Dave's Bit Bucket

Wednesday August 01, 2007

More National ID Card food for thought...

While an immovable appointment for yet another round of blood tests (I have Deep Vein Thrombosis in my legs - Don't Ask) annoyingly prevented me attending the DTI conference that Robin went to, I nonetheless had my mind expanded at the initial kick-off meeting of Intellect's Biometrics Working Group a couple of weeks ago last Thursday.

While I've been somewhat sceptical about the usability of biometrics for some time now, the session was well worth attending. As well as having representation and presentation from staff-who-must-remain-nameless at the Home Office, we were fortunate enough to have Professor John Daugman (whose principal claim to fame is the characterisation of the analysis and transforms needed to authenticate people by iris recognition) presenting on issues he has regarding the N-to-N biometric comparison which is required at biometric registration time. An N-to-N comparison is needed to ensure that a person can't turn up on one day with one set of papers and get an ID card, and turn up with the following day with a different set of papers, and get a second and different ID card.

Daugman has his head screwed on properly, and then some. While the paper he presented doesn't appear to have made it to the web yet, he calculates the number of biometric comparisons which need to be made at biometric enrolment time for the proposed UK National ID card to be - for a database of 45 million principals, ie the UK adult population - around 10^15 to ensure biometric non-duplication. 10^15. Ouch.

He cited the example of the UAE biometric database, which makes 14 billion comparisons daily - this is 1/5000th the size of what woud be needed for the UK National ID Card system.

Daugman is currently undecided-but-tending-to-sceptical about combining multiple biometrics; he is concerned that the accuracy will average rather than be additive. Naturally, he believes scaling this out will require new approaches to search; fuzzy rather than exhaustive searches and use of adaptive decision thresholds the reduce the risk of probability summation of False Match likelihoods. Using fuzzy search also potentially causes issues to arise when isolating weakly-differentiated but nonetheless different samples.

Of course, any check other than enrolment is a straightforward 1-to-1; a person presents a credential to an appropriate officer, the biometric on the credential (or stored in some database) is checked against the individual's stored biometric as mapped to their credential, and the match between the ID and the biometric is either accepted (at which point, the credential's presenter is validated) or rejected (at which point, the presenter of the credential is subject to whatever due process of law). Still, the inability to eliminate the single N-to-N comparison required, makes enrolment very big hill to climb.

While I haven't yet listened to the episode of "File on Four" which Robin has posted about here, I'd expect it to be worthwhile...

(2007-08-01 04:06:50.0) Permalink Comments [1]