Experts review UK government biometric work

The UK’s Biometric Assurance Group has published its annual report, setting out the group’s examination of the UK Government’s work on biometrics during 2007, focusing particularly on the work underway to deliver the National Identity Scheme.

The purpose of the Biometrics Assurance Group (BAG) is to provide a degree of oversight and review of the biometric elements of Government programmes. It will also offer advice and additional assurance that they are making effective use of the technology.

The report notes that UK’s Identity and Passport Service (IPS) is at the forefront of the application of these new methods of identification. In addition to the proposed National Identity Scheme which will record people’s biometrics before issuing them with identity cards, IPS also plans to record fingerprint biometrics as part of the passport application process, building on the introduction of e-Passports in 2006 and enhancing security.

The Government is also using biometrics in other applications:

• The UK Border Agency operates the Iris Recognition Immigration System (IRIS) at some UK airports which provides a fast, secure and convenient way for foreign and returning UK travellers to enter the UK.

• The fingerprints of asylum seekers are recorded when they register for an Application Registration Card (ARC).

• UKvisas record visa applicants’ fingerprints, to help check whether they have been refused a visa in the past or have previously applied under a different name, or whether they have previously applied for asylum.

Below are the key recommendations made by the BAG during 2007, with the response to each recommendation from IPS.

BAG recommended that proper attention be paid to the privacy/consent issue across the National Identity Scheme, BAG considered that the issue was not fully addressed by the publication of the Strategic Action Plan and that the public needed to be better informed over this, and that a consent diagram should be built into the architecture.

IPS accepts the merits of this recommendation. A presentation dealt with the Identity Cards Act which covered the governance of the confidence threshold required for provision of information for the verification of biometrics which would rest with the NIS Commissioner and would be probability based. Security vulnerabilities need to be identified and as IPS goes through the design phase of equipment these will be picked up.

BAG recommended that Iris should be included in the testing for the following reasons:

• The potential for iris biometric technology to mature and become more useful.

• As a fall back for those unable to enrol fingerprint biometrics.

IPS accepts that iris biometric technology has potential but is not inclined to mandate its testing during the current procurement as it is unlikely to be used for Scheme launch or immediately thereafter.

BAG recommended that research & development funding be used for investigation of the exception handling issues raised in the RNIB report and similar areas.

IPS agrees that appropriate research into exception handling is beneficial and has funded trials which investigated the enrolment of people with characteristics that may make biometric enrolment challenging. IPS considered the research programme developed by the Usability and Performance Working Group and suggested that the programme be refocused to deliver on a timescale consistent with the procurement of the National Identity Scheme. It also suggested that consideration be given to a larger dataset to increase the applicability of the results to large scale deployments.

BAG recommended that care should be taken to ensure data is handled in accordance with the Data Protection Act. IPS should ensure that suppliers comply with the Act and this should be emphasised in the procurement.

IPS agreed to this recommendation.

BAG recommended that the current rules on data sharing and the Identity Cards Act should be referenced in the requirements.

IPS agreed with the importance to the success of the Scheme of proper rules on data sharing, data governance and adherence to these rules. Suppliers’ understanding of these form part of the procurement evaluation.

BAG recommended access controls for request handling should be more secure than username and password.

IPS agreed that access to sensitive data must be robustly controlled to protect privacy and maintain trust in the Scheme. The technical details of the access control solution which will be used have not yet been resolved.

BAG recommended that the results of facial recognition tests should be shared, as widely as possible, taking into consideration security and commercial concerns.

IPS agreed with the BAG on the benefits to the Scheme and to those working on facial recognition technology of using the results from the facial recognition tests and will explore how this can be done while ensuring privacy of the test subjects.

BAG recommended that the procurement strategy ensure the interoperability of subsystems.

IPS stated that compliance with standards will be part of the evaluation criteria for the procurement of the scheme. Adherence to standards will enable the interoperability of subsystems.

BAG recommended all chips supplied should have an indelible number on them to prevent cloning.

All chips come with a unique serial number in the chip; however this will not specifically be used to prevent cloning. IPS’s policy is to manage the risk of cloning by adhering to the EU Extended Access Control (EAC) standard.

BAG recommended that IPS provide suppliers with copies of reports from trials undertaken by IPS at an appropriate stage in the procurement process.

IPS agrees that sharing details from reports would be beneficial where the results are relevant to a particular procurement and can be expected to improve the value that IPS receives from its suppliers.

Source: Security Document World June 2008

June 23, 2008

Read more about Biometric Industry Events and Conferences.

Read more about Biometric Industry Useful Links.

Read more about Biometric Technologies:

Fingerprint, Iris Recognition, Hand & Finger, Facial Recognition, Voice/Speaker, Consultants, Smart Cards/Multimodal, Signature/Keystroke, 2D Barcodes, Sensors, Middleware/Software, Vascular Pattern Recognition

Read more about Biometric Applications:

Physical Access Control, Logical Access Control, Justice/Law Enforcement, Time and Attendance, Border Control/Airports, HIPAA, Financial/Transactional, Integrators/Resellers, Safes, Door Locks, Other


June 23, 2008



 

back
RSS News Feed
RSS Biometrics Industry Events

Showcases
Fingerprint
Iris Recognition
Hand & Finger
Facial Recognition
Voice/Speaker
Consultants
Smart Cards/Multimodal
Signature/Keystroke
2D Barcodes
Sensors
Middleware/Software
Vascular Pattern Recognition

Applications



Site Search



Sponsor Links

BIO-key
 BIO-key develops and licenses advanced biometric finger identification technologies that are cost effective, scalable and easy to deploy.

Identica Corp.
Is the exclusive provider of the Techsphere Hand Vascular Pattern Recognition biometric solution in the USA, Canada, Mexico and the Caribbean Islands.

ZK Software
 ZKSoftware Inc. is a leading OEM/ODM manufacturer offering Fingerprint Time & Attendance and Access Control, Fingerprint Door Locks and IT products.

Ceelox
Ceelox is a developer and marketer of biometric authentication and biometric file security software products.

Hitachi
Hitachi is a pioneer and recognized world leader in developing vein pattern biometrics systems.


Guides

What are "Biometrics"?
Biometrics Glossary
How Well Do Biometrics Work?
Identification vs Verification


Articles & Research

US VISIT Fact Sheet
The Anatomy Lesson
Smile: You're On Scan Camera
Privacy - Friend or Foe?
New Opportunities for Biometrics
Let Me In!
Archived Q & A's
Videos & Product Demos



Biometrics Events | Biometrics Links | Biometrics Press Releases
Biometrics Feature Articles | Biometrics Company Q&A's | Biometrics Product Videos/Demos
About Us | Contact Us | Advertising Info | Privacy Policy | Terms of Use