Talk:Biometrics

Biometrics: A security necessity or an invasion of privacy

George Orwell in his book 1984 once described a very dark world in which you are always been watched and controlled. [George Orwell 1984, 1949] The secret leaders in the name of ‘Big Brother’ instituted strong measures to keep control of education, economic status, emotions and even life and death of people. Since his time the term big brother has been used and over used as synonym with totalitarianism to identify grand plans that are seen to overlook the average individual. Recent success with employment of CCTV in the city, covering almost all public places is a good example of grand plan that is increasingly viewed with skepticism. May be undiminishd popularity of big brother is due to its many parallels to events surrounding us in current times.

Some people believe strongly that Orwellian process is currently in the making. Generally media and governments are blamed as showing characteristics of big brother in their approach to masses. As a common denominator among them new technologies are increasingly seen to aid big brother entities to compromise humanity, freedom and privacy of an individual. Barry Steinhardt, director of technology and liberty programs at the American Civil Liberties Union, commenting on Orwellian eye planted on Atlanta (USA) flights said "We've reached a point where a '1984' surveillance society is technologically possible, and that trend was accelerated by the events of September 11…. The technology is developing at the speed of light, but the laws that protect us go back to the stone ages," [cited on washtimes.com 2003].

Technologies that are blamed to facilitate the Orwellian vision tend to have a security bias as its felt that individual’s boundaries are reduced by it. Security is an undeniable necessity. A new security measure usually requires individuals and hence the society to conform to certain protocols which in some context can limit an individual’s freedom and choice. Regardless a technology that can provide a better security is bound to become the technology of future. Immediately it becomes apparent, the paradoxical nature of providing secure technology for a safe future society without compromising the privacy and freedom. It requires careful thought and analysis to see which way the balance is at the moment.

Technologies for security

In 1787 Jermy Bentham, a British philosopher invented ‘Panopticon’ by proposing a prison architecture to provide high security. The architecture is to allow jailors to watch prisoners all the time without the knowledge of prisoners. [Cited on Hyatt 2001, page 19] Even though he wasn’t successful, we can see many Benthams succeeding today with their newly invented technology measures that far supersede Jermy Bentham’s ambitions.

Monitoring and surveillance systems such as CCTV are widely employed, well beyond prison boundaries, to discourage criminal activities and to extract hard evidence in cases of any incidents. Ideally we are approaching a state where most public places and some private places will be monitored around the clock. One of the major drawbacks of this technology is that it still requires human processing ability as part of the implementation. Even in the cases where motion detectors are employed, to identify a developing situation, happening situation or criminals involved, it requires human processing. As these systems are security sensitive it becomes essential to identify who is authorized to access in order to provide valid security. Likewise there are many other systems that are employed world over to provide variety of services to the public such as cash point machines. Identification of an individual, whether it is to authorize him to a system or to determine his identity from monitored information, is crucial.

Hence rests, at the heart of every security measures, in a varying proportion, the problem of identification. Starting with a door locks, every security measure need to identify between good and bad guy. In the complex interactions we have with each other and the entities like private and public institutions, identity and security becomes an essential part.

As we depend on systems to provide secure environment and services to people it becomes paramount to consider the security of a system. A system security is assured by trying to identify the validity of an individual who requested access to the system. Validity of an individual is established by extracting some form of identification from the individual to check against the information held by the system about valid users. More formally a user validating process is called authentication while access level granting is called authorization. In simple terms authentication mechanism verifies the identity and an authorization mechanism associates an identified individual to the authorized set of actions or functions. Combined together they form the security necessary.

Fundamentally an authentication mechanism that exists today uses one or more of the following factors. [Woodward 2003]

Something you know, which usually refers to passwords and PINs
Something you have, which usually refers to cards and tokens
Something you are, which refers to Biometrics-the measurement of physical characteristics or personal traits.

From a system (technology) point of view the authentication process can be listed as follows.

An individual provides an authenticator (one or more of the above factors)-the data item that cannot be provided by anyone else. Its usually produced by a base secret (biometric or other)
Server (system which contains services) contains the verifier-the data item that can verify the correctness of the authenticator
The server uses the verification procedure-an algorithm that compares an authenticator with a verifier

First level of security breach of a system can occur at an authentication level. If a system is connected via a communication channel then it will require additional security measures to ensure the secure transmission over the channels.

The key to provide better authentication is to provide better authenticator. A good technology always tries to provide better authentication mechanism by providing better authenticator. No wonder then, something you are and only you are, become the most favorable factor to provide highly secure authentication mechanisms. It precisely the reason, we have ‘biometrics’ as an authenticator at the top of the list, when it comes to providing the very best authentication and hence security mechanisms. What-you-are, it is believed, unlike what-you-know and what-you-have type of authenticators cannot be robbed or easily imitated.

We already know that we freely use passwords to authenticate us in many Internet sites. We use a PIN with credit card to authenticate ourselves to card processing systems. They all fall under what-we-know means of authentication. We know that we use smart cards and password tokens (password number generating key developed by version is a perfect example), which are better means of security as they eliminate some of the weakness of what-we-know type of authentications. For example with a “Verisign” automatic password generating key, at any point in time it’s only the server and the key that will exactly know the password hence eliminating the possible blunders people do when they use passwords such as using ‘password’ for password! Regardless what we don’t know is that even this means of authentication can lead immediately to invasion of privacy. Every use of an authenticator can be recorded with all the services that we have acquired on that particular event or transactions. In given time such records can be used to build powerful profile of our behavior towards a particular service and eventually when combined with many other type of service it becomes the ultimate tool for big brother. (Function creeping is how it’s called) Just imagine all your medical records including all the drugs subscribed to you, all your retail transactions including what brand of wine you drink the most, and just about all the information that makes up you can be made available in one click search!

Next time you go to a library where you have books due, even in the case you don’t produce an authenticator (library card) and there is new librarian who may not identify you, on the desk, don’t be alarmed if he still alerts the big brother elements. Enter the next generation of authenticators- biometrics. Your librarian was using face-recognition software, which authenticated you, without your permission, and identified you as the culprit by linking you to the member database.

-- --technical overview and review of biometric technology --

Are biometrics necessary?

The short answer to this question is yes. Biometric does solve problems and does appeal to the modern demands.

One of the key reasons why it will be around is because it makes good economic sense. Regardless of the fact that some of the biometrics has high initial costs they do save money on the long run to the cooperation and institutes that choose to adopt them. It primarily will reduce help desk support costs, as there will not be any need for admin to control an authentication process. There will be no password rotation or resets or forgotten password issues. For example fingerprint biometric is estimated to save more than £1 million to a company with 8000 users of a secure system requiring passwords such as a computer. [Page 26] As it’s the economic viability not the novelty of technology that will sustain it to the future, biometric scores good and can be expected to be adopted widely.

On the core purpose, namely providing better security, it naturally scores high compare to any other conventional form of providing authentication and security. As we discussed earlier inherent weaknesses that associated with a password system (can be forgotten and easily hack able) and token-based system (can be forged or lost) are eliminated by biometric system. Further it is easy to use and offers almost immediate authentication without several steps. Retina or iris scans for example is very reliable and is difficult to compromise as it is considered to be a hidden trait.

In addition biometric system comes up with other advantages. Fingerprint biometric, for example, is used for more reasons other than as a means to providing secure access to a system. Latent fingerprints are obtained from crime seen and can be used to identify criminals at a later stage. Some agencies such as FBI and Scotland Yard collect and maintain a central repository of fingerprints to fight against crime. It is used to identify known criminals from latent prints that may be found on a crime scene or can be used to check a suspect’s identity.

Likewise a face biometrics can be used for reverse identification or recognition. In reverse identification again a repository of information about facials details are used to reconstruct a face from a witness account just like an artist, which can be used to visualize the criminal to others. It is notable that president bush has recently announced that a face recognition system will be installed in airports to monitor people who may be arriving to identify possible infiltration by terrorist. [www.herdonthestreet.com] The same fate is strongly shared by DNA biometrics in it that it too is popularly used, not to authenticate to a system but to identify individuals in the context of crime fighting.

There are and will b many other secondary uses of biometric devices. For example, it can be used in hospitals to identify emergency patients who may not be in a position to communicate. Once the technology is widespread and easily accessible, as an inevitable consequence, new uses will be found. As history has shown in many cases (like in the case of internet) it is such a secondary or unforeseen uses that may eventually become more popular to promote biometric devices. As with any technology it is hard to predict how that will be shaped and what consequences it will have in the future.

I n essence, in the light of above advantages, it is hoped by biometric enthusiasts that informed public will show interest and participate in the use of and wider acceptance of biometric devices overcoming the critics and skeptics.

Its necessity is demonstrated by its advantages. There is no better alternative, among the current technologies, to biometric when it comes to providing security.

Can biometric deliver on security?

The core reasons to adopt biometric is for its better security. As a rule of thump we know from our past experience that no system can be secured 100%. A fingerprint-recognizing device if employed independently in public accessible place can be breached. A person with knowledge can use the previously left fingerprint trace and can use it to breach the security of that system. Presenting it with photographs of valid users can breach face recognition system. In addition a face recognition system may suffer from high failure rate if no regular enrolment procedure is done to update the system. Even retina iris scan systems can be breached as shown in the images of science fiction movies.

It’s a widely known secret that a biometric system cannot be employed independently to provide high security. (May be with the exception of eye scanning or thermal scanning mechanisms, as they require expert knowledge to breach) Without other form of authentication to support especially for sensitive authentication in public context it will become liable for security breach. It’s more often applicable in the context of authorization combined with authentication. If only a given set of individuals have access to biometric devices and all of them are enrolled in the system, then a biometric system can be used to control the authorization of that group of individuals. In this context a biometric device already exclude the possible access from others who may wish to tamper with it. For this reasons high security biometric devices combines multiple traits and employ multiple authentication mechanisms. It can be seen in the literature [Chirillo 2003] that biometric devices are better employed with another authentication such as password system. Sadly though, this approach goes begging the question. If a password is to be used along with a given biometric then neither will it eliminate the disadvantages of password system nor will it reduce the cost associated with such a system. It can be seen from this that the biometrics of tomorrow will possibly show much variety by varying mixed use of biometrics for a single context. It may not be possible to establish a single canonical form of biometric of an individual.

Multibiometric of above kind can again be breached if the chosen combinations are week. It is argued that a face recognition device can also use eye blink detectors and so on to establish that presented identity is indeed a human form. But all it takes is a little extra imagination to see why system does not necessarily solve the problem in hand. One can use a video or picture mask with eyes left out.

The above simple discussion helps to illustrate an important point about what-we-are biometric systems. What-we-are is something that cannot be changed and often times are exposed openly to anybody. It requires a person with high security access to be well guarded, at least for the sake of his parts that are used for biometric identification. One may wish to argue, if the biometric device used vascular patterns (internal pattern formed by veins) like in the case of retina scan along with thermal detection from the body also along with say another biometrics, then it will be difficult to breach security. Fact is that if such vascular patterns can be scanned for identity then such knowledge can be used to reverse engineer (possibly using a defected or hijacked or cunningly cheated valid user) to fool the scanner along with appropriate thermal emission and a hack for any other trait used. From this point of view what we have or what we know looks like a much stronger candidates for security. Of course we assume that there are people who are reasonably knowledgeable and are willing to engage on such an act. Given that some terrorist and government agencies well funded with capable people it will not come as a surprise. But that’s exactly why security is felt as so important.

The question then still remains; can the biometrics deliver on its promise? From the point of view of security, I believe, biometrics must be viewed within a limited scope of security improvement. One may not remove all possible conventional form of security because of biometrics, at least for some time to come in the future.

From the above, we can clearly see why biometric technologies are implemented. Its intentions are clearly to benefit humanity in desirable means. We can happily visualize a world of biometrics where things are done for us without having to lift a finger. Our home of the future can identify us and open the door for us as we walk. The living room might recognize we need more warm by our biometric and raise the heating level. Our water tab could know our ph levels and add appropriate chemicals. Our car may refuse to start if we are drunk and alternatively could put music to suit our mood and taste. If we choose we may walk into a supermarket and walkout without worrying about payments. Supermarket may even smell us mile away and communicate to our houses to keep all possible stuff that we may need as we arrive. We may at our work just command the instructions. So on and so forth. Of course we may still be using our senses. Although at some point we may loose touch with who controls everything. Do we have a choice?

Biometrics and crime prevention

The use of biometrics however, expands to many different domains of application other than security notably in relation to crime fighting. One key different in the way biometrics is used in these circumstances must be noted with emphasis. Biometrics is used as identity records with no authentication in mind. From the point of view of authentication then this sort of use of biometrics can be considered as open use. In fact, to protect records of collected biometrics identity a conventional security system may be used as was in the case of fingerprint records. This brings us back to the question of central repository.

In the above discussion on biometric security it was reasonable for us to consider that the algorithm employed can be built (already is the case in some biometric algorithms) in such a manner that biometric identity information may not be reengineered if such records ever to get to the hands of wrong people. Still there are things like prime numbers with extraordinary properties. Just like in standard encryption system, random property of very large prime numbers can be used to encrypt biometric data with only key being the biometric data itself. Such algorithm may give security even from the developers or proprietors of such algorithms. It was reasonable to think that an assurance can be given to the users of biometric systems that only people ever will be accessing the biometric details in the constructed form are only those who have in the first place created the original template-the owners of such traits. It follows any others who try to reconstruct should be considered to be attempting to breach system security. (Anonymity) From this perspective no use for recording and save keeping such records are contemplated for providing secure authentication.

From an isolated point of view even holding records of biometric identities can be harmless. Biometric identities if held independently without association can be used to identify if need arises for crime prevention purposes just like fingerprint or DNA sample is used. If, due to wide spread use of biometrics, such records can be used to access other systems then holders of such repository of information or records hold the possibility of becoming big brother-ever present all knowing entity. If one thinks biometric system always requires an individual to be physically present for authentication must need to think again. (I would like to draw attention to how Afghan girl was identified by her iris patterns just from her pictures, as demonstrated by John Dugman , a faculty member at Cambridge University [www.findbiometrics.com]) If the processing server is connected to a scanner via communication medium, then such a communication can be interrupted to present identities in digital form without requiring a physical presence. Even in the case of self-contained systems a government agency may request their program be installed inside which may provide the access necessary. It was the case recently in USA as FBI forced ISPs (internet service providers) to install a “carnivore” program to snoop over the emails that may be sent or received, in spite of the protest of ISPs on the ground of confidentiality and system incompatibility. [Hyatt 2001] ISPs went back to previous versions of operating system just to install the program. (Security and privacy in mind?)

In the verge of going into intelligence age from information age such central repository of personal identity can prove to be too dangerous from privacy and public interest point of view. There seems no better solution that technology or legislators can give in terms of assuring that such records information will only be used for the benefit of humanity and security in a confidential manner without using the word ‘trust’. Does biometrics invade privacy?

Again short answer to this question is yes.

Privacy is a difficult term to define or to understand. We do not have still adequate knowledge as how to represent or express what privacy means in general term. Some people say it is to do with anonymity. [Hyatt 2001] Some people associate it with having free choice or freedom. Some define it as ability to keep secrets. In general the degree of freedom also varies. What is private to some people may not be private to others. Whatever may be its meanings or interpretations, there is always a general consensus on the fact that there is privacy and it’s of essence as a fundamental right and it must be preserved.

Privacy can also be thought of as boundary that marks individuality with free choice of action on its environment. If nothing is private about a person then that person becomes just another mechanical object functioning according to preset rules. If you are grown in the tradition of Skinnerian behaviourism it may easier for you to accept a mechanical nature of life just corresponding to an ‘operant conditioning’ or grandly, ‘an operant modeling’. This behaviorism questions the validity of freewill. “If people were actually free to do as they pleased, even if only occasionally a science of behavior was impossible”. [B.F.Skinner, beyond freedom and dignity]

Restricting ones freedom and dignity by behaviorist theory to a mere feeling of freedom and dignity rather than actual objective reality is very much a debatable question. In addition modeling as a ‘way of showing another organism what to do’ can be dauntingly limiting in its aspirations.

As we can see matter of privacy and its true validity and its meaning can be taken at a different level. For all the purpose of intrusive technology we will assume that there is general consensus, consciously or otherwise that privacy is of paramount importance as a fundamental right.

Biometric technology without doubt comes closer to the boundary of an individual if not intrusive. According to some people, people who tend to have a background or preconceived notions such as belonging to a religious group or culture generally raise privacy concerns against biometrics. [Woodward 2003]

Culturally an individual or group of individuals may object to biometrics on the basis of stigma and dignity. For example finger printing sometime have stigma attached to it as only criminals are identified that way. From this notion such an individual may feel as if his privacy is violated by biometrics as it takes information that is usually taken from criminals who has no choice but submit to such an act. This will result in non-conformity on the part of the individual and one may have to provide alternative means of authentication just to preserve his choice and freedom. Fear is that just as with many other form of identity (bank cards, passports etc) one may not get the choice of rejecting a biometric device for alternative means, whatever the reason. The popular argument by enthusiasts is that with better information and education such ‘fears’ can be overcome. Even before analyzing such feelings as simply due to misinformation and fear, one must recognize the fact that industry must provide alternative means as part of the choice in order to achieve wholeness of approach and service. ‘Cultural fears’ as commonly put also has a valid sources of reason although there is, in actual truth, some misinformation. Historically biometrics reading is always has been associated with reading for the purpose of identifying criminals. And it comes as no surprise that people feel insulted and intruded by biometrics. When biometrics is used only for the purpose of authentication, these fears become unfound and may call for better public understanding. Currently there is no assurance to this effect even by commercial companies. Even commercial companies prefer to hold information for the purpose tracking behaviors related to their service by tying it up with an identity hence breaking the anonymity of an individual. From this view, we must take the point of view cultural fears underpin the formless fear associated with the use of biometric devices. Given a form it becomes a valid argument against reading or holding biometric identities for the purpose of tracking surveillance or identification for any other reasons.

A religious affiliation or interpretations also might raise an opposition to biometrics. Quoting from religious scripts these people argue that the biometrics will bring about devil’s time. Christianity claims that reference can be found where people are identified by a symbol in their body and draw resemblance to a biometric device. However different or irrational it may sound one must recognize the fear and nonconformity. Time is a only better education and a way to give time a chance is ti give people a choice and assurance for their anonymity and confidentiality.

Now what if you have no fears due to culture or religion? Does it automatically means that you have no privacy concern due to biometrics? People who have concern for individuality also raise important concern about privacy invasion by biometric type technology.

Individuality on its own right is threatened by excessive use of biometrics. When others know more about you than yourself sometime even without your permission, you don’t have individuality but an individual identity. We become just another smart card-full of metrics to be read from. Just as information can be manipulated our behaviours will be manipulated by commercial and public entities. Supermarket store/points cards are perfect example of profiling techniques developed by cooperates. Market research of commercial companies will become exact science producing more than 90% success. An individual will be trapped, in the process without much choice.

This type of fear of an individual is not without validity. Often an outcry for privacy is not necessarily targeted on biometrics alone. Advocates of biometrics sometime make the mistake of saying “what about traditional means of security they offer tracking too”. [Woodward 2003] Unfortunately, it doesn’t matter whether its old or new technology if it’s found to be compromising an individual privacy in a dangerous way then it must be taken seriously and dealt with. We know that traditional systems already offer ways for greater level of organization of an individual’s information quiet easily. There are dedicated websites, private investigators who offer such services as getting private information about an individual [Hyatt 2001]. With an advent of Internet, there are number of ways to get private information of another individual with or without his permission. This has lead to many unwanted problems such as identity thefts and stalking and many other problems. In some unfortunate events like in the case of Ami Boyer it has even lead to death. Ami Boyer’s stalker located her and killed her before killing himself and she had no clue [Hyatt 2001, page17]. There are many other cases reported by Hyatt such as identity thefts of Kimo, 36 year old programming consultant [2001,page 24] and Michelle [2001, page 47]. It was educative to see how many difficult months had been spent, trying establishing identity again. The difficulty faced stands as an evidence to what a mistake in biometrics can cost, especially when all your identity depends on it and there is no other way of providing evidence.

If we attempt to summaries the fear for privacy into categories, it may be done as follows.

1. Compromised individual discretion (Unauthorized authentication -with some biometrics you don’t need to take permission to identify an individual) 2. Historical misuse and disregard of private or confidential information by private companies (continuous selling of confidential information acquired by companies about its customers especially during bankruptcy) 3. Rogue government agencies (competing government agencies always willing to do whatever it takes in whatever means to achieve its goals which are not public) 4. Hackers and criminals (if one single biometric identity is used in many places it can prove easy for hackers once they break one system). 5. Unavoidability (there may not be alternative choices offered along with biometric scanning, making it a de facto standard against people wish)

Unless these issues are properly addressed there will be a reason to object and worry.

Fighting for privacy-countermeasures

When almost all big business establishments (with the keen interest in developing intelligence about it customers) and governments (who are keen on tracking and keeping control over it subject in the fear of any uncertain events) are against you, its no wonder an outcry for individual privacy goes unheard as a minority voice just like the Winston’s, the character from big brother. The reality is currently there is no stronger means available at individual level to facilitate a protest against intrusive technology in an effective way.

Predicament of Winston character has close resemblance to the predicament of privacy advocates. Ironically both may even share the same fate. A call for more concern on privacy has only social value and has no economical sense. Often it costs more to keep privacy, as one may have to denounce facilities or buy specific type of services at premium. In addition for companies to pay attention to the issues of privacy it need to be connected to possible profit or benefit in any form.

“When people understand what is happening to their privacy, they often clamor for government to do something about it. But government is not the solution. In fact it’s a big part of the problem” [Hyatt 2001, page 62]. There are several numbers of legislation governing the individual privacy, which are not updated to reflect the modern threats. In the light of recent terrorist events governments have become greedier and surveillance mad. For example US government has taken many initiatives that directly will compromise individual privacy and confidentiality. FinCEN (financial crime enforcement network), Echelon (international spy system) and Carnivore are such examples. [Hyatt 2001, page 63, 67, 69]

“FinCEN requires all banks to report al transactions exceeding the amount of $5000…. Echelon is believed to intercept and analyze as many as 3 billion communication every day including phone calls, emails, Internet downloads and fax transmissions” [Hyatt 2001, page 67].

In this climate it becomes paramount to pay attention to the importance of privacy to safeguard public from big brother like invasion. The little efforts made by privacy advocates here and there using internet and few other means are as valuable as the protest of Winston. Interestingly Hyatt describes establishing ‘Ghost identity’ [Hyatt 2001, page 96] as a way to preserve the identity from being snooped over by unwanted people and organization. Even though it may look odd, one can clearly see if it can be done, it will provide a very strong measure of privacy from an individual’s point of view. Even some biometric system can be fooled, if an individual himself sets about cheating on his identity. If biometric systems are not built to detect replication of identities as is the case currently (in order to check for replication one must hold the records of identity and reconstruct all such identity to check against an identity that may be used to enroll.) then it will be possible to feed it with confused identity information twice by a single individual. It will, to some extent, help to confuse data integrators or function-creepers. If biometric devices are unsupervised, individual might choose to present a different identity by means of artificial construct for the sake of privacy.

Another way is to create privacy is by creating what can be called as ‘Winston technologies’ that will deny the use of biometric devices. Possibly technologies can be developed that may detect and block unauthorized reading of biometrics from an individual. Technologies can be implemented that will express the concerns of the individual’s privacy. Just the way hospitals and few other places use microwave detectors to detect and neutralize any microwave in the surrounding thereby blocking the use of mobile phone, technologies can be implemented to detect and alert, deviate or neutralize any unauthorized intrusive means of biometric identification. It’s especially important in the context of biometric devices that can actually identify a user without permission.

In essence it is clear that in order to preserve individual privacy one must look beyond the means provided by legislators, policy makers and private organizations, as privacy is never considered as sole goal in any context by these entities. Its eventually will reside with an individual and his choice and action as to what extent that individual would like to preserve his identity and privacy.

Conclusion

Technology is an exciting and essential part of future. However, as we have seen, certain consequences of technology if not regulated properly, if not balanced properly might very well lead to panopticon state. As much as we love technology we hate to see or visualize such a panopticon state. And yet, we are still debating and hesitating in the development of measures to safeguard our future in terms of privacy and freedom.

We can draw one conclusion clearly that any attempt to record personal identity information or sensitive information must be treated with extreme caution, as it can be the root of all that is evil. It can be recommended that all biometric algorithm for them to gain wider acceptance must pay due attention to the privacy issues. For example implementing scan algorithms that cannot be reverse engineered or used for tracking purpose can be imposed as a necessary qualification for biometric systems to be employed at public level.

Biometric researchers and developers must be made responsible to consider the issues of privacy and must explicitly implement technology to address these issues directly. It should be accepted as a technology of choice not as inevitable unavoidable means for the sake of promised security.

In the recent times we have seen British government narrowing the definition of ‘emergency’ to facilitate ministers to implement direct actions. We have seen US government initiatives to monitor and surveillance at grander level. This gives an impression that governments are more reactive than proactive. Given the democratic process it may be too cynical to doubt all actions on the part of government as there is some truth and benefit to their actions which they extensively use to drive home their messages and justifications. We must realize governments represent ultimate power and they have access to vast majority of information on its subjects. If technology to acquire and analyze exhaustive information about people with or without their permissions, are implemented and put to use it could cause catastrophic results in many countries especially in countries with many minority representations. If an individual became undesirable politically for a ruling party, then ruling party may choose to employ government resources to target that individual by collection every bit of information possible about that individual. Any success of this sort could extend further into many other possibilities in which fairness of trade and privacy can be violated. References

www.findarticles.com http://www.findarticles.com/cf_dls/m0FQP/4564_130/80616784/p1/article.jhtml www.educate-yourself.org http://educate-yourself.org/mc/ultimateorwelliannightmare17jan02.shtml www.thirdworldtraveler.com http://www.thirdworldtraveler.com/Public_Relations/OrwellianLogic.html www.humanistsofutah.org http://www.humanistsofutah.org/2003/IsAmericaBecomingOrwellian_DiscGrp_Oct-03.html www.washtimes.com http://www.washtimes.com/national/20031126-113641-3955r.htm www.cooperativeresearch.org http://www.cooperativeresearch.org/timeline/2002/dallasmorningnews121602.html www.litnet.co.za http://www.litnet.co.za/seminarroom/09brother.asp www.sonic.net http://www.sonic.net/sentinel/gvcon5.html www.inthesetimes.com http://www.inthesetimes.com/issue/24/13/allen2413a.html www.findbiometrics.com http://www.findbiometrics.com/Pages/feature%20articles/afghangirl.html

Michael H.Hyatt, 2001, Invasion of privacy, How to protect yourself in the digital age Regnery publishing, Inc, Washington DC

John D Woodward Jr, Nicholas M. Orlance, Peter T. Higgins, 2003 Biometrics-Identity assurance in the information age McGraw-Hill, USA

John Chirillo and Scott Blaul, 2003, Implementing biometric security Wiley Publishing,Inc, USA

Gorge Orwell, 1949, 1984 Penguin books, England

B.F.Skinner, Beyond freedom and dignity

Biometrics Journal International biometric society

Biometrics and arms.

Someone from USA should write a paragraph about biometry and gun control. For example, if all law enforcement firearms had palm readers or RFID tags against unauthorized use, two recent spree killing could have been prevented (the Fulton courtroom massacre and the Red Chippewa school massacre). Both places the madmen used police weapons. There would be no legal or constitutional problems with bio-authenticating weapons used by the authorities.

Reply - Guns work because they are simple. Guns have decreased in complexity over the past 100 years. There are multiple solutions to the problems you mention that do not involve biometry. googling for gun complexity biometric turned this up: http://www.davekopel.com/2A/LawRev/SmartGuns.htm#C.%20Reliability%20as%20The%20Key

What if the palm reader or RFID tag failed? What if the original owner needs someone else to use their gun? Sometimes people even forget to take off the safety, I can't image what would happen with more hurdles to firing. I can see this being useful in cases where criminals shoot police officers with their own sidearm, but in other situations this doesn't sound like a smart idea. 67.85.137.135 21:39, 11 February 2007 (UTC)[reply]

Justification?

"and the most successful, human authentication via typing pattern (rhythm) recognition." What is the justification for this?

--Michael.R.Crusoe 07:30, 2005 Apr 13 (UTC)

Bio-Dynamic Signature (BDS)

worthy of includsion? found buzzword here.

Apparently the creation (trademarked???) of Dr. Daniel Lange (see above article for others involved).

Page layout

Is it against wikipedia rules to run a big URL through something like tinyurl to correct the horizontal scroll bar?

Sclozza 04:18, 19 July 2005 (UTC)[reply]

Biometric Discussion List

I found some interesting discussions on The Biometric Consortium's Discussion List see http://peach.ease.lsoft.com/archives/biometrics.html

Cleanup

United States- United States is a strong advocate of biometrics. As of 2005, it's moving to require biometric passport from its own and foreign citizens. The European Union has criticized it for causing unnecessary harm to civil liberties and privacy.

I don't think I need to say anything more. Recommended this article for copyediting. 67.162.225.236 02:42, 29 December 2005 (UTC)[reply]

Spelling check (IchBin 09:01, 1 January 2006 (UTC))[reply]

I would recommend that the phrase "in time and attendance systems" in the section on Hand and Finger Geometry be expanded to explain what a time system is and how it relates to fingerprint and hand recognition. The other examples listed are sufficiently clear based on the context, but this one could use clarification. 137.122.14.20 (talk) 17:16, 11 February 2009 (UTC)[reply]

Canadian passports

This section has been moved to Biometric passports as it is more relevant to that article. --apers0n 21:26, 5 August 2006 (UTC)[reply]

Societal pro's and con's to biometrics

Pro's: Honest people have nothing to hide

The world is becoming a dangerous place. We need a way to track people and biometrics is a very accurate way of doing it. People have the complaint, that they will lose their freedoms. If some thing is not done to track those who wish to destroy and conquer, we will lose our freedoms any way. People also don't like change. Once the change is accepted, then we will be safer. If we are worried about being tracked, we shouldn't do anything that is against the law.

With biometrics, identities can be verified, even without an ID card. You could potentially withdraw money from an ATM account if all you did was get a fingerprint and retina scan. This would cripple the current problem of identity theft.

Con's: Sed Quis Custodiet Ipsos Custudios?

(Latin for "But who is to guard the guards themselves?) Danger is a two-faced demon: one face the threat, the other face the answer to threat. While seeking answers to threat whe are often guided by fear. Both individuals and societies as a whole will react to threats by defending themselves. The application of biometrics is a societal answer to threat. But the current worldwide implementation of biometric systems is a merely technocratic operation in which the goal - let's catch bad guys - tends to be overshadowed by a another goal - let's catch bad biometrics. Who will believe an innocent but poor or powerless citizen denying he's a villian while the biometric system is saying so? Should we trust government officials, knowing how effective they are in virtually eliminating whistle blowers from the sociatal stage? The Dutch Jacobus Lambertus Lentz designed state of the art identity documents already in the fourties of the 20th century - which were used by the Germans to eliminate Dutch Jewry. Do we trust that such and similar things won't happen again? I think to ask the question is to answer it. A sociatal debate on how to guard the guards is urgently needed.

To add to this, biometrics has a great potential to be abused by oppressive regimes to control people. What if every person's movement and actions are catalogued into a massive database, and a heurustical algorithm tries to determine suspicious activity based on your past history? It could catalogue your purchase of thousands of pounds of ammonium nitrate fertilizer and trigger a "suspected terrorist" red flag in some office. While it would be a noble cause, we'd be moving one step closer to an orwellian society, where we sacrifice our personal liberties and freedoms for the false sense of security offered by a biometrics system. Those are just based on a western value system. What if biometrics was used in a hypothetically "advanced" country with religious extremist values holding power, where a minority rules the majority and uses biometrics and overwhelming force to overpower the population, dissenters and non-conforming non-religious people? What if the Taliban, Saddam Hussein, Joseph Stalin, Adolf Hitler, or any other distopian ruler had biometrics? Can we trust ourselves to give our government more power over ourselves and our lives? Do we _need_ a perfect security solution or just a security solution that is "good enough"? There are a lot of ethical and moral debates to be had over the pro's and con's of biometrics.

Little comment on the usage of the word Biometrics

This word is in use since the early XIX century, with a meaning close to "application of exact sciences methodology to biological sciences", and there are books and periodicals from that time to prove it (one famous example among statisticians is the magazine Biometrika).

It is bigger than human biometrics security systems, and bigger than biostatistics, because includes, for an instance, applying experimental planning methods developed for electronic engineering to agricultural experiments, studies of Hardy-Weinberg Equilibrium (a population genetics problem which may be posed in terms of proportions) and Ethology (in the sense used in The Selfish Gene by Richard Dawkins, a science that although of biological nature, draws freely from Game Theory).

I strongly believe that this page should be a disambiguation page.

--Lucas Gallindo 19:27, 13 September 2006 (UTC)[reply]

I agree, there is a whole field of science called biometrics which has nothing to do with identifying people. Domminico (talk) 18:51, 20 November 2009 (UTC)[reply]

Should Biometrics really be used in todays unsafe lifestyle

please check validity of table

someone please check the validity of the following table:

Comparison of various biometric technologies, according to A. K. Jain

it seems to be tampered with. The table looked different a while ago

Joris

yes, it is, now it is more complete. The old one was taken from a document who had cropped part of the original version, I have found the original document (see the reference) and I have copied from there. Alessio Damato ^(Talk) 13:25, 25 June 2007 (UTC)[reply]

Syntax/Semantics

Uses and initiatives

[edit] Brazil

Since the beginning of the 20th

[Semantics: this paragraph goes right from 1900 (the beginning of the 20th century) to 1999, without any intervening events, leading one to suspect the author meant the 21st century, when according to the reference at Dr. Vucetich, fingerprinted Brazilian ID cards existed before 1900]

century, Brazilian citizens have

[Syntax: Since/have?]

user ID cards. The decision by the Brazilian government to adopt fingerprint-based biometrics was spearheaded by Dr. Felix Pacheco at Rio de Janeiro, at that time capital of the Federative Republic. Dr. Pacheco was a friend of Dr. Juan Vucetich, who invented one of the most complete tenprint classification systems in existence. The Vucetich system was adopted not only in Brazil, but also by most of the other South American countries. The oldest and most traditional ID Institute in Brazil (Instituto de Identificação Félix Pacheco) was integrated at DETRAN [7] (Brazilian equivalent to DMV) into the civil and criminal AFIS system in 1999. —Preceding unsigned comment added by 67.39.198.126 (talk) 06:04, 6 September 2007 (UTC)[reply]

WP:ENGVAR Consistency within articles

At present this article has a mixture of U.S and UK English, with occasional tussles over the odd word. My last attempt to harmonise/harmonize throughout was reverted. Any consensus as to which variant to use? Checking back, U.S. English has been the norm on this page. --Old Moonraker 21:05, 8 November 2007 (UTC)[reply]

OK, trying again. This is just to achieve consistency through the article and not favoring one form of English over the other. --Old Moonraker 17:14, 9 November 2007 (UTC)[reply]

Gigital photograph

Biometrics#Germany refers to a "gigital" photograph. This is the first time I've come across the phrase (and I don't want to fall into the WP:IDONTKNOWIT trap), but would a link or explanation be useful? It seems to apply to hi-res devices, so is it appropriate for this application at all? Or is it just a typo? --Old Moonraker 13:07, 11 November 2007 (UTC)[reply]

I'd say it's an obvious typo; I have changed it to "digital". - Mike Rosoft 11:37, 12 November 2007 (UTC)[reply]

Thanks. --Old Moonraker 12:59, 12 November 2007 (UTC)[reply]

Universality in Comparison of various biometric technologies table

Could someone please add a definition for the Universality column in the table? All the other fields are described, but I have no idea what that one means. 67.43.141.66 (talk) —Preceding comment was added at 12:11, 3 January 2008 (UTC)[reply]

Error in the table with A.K. Jains work on biometrics

The table has some errors, and the reference should be to another article, see http://biometrics.cse.msu.edu/Publications/GeneralBiometrics/JainRossPrabhakar_BiometricIntro_CSVT04.pdf (page 12) —Preceding unsigned comment added by 130.226.143.206 (talk) 15:31, 21 March 2008 (UTC)[reply]

Despite the comment, the colors in the last column are not reversed. 129.125.178.61 (talk) 13:16, 3 September 2008 (UTC)[reply]

Gordon Brown (The Prime Minister)

Removed "Gordon Brown (The Prime Minister) has now given commercial sectors the go ahead for using biometric technology" from article, as not developing the article in a meaningful way. No reference given, but it may have been prompted by this piece of puffery from National Outsourcing Association (NOA), the UK’s trade association, dated two day ago. --Old Moonraker (talk) 14:26, 20 May 2008 (UTC)[reply]

Possible WP:COPYVIO

Parts of this article within the "Physiological" section are a lift from GlobalSecurity.org, here. Their page has been in existence since at least August 2005, (archived [1]) and the material here was added after that date. Any reason why I shouldn't prune it? --Old Moonraker (talk) 22:53, 22 February 2009 (UTC)[reply]

Removed. --Old Moonraker (talk) 11:08, 23 February 2009 (UTC)[reply]

Significant Changes Needed

There are a few sections that are disproportionately long. I've moved the arguably notable research to an "emergent" section, but recommend that it be stricken or edited down to a single sentence per emergent technology. Biometric modalities should be discussed based upon deployment and robust research by many academics and professionals, not a limited number of academic research activities by one or a handful of individuals. A good rule of thumb is that if you're writing about a modality that isn't finger, face or iris, and your discussion is longer than theirs, the material is disproportionately long.

The technical sections of this article consist of a bit more than a stub, on top of which various contributers have pasted in abstracts and position papers for their pet projects. The description of the modalities needs strengthening, and the pet projects (cognitive and cancelable biometrics) need to be severely pruned, so that the widespread and accepted technologies receive the majority of discussion. I'll try to do that over the next few days, but it would help to have more veteran contributers check that I'm meeting a style and format appropriate for Wikipedia. 96.231.31.186 (talk) 10:14, 6 March 2009 (UTC)[reply]

Thanks for taking this in hand: much-needed improvements. The opening paragraph is wrong ("refers to" is deprecated in WP:UMD, but the phrase was there before you started) and I will look at this, unless someone gets there first. --Old Moonraker (talk) 10:35, 6 March 2009 (UTC)[reply]

Thanks, please keep watching my back! I'm intending to completely strike the two sections regarding brain science research. They are unrelated to any operational biometrics, and checking the edit log they appear to be part of an anonymous user's spam of their research abstracts into various tangentially related articles. I also pruned the cancellable biometrics section considerably - the section describes a theoretical construct that doesn't actually exist in any real form, and was written as a self-contained position paper. Realistically that section shouldn't warrant more than a sentence, but I don't want to rip out too much content.

What's the criteria for killing a section that doesn't belong? Given that two paragraphs of incomprehensible semi-english were in the middle of an unrelated section, it doesn't look like we have enough biometric experts here to get much of a consensus. Is it okay to kill things that don't belong in my judgement? Do I have to justify my credentials in some way here? Drc500free (talk) 10:50, 6 March 2009 (UTC)[reply]

The basis for the decision to delete the material is verifiability. If there isn't a reliable source it can go. If it's a fine call, the section could be marked with an {{unreferencedsection}} tag and left for a while to see if some decent references from independent, notable sources can be found.

It helps immensely to have a knowledgeable editor, but it follows that because everything is, in theory, transparently verifiable qualifications are absolutely not a requirement to contribute: the material stands or falls by the quality of its sources. --Old Moonraker (talk) 11:59, 6 March 2009 (UTC)[reply]

Fair enough. What is it that has to be verified, though? One can certainly verify that a handful of academic research has been performed, but you can't verify that it has any impact on biometrics in practice. For instance, I could add a section to the article on automobiles discussing cognitive research on a system that can differentiate between thinking "left" and "right," stating that it's relevant because such a system could arguably be used to steer a car, and anyone could verify that the research has in fact been performed. ....

.... t 96.231.31.186 (talk) 06:40, 16 March 2009 (UTC)[reply]

I agree about the cognitive research -- it does not belong here -- maybe a separate article, "Cognitive performance biometrics" could be created (along with a tag questioning if it's notable enough to be here at the top) and then linked to in the "See also" section. Or at very least, the section should be dramatically shortened. The vast majority of work in biometrics, as the word is commonly used, does not have anything to do with it -- so it shouldn't make up such a large portion of the article. Jrtayloriv (talk) 19:22, 16 March 2009 (UTC)[reply]

BAPI

I want to create an article about BAPI and its creator. Here is what I have so far. Please help me edit. 87xy5zf02 (talk) 06:57, 21 May 2009 (UTC)[reply]

William Saito (ウィリアム　齋藤、born March 23, 1971) is a visionary award-winning entrepreneur and leader who has shaped information security policy, founded start-ups and managed public corporations over the past two decades. He is a technologist who is as comfortable in the boardroom as he is in the lab. Saito is astute in Asian culture, supported by native-level English and Japanese communication skills, contributing to extensive international contact network with major corporations, industry experts and government organizations throughout the United States, Japan and Asia. Saito has earned numerous industry accolades, achieved congressional recognition, been selected as a public speaker and is an accomplished author.

Possible variations of name

William H. Saito

William Hiroyuki Saito

Hiroyuki Saito

ウィリアム　齋藤

ウィリアム　H.　齋藤

ウィリアム　斎藤

ウィリアム　H.　斎藤

浩幸　斎藤

浩幸　齋藤

Background

Saito is from Walnut, California and is one quarter Okinawan. He graduated University of California, Riverside (1987-1991) with a degree in biochemistry and continued onto graduate school in Advanced and Executive Management Programs (1993-1994).

Publications

Yomiuri PC, “Security Matters”,

Ernst & Young’s “Insights from the Winners' Circle.”

Awards

Technology Innovation Award, by Frost & Sullivan in 2000
Top 100 Emerging Companies to Watch, by Computerworld in 2000
Technology Fast 50 Award, by Deloitte and Touche, on numerous occasions
SymtronRecognition awards from dozens of publications, including PC Week, PC Magazine, Network Computing, Reseller News, SC Magazine, and other industry leading publications.

Professional History

Saito foundedI/O Software, Inc., in 1991, on a shoestring budget that grew organically. It became a leading developer of highly flexible, scalable information security solutions to secure credentials and user authentications, providing encryption and security services for Internet/e-commerce as well as designing PKI and digital certificate security protocols. Saito led the management team as a product champion and worldwide evangelist to achieve rapid growth and operational excellence within each functional area, including: product strategy, business development, operations, sales & marketing, finance and human resources. Saito also worked with U.S. Department of Defense to exploit commercial-off-the-shelf (COTS) technology program, leveraging basic research money, with the cooperation of private industry, to develop dual-use products (commercial/civilian and military), resulting in dramatic development cost reductions and faster time to market.

Due to his success, Saito earned recognition as 1998 Entrepreneur of the Year from Ernst & Young, NASDAQ and USA Today. In 2000, he negotiated an agreement with Microsoft Corporation to integrate the company’s core authentication technology and biometric application program interface (BAPI), into the Windows operating system. Soon thereafter, the technology was licensed to over 160 companies worldwide.(Ethentica Veridicom AuthenTec, Symtron, Bio ID)

Saito ultimately negotiated with numerous Asian manufacturers and governments, including an investment deal with Sony in August 2002, which culminated into a successful sale of the company at high valuation in December 2004.

More on BAPI-The Biometric Application Programming Interface

What is Bio metrics?

Biometrics is the scientific technology used to analyze a person's biological for authentication, authorization, and verification. The standards today are to analyze the physical data of the fingerprint, hand/skin, retina, iris and voice. This is done by transcribing the physical data processed through the API device into analyzable digital data. This data is then compared with possible matches in a database. BAPI is one of the systems capable of this analysis. Before BAPI, there were forecomers that developed complex algorithms and had defined their own biometric acquisition and processing interface, but BAPI proved to be more superior. Why? Because BAPI was more flexible and universal to meet the requirements of the market, and now, with their partnership with Microsoft, it is readibly available, affordable, and user-friendly in virtually every Windows computer.

Who uses biometrics?

The market for biometrics today is almost anyone. However, biometrics today plays a vital role in national and international security and health. After Saito led Biometric API standards consortium, uniting highly fragmented industry, BAPI was acceptted as standard for development of biometric devices by CBEFF (Common Biometric Exchange Formats Framework) and through Microsoft has become nationally recognized into the Computerworld Smithsonian collection.

See http://www.ibia.org/cbeff/ for more information.

BAPI and Biometric Standards

Biometric Industry Standards

BAPI and Security

But there are those who are spectale about the uses of biometrics towards national security.

BAPI and Microsoft Corporation

Saito negotiated and closed OEM deal with Microsoft in May 2000, fully integrating I/O Software’s core technology , SecureSuite and biometric application program interface (BAPI) into Windows operating system; closed similar agreements withIntel and Sony.(See Pre ss Release [2]and FIU-600). Their plan was to incorporate the system into Windows by the summer. Today, it is an additional system inside Windows Vista in the Windows Biometric Framework.

See Press Release.