.5 per cent accuracy when the system is fed with just 10 clear images of a target's face.

The Faceless Person Recogniser is up to 69.6 per cent accurate when working from just one image ...
Other numbers mentioned include 14.7, 4.65, ones, handful, 12, 83 and, more ambitiously, 40,000 and 2,000.

We've been here before ...

Updated 24.10.16

The Government Digital Service (GDS) don't have a published strategy at the moment. That doesn't stop them recruiting like mad and it didn't stop the Treasury promising them £450 million.

Still, it's embarrassing. So Kevin Cunnington, the new Director General, has taken to briefing journalists on the contents of GDS's strategy, which may be published before Christmas 2016.

All journalists report that Mr Cunnington sees a great future for GOV.UK Verify (RIP), GDS's identity assurance scheme that doesn't work. Rebecca Hill, writing for Public Technology.net, Kevin Cunnington reveals his ‘cunning plan’ for future of GDS, adds this gem:
In addition, Cunnington said he wanted GDS to offer more advice to departments and encourage innovation across Whitehall. He noted that the Home Office was doing some good work on biometrics, but that this sort of attitude to digital innovation should be broadened out further.
The House of Commons Science and Technology Committee were unable to discover any good work being done on biometrics, please see above. If Mr Cunnington is hoping that GOV.UK Verify (RIP) will be saved by biometrics, he's in for a great disappointment.


Updated 10.11.16

We are all still waiting for GDS's strategy to be announced but the other day at least we learned its mission – to "support, enable and assure".

What does "support" mean?

According to Kevin Cunnington, director general of GDS, among other things it means that GDS should "innovate with new ideas, and help departments to innovate. Things like biometric residence permits, which a team at the Home Office has been working on".

Quick reference to p.9 of your well-thumbed July 2006 copy of Identity Card Technologies: Scientific Advice, Risk and Evidence will remind you that:
The Home Office admitted that the timetabling of the programme was being reviewed by the IPS but said that it “remains committed to delivering the ID cards programme as soon as possible, starting with biometric residence permits for foreign nationals in 2008” ...
The programme whose timetable was being reviewed back then was the National Identity Scheme (subsequently the National Identity Service). The NIS was finally reviewed to death in December 2010 when the Identity Cards Act was repealed at which point IPS, the Identity & Passport Service, imploded. Which is why we Brits still don't have UK government-issued ID cards. But some foreigners do, and have done since November 2008 – biometric residence permits.

There was nothing innovative about biometric residence permits. Not in 2008. And not in 2006. By 2002, the Home Office was already issuing asylum seekers with biometric Application Registration Cards, please see p.114 of their consultation on entitlement cards (subsequently ID cards).

That's 14 years ago and nine years before GDS existed. GDS can hardly be said to be innovating new ideas in this case or even helping the Home Office to do so. Biometric residence permits are a rotten example for Mr Cunnington to give of GDS's mission to support.

Despite their failure, the Home Office still harbour a pathological craving for ID cards. A pathological craving which is quite clearly now being channelled through Kevin Cunnington ...

... which tells you what to expect on Christmas Day when you open your GDS strategy.


Updated 11.10.17

The psychopathology continues at the UK Home Office. Face scans at the border to keep track of EU migrants after Brexit, it said in the Daily Telegraph newspaper a few days ago.

Cold comfort but it's not just the Home Office – Dubai Airport is replacing security checks with face-scanning fish.

And we think people were superstitious and gullible in the Middle Ages.


Updated 27.10.17

PAS 499:2017 Digital identification and authentication – Code of practice.

That document is a PAS, a publicly available specification, published by BSI Standards Limited, a company something to do with the venerable British Standards Institution (BSI). The document is in draft and the authors seek comments on it.

PAS 499 is a serious attempt to specify some practices needed to reduce the incidence of cybercrime based on false identities. It could survive all the tests that have to be undergone on the way to becoming a British standard.

The idea is to improve the identification and authentication of the parties to on-line transactions. Financial transactions in particular. "... in payment services regulatory requirements on authentication are going from a very low baseline to an extremely strong customer authentication, where security requirements go far beyond that expected in any other sector" (clause 0.3).

One example among many of these more onerous compliance requirements is PSD2, the latest Payment Services Directive. At clause 3.1.4 of the PAS an authentication factor is defined as:
data or a physical item used to carry out an identity authentication

NOTE 1 Typically categorized into one of the following:
a) Knowledge – something you know (e.g. password)
b) Possession – something you have (e.g. physical token or device)
c) Inherence – something you are (e.g. biometric)

NOTE 2 These may be dynamic (changing on each occasion) or static (fixed and unchanging). Static factors, once compromised, might require replacement in order to ensure integrity of the authentication system.

NOTE 3 Further information on authentication factors is given in PSD2.

NOTE 4 Geolocation can be viewed as an additional category but, under the terms of PSD2, it is not considered an authentication factor on its own. However, it might assist with the authentication risk assessment.
Note 4 is of particular interest to DMossEsq who was working on the idea of location identity back in 2003 (please see §4.9) but is not germane to our purposes here.

What is germane is the concept of authentication factors:
  • At clause 5.3 the PAS recommends that it is good practice to use all three factors when authenticating a person – a knowledge factor and a possession factor and an inherence factor.
  • And at clause 5.6 it recommends that, for all but the lowest levels of assurance, each factor should be multi-modal. If an organisation is using biometrics, for example, as a what-you-are/inherent factor, then at least two biometrics should be used, two modes, e.g. both fingerprints and iris scans.
At which point you realise that this PAS, this serious piece of expert work, is bound to be let down and undermined by the reliance it places on biometrics. PAS 499 depends on the science of mass consumer biometrics working, and it doesn't.

It's not even a science according to three world experts – Messrs Wayman, Possolo and Mansfield – because it's out of statistical control.

You can almost work that out for yourself. The results of large-scale field trials of biometrics always used to reveal that they are hopelessly unreliable. That problem has been solved by not publishing results any more. And, indeed, by not conducting large-scale field trials any more.

There are other problems where PAS 499 strays into biometrics.

At clause 5.7 we read: "The higher the numbers of modes captured at enrolment, or re-enrolment, the greater the chance of establishing uniqueness":
And at clause 9.9 we read: "Where the biometric match is 100%, the organization should review the factor to determine whether a replay attack is being attempted". Certainly a 100% match is extraordinarily suspicious, where you're dealing with probabilities and variable quality scanning/probing equipment, but 100 is not the only number – if a person repeatedly comes up with the same score whatever it is, that is suspicious and points to a replay.

But the core problem is that PAS 499 authentication rests on three factors/pillars, one of which is a mirage made of wishful thinking. That is no use to the payment services industry nor to any of us.


Updated 16.11.17

17 August 2017, and NatWest sent DMossEsq an email that he's only recently read:


"Log in with your fingerprint"? To a serious UK bank? A serious UK bank who must know as well as you do that the login will fail about 20% of the time and annoy their customers? And if it doesn't fail 20% of the time that means that impostors will find it easier to pretend to be you?

DMossEsq tucked that away in the life-is-too-short category until yesterday, when Money Box Live was on the radio while he was washing up, New technology and banking: "New technology is transforming the way we handle our finances. Are you someone who uses mobile apps to keep track of how you spend your money or does the thought of it fill you with dread?".

And blow me down if Nationwide aren't introducing not only fingerprinting but also face recognition, the biometric where it would be just as reliable and a darned sight cheaper to toss an unbiased coin.

What's going on?

That's what DMossEsq wanted to know but he was too late when he rang 03700 100 444 to get on air.

Cheap mass consumer biometrics haven't suddenly started working reliably after 60 years of uninterrupted failure. So why are the banks pretending to rely on them?

Answer, one of Mark King's more cynical suggestions ... PSD2, the second Payment Services Directive, Directive 2015/2366/EU, which comes into force on 13 January 2018.

Cynical. And incontestable – clause 30 of Article 4 defines "strong authentication" as "authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data".

Hidden away in the middle there – "inherence (something the user is)" – is biometrics. If the banks want to be able to say they have authenticated you strongly before authorising a payment out of your account, they'd best have checked your biometrics. And the Member States of the EU will want the banks to be able to say that because, Article 97: "Member States shall ensure that a payment service provider applies strong customer authentication ...".

When they announce their fingerprint and face recognition initiatives and other biometric tat, the banks aren't saying that they're introducing biometrics because they now think biometrics work. They're saying they have to offer biometric authentication because otherwise, thanks to PSD2, they can't be banks.

They'll still really be relying on what you know (e.g. a password) and what you have (e.g. a debit card and a PINSentry). But in addition, at extra cost, to you, they will also dutifully pretend to be interested in your biometrics. Thanks to brilliant and cynical lobbying Apple, among others like our good friends Idemia, have a licence to print money and are going to be laughing all the way to the payment service provider:



Updated 1.12.17

How old would you have to be to believe this latest article in the Times newspaper? Less than 9?
Facebook develops facial recognition cameras that feed shop staff their customers’ profile details

... A patent submitted by the company this month reveals that it is working on technology that will enable brands to target shoppers with specific products informed by their Facebook activity and facial expressions. The plans also give details of crowd-scanning technology that can identify emotions, which are relayed to managers and shop assistants. In theory it will be able to alert staff if a customer is unhappy or needs assistance ...

No comments:

Post a Comment