Tuesday, November 18, 2008

WHTI WATCH: Mandated Biometrics & RFID

WHTI + RFID = Enhanced Driver's Licenses

Watch this 20/20 report on the dangers you may face in compliance with the Western Hemisphere Travel Initiative (WHTI).


Driving Your Liberties Away: Biometrics and “Enhanced” Drivers Licenses
Dissident Voice
by Christopher Parsons / November 15th, 2008

Privacy advocates across Canada have been struggling to prevent the Ontario provincial government from passing legislation that will see radio identifiers and biometric data inserted into future Ontarian drivers licenses. In spite of their efforts to raise the government’s awareness of the privacy dangers accompanying the proposed licenses, it appears as though their work may been in vain: Bill 85 is now in its final reading, and is widely expected to be passed on November 17th, or shortly thereafter, when the reading continues.

Ontario, and the rest of Canada, is being forced into including radio and biometric features in future drivers licenses by the United States government. As a consequence of the U.S. Western Hemisphere Travel Initiative (WHTI), all Canadians and Americans who cross into the U.S. at a land border with just a driver license will be required to present an Enhanced Drivers License (EDL) as of June 1, 2009. While the radio ‘feature’ is disturbing in its own right, insofar as it emits a unique identifier whenever brought into range of a reader, I want to focus on the biometric features of these cards, why they raise human rights and civil liberties concerns, and the risk of function creep associated with the biometric facets of EDLs.

WHTI-Mandated Biometrics

The EDLs that Canadians and Americans will need to enter the U.S. include a picture of a driver’s face that can be analyzed against an American-Canadian facial database. To enroll in the database, individuals must first have their images captured, after which the computer system converts the image to a biometric template that is stored in a shared American-Canadian database. Next, the biometric template is used to authenticate a person’s identity, ensuring that the biometric data that is provided recalls the precise template for the individual in question. Finally, and arguably the most concerning, the system performs an identification process, where the biometric data is compared to all of the records held in the database. This final stage allows for mass analysis of images in the database against incomplete facial templates, such as those derived from security cameras.

The WHTI-mandated biometrics are intended to guarantee the identity of individuals at the border while providing an extra level of difficulty in creating illegal identity documents. In theory, because these licenses crosscheck between the image provided, and the one entered into the government database, it is less likely that phony IDs can be used to cross the Canadian-American border. Beyond this security feature, the American and Canadian governments argue that placing these biometrics in identity documents will enable airports to process travelers more efficiently because of the redundancy in evaluating a person’s identity. The WHTI mandates are publicly stated as securing America while providing convenience to Americans and Canadians alike.

Current Issues with the Proposed Biometrics

Several issues arise when citizens provide their biometric information to central government agencies. To begin, there is the matter that biometric authentication relies on a statistical pattern recognition technology. We do not live in Jack Bauer’s nightmare world of 24, where computers accurately and easily identify faces against government databases; in the real world there is a likelihood that images will be misidentified. Such misidentifications can lead to an inability to move internationally, and given the ‘ease’ of removing oneself from the American and Canadian ‘no-fly’ lists it is likely that any immobility imposed by mistaken biometric associations will be long-term conditions. Inviting the possibility of such immobility is an affront to Canada’s commitment to the Universal Declaration of Human Rights, which mandates that “Everyone has the right to leave any country, including his own, and to return to his country” — the biometrics, as proposed, may deny Americans who have come to visit Canada from reentering their own nation, or prevent Canadians from enjoying their right of international movement. Regardless of America’s hesitance to sign the Declaration, Canada and her governments should attend to their obligations and resist the licensing changes on behalf of both Americans and Canadians.

In addition, there are concerns that the biometric proposals would fly in the face of privacy protections offered by Ontario’s Privacy and Information Commissioner, Dr. Ann Cavoukian. In her open letter to the Hon. D. Tsubouchi on April 5, 2001 she warned that, “…there must be no ability to compare biometric images from one data with biometric images from other databases or reproductions of the biometric not obtained from the individual.” Her caution was offered during a time that the Ontario government was considering issuing smart cards, and it still echoes today: people must be aware of all uses of their biometric data and consent to its use. In the case of Ontario, the government has been silent on the possibility of American authorities using the biometric information provided by the drivers license database for purposes beyond border screenings.

Finally, we live in a world where identity theft is becoming more sophisticated, more harmful, and more common. Were a person to successfully enroll in the biometric-program associated with the drivers license using another person’s identity, then the thief would have effectively stolen another person’s face for the purposes of computer-algorithm authentication. In a situation like this, how do we adjudicate when the correct person uses a license? The danger of ‘losing’ biometric information places innocent citizen at substantial risk of being accused of actions they are not responsible for. Research groups have demonstrated that there are substantial costs that follow from having one’s identity stolen, with costs reaching as high as thousands of dollars. How much will these costs skyrocket when biometric data is included in the information that thieves steal?

Function Creep

In the case of the American-mandated drivers licenses, there is a considerable worry of function creep that could ensue after they are distributed to the public. Interpol has recently announced that they want to begin using a facial recognition database to catch suspects by using a facial recognition system at borders, and various law enforcement agencies in Canada and the United States have similarly expressed an interest in this mode of discovering and identifying suspects. Imagine how much safer society might be; by using a massive government-sponsored facial database it would be far easier to identify dangerous elements in society!

While this might, initially, sound like a positive thing there are (at least) two associated dangers with this kind of function creep. First, any such use of the biometric data for these purposes would exceed the intent that the data was collected for — citizens should always be notified, and be required to give their consent, when their biometric data might be used for either private or public purposes. Second, and perhaps of even greater concern, biometric analyses are not wholly accurate. Accuracy rates plummet when less than ideal images are used in facial comparisons — the images taken from a security camera, for example, provide poor templates to search against the database. Searching the drivers license database with poor templates would risk implicating a great number of people as ‘suspects’ in a crime, based on poorly constructed computer-algorithms. The prospect of being a suspect on the basis of a computer foul-up is a less than heartening thought to the innocent.

Voltaire famously wrote, “It is better to risk saving a guilty man than condemn an innocent one.” We should heed his sound advice, and rethink the deployment of identity cards that will almost inevitably condemn the innocent to hardships in our governments’ incessant drives to ‘secure’ the societies that they govern from the guilty.

Christopher Parsons is a PhD student in the Department of Political Science at the University of Victoria researching ubiquitous digital surveillance, and is a member of the New Transparency Project. 

Read other articles by Christopher.
This article was posted on Saturday, November 15th, 2008 at 7:00am and is filed under Civil Liberties, Privacy, Science/Tech, Security

LIFE WITH WHTI : The U.K.'s bout with the surveillance state

If you don't think it can happen in a Westernized country?  Watch the lifestyles of "world citizens" living in the uber modern metro in London.  This does not have to be your life.


Monday, November 17, 2008

DIGEST: Cabinet Appointments, RFID News

RFID-based System Tracked Victims of Hurricanes Gustav, Ike

The state of Texas employed EPC Gen 2 tags, GPS and bar-coding to monitor the process of evacuating individuals—particular the elderly, sick or disabled—who lacked access to transportation during the storms.

Nov. 12, 2008—Living through a hurricane is a traumatic, emotionally taxing experience for anyone—especially those who lack the means to flee from its path. This became glaringly obvious as the world watched and read about the aftermath of Hurricanes Katrina and Rita in 2005. And it was one of the main drivers behind an emergency program spearheaded in 2006 by Texas Governor Rick Perry.

The system employs a combination of RFID, GPS and bar-code technology, and was designed to simplify and automate the evacuation process of elderly, sick, disabled or able-bodied individuals or families who have no access to transportation during an emergency (see An RFID Port in a Storm). This summer, the system was deployed to help the state's Division of Emergency Management evacuate 34,800 residents during Hurricanes Gustav and Ike.

Democrats Move Cautiously on DHS Appointment

Not since the Eisenhower Administration took over the Department of Defense or the Reagan Administration assumed leadership of the Department of Energy have the stewards of our nation's security . . . been wholly or mostly replaced for the first time," analysts David Heyman and James Jay Carafano wrote in a September report, "Homeland Security 3.0," that noted the turmoil, distraction and delay caused by repeated reorganizations since the department's creation in 2003.

Obama has vowed to appoint a national cyber adviser to report directly to the president, strengthen a White House privacy and civil liberties board, and allow about 60,000 Transportation Security Administration screeners to form a union, which President Bush stopped by issuing veto threats in 2002 and 2007.

Obama will be pressed to weigh in by March 1 on a business-led fight in Congress to kill or scale back E-Verify, an electronic system that DHS wants companies to use to confirm the validity of work documents submitted by new hires.

The department has invested heavily in big-ticket research projects -- such as developing a surveillance-based "virtual" fence to control the 2,000-mile-long U.S.-Mexico border, next-generation radiation detection and X-ray cargo screening equipment to be used at U.S. and foreign ports, and biological weapons detection systems to stand watch over U.S. cities. But the initiatives have yet to deliver on their promise, and DHS must decide whether to fork out billions more to continue or to deploy them.