A little while ago, James Fairbairn drew our attention to a piece in The Economist on biometric passports, concluding, by way of remark,
Eek! I wonder what Mr Lightfoot would say about this.
Well, true to form, I did comment, but since I suspect that my set of half-dozen readers is mostly disjoint with James's, I'm going to recycle (and proof-read) my comment from last time here.
In case you've remained mercifully ignorant of the biometric passports nonsense, here's a very quick precis.
After September 11th (an atrocity committed, as you will recall, by legal residents of the US travelling on genuine documents) it became vitally important for airport security types to Look Like They Were Doing Something.
Of course, at root, airport security is more-or-less a sham. But naturally this didn't stop them.
(``Goodness,'' you may think, ``that's very cynical! How could you say such a thing? What about all those X-ray machines and metal detectors and beefy-looking security guards frisking people at the airport? It certainly makes me feel secure!'' If so, think some more -- when was the last time that you heard about airport security guards intercepting a bomb in someone's luggage? And the last time you heard about an aeroplane blowing up in mid-air because of a bomb they didn't find? And if security has improved so much since September 11th, how come we haven't heard about all the baggage thieves who've been caught and prosecuted? Admittedly, I'm being a little unfair and anecdotal here. But that's what you expect, right?)
So, in order to be seen to be Doing Something about airport security, the Americans hired lots more airport security people and had them inspect travellers' shoes and occasionally deport Canadians to Syria (where they get tortured) for no reason. But obviously no modern security panic-reaction would be complete without an appeal to the miracles of `biometric' technology, and so it was duly decided that in the future passports would carry `biometric' details of their holders.
The idea here is that, to stop THE TERRORISTS from stealing other people's passports and travelling using them, you put some biometric information on every passport, and check that it matches the person carrying the passport whenever they travel.
But instead of using a credible biometric (expensive, and not very reliable), the biometric passport standard is designed to use only a digitised photograph of the passport holder. This can then be used as a `facial geometry biometric' (not quite as expensive, and hopelessly unreliable).
You will not be surprised to hear that I expect this to be a balls-up.
Very probably the technology won't work at all, and anyway the facial biometric is so laughable that even if it does work the effects will be counterproductive. But there are worse balls-ups in progress. At least the biometric passport nonsense isn't predicated on a central database (though you may have noticed that the Home Office have repeatedly lied that most of the cost of their ID cards scheme will have to be spent implementing biometric passports anyway).
In more detail: the plan is that you put an RFID chip on the passport which contains a certain set of data. That data is signed with a key owned by the passport-issuing authority, so that -- assuming that you have a reliable key distribution policy (not too hard with only ~150 countries out there, each with ~1 passport issuing authority) -- you can verify that the stuff on the chip is authentic.
Then, when the subject presents their passport at the airport or whatever, you take a photograph of them and compare it, using the miracle of facial biometrics, to the digitised photo on their passport. If they have exactly the same facial expression, facial hair etc. as when their passport photo was taken, and the lighting at the immigration desk at the airport is exactly the same as it was in the photo booth when their photograph was taken, then the system will say, ``this person is carrying a passport which was issued to them by the such-and-such passport agency''. If any of those conditions are not satisfied (which happens >10% of the time even under good conditions in tests), then the system will say this person does not match their passport photograph, and are therefore probably one of THE TERRORISTS.
(As an aside, I was going to write about the miracle of facial biometrics in more detail, but I'm not sure how many of my half-dozen readers can find it in their hearts to laugh at misapplied matrix algebra. Suggestions gratefully received.)
The next step, of course, is that each country records people's passport numbers and facial biometrics and uses this to detect people using more than one identity. This won't work at all, because of that 10% error rate. (NB, before you think I've made a mistake, that these systems are usually tuned to have equal false positive and false negative error rates.) Of course, we would all Heartily Endorse a scheme to prevent people travelling on false passports; after all, it's not like we give a fuck about refugees any more, is it?
Of course, using RFID for this is a fucking stupid idea. Most trivially, it means that anyone with enough technical wherewithal (not all that much...) can steal your personal data and use it to impersonate you in non-passport contexts. It probably also opens up all sorts of exciting man-in-the-middle attacks, too. For instance, I could arrange that the chip in my passport just relays requests and responses through to the person behind me in the queue. Given the 10% error rate -- and assuming that the 10% of comparisons which give false negatives are ignored, rather than resulting in instant deportation to `Camp X-Ray' or a Mukhabbarat torture chamber -- and the difficulty even trained people have in comparing photos to people (typically making mistakes on 43% of occasions), I would expect this attack to work rather well.
So, its another broken-as-designed idea from the wacky world of biometric security. Surely you dont expect me to act surprised?
Biometric passports... they're sort-of like ID cards. But only sort-of. So you only get one holiday photo:
Comments
Posted by Roy Badami, Sunday, 27 February 2005 12:34 (link):
Are they using 2D or 3D facial images on the passports? I've seen it claimed that comparing a 3D facial image against a 2D facial image can be done far more reliably than comparing two 2D images. Of course, the vendors of the 3D technology would claim that...
-roy
Posted by Chris Lightfoot, Sunday, 27 February 2005 12:57 (link):
2D, I believe -- it's just going to be a digitised image of the passport photo, because that's something which can easily be done with the existing infrastructure. (``It's like a biometric, but you don't have to attend in person to take it....'')
Presumably the deal with the 2D--3D comparison is that you can use the 3D data and a lighting model to compensate for the change-of-lighting problem? I've only really looked at the 2D stuff, which really is ``the simplest thing that could possibly work'', the only problem being that it doesn't.
Posted by Roy Badami, Sunday, 27 February 2005 13:27 (link):
It's like a biometric, but you don't have to attend in person to take it....
So it's basically just a way of placating the Americans without actually doing biometrics. Neat.
Posted by Roy Badami, Sunday, 27 February 2005 13:36 (link):
Presumably the deal with the 2D--3D comparison is that you can use the 3D data and a lighting model to compensate for the change-of-lighting problem?
Presumably, though I'll believe it when I see it. I guess it's being marketed as a way of doing 3D on the cheap (you only use a 3D imager when capturing the biometrics, not when verifying) though who knows whether 3D-3D comparisions work as well as the vendors claim. I found one paper that suggested 3D-3D comparisions are no more reliable than 2D-2D comparisions...
Posted by Roy Badami, Sunday, 27 February 2005 13:00 (link):
Incidentally, at least one description I've read of how biometric passports are supposed to work is that, at least initially the only use of the biometrics will be to compare the digitised photograph with the conventional photograph, which should be relatively easy to get right since it should be the same photograph...
Perhaps not completely pointless as an anti-forgery measure, but not exactly what is normally meant be biometrics, either...
Posted by Daniel Davies, Sunday, 27 February 2005 20:58 (link):
Am I being hopelessly naive in suggesting that as an alternative, they could have a system whereby everyone's passport contains a small photograph of them (I even have a name for them: "Passport photographs"), and we have a bloke behind a desk who looks at the "Passport photograph" and compares it to the face of the passport holder? I'm really not seeing the advantages of introducing "Biometrics" here.
Posted by Chris Lightfoot, Sunday, 27 February 2005 21:48 (link):
Hopelessly naive, yes. I suggest you hire a well-paid biometric consultant to explain why.
(No but seriously... the idea of putting some digital data in the passport, and signing it, so that some obvious types of forgery -- manufacturing a whole new passport, or substituting the photo in one -- are made more difficult isn't such a bad idea if you think that we should be spending a lot of effort on stopping people forging passports. It's also true that even trained people are usually rubbish at checking whether a person matches a photograph; if the standard were going to use something other than a digitised photo as the biometric, biometrics could improve accuracy here, which would make it harder for people to use stolen passports. As it happens I think that passports have almost no value as a security measure and so preventing people from using forged or stolen passports is mostly a waste of time and money.)
Posted by Iain J Coleman, Monday, 28 February 2005 01:25 (link):
An interesting post, but it could have done with a bit more matrix algebra.
Posted by sinan ozeren, Monday, 28 February 2005 09:31 (link):
It will be a hell of a lot of time until 2D-3D becomes operational (if it ever does!!). Even the 2D eigenface algorithms (which are PCAs in principle) create so many (and many many) troubles that I wonder if investing money on 2D-3D is tactful from a non-academic point of view. This is the technical side. From the philosophical side I find all this biometrics stuff stupid and pretty self-contradictory.
Posted by Colin Teubner, Tuesday, 1 March 2005 18:11 (link):
OK, so this isn't totally on topic but it does involve passports and airports:
I am in Continental Europe right now, where I arrived via Heathrow, and in the line for going through security to get from one international flight to another there was a most excellent sign which I'm quoting from memory:
It was even longer than that but I'm not British enough to make it wordier. Here's the (hypothetical) American version of that sign:
Just a funny international anecdote...
Posted by sinan, Wednesday, 2 March 2005 11:52 (link):
Well all about the airport security being pain in the ass no ? Well third world citizens like myself are treated and HAVE ALWAYS BEEN TREATED like shit BY DEFAULT in all airports in the developed countries (Germans will treat you exactly like the way they treated the people they prosecuted sixtysomething years back, others are more or less so, differing only in the details of the style of discrimination that they adopt), so the new measures do not really add much to our suffering (it is like adding a very small number to a very large number, numerically insignificant operation). By the way, everybody is talking about the airport security, yet not much is talking about the airplane security during the take-off and landing when it is most vulnerable to rocket attacks. This is a true risk and it is becoming more critical as time passes.
Posted by dsquared, Thursday, 10 March 2005 10:22 (link):
"Germans will treat you exactly like the way they treated the people they prosecuted sixtysomething years back"
For wide tolerances of "exactly", presumably.
Posted by sinan, Monday, 14 March 2005 14:41 (link):
Well given the possibility they would do it "exactly" the same way. When a German policeman in the immigration sees a stereotypical Turk with mustaches and a dark complexion, he (she) does wish him dead, this I am sure of. This is called racism and very (but VERY) high percentage of the policemen in Western (and Eastern) Europe are racists (I am using the term racism in its purest sense here). In the UK immigration the ones who are the most racist are actually those with Indian ethnicty, they treat us (third world citizens, including the Indian Indians of course) with a "discrimination with taste". They take a pleasure of sending a Turk who speaks out (instead of being silently crashed by his arrogance) to an X-ray scanning for example. This, you can only understand by being a third world citizen, so you have every right not to believe a word of what I am saying here.
Posted by Chris Pawley, Wednesday, 2 March 2005 18:20 (link):
I prefer the second (hypothetical) American version. Its brevity and succinctness make it more honest. I like that. Tell it like it is. I get really annoyed when people with something negative to say (in warnings like that, corporations apologizing for crap service, or in the preamble government restrictions) dress up their admission with corporate-speak laced with NLP. "In our efforts to provide you with unparalleled customer service...yadadada...no service for 1 week...we hope you'll understand...NLP NLP". The manipulation of my mind is palpable. So here's to plain speaking.
Posted by Colin Teubner, Friday, 4 March 2005 14:29 (link):
I agree and on passing through Heathrow again yesterday I took another look at the sign. The first paragraph actually says:
This is a subtle shift of responsibility - "it's not our fault we have to grab your crotch to make sure your balls aren't made of plastic explosives, the government makes us do it." (Actually, to be fair, it was the Amsterdam airport staff that grabbed my balls - I didn't set off the metal detector at Heathrow even though I was wearing exactly the same amount of metal, i.e. belt buckle and shoes.)
Posted by Pete Stevens, Monday, 7 March 2005 16:40 (link):
One thing I find very odd is the difference in profiling between airport security and random citizens of other countries.
Having long hair, a beard, white skin and a reasonably non-descript accent I find that the majority of airport wish to search me, my luggage and other random strangers standing next to me for guns, bombs and other such stuff incase I wish to be a terrorist and blow up the plane.
When I arrive in $foreign_country I find millions of people attempt to sell me drugs, and yet no one has tried to sell me a rocket launcher, gun or other such device for nicking planes with.
Logically, I'd expect the customs staff to search me for drugs every time and the security personel to spend more time picking on the ethnic_minority of the week.
Post a new comment.
Comments copyright (c) contributors and available under a Creative Commons License. See also the comments policy.