Kojo explores how design encouraged the historic mental health hospital's mission.
In India, a massive new biometric identification program links information from an individual’s irises and fingerpints to a unique ID number. Other countries use ID cards with smart chips to authenticate identities. Here in the United States, immigration reform is raising questions about what a new U.S. identification system might look like. Tech Tuesday samples electronic and biometric ID from around the world and explores what could work here.
- Chris Calabrese Legislative Counsel for Privacy Issues, ACLU
- Anil Jain Professor of Computer Science and Engineering, Michigan State University
- Neville Pattinson Vice President for Government Affairs, Gemalto, Inc.
- Alan Gelb Senior Fellow, Center for Global Development
MR. KOJO NNAMDIFrom WAMU 88.5 at American University in Washington, welcome to "The Kojo Nnamdi Show," connecting your neighborhood with the world. It's Tech Tuesday. With the introduction of a new immigration reform bill last week, the question of how to verify people's identity is on the table again. Some say it's time to replace the paper Social Security card with something electronic, a card with a chip in it or a system that uses biometric data from a photo to a fingerprint.
MR. KOJO NNAMDIAs the debate intensifies, lawmakers can look outside our borders for examples of both. India has launched a massive biometric ID program that relies on fingerprint and iris scans. The three-year-old system already has more than 200 million Indians enrolled, and a number of European countries have a national identity card with a chip that contains a digital photo and other personal information.
MR. KOJO NNAMDISupporters say these high-tech systems are more secure and well-suited to the global world we live in, but civil libertarians are nervous about identity theft when the key to your profile is a fingerprint that you can't replace. This Tech Tuesday, we'll explore electronic and biometric identification systems and see what the U.S. can learn from other parts of the world. Joining us to discuss this in studio is Neville Pattinson, vice president of government affairs with Gemalto, Inc. Neville Pattinson, thank you so much for joining us.
MR. NEVILLE PATTINSONThank you, Kojo. A pleasure to be here.
NNAMDICould you give me the correct pronunciation of your company's name?
NNAMDIGemalto, Inc. Also in studio with us is Alan Gelb. He is a senior fellow with the Center for Global Development. Alan Gelb, thank you for joining us.
MR. ALAN GELBThank you, Kojo. Great to be with you.
NNAMDIAnd Chris Calabrese is legislative counsel for privacy-related issues with the American Civil Liberties Union. Chris Calabrese, good to have you aboard.
MR. CHRIS CALABRESEThanks for having me.
NNAMDIAnil Jain is a professor of computer science and engineering at Michigan State University. He joins us from studios at the university. Anil Jain, thank you for joining us.
PROF. ANIL JAINThank you for having me.
NNAMDIAnd I'll start with you, Anil. The -- you consulted on India's ambitious new biometric identification system. It uses fingerprint and iris scans to authenticate a person's identity. How does someone enroll and receive a unique ID number tied to his or her fingerprints?
JAINSo basically any person, any resident of India who wants an identity number -- it's a 12-digit number -- can go to one of the enrollment stations, provide his or her 10 fingerprints and two iris images. The -- that data is then sent to the central server where it is matched with all the biometric data of previous enrollees who have been issued a number to basically to determine whether this person already has been issued a number.
JAINSo this process is called de-duplication, and this ensures that a person has one and only one set of 12-digit number. After this verification, in about two weeks, the person is mailed that 12-digital number.
NNAMDIThere's no ID card involved in that system. Any agency or business that needs to verify people's identity has a fingerprint scanner. How does that work?
JAINSo basically, yes, you're right. There is no ID card, physical ID card involved. Now, let's say income tax department decides that every income tax payee must provide this number. Then, in order to prove that this person who's presenting the 12-digit number is indeed the owner of that number, the income tax department may decide to use either one finger or two fingerprints or one iris or a combination of one iris or one finger to verify the -- that identity of that person.
JAINThey will not most likely use all 10 fingers and two irises at the verification stage because that's too expensive, and it may take too much time to do this verification involving multiple attributes.
NNAMDIIn case you'd like to join this conversation on electronic and biometric ID, you can call us at 800-433-8850. Do you like the idea of scanning your fingerprint to prove your identity? 800-433-8850. You can send us a tweet, @kojoshow, email to email@example.com, or you can go to our website, kojoshow.org, and join the conversation there.
NNAMDIAlan Gelb, India's biometric ID program is getting a lot of attention, but other countries have been using electronic and biometric identification for years. How did your native South Africa use these technologies to pay pensions?
GELBWell, South Africa has been using this technology to pay pensions since the early 1990s, and the way in which it was used was with ATMs linked to fingerprint readers. And they mounted these on little trucks and sent them around the rural areas. It was one way of getting money out where people didn't have bank accounts and where there wasn't coverage. So people had a card with their fingerprints. They insert it into a reader, and they match the person against the card. And they continue to use this, although now they've been shifting over towards bank-based payments.
NNAMDIThe technology can be used even in very remote, very underdeveloped areas. How did the Democratic Republic of Congo use biometric ID to pay young men there after the militias were disbanded?
GELBWell, this is a very interesting case, Kojo. The -- when the militias were disbanded, young men come in, and they turn in their guns. And then the question is: What do they do? And most programs give them a small stipend maybe once a month for a year in order to reintegrate them back into civilian life. Now, these people, they may not be literate. There are no tribes. How do you know who they are, and how do you pay them?
GELBAnd what they did in that case is they used iris scanning, and when each person came in and was demobilized, they scanned their eyes and used that to either give them a smart card or some other mechanism of payment. And in some cases, they also used ATMs linked to iris scanners so people could simply roll up without even a card and get paid on time. So even in very remote conditions, this technology has been used.
NNAMDINeville Pattinson, here in the United States, we already have some major identification systems that use cards with electronic chips. Talk about federal government workers IDs and about passports. How do they work?
PATTINSONVery good, Kojo. The Department of Defense planned this back in 2001 when they issued the common access card, which is the first federal identity cards that included a smart chip. That was driven by the need to aggregate many different individual cards that they were then issuing their various folks then decided it's time that we put a list together, to put it on a chip, on a card, and that card is now 13 years later doing very well in terms of integrating into both the getting into buildings with physical access and also into their computers.
PATTINSONThat's now requirement that as they get into a computer, they must put a smart card in, enter a PIN code, and that chip and that PIN code ensures that this is the correct user accessing that facility. Passports were introduced back in about 2006 with a chip in the back. And that's actually an international program. The U.S. passport included that from around about 2006 moving to the present day and continuing.
PATTINSONThat chip in the back includes everything that's printed on the data page of the passport, including the photograph, and there are international standards for that to be able to be read. And there are a lot of privacy and security features in that passport to stop it from being read, other than by a legitimate border station.
NNAMDIIf the U.S. adopted a national ID card with an electronic chip, how would it work?
PATTINSONWell, I'm not sure we're ready for an national ID card in the United States.
NNAMDIWell, that's a whole another...
NNAMDI...civil liberties -- another discussion. But how would it work if we did have it?
PATTINSONWell, I can certainly have many -- 30 years of tried and trusted secured smart card technology used around the world and many programs, some of which you discussed. That chip can ensure that only the correct user can use that card at any point of service. So you can protect that with PIN codes. You can protect that with biometrics.
PATTINSONThose biometrics could be matched internally into the smart card on the spot, not requiring it to go online to remote databases. So you can perform a very strong bond, what we call two-fact authentication, something you have the card and that you are the person to prove that you are indeed the person applying for this particular service or benefit.
NNAMDI800-433-8850. How do you feel about an ID card with a chip in it that stores your photo and other information? Give us a call, 800-433-8850. Chris Calabrese, a bipartisan group of eight senators introduced an immigration reform bill last week that would expand the existing E-Verify system and possibly require a photo as part of each person's data file. How does E-Verify work?
CALABRESEWell, E-Verify is in essence a giant list of everyone in the United States who's worked authorized. So, you know, and that -- you have to -- when an employer wants to check to see if they can hire a worker, they would check against this Internet-enabled system, E-Verify, and if your name came up with a photo, you would be work authorized, and you could be approved for work.
CALABRESEYou know, I think it's troubling and one of the things that the ACLU is worried about is for the first time we're talking about putting everyone's photograph in the system. So in essence, we have a giant list of everyone's name, photograph linked to a Social Security number, and we could easily see that changing from not just a permission to work list.
CALABRESEIn other words, you have to be right in E-Verify in order to work, but something that could replace identification checks in all kinds of areas. And you could literally have an Internet identification check that would keep a record of where you are, what you've done the identification check for and potentially such as like a terrorist watch list, no-fly list, even deny you use of certain benefits if you weren't right in the system.
NNAMDIThe way the E-Verify system works now, it is my understanding, it matches prospective hires to a database of Social Security numbers and other data. But it's also my understanding that it can be foiled at times if someone happens to be in the country illegally give a stolen name, a date of birth or a fake or stolen Social Security number.
CALABRESEThat's exactly right, and that's one of the things that the biometric is supposed to combat. It's supposed to have an employer be able to say, well, you know, you don't match the picture in E-Verify. And, you know, it may have some efficacy in doing that, though we question how much. We think that many employers' business models are in essence based on hiring undocumented workers.
CALABRESEIn other words, they are aware that they're doing this. It's not that the system has failed. It's the people using it who chose not to use it correctly. So we wonder in fact that if you have a system where, say, 95 percent of employers use E-Verify and use it correctly, those 5 percent who don't are likely to be the noncompliant employers, anyway. And because of that, the system will have in essence failed even though it has 95 percent compliance.
NNAMDIYou also have concerns about basing an identification system on something like fingerprints that really can't be changed even if someone lifts your fingerprints from a surface that you've touched and essentially steals your identity. What are the dangers of biometric ID?
CALABRESEWell, I think that's a very good question, and we have a lot of experts who can talk about that as well. I mean, in some ways, it boils down to how valuable it is. In other words, what am I trying to secure with this identifier? If the fingerprint just gets me authentication and maybe a small monetary benefit, say, if I'm an Indian worker, it's one thing. There may not be a lot of, you know, reason for someone to go and break that system. However, if it's securing my bank account, if it's got thousands of dollars behind it, there's going to be a reason for a thief...
CALABRESEThere's going to be motivation -- that's right, Kojo -- for an identity thief, for a criminal to figure out how to lift those fingerprints, how to steal that and how to misuse it.
NNAMDII think that's the concern that Tim in Washington, D.C., has. Tim, you're on the air. Go ahead, please.
TIMHi, Kojo. One of my biggest concerns with this -- you mentioned two-factor authentication where you have something you have and something you are. I really think that for securing this sort of thing, especially bank accounts, you also need something that you know. At the moment, we have two-factor authentication with a debit card or an ATM card and a PIN number, which is something you have and something you know.
TIMIf you combine that with the biometrics, you increase the level of security, but at the same time, you open up a whole new vector for people to get into a system, which is a major concern for me because we have this tried-and-tested system that we can respond to breaches in. But if we have a breach in biometrics, we don't yet have a system for responding to that.
NNAMDIWell, I'll start with Anil Jain. How would you respond to Tim?
JAINYeah. So I think it's -- we must understand that there is no fool-proof security system. We have a current system of using two-factor authentication ID card and password. We know that there a lot of fraud associated with it, whether it is bank transactions or federal tax filing or whatever. But the point is they tend to absorb this cost as a cost of doing business.
JAINAnd I -- in my opinion, biometrics offers a new opportunity, which we should not be just thinking in terms of, well, what happens if somebody steals your biometrics? Yes, that is a concern. But there is technology being designed to address that issue. And having a multifactor authentication with biometrics is suddenly more secure than having just the traditional system of cards and PIN numbers.
NNAMDIAlan Gelb, how important it is, as Tim wants to point out, that it should also include something we know?
GELBI think that for some kinds of transactions, particularly financial transactions, it makes a lot of sense. And for high-value transactions, you might want to combine something you know and something you have. So some banks, for example, have a PIN number, which has to be presented in connection with a little book. So you have the little book, you have a number on the little book and you insert the PIN, so you have to have the book and the PIN.
GELBAnd there are also some systems now where experimental ones where the biometric is linked to the device that it's being registered on. So one knows, for example, which reader it comes from. So I think these are all very useful in terms of combinations. But I would say one thing that the peculiarity of the biometric as an identifier is that it's the only one which you can really use to prove uniqueness. And that's what makes it particularly important for things like national programs. We want to make sure nobody has more than one ID.
NNAMDIGot to take a short break. When we come back, we'll continue this conversation on Tech Tuesday on electronic and biometric ID. If you have called, stay on the line. We will get to your call. Thank you for your call, Tim. The number is 800-433-8850. Would you support an electronic identification card that indicates whether people can legally work in this country? You can also shoot us an email to firstname.lastname@example.org or send us a tweet, @kojoshow. I'm Kojo Nnamdi.
NNAMDIIt's Tech Tuesday. How do you feel about an ID card with a chip in it that stores your photo and other information? Give us a call, 800-433-8850. We're talking with Neville Pattinson. He is vice president for government affairs with Gemalto, Incorporated. Alan Gelb is senior fellow with the Center for Global Development. Chris Calabrese is legislative counsel for privacy-related issues with the American Civil Liberties Union.
NNAMDIAnd Anil Jain is professor of computer science and engineering at Michigan State University. He joins us from studios at the university. Neville, there is concern in the U.S. about creating a huge database of personal information about immigrants and all citizens. How would smart chip information be stored?
PATTINSONWell, first of all, I don't think we want to make it a large database. I think that's against our constitutional position. Connecting databases is perhaps more appropriate, certainly, that's E-Verifies the position to use the Social Security database, the databases that DHS hold on, permanent residents, as well as then reaching out to passport databases and driver's license databases potentially to get these photographs.
PATTINSONWhat we will do on smart chips is we'd have the minimum amount of information contained in the chip that allowed you to prove that you are who you say you are, so your name, birthday, Social Security number.
PATTINSONIf we talk about the Social Security card, which I think is really where I see the upgrade needed in protecting people's identity, if we put the minimal amount of information in there, no biometrics, no photograph in the card, just name, date of birth, Social Security number, then that can be used in conjunction with a PIN code, something you know, to plug in to E-Verify to prove that you have the right card and the right PIN as an individual to request employment verification.
PATTINSONAdding the (unintelligible) you are, the biometric is extremely expensive and very costly, and we'd be asking, you know, 300 million Americans to biometrically enroll, which I think has a very odious potential. I think we can get enough for the needs for E-Verify with putting a chip and pin, as we call it, that's -- by the way, that's coming to markets here soon in the bank world.
PATTINSONYou'll have chips and pins on your bank cards very soon, very similar scheme where you have the minimum amount of information on the card, purely forth indicating you for requesting employment verification. It would be locked to that system. It couldn't work with anything else.
NNAMDIThis question, first for you and then for Chris, how does smart chip technology transmit personal information in a encrypted format, and is it possible to hack that system and steal someone's information?
PATTINSONThe -- whether we provide smart card technologies, that every card is unique, it cannot be cloned and copied. It's very secure. We've got a billion SIM cards in phones today using that as -- over 2 billion bank cards using them. We would ensure that the cryptographic information which is a way of ensuring that we know which card started the message, and that message could only be sent to the back-end system for the same instance maybe E-Verify. But only E-Verify could decrypt and decode that information.
PATTINSONSo we could make sure that all of the information in transit, the name, et cetera, would never be able to be intercepted in between the card and the system that it was designed for.
CALABRESEWell, it's tricky. I mean, I agree it's possible to create an encrypted system. But you're also talking about something that's a very large system. And I think, to me, it raises at least two potential security concerns, one is accessing personal information contained in the back-end database. It's not necessarily through the chip but simply to the fact that you've connected all these systems together. And if you don't do that appropriately and with all the security protocols, you may be exposing personal information.
CALABRESEThe other thing that we don't talk about a lot is -- but we see a lot is what I would call the crooked insider problem. There are people on the insides of these systems who want to compromise them. They may do that for money. I mean, you see it sort of routinely in driver's licenses where people will sell driver's license, you know, essentially an authentic fake driver's license because they can be used to work. They're very valuable.
CALABRESEYou know, those crooked insiders can compromise even the best security protocols in the system. Finally, you know, E-Verify has additional recordkeeping requirements. It's not just what happens with the system, it's also the employer has to keep more records. They have to keep system information, and that information has to be kept securely. So it's not just the communication between the chip and the database, it's a whole system, and there's a lot of points of weakness.
NNAMDIHere is Kate in Reston, Va. Kate, you're on the air. Go ahead, please.
KATEHi. Good afternoon. I'm calling basically about the -- how useful it is for biometrics to be used in real-life applications in the workplace. I'm an intern from Australia. And I'm now a naturalized U.S. citizen, and I own a small business in Reston. And a lot of my clients are people who are trying to obtain loans and investments, sometimes upwards of $100 million. And a lot of times, I've come across people who falsify their information when they're coming in from other countries to do business in the U.S.
KATEAnd also from people who are born in the U.S. and try to conduct business here and just going between state lines between Virginia, Maryland and D.C., there's really a disconnect between the (unintelligible) in place in different states and what we're able to obtain. So I found that it kind of does create already huge gaps in security in terms of financial records. And many landlords and lenders and individuals get taken advantage of. Like, in the D.C. area alone, there are over 74,000 law enforcement agencies that has some sort of jurisdiction just because of how centralized it is in D.C.
KATESo I think biometrics is critical especially if you can just scan it in -- scan in a fingerprint or retina scan instead of having to carry around a card because that is specific to you. And the pros really outweigh the cons, I think, in terms of being able to prevent such large amounts of fraud.
NNAMDIAlan Gelb, what do you say?
GELBWell, this is really interesting. A while ago, there was a test in Malawi where farmers who receive the agricultural credit from the banks were fingerprinted. There was a control group that wasn't, and then there was a group that was. And what they found was that the group that was fingerprinted had substantially higher repayment rates than the group that was not fingerprinted, and that they changed their behavior.
GELBThey borrowed more cautiously. They put in more of their own money. They planted more. And so it seems that knowing that the system has a record of you, that if you don't pay, when you go back at some point, you can never walk away from it easily, does have an effect on behavior. So this was an interesting observation.
NNAMDIKate, thank you very much for your call. This is an observation that makes me squirm just to think about it, but we got it in the form of an email from Constance in Silver Spring, Chris Calabrese, so I feel compelled to read it, "Last summer, my identity was stolen when a woman with a fake I.D. and the confederate inside the bank looted my bank account.
NNAMDI"But I would not be happy with an identity system based on fingerprints. Why? Because fingers are easily removed by a criminal with a sharp knife. Criminals are willing to shoot victims at ATM machines who won't use their ATM cards to withdraw money. What makes anyone think they won't cut off fingers or even cut out eyes to get access to the cash?" Chris.
CALABRESEWell, that is a genuinely terrifying prospect, you know, and I also worry in sort of a slightly less dramatic form about if, you know, we're leaving our fingerprints everywhere. We leave them on glasses. We leave them on every -- essentially everything we touch. You know, I don't think that fingerprints have reached the sort of level of value, and they're not used alone so that we haven't sort of developed the incentive, the motivation we talked about earlier to figure out a way to essentially copy that fingerprint and use it as part of a criminal activity.
CALABRESEBut, you know, I think that it's the trick with this, right? There is no single solution. There is simply, how much risk are you willing to accept and how much do you need to build into the system? So I think that biometrics is a tool. It's got to be used appropriately, and its limitations have to be recognized.
JAINKojo, can I add something to this?
NNAMDIYes. Please, Anil.
JAINOK. So there are two issues which were mentioned. One is about a fake fingerprint where you can cut off somebody's finger or lift it from a surface and then make a silicon gel or something out of that. Well, there are (word?) fingerprint detection test which are available, and they work reasonably well. They're not perfect. So there is this capability.
JAINThe second thing is that there is a touch-less fingerprint systems which are emerging. In fact, in Japan, for example, they have a touch-less palm vein system. It's quite popular for ATM and financial transactions for two reasons. First of all, there's always this connotation of criminality associated with fingerprints. And the second thing is for hygienic consideration. It's always better to sell a system where the person is not touching a surface.
JAINSo as Christopher pointed out, the choice of the biometric trait, which you want to use in the system, depends on the application. In any system at the national level where you want to link against the large government databases, then you have to use fingerprints, and that was the motivation for using the fingerprints in the U.S. visit program.
NNAMDIWell, Anil, allow me to discuss a more everyday occurrence in a biometric ID system verifying someone's identification requires a scanner. What happens if the power goes out which often does happen in some parts of India and occasionally here in the Washington area during adverse weather conditions?
JAINThat's a very good question. I mean, the -- that's true with any electronic system -- electronic doors and so on, even based on the current technology of smart card readers and so on. So that means we need to have -- we need to ensure that there's a backup power supply and there's a backup method for verifying individuals.
JAINBut that could also be a weak link in the system because a perpetrator may purposely scratch the fingerprint surface so that nobody can use it, and now people are waiting in line to be verified. So I think with any security system, there are some downside and one needs to be prepared and not accept biometrics as offering a fool-proof solution.
JAINI think the point...
NNAMDIGo ahead, please.
JAIN...the point here is that biometrics offers an additional security which is little bit more sound and more fool-proof than your traditional ID cards and passwords.
NNAMDISpeaking of that old boy scout motto, be prepared, Alan Gelb. Electronic verification doesn't work well in places with generally poor telecommunications. How does Bolivia's banking system deal with its biometric ATM cards?
GELBIn Bolivia and in quite a few other countries, some of the banks -- Nepal is another example -- some of the banks have been using biometrics, smart cards, biometric ATMs and their connectivity has been a problem. And so, for example, in Bolivia, the system they used was a largely offline system where the ATMs communicated once a day.
GELBSo it limited the transactions that you could do but there wasn't the full communications. If you're complete the offline, of course, then you have to do something else. You have to have information in the card, and there you get into the South African system of remote ATMs and smart cards. So there are different ways.
GELBDifferent countries have done this in different ways. I would say one thing about the power, though, there have been some very innovative programs in developing countries. In Nigeria, for example, an electronic system of health clinics -- health clinic monitoring is powered by solar. So you've got a combination of solar power and match-on-card, and it works without mainline power.
NNAMDIOn to the telephones again. Here is Barry in Baltimore, Md. Barry, your turn.
BARRYGood afternoon. I was at the doctor's recently -- a new doctor -- and they requested my Social Security number on the form that you fill out. And when I refused, they pretty much refused to give me treatment because they said it was a requirement. Now, of course, I know that it's not our requirement, but it's just their rules. And the supermarket, when I go to buy ice cream, they want a code or a number to give me the discount.
BARRYMy concern is that once it's out there, entrepreneurs as well as other folks will piggyback on that information and say, give me your card because it's our requirement. And if you don't give that card then you're denied services. So with any of these systems, I just don't have any guarantee that we're not on just a slippery slope to have the national ID card.
NNAMDII thought you were raising another kind of question. You seem to be raising the question that these cards will invariably lead to a national ID card, or are you concerned about the card being compromised by people who work with retailers or government agencies?
BARRYBoth. I think that eventually, if we were to have such cards, not only what the credit cards company start to use them but the police or the law enforcement agencies would start tracking you with them.
NNAMDIWhat are the protection we might have against that, Chris Calabrese?
CALABRESEWell, I was just going to say before we get to the protections, I think he's really identified the overarching theme which, I think, we should worry about, and that's are we moving to a permission society? In other words, all these things I used to be able to do as an American sort of as my right, now I've got to be OK with the government system before I can do it. E-Verify is the first example. I've got to be right on the E-Verify list before I can work.
CALABRESESo you worry that you move into sort of a permission-based system where you've got to, you know, comply, you've got to give your fingerprint. In terms of controls, I mean, you can limit how the system is used. You can give people the ability to, you know, get due process and contest it if they think there's some inaccuracy in the system that's keeping them from working. You can explicitly give them the ability to opt out and have another way to go about doing this.
CALABRESEAll of these are ways that you can build protections into the system. Ultimately, I think, there is a real concern, though. In the words of "Field of Dreams," if you build it, they will come. And if you build this system, it's going to be very attractive to a lot of people for a lot of uses, and we may see those uses growing, and people may not always be comfortable with that.
NNAMDIWell, in the bigger picture, Neville Pattinson, part of this system is going to be built by private companies such as your own, Gemalto Inc. Is there a danger in having a major identification program that depends on electronics made by private companies? Would that give them too much control?
PATTINSONI think there's a lot of government standardization. It takes place in any of these processes. And for that, there's then full competitive supply. Our company and many others compete for any identification process. So we all work with open standards, and we all compete fairly. So there's no one company ever going to have control, and we will be working in the bounds of public specifications.
PATTINSONSo I don't think there's really any -- your concern that industry will have any too much control. We're here to help provide the appropriate technology, the appropriate identification capabilities for the various programs that are being used. We've talked quite a bit about various programs around the world, in -- but in -- recently, we did a rollout for eight million people. We biometrically enrolled them for voter registration, the duplication going on.
PATTINSONAnd so I'm proving that we have, you know, every individual citizen and not more than one per vote. So that was done very quickly in a three-month process. It helped to have very good controlled elections. So there are appropriate times when biometrics is the right thing to use for an individual. There's appropriate times when it's not. You know, if biometrics do get compromised, then what do you do?
PATTINSONYou know, as an individual, you've now had your finger compromised. So we have to look at what is the appropriate use of all these factors: something you have, something you are, something you know. Those combinations are always different for each different application that's being discussed. I would say that, also, in our experience, it's better to have one card, one purpose. So like we're saying for the -- upgrading the Social Security card, it would only be for E-Verify.
PATTINSONIt wouldn't creep -- it wouldn't be able to creep into other directions. If we needed another code -- card for voting or for Medicare, that would be a separate card, like we have today. We have a passport today. We have a driver's license. We have them for different purposes. So rather than have one card that has all of these in and it's linked to a biometric, I think that's not the right direction to go.
PATTINSONWe need to look at separating the identity that you present for the particular service and keep it that way rather than having multifunction, which obviously is appropriate for other countries. But I think for our society, we need to be aware that we need to keep people's privacy at a paramount and protect their identity.
NNAMDII can't exactly recall where I read it, Alan Gelb, and -- but it's passing to my head right now that there was a fiasco of sorts in an election -- I think it was in East Africa, either Kenya or Uganda -- involving biometric IDs, was there not?
GELBYeah. Yes. There was a fiasco in Kenya...
GELB...recently, yeah, a dismal failure. Actually, the record on elections is very mixed using this technology. And in our work, we've noted that quite often the stress, the time stress under the pressure of elections, the technology -- people trying to implement it very quickly, there isn't proper planning -- the procurement is often very badly done. And so it's a mixed record.
GELBIn Kenya, it seems that part of the problem was down to something as simple as not remembering to plug the readers in to charge the batteries. And, you know, for an election, of course, you don't have time to fix mistakes when you have mistakes. Pretty mixed record in an election: sometimes good, sometimes not.
NNAMDIThe Kenya election probably still being contested as we speak. We're going to take a short break. When we come back, we'll continue our Tech Tuesday conversation on electronic and biometric ID and take your calls at 800-433-8850. Do you like the idea of scanning your fingerprint to prove your identity? You can also send email to email@example.com or send us a tweet, @kojoshow. I'm Kojo Nnamdi.
NNAMDIWelcome back. It's Tech Tuesday, and we're discussing electronic and biometric ID. We're talking with Chris Calabrese. He's legislative counsel for privacy-related issues with the American Civil Liberties Union. Anil Jain is a professor of computer science and engineering at Michigan State University. Neville Pattinson is vice president, government affairs, with Gemalto, Inc.
NNAMDIAnd Alan Gelb is a senior fellow at the Center for Global Development. We're taking your calls at 800-433-8850. Anil, the target in India is to enroll half the country's population in the biometric identity program. This sounds like an expensive program with the cost of training people to collect and handle the data and the cost of buying these scanners, is it?
JAINYes, it is an expensive operation given the -- India's budget, but I think a commitment has been made. And one of the things which has happened as a result of this large-scale deployment in India is that the cost of the hardware and the services which the vendors provide has gone down drastically, some say by in order of magnitude. So, for example, iris scanners would have cost it close to a few thousand dollars before India's UID program, and now they are less than $1,000.
JAINSo the other thing which has happened is that, initially, the India's program is focusing on underprivileged class, people who have no form of identification. So they are setting up -- instead of setting up a huge infrastructure for data collection, they're using the schools and other public buildings on the weekends to run camps to collect the data. And so they have managed to reduce the cost.
JAINI think the challenge which is coming now for India is that to -- is to use the biometrics for applications. Right now, the agencies have the mission to provide a number and then certify that this number is unique to that individual. We have to wait and see how the authentication application at point of service will work.
NNAMDICare to comment on that, Alan?
GELBYeah. I think the cost of the UID program works out to between two and $3 a head for -- per person. So, of course, with India's population, that's still a fair amount of money. But India's system of subsidies is about $60 billion a year. So the calculation is that if improving the identification system can help to rationalize subsidy so that people don't get cheap products and then sell part of them on the black market but you change that to a direct transfer, then you can recoup the cost of the identification program quite quickly.
NNAMDIAnil, what's the longevity of biometric data? Do our fingerprints or iris prints changed as we age?
JAINWell, in the case of fingerprints, the ridge pattern does not change. Of course, with the occupational issues, if you are doing lot of manual work, you're a brick layer or using lot of chemicals, the ridge pattern may fade over time or -- so -- but the pattern itself is the same as we are born with. In the case of iris, there has not been that much longitudinal study done. There had been some studies done covering a period of only a few years, and that study is rather mixed. And so we cannot really say if the iris pattern is unique.
JAINOf course, some people will claim it is unique. The face, which is the third sort of popular biometric, that has definitely a problem in terms of aging. I mean, we encounter individuals who we have met 10 years ago and then we see them again 10 years later and their facial characteristics have changed. And the current automatic face recognition technology does not work as well as the time gap between the enrolled face image and the face image that the point of verification if the time difference is very large.
NNAMDIHere is Susan in Columbia, Md. Susan, you're on the air. Go ahead, please.
SUSANHi, Kojo. I love your show. I have constantly wondered why we have not, in our society, been able to simplify our forms of purchase. I mean, whenever I go into a store, I'm looking for a card, I mean, a Safeway card, a library card, you know, the list doesn't end. And I'm constantly thinking, wouldn't it be nice to be able to simplify my life?
SUSANSo -- I mean, I understand that other person's comment about, you know, the fear of having somebody steal your eyeball or cut your finger off but, you know, like the other gentleman said about we are leaving our fingerprints everywhere, I, for one, would love my life simplified by being able to use my fingerprint and not through any cards.
NNAMDIWell, Susan, there is this email from Carol, and I'm going to ask Chris Calabrese to respond. Carol writes, "I just caught a few minutes of your show. I'm sure -- if you already discussed the scientists that were fired for copying fingerprints to falsify work hours for their colleagues, fingerprints are therefore not foolproof.
NNAMDI"Securing documents for government agencies is part of what my company does. We offer a finger vein reader as a biometric authentication device as every person's finger veins are unique and because they are within the body, cannot be replicated." Chris Calabrese, what do you say to that?
CALABRESEWell, I mean, I won't speak to the techno question of whether they can be replicated. In my experience, we're often talking about ones and zeros at the end of the day. So if I know what the underlying the number is, I may find a way to tweak the system, if you will. But to respond to the caller's question about simplification, it's a very fair question. I mean, I would like my life to be easier as well. I will simply note though that when you create a single point of access, you also create a single point of failure.
CALABRESESo if you centralized everything on a fingerprint and then someone finds a way to break that system in some way, maybe they bribe someone on the inside to replace a copy of your fingerprint with the copy of their fingerprint, if you have nothing else, if you have not other identification system, imagine how difficult it will be to recover from that identity theft. So it's just sort of -- you're balancing things when you think about this stuff.
JAINIf I could add some...
NNAMDIYes, I thought you would.
JAINAbout the technology side. So finger vein and palm vein, which I mentioned earlier, are good for one-to-one matching or verification. That -- if you claim who you are and then you provide your fingerprint or palm vein and it will be match to the claimed person's fingerprint or palm vein in the database. But finger vein and palm vein have not been used for large-scale deduplication. And the only biometric traits which have been used for such purposes are fingerprint and iris as demonstrated in India's new ID system.
JAINThe second quick point I would like to make is that reason we are having this discussion about biometrics is because the current form of identification based on credentials is not working very well. I mean, they know instances of Social Security fraud, identity theft and so on. So any time you bring in a new technology, there are always some issues about what could potentially go wrong, but that should not stop us from adapting the biometric technology in applications where it will serve its use and provide what is, in business terms, return on investment.
NNAMDISusan, thank you very much for your call. Neville, American credit card still use a magnetic strip with each cardholder's identifying information. You mentioned that over the next two years, those strips will be replaced with a smart chip in the card. Talk about some other potential uses for electronic identification cards. You've said smart cards could help reduce Medicare fraud. How?
PATTINSONIndeed. We currently have Medicare with plastic cards with the Social Security number printed on the cards. We hear reports about the $60-billion-a-year fraud by applicants basically putting in fraudulent applications with no services ever rendered. By issuing an upgraded Medicare card to patients, they could now have a card -- again, maybe with a PIN code. I'm not really speaking of biometrics necessarily with that -- that they could plug their card and put their PIN code in to prove that they were the current holder of the card.
PATTINSONAnd then in conjunction with the provider who is giving the Medicare services, they would also have a card that would be plugged in and they would PIN code or indeed biometric maybe appropriate for them so that we could match that biometric on the card. So we now have like a two-key transaction, like you have a safety deposit box with two keys. The patient key is going to be there. The provider key is going to be there.
PATTINSONProviding the PIN code from the patient and the fingerprint from the provider, we can then show this person really did receive these services from this provider and then transmit there up to Medicare. Rather than today, open loop, as long as you know your Social Security number, you can head off and start making the transaction. So that upgraded Medicare card would not have any number on the card.
NNAMDIAlan Gelb, looking to the future for us, how many people around the world will eventually be part of some sort of electronic identification system, maybe even one that uses DNA?
GELBSo far in developing countries, the cases that we've looked at cover over a billion people, and this number is increasing very fast. I think that within two or three years, maybe, say, five years, that number will certainly double. So maybe not everybody, but I think most people in the world are going to be covered by some form of identity in many cases that will use biometrics in the next 10 years.
NNAMDIChris Calabrese, this looks like it's going to mean a lot more work for you and the American Civil Liberties Union over the next few years.
CALABRESEOh, well, hopefully it won't be a full employment package 'cause we've got other things to do. You know, we have to control the system. We have to control and make sure it's not used for purposes it shouldn't be used for, make sure that there is due process protections. But at the end of the day, we have to sort of recognize that it's up to each of us to decide that we don't want a society where the government decides whether we can work or travel. And that's up to us.
NNAMDIChris Calabrese, Alan Gelb, Neville Pattinson and Anil Jain, thank you all for joining us. And thank you all for listening. I'm Kojo Nnamdi.
Most Recent Shows
Kojo explores how D.C.'s main library fits into the city's strategy for caring for the homeless, and how patrons are reacting to the closure.
Kojo explores what Etete's new look and menu says about changing expectations in U Street corridor.
The arrival of the Trump administration may add new stipulations to who wins the $2 billion FBI headquarters deal.