The Home Office, Heathrow Airport, the security of the UK border and the safety of the Olympics

Here's a copy of a press release that's just been issued. Forgot to mention the French. Zut. They're lapping it up, too, just like the Indians.

PRESS RELEASE

To:

Home Office

OIG (re US-VISIT)

IDABC (re OSCIE)

China (re Golden Shield)

Pakistan (re NADRA)

FBI (re NGI)

UIDAI (re Aadhaar)

Agencies

The Home Office – Misfeasance in public office

23 May 2012

Six questions for editors to ponder:

• The Home Office have been asked to reassure the public by publishing a justification for spending public money on biometrics technology they've previously proved to be useless. For 2½ years they've refused. Nor did they present any evidence as to the reliability of their chosen biometrics to the court. Why? Is it because they can't? Is it because there is no justification and our money is, indeed, being wasted?
• The court sees no iniquity in that potential waste of money and describes it as not "in itself or in any way material". If this isn't an iniquity, what is?
• We are assured by the Home Office and the court that the procurement of IABS didn't break any UK or EU rules. That finding of the court is accepted but so what? The Home Office are still refusing to release the IBM trial report to the public. They go further. The Home Office say the trial was conducted under such specific constraints that reading the report wouldn’t tell the public much. In other words they admit that they have no justification whatever for spending our money on biometrics. The procurement complies with the rules but it could still be iniquitous and the Home Office could still be guilty of misfeasance in public office.
• Dame Helen Ghosh, Permanent Secretary at the Home Office, told the Home Affairs Committee that "... there are plans ... to reduce the staff of the Border Force by around 900 people ... that is driven as much by technological introductions like e-gates, as well as a risk-based approach. Border Force will be getting smaller". Is it wise to replace human beings with technology that costs more and doesn't work?
• Rob Whiteman, Chief Executive of what's left of the UK Border Agency, says of IABS in the March 2012 issue of the staff magazine that "the system, delivered by the agency in partnership with Suppliers IBM, Morpho, Fujitsu, Atos Origin and Software AG, is the first multi-modal biometric matching system. It provides greater accuracy in fingerprint matching together with an integrated facial matching element. It delivers a more comprehensive service, underpinning the agency’s objective to secure our border and reduce immigration". It isn't the first. Pakistan's was the first, and much good it's done that unfortunate country. The IABS biometrics provided by Morpho could be more reliable than the previous system but still useless. Just a little less useless. Is Mr Whiteman misleading his staff as to the history and the reliability of UKBA's biometrics?
• Sir David Normington, Dame Helen's predecessor, caused Lin Homer and Brodie Clark to write to David Moss asserting that smart gates were being installed at UK airports on the basis of a trial at Manchester Airport. When John Vine, the Independent Chief Inspector of the UK Border Agency, as he then was, reported on his May 2010 inspection of Manchester Airport, he said "we could find no overall plan to evaluate the success or otherwise of the facial recognition gates at Manchester Airport and would urge the Agency to do so [as] soon as possible". This evidence of the Home Office consistently misleading the public, Parliament, ministers, the media and its staff was put before the court. The Home Office made no response. Neither did the court in its decision. The allegation is a serious one. Why doesn't it warrant a response?

At the oral hearing in the matter of David Moss v Information Commissioner and the Home Office held on 24 February 2012, David Moss turned up in court and so did the Information Commissioner's staff and his barrister, but the Home Office didn't.

Why not?

The hearing concerned the Home Office's Immigration and Asylum Biometric System. IABS was due to go live at the border by the end of 2011 under the direction of Ms Jackie Keane, a senior civil servant at the UK Border Agency. She missed that date but bits of IABS went live at the end of February, with the results we all saw in the ensuing weeks, Heathrow at 'breaking' point as Border Force struggles to cope, leaked memos warn, ‘Minister lying over Heathrow queues’ says BA chief, and so on. We may surmise that the Home Office were too busy to attend.

On the other hand, the barrister who has represented the Home Office since the case began a year ago was there in court, except that this time he was representing IBM.

Why?

Because IABS is an IBM contract. It was awarded to them in 2009.

Stacked to the rafters with Nobel prize-winners in most disciplines, nevertheless IBM had no particular expertise in biometrics and no products of their own. They arranged a competition between six biometrics companies and chose Sagem Sécurité (now Morpho) as the best. In the process, they also made good their lack of biometrics expertise – in fact, IBM played a blinder there.

IABS was initially estimated to be worth £265 million and a lot of that money – public money, your money and mine – is being wasted according to David Moss because the biometrics chosen by the Home Office don't work. That's what the case is about.

You know they don't work. You read the BBC's report on the year-long trial of biometrics, ID cards scheme dubbed 'a farce'. You read the Telegraph's report on the smart gates installed at UK airports, Airport face scanners 'cannot tell the difference between Osama bin Laden and Winona Ryder'. You watched Brodie Clark tell the Home Affairs Committee that fingerprint checks are the least reliable identity/security checks made at the border, the ninth and bottom priority for his (now ex-)Border Force officers and the most sensible check to drop when the queues build up and threaten to get out of control.

David Moss lost the case anyway. It was a 2-to-1 majority decision against, a sort of a Minority Report 2 – they may not work at Heathrow or anywhere else in the real world but biometrics are the bee's knees in Hollywood films.

With the explicit permission of the court and the Home Office and the Information Commissioner you can read IBM's evidence in the case, please see attached. IBM's Commercial Director on IABS, Mr Nicholas Swain, explains that all the testing on biometrics was done by IBM and the results belong to IBM and that's why the public aren't allowed to see them despite paying for IABS. We're just meant to suppose that IABS will help to make the border secure and keep the Olympics safe despite all the respectable published evidence to the contrary. You can read Jackie Keane's evidence, too. She agrees with Nick.

It was all IBM's idea according to Ms Keane. OK, the Home Office gave IBM five million pairs of fingerprints to use as test data. And the Home Office specified the acceptance tests that had to be passed. And the Home Office agreed to pay IBM £265 million. But that's all.

It's been a long haul. It goes back 2½ years to a Freedom of Information request submitted on 6 January 2010. And it's not over yet because the other day David Moss submitted an application for permission to appeal. This could go on for years more.

While we're waiting for closure, we have those six questions above to ponder. And this one – what's IABS really about? It's obviously nothing to do with biometrics, as the court effectively acknowledges at paragraph 8 of its decision.

All relevant documents can be discovered at:

http://dematerialisedid.com/bcsl/foi.html

---

Notes to editors

1. As the Treasury Solicitors say (30 April 2012), "the submissions and open evidence lodged with the Tribunal in this case were relied upon and put in evidence at a hearing held in public". We really do all have permission to quote from this material and to comment on it.

2. Without wishing in any way to "lead" you, it is suggested that it will be most fruitful to start with the evidence submitted by the Home Office and IBM. And the evidence of Professor Ross Anderson at the University of Cambridge Computer Laboratory who points out that the banks have rejected biometrics as being too unreliable and asks why in that case do the Home Office trust them?

3. The background to this case is set out in the first few pages of the appeal document and centres on Whitehall’s competence and its duty to acknowledge the supremacy of Parliament, a subject which you will see there exercises the Home Affairs Committee.

4. Where does this story fit in the newspaper or on the radio/TV current affairs programme? Not on the fashion pages perhaps, but certainly in horoscopes and probably almost anywhere else – UK news, international news (they're all at it, look at India), EU news (the European Commission love biometrics and "eIDs", electronic identities), Westminster/politics, Whitehall/governance, the business pages, law reports/the Constitution, travel, sport (c.f. security at the Olympics generally and specifically UKBA's trip to Istanbul for the world wrestling championships to collect biometrics), the technology pages, cartoons, the crossword, ...

---

About David Moss
David Moss has worked as an IT consultant since 1981. The past 9 years have been spent campaigning against the Home Office's plans to introduce government ID cards into the UK. It must now be admitted that the Home Office are much better at convincing people that these plans are a bad idea than anyone else, including David Moss.

----------

Updated 21.2.18

It's getting on for six years since the blog post above was published.

Nothing has changed as far as the Home Office are concerned:

• Despite their record, the Home Office are still in charge of UK border control and they still find it a challenge, to put it politely, please see Border Force not ready for extra checks, claim MPs and Time has run out for May’s Brexit immigration plan.
• The director of strategy and transformation at the UK Border Force is Mr Christophe Prince according to his LinkedIn entry, the same man who was a deputy director of the UK Border Agency (RIP) for the three years 2006-09.
• And the UK Border Force still relies on IABS, the Immigration and Asylum Biometrics System, run for the moment by IBM and still relying on Morpho biometrics technology.

In the outside world things have moved on a little:

• The UK Government Digital Service (GDS) have contracted with Morpho to supply "identity provider" services to GOV.UK Verify (RIP), the failed identity assurance scheme.
• GDS have stated it as a strategic objective of theirs to incorporate more biometrics into public services on the basis that it's innovative to do so.
• And Safran have sold Morpho to private equity investors, who have changed its name to Idemia.

Idemia gets about a bit. It always has, whatever it was called at the time.

In 2012 they were found guilty of bribery to win business in Nigeria. The bribery of which they were found guilty took place between 2000 and 2003. They appealed and had the verdict overturned in 2015.

There was a spot of bother in Kenya when the opposition party claimed that Idemia had cost them the August 2017 general election. It was the devil's own job for the Kenyan authorities to have the October re-run conducted the way they wanted, and not Idemia.

There was the earlier problem revealed by Naomi Klein in 2008 when she discovered that face recognition technology being used in Operation Golden Shield had been sold to China by L-1 Identity Solutions, Inc., a company subsequently bought by Idemia. That trade is against the law in the US. It is barred by the US Commerce Department's Bureau of Industry and Security post-Tiananmen export controls.

Everything seemed to be going profitably enough for Idemia in India, where their products are used for biometric registration under Aadhaar, the identity assurance scheme for 1.2 billion Indians, until ...

... enter Russia. Idemia allegedly bought some Russian software and inserted it into its own products to improve performance but didn't tell anyone.

Now that some disaffected Idemia ex-employees have made this allegation, the Indians are a little non-plussed. Rather as the Americans may be, also: "The company, now named Idemia, has provided fingerprint-recognition software to the Department of Defense and agencies in 28 states and 36 cities or counties across the US — from the Orange County Sheriff’s Department to the New York Police Department", not to mention the FBI. Cue fears of cyber-espionage being carried out by software buried deep in the security, military and justice systems.

What goes around comes around. The Indians are also worried about allegations that some other software they use in Aadhaar has CIA tools hidden in it but that's another story.

The question here is, do GDS and the Home Office want anything to do with Idemia? How well-prepared are they? Why take the risk? What's the point? After all, it's not as though the biometrics works.

The Home Office, Heathrow Airport, the security of the UK border and the safety of the Olympics

Here's a copy of a press release that's just been issued. Forgot to mention the French. Zut. They're lapping it up, too, just like the Indians.

PRESS RELEASE

To:

Home Office

OIG (re US-VISIT)

IDABC (re OSCIE)

China (re Golden Shield)

Pakistan (re NADRA)

FBI (re NGI)

UIDAI (re Aadhaar)

Agencies

The Home Office – Misfeasance in public office

23 May 2012

Six questions for editors to ponder:

• The Home Office have been asked to reassure the public by publishing a justification for spending public money on biometrics technology they've previously proved to be useless. For 2½ years they've refused. Nor did they present any evidence as to the reliability of their chosen biometrics to the court. Why? Is it because they can't? Is it because there is no justification and our money is, indeed, being wasted?
• The court sees no iniquity in that potential waste of money and describes it as not "in itself or in any way material". If this isn't an iniquity, what is?
• We are assured by the Home Office and the court that the procurement of IABS didn't break any UK or EU rules. That finding of the court is accepted but so what? The Home Office are still refusing to release the IBM trial report to the public. They go further. The Home Office say the trial was conducted under such specific constraints that reading the report wouldn’t tell the public much. In other words they admit that they have no justification whatever for spending our money on biometrics. The procurement complies with the rules but it could still be iniquitous and the Home Office could still be guilty of misfeasance in public office.
• Dame Helen Ghosh, Permanent Secretary at the Home Office, told the Home Affairs Committee that "... there are plans ... to reduce the staff of the Border Force by around 900 people ... that is driven as much by technological introductions like e-gates, as well as a risk-based approach. Border Force will be getting smaller". Is it wise to replace human beings with technology that costs more and doesn't work?
• Rob Whiteman, Chief Executive of what's left of the UK Border Agency, says of IABS in the March 2012 issue of the staff magazine that "the system, delivered by the agency in partnership with Suppliers IBM, Morpho, Fujitsu, Atos Origin and Software AG, is the first multi-modal biometric matching system. It provides greater accuracy in fingerprint matching together with an integrated facial matching element. It delivers a more comprehensive service, underpinning the agency’s objective to secure our border and reduce immigration". It isn't the first. Pakistan's was the first, and much good it's done that unfortunate country. The IABS biometrics provided by Morpho could be more reliable than the previous system but still useless. Just a little less useless. Is Mr Whiteman misleading his staff as to the history and the reliability of UKBA's biometrics?
• Sir David Normington, Dame Helen's predecessor, caused Lin Homer and Brodie Clark to write to David Moss asserting that smart gates were being installed at UK airports on the basis of a trial at Manchester Airport. When John Vine, the Independent Chief Inspector of the UK Border Agency, as he then was, reported on his May 2010 inspection of Manchester Airport, he said "we could find no overall plan to evaluate the success or otherwise of the facial recognition gates at Manchester Airport and would urge the Agency to do so [as] soon as possible". This evidence of the Home Office consistently misleading the public, Parliament, ministers, the media and its staff was put before the court. The Home Office made no response. Neither did the court in its decision. The allegation is a serious one. Why doesn't it warrant a response?

At the oral hearing in the matter of David Moss v Information Commissioner and the Home Office held on 24 February 2012, David Moss turned up in court and so did the Information Commissioner's staff and his barrister, but the Home Office didn't.

Why not?

The hearing concerned the Home Office's Immigration and Asylum Biometric System. IABS was due to go live at the border by the end of 2011 under the direction of Ms Jackie Keane, a senior civil servant at the UK Border Agency. She missed that date but bits of IABS went live at the end of February, with the results we all saw in the ensuing weeks, Heathrow at 'breaking' point as Border Force struggles to cope, leaked memos warn, ‘Minister lying over Heathrow queues’ says BA chief, and so on. We may surmise that the Home Office were too busy to attend.

On the other hand, the barrister who has represented the Home Office since the case began a year ago was there in court, except that this time he was representing IBM.

Why?

Because IABS is an IBM contract. It was awarded to them in 2009.

Stacked to the rafters with Nobel prize-winners in most disciplines, nevertheless IBM had no particular expertise in biometrics and no products of their own. They arranged a competition between six biometrics companies and chose Sagem Sécurité (now Morpho) as the best. In the process, they also made good their lack of biometrics expertise – in fact, IBM played a blinder there.

IABS was initially estimated to be worth £265 million and a lot of that money – public money, your money and mine – is being wasted according to David Moss because the biometrics chosen by the Home Office don't work. That's what the case is about.

You know they don't work. You read the BBC's report on the year-long trial of biometrics, ID cards scheme dubbed 'a farce'. You read the Telegraph's report on the smart gates installed at UK airports, Airport face scanners 'cannot tell the difference between Osama bin Laden and Winona Ryder'. You watched Brodie Clark tell the Home Affairs Committee that fingerprint checks are the least reliable identity/security checks made at the border, the ninth and bottom priority for his (now ex-)Border Force officers and the most sensible check to drop when the queues build up and threaten to get out of control.

David Moss lost the case anyway. It was a 2-to-1 majority decision against, a sort of a Minority Report 2 – they may not work at Heathrow or anywhere else in the real world but biometrics are the bee's knees in Hollywood films.

With the explicit permission of the court and the Home Office and the Information Commissioner you can read IBM's evidence in the case, please see attached. IBM's Commercial Director on IABS, Mr Nicholas Swain, explains that all the testing on biometrics was done by IBM and the results belong to IBM and that's why the public aren't allowed to see them despite paying for IABS. We're just meant to suppose that IABS will help to make the border secure and keep the Olympics safe despite all the respectable published evidence to the contrary. You can read Jackie Keane's evidence, too. She agrees with Nick.

It was all IBM's idea according to Ms Keane. OK, the Home Office gave IBM five million pairs of fingerprints to use as test data. And the Home Office specified the acceptance tests that had to be passed. And the Home Office agreed to pay IBM £265 million. But that's all.

It's been a long haul. It goes back 2½ years to a Freedom of Information request submitted on 6 January 2010. And it's not over yet because the other day David Moss submitted an application for permission to appeal. This could go on for years more.

While we're waiting for closure, we have those six questions above to ponder. And this one – what's IABS really about? It's obviously nothing to do with biometrics, as the court effectively acknowledges at paragraph 8 of its decision.

All relevant documents can be discovered at:

http://dematerialisedid.com/bcsl/foi.html

---

Notes to editors

1. As the Treasury Solicitors say (30 April 2012), "the submissions and open evidence lodged with the Tribunal in this case were relied upon and put in evidence at a hearing held in public". We really do all have permission to quote from this material and to comment on it.

2. Without wishing in any way to "lead" you, it is suggested that it will be most fruitful to start with the evidence submitted by the Home Office and IBM. And the evidence of Professor Ross Anderson at the University of Cambridge Computer Laboratory who points out that the banks have rejected biometrics as being too unreliable and asks why in that case do the Home Office trust them?

3. The background to this case is set out in the first few pages of the appeal document and centres on Whitehall’s competence and its duty to acknowledge the supremacy of Parliament, a subject which you will see there exercises the Home Affairs Committee.

4. Where does this story fit in the newspaper or on the radio/TV current affairs programme? Not on the fashion pages perhaps, but certainly in horoscopes and probably almost anywhere else – UK news, international news (they're all at it, look at India), EU news (the European Commission love biometrics and "eIDs", electronic identities), Westminster/politics, Whitehall/governance, the business pages, law reports/the Constitution, travel, sport (c.f. security at the Olympics generally and specifically UKBA's trip to Istanbul for the world wrestling championships to collect biometrics), the technology pages, cartoons, the crossword, ...

---

About David Moss
David Moss has worked as an IT consultant since 1981. The past 9 years have been spent campaigning against the Home Office's plans to introduce government ID cards into the UK. It must now be admitted that the Home Office are much better at convincing people that these plans are a bad idea than anyone else, including David Moss.

----------

Updated 21.2.18

It's getting on for six years since the blog post above was published.

Nothing has changed as far as the Home Office are concerned:

• Despite their record, the Home Office are still in charge of UK border control and they still find it a challenge, to put it politely, please see Border Force not ready for extra checks, claim MPs and Time has run out for May’s Brexit immigration plan.
• The director of strategy and transformation at the UK Border Force is Mr Christophe Prince according to his LinkedIn entry, the same man who was a deputy director of the UK Border Agency (RIP) for the three years 2006-09.
• And the UK Border Force still relies on IABS, the Immigration and Asylum Biometrics System, run for the moment by IBM and still relying on Morpho biometrics technology.

In the outside world things have moved on a little:

• The UK Government Digital Service (GDS) have contracted with Morpho to supply "identity provider" services to GOV.UK Verify (RIP), the failed identity assurance scheme.
• GDS have stated it as a strategic objective of theirs to incorporate more biometrics into public services on the basis that it's innovative to do so.
• And Safran have sold Morpho to private equity investors, who have changed its name to Idemia.

Idemia gets about a bit. It always has, whatever it was called at the time.

In 2012 they were found guilty of bribery to win business in Nigeria. The bribery of which they were found guilty took place between 2000 and 2003. They appealed and had the verdict overturned in 2015.

There was a spot of bother in Kenya when the opposition party claimed that Idemia had cost them the August 2017 general election. It was the devil's own job for the Kenyan authorities to have the October re-run conducted the way they wanted, and not Idemia.

There was the earlier problem revealed by Naomi Klein in 2008 when she discovered that face recognition technology being used in Operation Golden Shield had been sold to China by L-1 Identity Solutions, Inc., a company subsequently bought by Idemia. That trade is against the law in the US. It is barred by the US Commerce Department's Bureau of Industry and Security post-Tiananmen export controls.

Everything seemed to be going profitably enough for Idemia in India, where their products are used for biometric registration under Aadhaar, the identity assurance scheme for 1.2 billion Indians, until ...

... enter Russia. Idemia allegedly bought some Russian software and inserted it into its own products to improve performance but didn't tell anyone.

Now that some disaffected Idemia ex-employees have made this allegation, the Indians are a little non-plussed. Rather as the Americans may be, also: "The company, now named Idemia, has provided fingerprint-recognition software to the Department of Defense and agencies in 28 states and 36 cities or counties across the US — from the Orange County Sheriff’s Department to the New York Police Department", not to mention the FBI. Cue fears of cyber-espionage being carried out by software buried deep in the security, military and justice systems.

What goes around comes around. The Indians are also worried about allegations that some other software they use in Aadhaar has CIA tools hidden in it but that's another story.

The question here is, do GDS and the Home Office want anything to do with Idemia? How well-prepared are they? Why take the risk? What's the point? After all, it's not as though the biometrics works.

Safran's directors generously give away their shareholders' intellectual property and $1.6 billion of their shareholders' money

Safran press release, Paris 26 July 2011:

Safran completes the acquisition of L-1 Identity Solutions Becomes world leader in biometric identity solutions After completing all required approval procedures, Safran (NYSE Euronext Paris: SAF) today announced that it has finalized the acquisition of L-1 Identity Solutions, Inc., a leading identity management solutions provider in the United States, for a total cash amount of $1.09 billion ($12 per share), which was originally announced in the press release on September 20, 2010. Following this transaction, Safran becomes the world leader in biometric identity solutions ... L-1 will join Safran’s existing security business, operating as Morpho, and will be renamed MorphoTrust. The new company will be partly managed as a proxy structure, thus providing appropriate protection for U.S. national security ... Jean-Paul Herteman, Chairman and CEO of Safran, said: "We are delighted to have finalized this transaction, which is perfectly aligned with the Group’s development strategy in the security business..."

At the date of purchase, L-1 Identity Solutions, Inc., had never made a profit. Hardly surprising. The company was a ragbag of failed biometrics businesses, including Visionics Corp., Identix, Inc., and Viisage.

Identix is particularly well known in the UK. In 2004, the UK Passport Service conducted a year-long trial of biometrics which proved that they are not reliable enough for use in passports, ID cards, residence permits, visas, driving licences and the like, please see cribsheet below. The trial was carried out using Identix products (Appendix C, p.254ff).

"$1.09 billion" may seem like a very precise number. It isn't. Unmentioned in the press release above, Safran took on about $500 million of L-1's debt in addition to buying the company. Safran's shareholders' initial stake is therefore a lot higher than $1.09 billion, please see for example this 16 May 2011 Bloomberg article:

Safran, a Paris-based maker of airplane engines for Airbus SAS and Boeing Co., agreed to buy L-1 for $12 a share, or 48 percent more than L-1’s 20-day trading average before it was first reported July 15 that Safran was considering a purchase of L-1. The offer is valued at $1.58 billion including net debt.

And for that, Safran doesn't even get unfettered control. There's a "proxy structure" in there "providing appropriate protection for U.S. national security". Pleading national security, Safran's US Federal and State contracts could be switched to the all-American 3M Cogent, leaving Safran with nothing to show for $1.58 billion.

You can see why L-1 would be pleased with this deal. It's not obvious what's in it for Safran.

---

This isn't the first time that shareholders and equity analysts will have had qualms about Safran's venture into biometrics.

On 7 October 2009, when their subsidiary Morpho was still known as "Sagem Sécurité", Safran issued this press release in Paris:

Sagem Sécurité chosen by IBM to support United Kingdom’s National Identity Assurance Service (NIAS) Sagem Sécurité (Safran group) has signed a contract with IBM to supply and maintain a biometric management solution for British travel and identity documents, on behalf of the British Home Office’s Identity and Passport Service (IPS). The project is a core element of the Government’s plans to upgrade to biometric passports and enhance the security of the UK border. Sagem Sécurité will provide multibiometric facial and fingerprint recognition technology that was assessed for speed, accuracy and cost in competitive trials developed and run by IBM, using in excess of 10 million images. The technology will enable IBM to help IPS and the UK Border Agency to deliver the next generation of secure and reliable identity documents to British citizens, residents and people requesting asylum, while minimising the risk of fraud ...

How did Safran/Sagem Sécurité/Morpho get this contract with IBM?

The answer is provided in a witness statement submitted by Mr Nicholas Swain in a case heard in the British courts, EA/2001/0081 (please see the entry for 20 July 2011). IBM organised a demonstration of biometric capability for the UK Home Office. Mr Swain is a Commercial Director at IBM and he says:

10. As part of IBM's bid, during late 2008 and early 2009, IBM carried out a series of tests with specialist biometric software providers who were bidding to be part of ... IBM's solution for the NBIS project as part of the Demonstration ... 11. IBM negotiated the commercial arrangements with each of the biometric service providers, including Non-Disclosure Agreements (NDAs) to protect their commercially sensitive information (see further below). Six suppliers participated in the Demonstration ... 14. Thereafter, on 1 May 2009, IBM signed a contract to provide NBIS with the Home Office and, shortly afterwards, entered a sub-contract with Sagem (now Morpho), one of the suppliers who participated in the Demonstration, to provide the specialist biometric software needed for NBIS. In August 2010 this contract was revised and the programme was re-named IABS ... 18. All of the suppliers involved in the Demonstration made significant investment in time and provided IBM with more details about their products performance than is generally available. The information provided included business-critical intellectual property of the suppliers, representing the results of major investment in software research and development ...

In 2008 and 2009 IBM had no particular expertise in biometrics. They have remedied that thanks to Safran, who gave them "business-critical intellectual property ... representing the results of major investment in software research and development".

IBM have played a blinder. They won a £265 million contract from the British government. And they acquired the fruits of several decades of Safran's R&D. All in return for a piece of paper, an NDA. You can see why IBM would be pleased with this deal. It's not obvious what's in it for Safran.

Safran's products can be tested without handing over the crown jewels. IBM and the Home Office only need to know whether Safran's products work, not how they work.

---

The directors of Safran gave the shareholders' intellectual property to IBM and they gave $1.6 billion of shareholders' money to L-1. What did they give to get their contract with UIDAI, the organisation responsible for issuing electronic IDs to 1.2 billion Indians?

---

Cribsheet – the failure of biometrics
Using L-1/Identix biometrics technology, the Home Office conducted trials of face recognition, fingerprinting and iris scanning back in 2004. The report on the trial was published by Atos Origin in May 2005 and even after many months of massage the figures still demonstrated failure.

10% of able-bodied participants in the trial couldn't register their irisprints in the first place, and that figure rises to 39% for the disabled participants. These people would quite simply not exist if public services only recognised people by their irisprints.

Face recognition biometrics failed with 31% of the able-bodied participants and 52% of the disabled. We would all do better to toss an unbiased coin than to rely on face recognition, a technology with an uninterrupted history of failure.

Which leaves us with fingerprints.

Understand that we're not talking here about traditional fingerprinting. The technology trusted by law enforcers worldwide for over a century now. Rolled prints. Taken using ink. By a police expert. Acceptable as evidence in a court of law. A technology so accurate that when there's a disagreement independent experts are flown in to resolve the matter.

No, we're talking instead about a modern, cheap, clean, quick technology, no expert required, a sort of glorified photocopying process, utterly unreliable, with a 19 or 20 percent failure rate. 19% for the able-bodied and 20% for the disabled. A technology that doesn't work well with old people, manual labourers, people from East Asia and women (p.34).

So much for L-1's biometrics technology. No-one is going to fly in independent experts from abroad to investigate 19 or 20 percent of all disputed matches and non-matches. Flat print fingerprinting, to put it loosely, doesn't work.

If the right to public services or the right to work or the right to vote or the right to a pension or the right to get married or the right to live in your municipal area or the right to travel beyond it – the right to cross an invisible eBorder – ever depend on flat print fingerprinting, then 19 or 20 percent of people legitimately entitled to those benefits will be wrongly denied them.

Do Morpho's other biometrics products work any better than L-1's?

So far, the public has not been told. Not in the UK, not in France, nowhere. Public money – your money and mine – is being invested by the UK Home Office and by Interior Ministries around the world, with no justification given.

Given that the only report on the reliability of biometrics published to date by the UK government demonstrates that the technology doesn't work, we need to see some independent and academically scrupulous evidence that our money isn't being wasted.

For all we know, the belief in the reliability of today's mass consumer biometrics is as foolish as the belief in astrology.

As Professor Ross Anderson, the king of IT security engineering, points out, the banks don't trust mass consumer biometrics technology. Otherwise they'd use it. So why does the government trust this technology? And why should we?

With no answers forthcoming, for all we know our money is being wasted on snake oil.

Safran's directors generously give away their shareholders' intellectual property and $1.6 billion of their shareholders' money

Safran press release, Paris 26 July 2011:

Safran completes the acquisition of L-1 Identity Solutions Becomes world leader in biometric identity solutions After completing all required approval procedures, Safran (NYSE Euronext Paris: SAF) today announced that it has finalized the acquisition of L-1 Identity Solutions, Inc., a leading identity management solutions provider in the United States, for a total cash amount of $1.09 billion ($12 per share), which was originally announced in the press release on September 20, 2010. Following this transaction, Safran becomes the world leader in biometric identity solutions ... L-1 will join Safran’s existing security business, operating as Morpho, and will be renamed MorphoTrust. The new company will be partly managed as a proxy structure, thus providing appropriate protection for U.S. national security ... Jean-Paul Herteman, Chairman and CEO of Safran, said: "We are delighted to have finalized this transaction, which is perfectly aligned with the Group’s development strategy in the security business..."

At the date of purchase, L-1 Identity Solutions, Inc., had never made a profit. Hardly surprising. The company was a ragbag of failed biometrics businesses, including Visionics Corp., Identix, Inc., and Viisage.

Identix is particularly well known in the UK. In 2004, the UK Passport Service conducted a year-long trial of biometrics which proved that they are not reliable enough for use in passports, ID cards, residence permits, visas, driving licences and the like, please see cribsheet below. The trial was carried out using Identix products (Appendix C, p.254ff).

"$1.09 billion" may seem like a very precise number. It isn't. Unmentioned in the press release above, Safran took on about $500 million of L-1's debt in addition to buying the company. Safran's shareholders' initial stake is therefore a lot higher than $1.09 billion, please see for example this 16 May 2011 Bloomberg article:

Safran, a Paris-based maker of airplane engines for Airbus SAS and Boeing Co., agreed to buy L-1 for $12 a share, or 48 percent more than L-1’s 20-day trading average before it was first reported July 15 that Safran was considering a purchase of L-1. The offer is valued at $1.58 billion including net debt.

And for that, Safran doesn't even get unfettered control. There's a "proxy structure" in there "providing appropriate protection for U.S. national security". Pleading national security, Safran's US Federal and State contracts could be switched to the all-American 3M Cogent, leaving Safran with nothing to show for $1.58 billion.

You can see why L-1 would be pleased with this deal. It's not obvious what's in it for Safran.

---