NO2ID

BBC: Passengers test new face scanners
Flight Int'l: Airport IT trends 2008

As noted, not least by Guy, these trials are known to be a waste of time.
The Home Office know the technology doesn't work.
There is no good reason to pursue the trials.
Pursuing them can only lead to embarrassment and unrest.
Embarrassment and unrest which could be staved off if the Home Office's own biometrics expert would speak to the public.
I sent an email to that effect.
A response was received, informing me that the email was being treated as an FOI request.
An FOI response was subsequently received.
That has now been replied to.
And a press release has been issued.

Telegraph: Security fear over airport face scanners
(as spotted by an alert guest):


My 24 September reply to Home Office Scientific Development Branch (HOSDB) includes the following:


HOSDB's 25 September reply says:


We may discover from the 16 October reply whether there are any controls on the facial recognition trials.

A reply was received from Marek Rejman-Greene dated 14 October 2008.

An initial response was sent on 2 January 2009 asking HOSDB to explain to the public why money is being spent on the biometrics trial at Manchester airport when facial recognition has such a poor record.

A fuller response was sent today, broadening the issue to cover fingerprints as well as facial recognition, and irisprints.

The Home Office have always claimed that the 2004 UKPS biometrics enrolment trial was a usability trial and not a reliability trial. That allows them to assert that the pitiful performance of the biometrics revealed by the trial is irrelevant. Today's letter argues that the distinction is nonsensical. Usability is assessed throughout Atos Origin's report on the UKPS trial in terms of reliability. The two cannot be separated.

The use by Australia and Portugal of so-called "SmartGates" to check airport passengers through immigration is used by HOSDB to give credence to the Manchester airport trial. No evidence of the reliability of the Australian and Portuguese systems is adduced and the Australian Customs have explicitly refused to provide it. I have asked HOSDB to be more open than the Australians about the Manchester airport trial.

Biometrics experts make a distinction between verification and identification. Identification is much harder than verification. Proving that the bearer of an ID card is the person to whom it was issued is one thing, verification. Proving that they are unique and have one and only one record on the NIR is another, identification, and considerably harder. The suggestion is made in today's letter that upright biometrics experts have given up on identification. They still cleave to verification, more or less precariously, but only confidence tricksters still claim that today's mass consumer biometrics can deliver identification.

Let's give it a few weeks. Then we shall see ...

The point is made explicitly in today's letter that it is an open letter.

No response has been received to the letters dated 2 and 8 January 2009. A letter has been sent asking for a response.

The Manchester airport trial should have finished some time in February. The same letter asks when the results will be published.

Please see.

Keep it up David. I am sure that at times it must feel like you are tilting at windmills. But there are folks behind you, never forget.

yes, and this website is a godsend

No replies have been received to my letters dated 2 January 2009, 8 January 2009 and 11 March 2009. These letters are posted and emailed to the Direct Communications Unit of the Home Office. Not only are there no replies. They have not been acknowledged.

So I tried some indirect communications. Someone with some genuine authority intervened and asked for a reply from the Director of Research, Development & Statistics at the Home Office. No response from the Director so far but today's post brought this from IPS:

This letter ignores most of the points raised. What with that and the failure even to acknowledge three earlier letters, it seems legitimate to infer that the Home Office can't and/or don't want to answer these questions about biometrics. They have something to hide. They are not telling the public the whole truth and nothing but the truth about the technology on which so many of their plans depend.

Even when they try to say nothing, though, they fail. This 20 March 2009 letter of theirs undermines the repeated claim that biometrics can be used to "lock" people "securely" to a "single identity". Now, it seems, that cannot be guaranteed after all, the magic has gone out of biometrics, now they merely "provide an additional mechanism over and above the ones that are in use today".

... or would that be 3500 matches, most of which are false positives that obscure the attempted identity frauds and scare the innocent people who fall randomly under suspicion?

Keep hammering away David, you'll get there in the end!

Great work David.

First draft, subject to minor changes, links will be added later, notes on a 43-minute telephone conversation with Marek Rejman-Greene (MRG), head of the Biometrics Centre of Expertise at the Home Office Scientific Development Branch (HOSDB), Friday 29 May 2009.
----------

MRG kindly started by apologising for the failure to reply before to the January letters.

He advised that it is best to approach the Identity & Passport Service (IPS) and the UK Border Agency (UKBA) for information. I made the point that it is because of the difficulty of getting any sensible response out of IPS that I approached HOSDB. MRG believes that there is a new director of communications at IPS and that may improve the situation.

MRG advised that the IPS and UKBA systems such as the National Identity Scheme (NIS) and eBorders need to be looked at in the round. It is not biometrics alone but the total system, including biographical information, that fixes a person's identity in the NIS. He advised that I should look again at the strategic action/business plans published by each organisation.

I made the point that politicians and civil service press releases have consistently claimed for years that it is specifically biometrics that distinguish the NIS and eBorders from all the other unreliable identification systems we already have. MRG could not comment on that. HOSDB make their recommendations, after that it is up to IPS and UKBA what they do with them, and he referred me back to their strategic action/business plans.

UKBA are conducting their trial of facial recognition at Manchester airport. Trials can demonstrate that the technology doesn't work. And yet UKBA have already promised to roll out the technology to 10 UK airports this year. That's not logical. They're prejudging the trial, I said. I should take that point up with UKBA, MRG said. (I have already taken it up with Sir David Normington, with the usual response. None.)

There have been newspaper reports that the technology being used at Manchester airport can't tell the difference between Osama bin Laden and Winona Ryder. MRG couldn't comment on that.

We discussed the reliability of facial recognition and flat print fingerprints. MRG thinks that they are not as unreliable as I suggest in the January letters. My figures are old/out of date/behind the times – he mentioned the advent of a "cascading" algorithm introduced into US-VISIT. And he adheres to the claim that the UKPS biometrics enrolment trial was not a trial of reliability, i.e. I am drawing my figures from the wrong source.

Those two points and others raise the question whether there is a large-scale trial of today's biometrics whose independently reviewed results demonstrate that they have become more reliable. A question which I pressed, and MRG duly came up with the NIST report on FRVT2006, which I defy anyone to be convinced by. Of course NIST have a good name, as MRG said, the problem is that they seem to diluting their good name, I said, when it comes to their reports on biometrics.

Pressed further, he said that there is reliable trial data available all over the web, particularly the data provided by biometrics system suppliers. That data is the problem, I pointed out, it is the claims made by suppliers and subsequently refuted by actual trials which got me and other people looking into the reliability of biometrics.

Pressed again, MRG came up with the example of UKBA collecting people's flat print fingerprints from all over the world for the purpose of visa applications. Those prints are being collected at the rate of two million a year, that is a large-scale trial, and they work – hundreds of people have been discovered, thanks to the use of biometrics, to have made previous applications under different identities.

That evidence is not admissible in court, I said. MRG said he is not a lawyer and can't comment on that.

That evidence demonstrates that perhaps when flat prints match, they are reliable, I said, the problem is when they don't match. If the false non-match rate is around 20% (a figure MRG does not "recognise"), then 20% of ID cardholders will have trouble proving their right to work in the UK, if that depends on biometrics, as IPS suggest it will. Straight bat, MRG referred me back to UKBA, and then added something like "we hold the false non-match rate evidence internally but it can't be released because it would make it easier for people to evade detection".

I do not understand this point of his, he would not elaborate, he said nothing when I pointed out that that is not like the normal open way in which scientific data is treated and he referred me back to UKBA and IPS.

Good terrier-work, David!

Thank you, Cap'n.

Thanks for the summary, David - very useful.


This is not a tenable position for an agency that is using public money to create what it claims will be the "gold standard of identity".

If we are all supposed to trust the National Identity System to infallibly "link each person to one identity", we must have independently-verifiable evidence of its accuracy. If the NIS is to be used to assert identity in legally-binding transactions, its reliability will eventually be challenged in court, and if the engineers who created it refuse to produce data on its accuracy then the courts will throw out NIS-based evidence of identity.

For legal analogies, see the "Phantom withdrawal" cases:

http://catless.ncl.ac.uk/risks/18.25.html#subj5

http://www.lightbluetouchpaper.org/2008 ... -at-least/

http://www.cl.cam.ac.uk/~rja14/Papers/liability.pdf

In one of these documents, Prof. Ross Anderson summarises:


Foreign visa applicants refused entry to this county because the UKBA says they're someone else have limited legal redress. On the other hand, when (not if) identity evidence from the proposed NIS is challenged in court, the Home Office will have to present the technical basis for their evidence, or the case will be thrown out of court.

"We have the evidence, but it's secret" is simply NOT acceptable.

Like it!
An accident? One of yours? One of Guy's?

Ooops - a slip on my part. This is the new name that the Home Office is using for the NIS, instead of "National Identity Scheme", which they no-doubt want to stop using because someone has told them it sounds vaguely sinister. Needless to say, I'm trying to carry on calling it a "Scheme" not a "System".

However, I think it's even better just to call it the "ID cards Database". I was amused to hear a junior minister tying herself in knots on "Woman's Hour" a few months ago, trying to avoid calling ContactPoint a "database". I suspect a briefing has gone out within government that "Database" has negative connotations in the public's mind, and the word must not be used in official statements. It therefore follows that we should refer to these databases by that name whenever we get the chance.

But, of course, the NIS we really must stop them getting away with is the "National Identity Service". A more appropriate acronym would quite clearly be NID: "National Identity Disservice"...

As John says, the new moniker is "Service", isn't it? I thought "System" sounded quite sinister...

Hmmm ... I think you may be right. Perhaps I really should just stick to calling it "The Database"!

How about "Shysters"?

David, thanks so much for keeping on keeping on with this. It's extremely useful stuff.

Response to IPS letter dated 20 March 2009. http://dematerialisedid.com/BCSL/Fantasy.html.

Response from IPS, 25 August 2009, http://dematerialisedid.com/BCSL/IPS20090825.html

From the reply sent on behalf of Mr James Hall-



The fact that otherwise intelligent people can make such claims with hardly a blush is a disturbing indictment of the group think that has set in at the Home Office. Do they really believe this, has their idea of what is actually meant by civil liberties been so corrupted by their own propaganda that they no longer see how contemptuous of the individual such an attitude is? Or maybe it is a desperate bid to justify, to themselves as much to anyone else, what they are doing and so preserve their position and safeguard their jobs.

Faced with such wilful stupidity it may be that a halt to it all will be called and the head of the IPS will then be encouraged to pursue a lucrative career in the private sector as an IT consultant, just like his colleague from the NHS, a certain Mr Richard Granger of their ill fated national IT Programme. Let us hope also that he meets with better luck for as Private Eye reports of Granger-

The demand for his computer expertise now seems to be sadly limited, as a report from the Governments advisory committee on business appointments reveals that he has become a "geological consultant", apparently trading on a 22 year old 2:2 geology degree.

It would be interesting to see just how high Mr Hall's services are valued outside of the civil service where he would be expected to actually do something useful instead.

Justin.