You weren't invited to Ovum's Industry Congress on 24 May 2011, were you, so you didn't hear Phil Pavitt's talk on the "frictionless services" that he says the public is demanding from HMRC.
Still, you can read about it in Computer World UK, where you will discover that Phil is the Chief Information Officer (CIO, i.e. what we used to call the "DP Manager") at HMRC and he says frictionless services require identity assurance (IdA).
He may be right about that, after all we don't know what a frictionless service is, but he must be wrong when he says: "We don't currently have ID authentication in UK government".
That's just not true. Some of us small businesses have been submitting our VAT returns online using the UK Government Gateway every three months for several years now and that requires ID authentication by the UK government. And millions of people use HMRC's self-assessment website for income tax, again via the Government Gateway.
Why does Phil make this false statement?
Because no-one in Whitehall likes the Government Gateway. It doesn't look anything like the front end of Amazon or eBay or Facebook or Google. They want the Government Gateway to go away, it's old and ugly and not the sort of accessory a hip young CIO wants to be seen dead wearing. It cost millions. It works. It seems to be secure. But it's got to go.
What will the IdA replacement look like? Not long to wait to find out now, says Phil, "in March of this year the Department for Work and Pensions (DWP) revealed plans that will see it be the first central government department to roll out identity assurance services, in a project that is set to cost £25 million".
£25 million? What's the betting that there's a 1 in front of that by the time the National Audit Office get to take a look? If we're lucky. Otherwise a 4. While even Oxfam won't want the old Government Gateway, already paid for, years of successful use behind it, but pensioned off in its prime.
What do we foresee? All together now – friction!
Thursday 31 May 2012
Some food for the thoughts of Jon Ungoed-Thomas and Philip Johnston – IdA/DWP
You weren't invited to Ovum's Industry Congress on 24 May 2011, were you, so you didn't hear Phil Pavitt's talk on the "frictionless services" that he says the public is demanding from HMRC.
Still, you can read about it in Computer World UK, where you will discover that Phil is the Chief Information Officer (CIO, i.e. what we used to call the "DP Manager") at HMRC and he says frictionless services require identity assurance (IdA).
He may be right about that, after all we don't know what a frictionless service is, but he must be wrong when he says: "We don't currently have ID authentication in UK government".
That's just not true. Some of us small businesses have been submitting our VAT returns online using the UK Government Gateway every three months for several years now and that requires ID authentication by the UK government. And millions of people use HMRC's self-assessment website for income tax, again via the Government Gateway.
Why does Phil make this false statement?
Because no-one in Whitehall likes the Government Gateway. It doesn't look anything like the front end of Amazon or eBay or Facebook or Google. They want the Government Gateway to go away, it's old and ugly and not the sort of accessory a hip young CIO wants to be seen dead wearing. It cost millions. It works. It seems to be secure. But it's got to go.
What will the IdA replacement look like? Not long to wait to find out now, says Phil, "in March of this year the Department for Work and Pensions (DWP) revealed plans that will see it be the first central government department to roll out identity assurance services, in a project that is set to cost £25 million".
£25 million? What's the betting that there's a 1 in front of that by the time the National Audit Office get to take a look? If we're lucky. Otherwise a 4. While even Oxfam won't want the old Government Gateway, already paid for, years of successful use behind it, but pensioned off in its prime.
What do we foresee? All together now – friction!
Still, you can read about it in Computer World UK, where you will discover that Phil is the Chief Information Officer (CIO, i.e. what we used to call the "DP Manager") at HMRC and he says frictionless services require identity assurance (IdA).
He may be right about that, after all we don't know what a frictionless service is, but he must be wrong when he says: "We don't currently have ID authentication in UK government".
That's just not true. Some of us small businesses have been submitting our VAT returns online using the UK Government Gateway every three months for several years now and that requires ID authentication by the UK government. And millions of people use HMRC's self-assessment website for income tax, again via the Government Gateway.
Why does Phil make this false statement?
Because no-one in Whitehall likes the Government Gateway. It doesn't look anything like the front end of Amazon or eBay or Facebook or Google. They want the Government Gateway to go away, it's old and ugly and not the sort of accessory a hip young CIO wants to be seen dead wearing. It cost millions. It works. It seems to be secure. But it's got to go.
What will the IdA replacement look like? Not long to wait to find out now, says Phil, "in March of this year the Department for Work and Pensions (DWP) revealed plans that will see it be the first central government department to roll out identity assurance services, in a project that is set to cost £25 million".
£25 million? What's the betting that there's a 1 in front of that by the time the National Audit Office get to take a look? If we're lucky. Otherwise a 4. While even Oxfam won't want the old Government Gateway, already paid for, years of successful use behind it, but pensioned off in its prime.
What do we foresee? All together now – friction!
Some food for the thoughts of Jon Ungoed-Thomas and Philip Johnston – IdA/GDS
Those chaps in the Government Digital Service (GDS) get about a bit. California. Estonia. And now the White House.
GDS's job is to do Martha Lane Fox's bidding and make public services digital by default. In order to achieve that, they need to deliver an identity assurance service (IdA) and they were in Washington "to share, learn and collaborate with some of the key individuals and organisations in the US wrestling with the challenges of identity in cyberspace" including Senator Barbara Mikulski.
The encounter between these wrestlers "focused on the economic necessity of creating an ecosystem of trust both for individual users of the internet, who are overwhelmed by usernames and passwords, and for businesses where the increasing cost of fraud is offsetting the efficiency benefits from digital channels".
The notion that Whitehall could create an ecosystem of trust needs to be compared with the markets they have created to date, e.g. PFI.
Far from being overwhelmed by usernames and passwords, individuals worldwide appear to be using the web more and more. Of course what GDS are offering is yet more usernames and passwords. But with this difference. Theirs will be the only usernames and passwords we have to remember. They will act as gateways to all the other services we use. We will become entirely dependent on GDS and its various unicorn-hustler agents (Facebook, Google, ..., Mydex) to conduct any transactions with anyone. Can they be trusted in this rôle?
And the cost of fraud appears to be shrinking, not increasing. The only cloud on the horizon is DWP's Universal Credit scheme which, if it follows the government's independent learning accounts and tax credits, promises to be the locus of a fraud feeding frenzy.
But apart from that – three false propositions in one sentence, a record? – after a long bout, there was one result: "the Senator made it clear that volunteers are needed if the voluntary approach in the US is to be successful".
Gluttons for punishment, our GDS delegates went on from the White House to OIX, the Open Identity Exchange, where "there was great interest in what the UK Identity Assurance Programme is doing and an offer from OIX to help us achieve our goals – which we readily accepted".
Hands up everyone who remembers voting to have their identity traded on a US exchange?
GDS's job is to do Martha Lane Fox's bidding and make public services digital by default. In order to achieve that, they need to deliver an identity assurance service (IdA) and they were in Washington "to share, learn and collaborate with some of the key individuals and organisations in the US wrestling with the challenges of identity in cyberspace" including Senator Barbara Mikulski.
The encounter between these wrestlers "focused on the economic necessity of creating an ecosystem of trust both for individual users of the internet, who are overwhelmed by usernames and passwords, and for businesses where the increasing cost of fraud is offsetting the efficiency benefits from digital channels".
The notion that Whitehall could create an ecosystem of trust needs to be compared with the markets they have created to date, e.g. PFI.
Far from being overwhelmed by usernames and passwords, individuals worldwide appear to be using the web more and more. Of course what GDS are offering is yet more usernames and passwords. But with this difference. Theirs will be the only usernames and passwords we have to remember. They will act as gateways to all the other services we use. We will become entirely dependent on GDS and its various unicorn-hustler agents (Facebook, Google, ..., Mydex) to conduct any transactions with anyone. Can they be trusted in this rôle?
And the cost of fraud appears to be shrinking, not increasing. The only cloud on the horizon is DWP's Universal Credit scheme which, if it follows the government's independent learning accounts and tax credits, promises to be the locus of a fraud feeding frenzy.
But apart from that – three false propositions in one sentence, a record? – after a long bout, there was one result: "the Senator made it clear that volunteers are needed if the voluntary approach in the US is to be successful".
Gluttons for punishment, our GDS delegates went on from the White House to OIX, the Open Identity Exchange, where "there was great interest in what the UK Identity Assurance Programme is doing and an offer from OIX to help us achieve our goals – which we readily accepted".
Hands up everyone who remembers voting to have their identity traded on a US exchange?
Some food for the thoughts of Jon Ungoed-Thomas and Philip Johnston – IdA/GDS
Those chaps in the Government Digital Service (GDS) get about a bit. California. Estonia. And now the White House.
GDS's job is to do Martha Lane Fox's bidding and make public services digital by default. In order to achieve that, they need to deliver an identity assurance service (IdA) and they were in Washington "to share, learn and collaborate with some of the key individuals and organisations in the US wrestling with the challenges of identity in cyberspace" including Senator Barbara Mikulski.
The encounter between these wrestlers "focused on the economic necessity of creating an ecosystem of trust both for individual users of the internet, who are overwhelmed by usernames and passwords, and for businesses where the increasing cost of fraud is offsetting the efficiency benefits from digital channels".
The notion that Whitehall could create an ecosystem of trust needs to be compared with the markets they have created to date, e.g. PFI.
Far from being overwhelmed by usernames and passwords, individuals worldwide appear to be using the web more and more. Of course what GDS are offering is yet more usernames and passwords. But with this difference. Theirs will be the only usernames and passwords we have to remember. They will act as gateways to all the other services we use. We will become entirely dependent on GDS and its various unicorn-hustler agents (Facebook, Google, ..., Mydex) to conduct any transactions with anyone. Can they be trusted in this rôle?
And the cost of fraud appears to be shrinking, not increasing. The only cloud on the horizon is DWP's Universal Credit scheme which, if it follows the government's independent learning accounts and tax credits, promises to be the locus of a fraud feeding frenzy.
But apart from that – three false propositions in one sentence, a record? – after a long bout, there was one result: "the Senator made it clear that volunteers are needed if the voluntary approach in the US is to be successful".
Gluttons for punishment, our GDS delegates went on from the White House to OIX, the Open Identity Exchange, where "there was great interest in what the UK Identity Assurance Programme is doing and an offer from OIX to help us achieve our goals – which we readily accepted".
Hands up everyone who remembers voting to have their identity traded on a US exchange?
GDS's job is to do Martha Lane Fox's bidding and make public services digital by default. In order to achieve that, they need to deliver an identity assurance service (IdA) and they were in Washington "to share, learn and collaborate with some of the key individuals and organisations in the US wrestling with the challenges of identity in cyberspace" including Senator Barbara Mikulski.
The encounter between these wrestlers "focused on the economic necessity of creating an ecosystem of trust both for individual users of the internet, who are overwhelmed by usernames and passwords, and for businesses where the increasing cost of fraud is offsetting the efficiency benefits from digital channels".
The notion that Whitehall could create an ecosystem of trust needs to be compared with the markets they have created to date, e.g. PFI.
Far from being overwhelmed by usernames and passwords, individuals worldwide appear to be using the web more and more. Of course what GDS are offering is yet more usernames and passwords. But with this difference. Theirs will be the only usernames and passwords we have to remember. They will act as gateways to all the other services we use. We will become entirely dependent on GDS and its various unicorn-hustler agents (Facebook, Google, ..., Mydex) to conduct any transactions with anyone. Can they be trusted in this rôle?
And the cost of fraud appears to be shrinking, not increasing. The only cloud on the horizon is DWP's Universal Credit scheme which, if it follows the government's independent learning accounts and tax credits, promises to be the locus of a fraud feeding frenzy.
But apart from that – three false propositions in one sentence, a record? – after a long bout, there was one result: "the Senator made it clear that volunteers are needed if the voluntary approach in the US is to be successful".
Gluttons for punishment, our GDS delegates went on from the White House to OIX, the Open Identity Exchange, where "there was great interest in what the UK Identity Assurance Programme is doing and an offer from OIX to help us achieve our goals – which we readily accepted".
Hands up everyone who remembers voting to have their identity traded on a US exchange?
Some food for the thoughts of Jon Ungoed-Thomas and Philip Johnston – midata/BIS
Wired magazine carried an article yesterday by Alan Mitchell promising that Personal data stores will liberate us from a toxic privacy battleground.
Alan Mitchell, you will remember, is the strategy director of Ctrl-Shift, a consultancy retained by the UK Department for Business Innovation and Skills (BIS) to work on their midata initiative. William Heath is a non-executive director of Ctrl-Shift. Alan Mitchell and William Heath are the founders of Mydex, a company bidding to supply personal data stores in the UK, thereby supposedly liberating us from a toxic privacy battleground.
Mr Mitchell did not find space in his article to mention any of that background but he did, quite properly, emphasise that personal data stores are only recommended if the individuals who use them to disseminate their personal data are guaranteed to have control over how that data is used.
We do not currently have that control. It doesn't exist. It might do in the future but it doesn't exist now. Ctrl-Shift's strategy therefore depends on something indistinguishable from unicorns, which also don't exist. From that point of view, Ctrl-Shift has a strategy problem.
Wired magazine describe Mr Mitchell as "a strategic advisor to the UK Government's Midata project". By the same token, the UK Government therefore has a strategy problem. midata can't work. It depends on something which doesn't exist.
Given which, why do BIS continue to pursue it?
Alan Mitchell, you will remember, is the strategy director of Ctrl-Shift, a consultancy retained by the UK Department for Business Innovation and Skills (BIS) to work on their midata initiative. William Heath is a non-executive director of Ctrl-Shift. Alan Mitchell and William Heath are the founders of Mydex, a company bidding to supply personal data stores in the UK, thereby supposedly liberating us from a toxic privacy battleground.
Mr Mitchell did not find space in his article to mention any of that background but he did, quite properly, emphasise that personal data stores are only recommended if the individuals who use them to disseminate their personal data are guaranteed to have control over how that data is used.
We do not currently have that control. It doesn't exist. It might do in the future but it doesn't exist now. Ctrl-Shift's strategy therefore depends on something indistinguishable from unicorns, which also don't exist. From that point of view, Ctrl-Shift has a strategy problem.
Wired magazine describe Mr Mitchell as "a strategic advisor to the UK Government's Midata project". By the same token, the UK Government therefore has a strategy problem. midata can't work. It depends on something which doesn't exist.
Given which, why do BIS continue to pursue it?
Some food for the thoughts of Jon Ungoed-Thomas and Philip Johnston – midata/BIS
Wired magazine carried an article yesterday by Alan Mitchell promising that Personal data stores will liberate us from a toxic privacy battleground.
Alan Mitchell, you will remember, is the strategy director of Ctrl-Shift, a consultancy retained by the UK Department for Business Innovation and Skills (BIS) to work on their midata initiative. William Heath is a non-executive director of Ctrl-Shift. Alan Mitchell and William Heath are the founders of Mydex, a company bidding to supply personal data stores in the UK, thereby supposedly liberating us from a toxic privacy battleground.
Mr Mitchell did not find space in his article to mention any of that background but he did, quite properly, emphasise that personal data stores are only recommended if the individuals who use them to disseminate their personal data are guaranteed to have control over how that data is used.
We do not currently have that control. It doesn't exist. It might do in the future but it doesn't exist now. Ctrl-Shift's strategy therefore depends on something indistinguishable from unicorns, which also don't exist. From that point of view, Ctrl-Shift has a strategy problem.
Wired magazine describe Mr Mitchell as "a strategic advisor to the UK Government's Midata project". By the same token, the UK Government therefore has a strategy problem. midata can't work. It depends on something which doesn't exist.
Given which, why do BIS continue to pursue it?
Alan Mitchell, you will remember, is the strategy director of Ctrl-Shift, a consultancy retained by the UK Department for Business Innovation and Skills (BIS) to work on their midata initiative. William Heath is a non-executive director of Ctrl-Shift. Alan Mitchell and William Heath are the founders of Mydex, a company bidding to supply personal data stores in the UK, thereby supposedly liberating us from a toxic privacy battleground.
Mr Mitchell did not find space in his article to mention any of that background but he did, quite properly, emphasise that personal data stores are only recommended if the individuals who use them to disseminate their personal data are guaranteed to have control over how that data is used.
We do not currently have that control. It doesn't exist. It might do in the future but it doesn't exist now. Ctrl-Shift's strategy therefore depends on something indistinguishable from unicorns, which also don't exist. From that point of view, Ctrl-Shift has a strategy problem.
Wired magazine describe Mr Mitchell as "a strategic advisor to the UK Government's Midata project". By the same token, the UK Government therefore has a strategy problem. midata can't work. It depends on something which doesn't exist.
Given which, why do BIS continue to pursue it?
A suggestion for Jon Ungoed-Thomas and Philip Johnston, published on a blog provided "free" by Google
Two articles in the Sunday Times by Jon Ungoed-Thomas – Your emails, sex secrets and health details – all harvested by Google and Google grabs secrets of private lives – and one in the Telegraph next day by Philip Johnston – That car in your street was a Google Street View search engine.
While Google was filming our streets it was also collecting information about our WiFi networks. Without permission and without telling anyone. That was a mistake, said Google when they were found out, which is an odd thing for Google to say. The whole point about Google is that they don't make mistakes.
The US Federal Communications Commission are fining Google $25,000 for impeding their investigation of the matter. Google had revenues in 2011 of $37.905 billion on which it made profits of $9.737 billion. The fine amounts to 81 seconds of profits and is thought not to have dealt a mortal blow to the company's share price.
According to Jon Ungoed-Thomas, Google's telecommunications interception system was designed by Mr Marius Milner, a Trinity College Cambridge maths graduate, who handed it over to Google recommending that they'd better get a ruling from a privacy lawyer before using it.
At which point the claim that Google's Street View cars used Mr Milner's system by mistake all over the world for several years starts to look a bit threadbare.
We all know that Google record our web searches and read our email and do something with the information they glean there about our preferences and interests. We never pay them for the use of any of their excellent services. We know there's something odd there. Where does the $38 billion annual revenue come from? We latter-day Dr Faustuses prefer not to ask.
Mr Johnston muses in his article about the attitude of the young today, incontinently spraying their personal information all over the web, no sense of decency, or privacy, no dignity. Or words to that effect. He is rewarded for this perfectly sensible observation by being called an "old fart" by one of Google's astrosurfers commenting below the line.
DMossEsq made a much politer comment but it was deleted. Several times. Every time it was submitted. So quickly that it must have been deleted by an automated old fart.
No such indignity on the Sunday Times website (a website readers pay for, incidentally), where the comment was published and is still there:
While Google was filming our streets it was also collecting information about our WiFi networks. Without permission and without telling anyone. That was a mistake, said Google when they were found out, which is an odd thing for Google to say. The whole point about Google is that they don't make mistakes.
The US Federal Communications Commission are fining Google $25,000 for impeding their investigation of the matter. Google had revenues in 2011 of $37.905 billion on which it made profits of $9.737 billion. The fine amounts to 81 seconds of profits and is thought not to have dealt a mortal blow to the company's share price.
According to Jon Ungoed-Thomas, Google's telecommunications interception system was designed by Mr Marius Milner, a Trinity College Cambridge maths graduate, who handed it over to Google recommending that they'd better get a ruling from a privacy lawyer before using it.
At which point the claim that Google's Street View cars used Mr Milner's system by mistake all over the world for several years starts to look a bit threadbare.
We all know that Google record our web searches and read our email and do something with the information they glean there about our preferences and interests. We never pay them for the use of any of their excellent services. We know there's something odd there. Where does the $38 billion annual revenue come from? We latter-day Dr Faustuses prefer not to ask.
Mr Johnston muses in his article about the attitude of the young today, incontinently spraying their personal information all over the web, no sense of decency, or privacy, no dignity. Or words to that effect. He is rewarded for this perfectly sensible observation by being called an "old fart" by one of Google's astrosurfers commenting below the line.
DMossEsq made a much politer comment but it was deleted. Several times. Every time it was submitted. So quickly that it must have been deleted by an automated old fart.
No such indignity on the Sunday Times website (a website readers pay for, incidentally), where the comment was published and is still there:
There's the story Messrs Ungoed-Thomas and Johnston should be writing, surely – in the name of modernisation and transformational government, the middle-aged delinquents of Whitehall are openly planning to hand over our personal data en masse to Google and others. How much will that free lunch cost us?
... Note that the Department of Business Innovation and Skills want Google to help provide us all with "personal data stores" as part of the department's midata project.
And that the Cabinet Office look to Google to provide us with electronic identities so that public services can all become "digital by default".
And that Whitehall's plans for a G-Cloud – a government cloud – rely on Google and others storing our data on their servers in a gigantic leap of faith in so-called "cloud computing".
HMG seems to be desperate to invite Google into our lives and to hand over the responsibility for public administration to Google in a re-run of the Pied Piper of Hamelin, http://www.dmossesq.com/2012/04/amazon-google-facebook-et-al-latter-day.html
Why? Have they given up? Is government too difficult for them?
A suggestion for Jon Ungoed-Thomas and Philip Johnston, published on a blog provided "free" by Google
Two articles in the Sunday Times by Jon Ungoed-Thomas – Your emails, sex secrets and health details – all harvested by Google and Google grabs secrets of private lives – and one in the Telegraph next day by Philip Johnston – That car in your street was a Google Street View search engine.
While Google was filming our streets it was also collecting information about our WiFi networks. Without permission and without telling anyone. That was a mistake, said Google when they were found out, which is an odd thing for Google to say. The whole point about Google is that they don't make mistakes.
The US Federal Communications Commission are fining Google $25,000 for impeding their investigation of the matter. Google had revenues in 2011 of $37.905 billion on which it made profits of $9.737 billion. The fine amounts to 81 seconds of profits and is thought not to have dealt a mortal blow to the company's share price.
While Google was filming our streets it was also collecting information about our WiFi networks. Without permission and without telling anyone. That was a mistake, said Google when they were found out, which is an odd thing for Google to say. The whole point about Google is that they don't make mistakes.
The US Federal Communications Commission are fining Google $25,000 for impeding their investigation of the matter. Google had revenues in 2011 of $37.905 billion on which it made profits of $9.737 billion. The fine amounts to 81 seconds of profits and is thought not to have dealt a mortal blow to the company's share price.
Tuesday 29 May 2012
Protecting civilisation from the fingers of terror
Here's a quotation from an article in New Scientist magazine. You need to know that Visionics is a biometrics company that specialises in face recognition. Now you're an expert:
Clearly, the Newham police, for all sorts of human reasons, somehow entrapped themselves in a deception perpetrated on the public at public expense. Has it happened again?
Last week, Assistant Commissioner Mark Rowley was singing the praises of the mobile fingerprint readers now issued to policemen patrolling in 28 of the UK's 56 police forces. Home Office figures suggest that the flat print fingerprint technology used in these devices fails about 20% of the time.
Equally clearly, and to the credit of the Newham police, they finally extricated themselves from this fraud with their admission. Will that happen again?
How long before we read in New Scientist that:
Look at the Image Metrics quotation above, "an ineffective or poorly applied security technology is as dangerous as a poorly tested or inappropriately prescribed drug". Prescription drugs are subject to extensive testing before the regulators will sanction their release to the public. Without that, we'd all be dead. The same goes for aircraft design. Without the Civil Aviation Authority, a lot more of us would be dead.
There is none of that open, public, peer-reviewed testing regime when it comes to the government wasting our money on biometrics. Try to find out what justification there is for Whitehall's decision to invest in biometrics and you get a two-year court case and no information.
There is no good reason for this peculiar asymmetry.
How do we avoid the recurrence of Newham-style embarrassments?
It's about time the Office for National Statistics was involved in Whitehall technology decisions and that initiatives which depend on reliable technology should not be allowed to incur substantial public expenditure before and unless the ONS has agreed and published official statistics supporting the business case.
Admitted ... the police admitted ...
Airport security isn't the only use for face-recognition software: it has been put through its paces in other settings, too. One example is "face in the crowd" on-street surveillance, made notorious by a trial in the London Borough of Newham. Since 1998, some of the borough's CCTV cameras have been feeding images to a face-recognition system supplied by Visionics, and Newham has been cited by the company as a success and a vision of the future of policing. But in June this year, the police admitted to The Guardian newspaper that the Newham system had never even matched the face of a person on the street to a photo in its database of known offenders, let alone led to an arrest.
Clearly, the Newham police, for all sorts of human reasons, somehow entrapped themselves in a deception perpetrated on the public at public expense. Has it happened again?
Last week, Assistant Commissioner Mark Rowley was singing the praises of the mobile fingerprint readers now issued to policemen patrolling in 28 of the UK's 56 police forces. Home Office figures suggest that the flat print fingerprint technology used in these devices fails about 20% of the time.
Equally clearly, and to the credit of the Newham police, they finally extricated themselves from this fraud with their admission. Will that happen again?
How long before we read in New Scientist that:
For anyone interested in the history of biometrics companies, i.e. how we got into this mess, please note that:
... Assistant Commissioner Mark Rowley admitted to __________ that the MobileID initiative had never even matched the fingerprints of a person on the street to a set of dabs in its database of known offenders, let alone led to an arrest. In fact all it had achieved was to reduce the chances of a felon being taken down to the nick by a straight 20% at a stroke.
- After the Newham debacle Visionics was taken over by Identix.
- Identix supplied the biometrics technology for the UK Passport Service biometrics enrolment trial from which the 20% failure rate for flat print fingerprinting is taken.
- Identix was taken over by L-1 Identity Solutions.
- L-1 was bought by Safran.
- And Safran provide the biometrics we depend on for the success of IABS, the Immigration and Asylum Biometrics System which is meant to keep the UK border secure and to make the 2012 Olympics safe.
There are more of these gems available in the DMossEsq treasure trove of mendacity, Biometrics: guilty until proven innocent.
Face-off
I CAME here looking for an argument but I can't find one. All round this lofty exhibition hall - billed as the world's biggest market for security equipment - the people selling face-recognition systems are being disarmingly, infuriatingly honest ... I thought they'd at least attempt to defend the technology. When they don't, it's me who's caught off guard. Is it true that the systems can't recognise someone wearing sunglasses? Yes, they say. Is it true that if you turn your head and look to one side of the camera, it can't pick you out? Again, yes. What about if you simply don't keep your head still? They nod.
Maybe nine or ten months ago they would have risen to the bait. In those days the face-recognition industry was on a high. In the wake of 11 September, Visionics, a leading manufacturer, issued a fact sheet explaining how its technology could enhance airport security. They called it "Protecting civilization from the faces of terror". The company's share price skyrocketed, as did the stocks of other face-recognition companies, and airports across the globe began installing the software and running trials. As the results start to come in, however, the gloss is wearing off. No matter what you might have heard about face-recognition software, Big Brother it ain't ...
Image Metrics, a British company that develops image-recognition software, ... warned of the danger of exaggerated claims, saying that "an ineffective or poorly applied security technology is as dangerous as a poorly tested or inappropriately prescribed drug" ... to catch 90 per cent of suspects at an airport, face-recognition software would have to raise a huge number of false alarms. One in three people would end up being dragged out of the line - and that's assuming everyone looks straight at the camera and makes no effort to disguise themselves ...
Palm Beach International Airport in Florida released the initial results of a trial using a Visionics face-recognition system. The airport authorities loaded the system with photographs of 250 people, 15 of whom were airport employees. The idea was that the system would recognise these employees every time they passed in front of a camera. But, the airport authorities admitted, the system only recognised the volunteers 47 per cent of the time while raising two or three false alarms per hour ...
To give themselves the best chance of picking up suspects, operators can set the software so that it doesn't have to make an exact match before it raises the alarm. But there's a price to pay: the more potential suspects you pick up, the more false alarms you get. You have to get the balance just right. Visionics - now called Identix after merging with a fingerprint-scanning company in June - is quick to blame its system's lacklustre performance on operators getting these settings wrong ...
Numerous studies have shown that people are surprisingly bad at matching photos to real faces. A 1997 experiment to investigate the value of photo IDs on credit cards concluded that cashiers were unable to tell whether or not photographs matched the faces of the people holding them. The test, published in Applied Cognitive Psychology (vol 11, p 211), found that around 66 per cent of cashiers wrongly rejected a transaction and more than 50 per cent accepted a transaction they should have turned down. The report concluded that people's ability to match faces to photographs was so poor that introducing photo IDs on credit cards could actually increase fraud.
The way people change as they age could also be a problem. A study by the US National Institute of Standards and Technology investigated what happens when a face-recognition system tries to match up two sets of mugshots taken 18 months apart. It failed dismally, with a success rate of only 57 per cent.
There's another fundamental problem with using face-recognition software to spot terrorists: good pictures of suspects are hard to come by ...
Very few security personnel at American airports have CIA clearance, so they aren't allowed to see the images. "Until they've got cleared personnel in each of those airports they can't stop terrorists getting on planes," says Iain Drummond, chief executive of Imagis technologies, a biometrics company based in Vancouver, Canada ...
Airport security isn't the only use for face-recognition software: it has been put through its paces in other settings, too. One example is "face in the crowd" on-street surveillance, made notorious by a trial in the London Borough of Newham. Since 1998, some of the borough's CCTV cameras have been feeding images to a face-recognition system supplied by Visionics, and Newham has been cited by the company as a success and a vision of the future of policing. But in June this year, the police admitted to The Guardian newspaper that the Newham system had never even matched the face of a person on the street to a photo in its database of known offenders, let alone led to an arrest.
Look at the Image Metrics quotation above, "an ineffective or poorly applied security technology is as dangerous as a poorly tested or inappropriately prescribed drug". Prescription drugs are subject to extensive testing before the regulators will sanction their release to the public. Without that, we'd all be dead. The same goes for aircraft design. Without the Civil Aviation Authority, a lot more of us would be dead.
There is none of that open, public, peer-reviewed testing regime when it comes to the government wasting our money on biometrics. Try to find out what justification there is for Whitehall's decision to invest in biometrics and you get a two-year court case and no information.
There is no good reason for this peculiar asymmetry.
How do we avoid the recurrence of Newham-style embarrassments?
It's about time the Office for National Statistics was involved in Whitehall technology decisions and that initiatives which depend on reliable technology should not be allowed to incur substantial public expenditure before and unless the ONS has agreed and published official statistics supporting the business case.
Protecting civilisation from the fingers of terror
Here's a quotation from an article in New Scientist magazine. You need to know that Visionics is a biometrics company that specialises in face recognition. Now you're an expert:
Clearly, the Newham police, for all sorts of human reasons, somehow entrapped themselves in a deception perpetrated on the public at public expense. Has it happened again?
Last week, Assistant Commissioner Mark Rowley was singing the praises of the mobile fingerprint readers now issued to policemen patrolling in 28 of the UK's 56 police forces. Home Office figures suggest that the flat print fingerprint technology used in these devices fails about 20% of the time.
Equally clearly, and to the credit of the Newham police, they finally extricated themselves from this fraud with their admission. Will that happen again?
How long before we read in New Scientist that:
Admitted ... the police admitted ...
Airport security isn't the only use for face-recognition software: it has been put through its paces in other settings, too. One example is "face in the crowd" on-street surveillance, made notorious by a trial in the London Borough of Newham. Since 1998, some of the borough's CCTV cameras have been feeding images to a face-recognition system supplied by Visionics, and Newham has been cited by the company as a success and a vision of the future of policing. But in June this year, the police admitted to The Guardian newspaper that the Newham system had never even matched the face of a person on the street to a photo in its database of known offenders, let alone led to an arrest.
Clearly, the Newham police, for all sorts of human reasons, somehow entrapped themselves in a deception perpetrated on the public at public expense. Has it happened again?
Last week, Assistant Commissioner Mark Rowley was singing the praises of the mobile fingerprint readers now issued to policemen patrolling in 28 of the UK's 56 police forces. Home Office figures suggest that the flat print fingerprint technology used in these devices fails about 20% of the time.
Equally clearly, and to the credit of the Newham police, they finally extricated themselves from this fraud with their admission. Will that happen again?
How long before we read in New Scientist that:
... Assistant Commissioner Mark Rowley admitted to __________ that the MobileID initiative had never even matched the fingerprints of a person on the street to a set of dabs in its database of known offenders, let alone led to an arrest. In fact all it had achieved was to reduce the chances of a felon being taken down to the nick by a straight 20% at a stroke.