Registered user login:

It could happen again

Becky Hogge

Published 29 November 2007

Biometrics are definitely not the answer to the HMRC debacle.

How many civil servants does it take to post half the nation's data to the darknet? This was the question on many people's lips after the National Audit Office published emails implicating senior officials at HM Revenue and Customs in the release of 25 million confidential records. That HMRC's CD blunder might not have been simply the work of one misguided 23-year-old exposed the first of what will no doubt be many attempted cover-ups of Whitehall's, and Westminster's, cavalier attitude to Britain's privacy.

For technologists, the most chilling development since HMRC's data debacle has been ministers' attempts to use it as an excuse to push for the roll-out of biometrics as a means to "secure" identity. The logic, one imagines, is that spoofing someone's fingerprints is much harder than typing a stolen National Insurance number into a computer. But the facts tell a different story. As biometric experts wrote to the Commons joint committee on human rights on 26 November, the government holds "a fairy-tale view of the capabilities of [biometric] technology".

Biometrics have in fact performed poorly even in low-scale trials in this country, and have a generally poor performance across mass populations. The elderly, the disabled and some ethnic minorities have particular problems being enrolled and, thereafter, being identified using biometric schemes. Biometrics are demonstrably forgeable, and systems have already been shown to allow compromise by spoofing.

Beyond the science, what is important to realise about the biometric myth is that it would not have stopped something like what happened in HMRC from happening again. In each of the mega-databases that have become synonymous with the rule of new Labour - the children's database ContactPoint, the National DNA database and the NHS data spine - the government has already discounted the possibility of insider compromise of the type witnessed at HMRC in system design.

There is no reason why the National Identity Register will be designed any differently, and once the NIR has been breached, the government cannot issue you with new fingers and eyes. Such a breach would make Alistair Darling's House of Commons announcement last month look like the stuff of a good news day.

So how do you design a system that is safe from insider breach? Well, if you want to aggregate data about the population centrally, then the short answer is, "You don't." As Professor Ross Anderson, the UK's leading computer security expert, explained on BBC2's Newsnight: "If you take 50 million medical records and make them available to 300,000 people there's no way you can create procedures that will protect that. It's too valuable an asset to which too many people have access."

As William Heath at the Ideal Government blog put it - think how valuable one complete bank record is to identity fraudsters on the black market (between £15 and £200), and now multiply that by 50 million. The temptation to pilfer the data is irresistible.

The government has ignored this expert and fairly simple advice for years. Why? Because it doesn't fit in with its plans. HMRC is a long-awaited wake-up call.

Post this article to

  • Digg
  • del.icio.us
  • newsvine
  • Reddit

3 comments from readers

ceelox
29 November 2007 at 15:23

Apparently people don't know anything about the biometric technology that is being used. The old technology was AFIS. Yes you could lift a finger and make a jel blah blah blah.

It don't work that way anymore. It is a swipe technology that takes the different points (minutia) from the finger. It turns those into a mathematical formula that is Hashed and Encrypted. So let’s say we could break the encryption… Which by the way you can’t. Then you get this mathematical string that really means nothing. But let’s say you could reverse engineer it…. All you would get is several points that are related to a finger. It is not going to tell you what kind of minutia points they are. Such as ridges, islands etc. It is just going to tell you there are points. Now just for the hell of it. Let’s say you could find some way to match that info and come up with the partial finger print. You say the finger is now useless. I say you’re wrong. You can change how many points a system pics up and you can swipe your finger in a different way. Remember we are not taking all the info from the finger.

The biggest problem that is occurring is the fact that people are ignorant to the technology. They see a show like myth busters and make a stupid comment when they have not done the research. The fact is I can break your password. I don’t have to use a dictionary attack I can use a brute force attack a cryptanalysis attack or even a rainbow attack. If you have a password that is less than 10 characters, I have a password cracker that will run more than a billion passwords in a day.

Unfortunately the hardest thing to do is to educate people on how technology works because they have to relearn what they thought they knew.

johnweston
30 November 2007 at 15:03

Even if Biometrics worked perfectly, that would not stop the dangers of centralized databases in control of civil servants. An insider could easily manipulate the database to add or remove entries in it, swap your records for someone else's, so that you could be, for example, shown as a criminal when you are not. Every time you are fingerprinted or your card is swiped, your record will falsely say that you did something that you did not, or that you own something that you do not, etc etc. This has nothing to do with your fingerprints, or the biometric part working perfectly and it is a distinction that is lost on Parliamentarians as the majority of them are computer illiterates (for example, Annette Brooke MP talks about 'all children’s data should be encrypted' in the case of ContactPoint, demonstrating her complete lack of understanding of the fundamental principles of how computers, data and databases work). Put simply, the integrity of the database is separate from the system's ability to correctly match you to your fingerprints.

This submission to Select Committee on Merits of Statutory Instruments Twenty-Seventh Report: http://tinyurl.com/29rk7k by a PHD sums up the dangers in the case of ContactPoint nicely. The fact of the matter is there is no way to 'protect data' in the same way that you cannot have dry water.

There are ways in which government can use cryptography to create more secure passports that completely eliminate the need for a central database, but fundamentally this is about your ownership of your life and your data, and your right to protect yourself from harm. Putting these databases together in the way what the government has planned is the worst possible 'solution' to the 'problem' and what is even worse, is that they are planning to share your data with governments throughout the EU.

Project Semaphore is being planned right now; it is s project to ensure seamless access to your personal and private details by any EU government. This means, essentially, that you can multiply chances of data leaks through 'points of escape' by the number of staff who have database access in each of these countries where the personal data of all UK citizens will be mirrored.

Just when you thought it couldn't get worse.

The police understand very well how these systems can be abused; this is why in Scotland there is a revolt amongst officers (http://irdial.com/blogdial/?p=886) being compelled to have their DNA taken and stored in the national DNA register. Very telling.

David Moss
30 November 2007 at 17:27

The objectives of the National Identity Scheme (NIS) include checking that people are entitled to certain benefits.

Are you entitled to work in the UK legally? An employer considering whether or not to recruit you will need to check that right, via the NIS. That's the idea, at least.

Similarly, are you entitled to non-emergency state healthcare? Your GP will need to check. Are your children entitled to state education? Schools and universities will need to check.

The stakes are high if your ID card cannot easily be used to verify your identity. If there is a problem with your card, you have a serious problem.

The technology described by ceelox above is, indeed, the fingerprinting technology which it is proposed to use in the NIS -- a glorified photocopy of your finger.

Something may have struck some of the less uneducated readers. It is nothing like what we normally imagine fingerprinting to be.

Normal/traditional fingerprinting involves a police expert, ink and so-called rolled prints. That technology has existed for about a century, it is accepted worldwide, it is admissible as evidence in British courts and it is taken seriously -- when that poor Scottish policewoman was wrongly accused of perjury, fingerprint experts were flown in from all over the world to contribute their expert opinion to the case.

The flat print technology described by ceelox, by contrast, is newish, quick, clean, cheap, requires no police expert and spectacularly unreliable.

This is for the less uneducated again, of course, but if you look at the results from the UKPS biometrics enrolment trial*, you will find that between 19 and 20% of participants were told that they were not themselves. The flat print technology falsely determined that they did not match their own registered print.

With a failure rate like that, no expert witness is going to bother to cross the world to give evidence. Flat prints anyway are not admissible as evidence in British courts. You can see why.

One objection to the NIS among many is, thus, that about 20% of people are going to find it not easier but harder to prove who they are and thus to work and to enjoy the benefits of health and education. Rather a serious objection, I would have thought, one that the Identity and Passport Service have known about ever since the 2004 trials and one which they refuse to discuss. Keep your head in the sand and perhaps the problem will go away. They're not very educated.

* http://dematerialisedid.com/PDFs/UKPSBiometrics_Enrolment_Tr...

Post your comment

Please note: you will need to login or register before your comment is displayed on the website

You may enter up to 2000 characters (about 300-350 words)

Characters left:

We want to encourage people to comment on our content and to exchange views with other readers and hope this will be done on a courteous basis. However, if you encounter posts which are offensive please let us know by emailing comments@newstatesman.co.uk and we will take swift action where necessary.

Subscribe

This week's New Statesman

Archive

Access 9 years
of the New Statesman

About the writer

Becky Hogge

Formerly technology director of award-winning current affairs website openDemocracy.net, Becky Hogge is Executive Director of the Open Rights Group, a grassroots digital civil liberties campaigning organisation.

Also by Becky Hogge

More in privacy

Facebook for snoopers

  • By Becky Hogge
  • 11 September

Pioneer spirits

  • By Becky Hogge
  • 04 September

Another way to fight Big Brother

  • By Becky Hogge
  • 28 August

The devil in the detail

  • By Becky Hogge
  • 10 July

See all in privacy

Read More

Vote!

Should Darling have been bolder with the 45% tax rate?