Comments on: This Will Be Interesting

By: The Remittance MAn

The Remittance MAn — Thu, 06 Mar 2008 16:53:09 +0000

RM didn’t say he’d like that level of security, he just noted that for the concept to work, that’s what might be necessary.

There is one thing I did forget to mention: Here at the mine it usually takes two days for a simple swipe card ID to be issued – that’s the time it takes for the system to process some fairly basic data. We only have two thousand employees and they are a fairly stable workforce. I wonder how long a system needed to process many thousands more contractor employees some arriving to do a few days work some for longer would take to process a significantly higher amount of data.

By: David Gillies

David Gillies — Thu, 06 Mar 2008 14:24:52 +0000

I don’t think, even if physical security were as stringent as RM would like, that a biometric scheme of this magnitude is practicable. It’s in the nature of Bayesian statistics for low individual error rates and scarce incidence of the thing you are testing for to cause lopsided errors. The two error conditions we are worried about in a biometric system are false negatives and false positives. A false negative is the case when someone who should be granted access is denied it. A false positive is when someone who should be denied access is granted it. In the one case it means someone who should be allowed on-site to be detained while his bona-fides are being checked. In the other case it means Abu bin Nasty being allowed in, where he can get up to mischief.

Let’s say 1 in 100,000 people attempting to gain access to the site is a terrorist. Let us assume that the a priori probability of error (both kinds) is 1%, so that 99 times out of a hundred if a person is in the database, he will match, and 1% of the time that he is not in the database he will also match. What is the probability that if someone matches, he is a terrorist?

Using Bayes’ theorem:

M means match i.e. access granted
probability of being a terrorist P(T) = 0.00001
probability of being a worker i.e. not being a terrorist = P(W) = 99999/100000
probability of giving a false match P(M|T) = 0.01
probability of giving a true match P(M|W) = 0.99
probability of a match regardless of other information P(M) = P(M|T)P(T) + P(M|W)P(W) = 0.98999

probability that, given a match, the person is a terrorist P(T|M) = ((P(M|T)P(T))/P(M) = ~ 10^-7

So far so good. Only one in ten million times does a bad guy get in by accident (until you consider that if there are 100,000 users of this system over some period of time, this might not be adequate).

But, what is the probability that someone who is denied access is in fact a worker who should be allowed in?

D = no match i.e. denied
Again, P(T) = 10^-5
P(W) = 99999/100000
P(D|T) = 0.99
P(D|W) = 0.01
P(D) = P(D|T)P(T) + P(D|W)P(W) = 0.0100098

P(W|D) = ((P(D|W)P(W))/P(D) = 0.999011

i.e in the case where access is denied, 99.9% of the time it will be denied to a legitimate user, and only 0.0989% to a terrorist.

The scope for hold-ups and bypassing of the system that this might entail can only be imagined.

By: The Remittance Man

The Remittance Man — Thu, 06 Mar 2008 06:21:33 +0000

I’m somewhat more intrigued as to how they are going to enforce this. Taking the place where I work as an example; we have a large area to secure and there is a strong legal requirment to keep the perimeter secure and intruder proof (on account of the explosives, big kit etc). yet we still find holes in the fence and occasionally find the odd civilian or his cows wandering ariound inside the fence. Short of laying minefields or building Berlin Wall II there’s not a lot we can do. We certainly can’t make the place airtight.

Now consider the olympic site. Spread over a much larger area(s) with many more entrances and constant changes of perimeters, activities, people and kit. I can’t even begin to comprehend the scale of the nightmare whoever will become responsible for implementing this is about to face.

And that’s before one adds the world’s greatest guarrantor of clusterf**kery, Her Majesty’s Government.

The system is doomed.

Fortunately news of its failings will leak out and it will be yet another nail in the coffin of the proposed National ID Database.

By: dearieme

dearieme — Wed, 05 Mar 2008 18:51:35 +0000

They’re building workers, for God’s sake. Just photograph their bum cleavage.

By: Kay Tie

Kay Tie — Wed, 05 Mar 2008 13:31:56 +0000

Wikipedia should be dinged for having a URL with an apostrophe in it. At least we should be grateful that it’s not a grocer’s apostrophe.

By: Kay Tie

Kay Tie — Wed, 05 Mar 2008 13:30:29 +0000

“With reference to Kay Tie’s concerns about DNA, the worrying aspect for me is that DNA identification is completely out of the competence of the ordinary person.”

Yes, it’s true. It’s sometimes outside the competence of the prosecution and defence. In fact, it’s so common to misunderstand the meaning of DNA matches that there’s a term for it: the Prosecutor’s Fallacy.

http://en.wikipedia.org/wiki/Prosecutor's_fallacy

By: pj

pj — Wed, 05 Mar 2008 12:31:33 +0000

With reference to Kay Tie’s concerns about DNA, the worrying aspect for me is that DNA identification is completely out of the competence of the ordinary person.
With finger print evidence, its quite possible for a member of a jury to make an independent assessment of the validity of the evidence. Does the print of suspect ‘A’ look similar to the print on murder weapon ‘X’? The materials & the techniques used are easily comprehended & could even be reproduced in court given a stamp pad & a piece of paper.
With DNA the evidence can only be understood by a lab technician. It could just as easily prove that a bird crapped in both places. So what a jury has to decide is not the reliability of the evidence but the reliability of those providing the evidence.

By: pj

pj — Wed, 05 Mar 2008 12:09:35 +0000

It would be of great interest to know whether the workers being scanned are on piece rate or day rate.
If they’re being paid by the job there will be a great incentive to either get the system to work or bypass it. The incentive will be supplied by a load of hulking contractors in big boots standing around on their own time whilst security cowers in its hut quivering in terror.
Conversely, if they’re paid day rate, they’ll be 100,000 minds working on the problem of crashing the system ’cause there’s nothing better than standing around reading the paper whilst you’re being paid to do so.

By: Kay Tie

Kay Tie — Wed, 05 Mar 2008 10:23:18 +0000

“Image matching is tricky. You have to deal with the image not being an exact match, not placed in the same location. And in the case of this database, you’ve got to match it against potentially 100,000 records?”

I assume palm prints are more accurate than fingerprints, but nevertheless, I bet it’s not great. The chances of false match go up exponentially with database size.

It’s all daft, really. What they need is not identification, but verification: carry an RFID token that makes the claim to an ID, and use palm prints to verify against the claimed ID (stored on the RFID with a suitable digital signature, if you like). That’s easy because there’s no issue with false matches (it’s a simple yes/no determination).

By: Kay Tie

Kay Tie — Wed, 05 Mar 2008 10:19:01 +0000

” I wonder what assurances, and concerns as per the DNA database, there will be about these prints being added to the police records?”

I’m much less worried about it than DNA. The issues aren’t much different to fingerprints, and the police have been keeping those since the 19th century. The problem I have with DNA is that it is easily subject to accidental and deliberate contamination, and that DNA potentially gives away all kinds of information the State shouldn’t have access to.

By: Tim Almond

Tim Almond — Wed, 05 Mar 2008 10:10:41 +0000

Has anyone done this before?

I’ve had a read around and the police are working with handprint matching system, but the key thing there is that it doesn’t have to be done too quickly. With something like ID systems, you want to be getting people through within a few seconds.

Image matching is tricky. You have to deal with the image not being an exact match, not placed in the same location. And in the case of this database, you’ve got to match it against potentially 100,000 records?

By: ORAC

ORAC — Wed, 05 Mar 2008 10:08:55 +0000

I see the police have had a national palm print database for 2 years. I wonder what assurances, and concerns as per the DNA database, there will be about these prints being added to the police records?

http://www.silicon.com/publicsector/0,3800010403,39157511,00.htm

By: Kay Tie

Kay Tie — Wed, 05 Mar 2008 09:32:10 +0000

“I suspect that it will be an expensive disaster”

Builders often don’t have fingerprints (they wear off because of the handing of bricks etc.) and so palm prints are being proposed. But it will still be a disaster because it combines Government and IT.

Even if it works, it won’t prove the ID card system will work: that uses fingerprints.