[Dave Birch] I was in a meeting recently, the context is not relevant, where some of the Consult Hyperion team were helping a customer to develop a roadmap that included in a future transition to biometrics, and a discussion began about whether biometrics in certain kinds of mass market systems are about security or convenience (I'm convinced that they are about convenience, but that's another discussion) and, if they are about security, whether existing biometrics are "secure enough". "Secure enough", though, is a complicated assertion -- I'm glad to say, otherwise our risk analysis business wouldn't be around for long -- and this reminded about about a story from the Gulf about a woman who had been deported and then re-entered because her biometrics didn't match the ones of hers on the "already been deported" register.

Although there were glitches in the system when it started, “for the past three or four years, we have not heard of a single case of someone getting around this”, the representative said.

[From Iris scan fails to stop returning deportee - The National Newspaper]

But this is illogical, isn't it? If there were glitches in the system that allowed people to get through, then the bad guys would learn about this pretty quickly. People who are getting through on forged passports and not being recognised by the iris-recognition system are not going to report the system's failure. So how would anyone know? It's only when a failure comes to light through some other route that the failure is "logged". So while the system is apparently working perfectly, in reality it isn't. Let's hope that a more detailed investigation in the UAE reveals that this woman's irises were not scanned on re-entry or it will be back to drawing board for many people.

As readers will know, I like the idea of a "gold standard" biometric database, comprising iris, face and finger biometrics, to ensure the uniqueness of identity numbers (and that's all). Adding biometrics to any identity system isn't a "magic bullet", but having a system that is founded on guaranteed uniqueness achieved through the use of biometrics might just be.

banking and finance, ID cards, retail, smart cards

But what is the problem that the magic bullet will take care of? Back in the days of the UK ID card, I think it was something to do with video rental, but there are a variety of culturally-specific use cases. Here's a great one!

Beggars often change their names to hoodwink anti-begging teams by posing as first-time offenders. They will not be able to do so any more, for the Delhi government has installed biometric machines at beggar homes to check repeat offenders and maintain a dossier of each arrested beggar.

[From Biometric machines installed at beggar homes - Delhi - City - The Times of India]

I expect this is the sort of thing we will be needing in the UK fairly soon! If they can afford to do it in Delhi to catch miscreant beggars, can't we afford to install it to catch miscreant dole scroungers, VAT carousel fraudsters and tax evaders?

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]