May 27 2007 by The Systemic Analyst.

Face and fingerprint matching gear worth millions left unused

By: Nestor E. Arellano

Originally Published on ITWorldCanada.com

Reports that face and fingerprint matching scanners are being left unused by U.S. frontier guards prove biometric technology is not appropriate for securing high-traffic environments according to a Canadian security analyst.

American officials acted rashly in deploying biometric technology right after the 9/11 attack, and Canadians are in danger of taking the same route said Alicia Wanless, director of the Walsingham Institute, an independent Toronto-based security think-tank.

“Implementation of biometrics at border crossings was reactionary at best,” said Wanless.

Shortly after the attack on the World Trade Centre in New York on Sept. 11, 2001, the American government went into high gear commissioning security equipment for the country’s entry points.

Biometric-based systems were touted as a sophisticated means of thwarting illegal entry into the U.S.

Biometric authentication uses technology to measure physical characteristics of a person’s face, fingers, hands, eyes or voice as a means of confirming identity.

A recent newswire report, however, revealed biometric scanners deployed at the U.S.-Mexican border are almost never used, because to do so would generate a huge backup in an area known for traffic jams that last for hours.

The report said the U.S. government spent “tens of millions of dollars” on issuing some 9.1 million visa cards to Mexican visitors that were embedded with the holder’s photo and fingerprint, but only about two per cent of the card holders are subjected to biometric screening.

The “laser visas” have an optical memory stripe that contains the personal identification information, a digitized photo and two fingerprints of the holder.

Cardholders crossing the border may be asked to press their finger against a lens and pose for a photo, while border inspectors swipe the visa through a machine to call up the holder’s personal data and photo.

The photo and fingerprints are automatically checked against a watch list for terrorist and criminals. The process takes approximately 30 seconds per person.

Members of Congress who voted for the system in 1996 said the original intention was to use biometric screening for all entrants, according to the report.

Wanless said the deployment was done without adequate planning, and the negative press the U.S. government is getting over the implementation is giving biometric technology a “bad name.”

However, she said the technology is good, if used in the right way.

According to the security expert, devices currently available are designed for scanning only a limited number of people and not the volumes normally encountered at border crossings or airports.

Ideally, biometric scanners should be employed in offices and government buildings.

“Authorities are using biometrics as they would a border guard – to determine a person’s identity based on the documents he or she carries and information the system has in its database.”

Canada, Wanless said, is deploying similar systems aimed at speeding security checks.

More than 5,000 people have signed up for the Nexus Air Card, which allows quick access to U.S.-bound flights through the Vancouver International Airport. The joint project of the U.S.-Canada immigration departments, employ cards that contain a digitized image of the holder’s eye.

A kiosk-based machine scans the person’s iris and matches it with what is contained in the database.

The iris scan is stored jointly by U.S. and Canadian authorities. The service is open to American and Canadian citizens with at least three years of permanent residency.

Toronto’s Lester B. Pearson International Airport has signed an agreement with a New York-based company to operate a registered traveler program in the airport. The project, also known as the Clear Card program, has yet to be approved by Transport Canada.

The card holds fingerprint and iris scan images, but the concept is similar to that of the Nexus program. The card was developed by Verified Identity Pass Inc.

Most biometric authentication methods, however, are flawed according to Wanless. “These fast-track kiosks and scanners run the risk of creating security breaches themselves.”

For instance, she said facial recognition devices are notorious for high error rates since the technology is not yet at a level where it is able to give accurate readings.

Most operators are also not adequately trained to handle situations arising from false positive scans, she added.

The two biggest drawbacks of biometric devices, according to Wanless, are the “fluid nature of identity” and the technology’s “failure to detect intent.”

She said there are a multitude of ways available for a determined person to create or obtain false personal information and documents.

The information can be easily slipped into government databases to thwart biometric scanning devices. “The ability to authenticate identity to an irrefutable degree is non-existent.”

Despite years of development, technology can not determine a person’s intentions, according to Wanless. “A machine can’t tell you if a person passing through airport security intends to blow up a building two weeks from now.”

“We still need properly trained border guards and security personnel who can detect subtle hints in body movements or speech that might betray possible harmful intent.”

Instead of spending millions of dollars in biometrics, Wanless advices that governments give more attention to improving border guard training, upgrade databases, as well as enhance information gathering and sharing.

Posted in In The News, Identity Management, Biometrics, North America | No Comments »

May 3 2007 by The Systemic Analyst.

By Hans G. Bathija

Computer based threats to national security are relatively new. As late as the 1980’s they were the stuff of science fiction.

Such a scenario was played out on celluloid in 1983’s “WarGames”, where Matthew Broderick’s character, David Lightman manages to hack into the United States’ DoD’s main computer system via a simple telephone connection in search of computer games to play. Once connected, David manages to start a game called Global Thermonuclear War. Unfortunately for David, the DoD computer carries on the game without him and ends up convincing DoD personnel that WWIII is underway.

At the time the movie was made, the World Wide Web was yet to be made available to the public, and even the term cyberspace was yet to be coined (first used one year later in William Gibson’s 1984 cyberpunk novel, “Neuromancer”). WarGames arguably gave us the first realistic and modern portrayal of cyber-warfare on screen (albeit in a more innocent fashion!), and highlights the importance of protecting computer systems from unauthorized access, and the extent to which the military relies on such systems for decision making and strategic planning.

Today, we are all too well aware of the advantages and dangers of cyberspace. The blockbuster release of “The Matrix: Reloaded” shows how far cyberspace and cybernetics have penetrated mainstream consciousness.

So what is cyber-warfare? Is it the disruption of military communications system by jamming devices? Is it a disruption of traffic lights, hydro grids, cash dispensing machines, and satellite broadcasts? Is it the planting of false and misleading information in networked databases? Or is it the distribution of computer viruses, which either disrupt the flow of data or corrupt the data itself? Increasingly, military powers worldwide are formulating cyber-warfare strategies to deal with these risks; as well as more specifically to utilize advanced technologies to limit troop deployment and troop loss (part of “the Rumsfeld Doctrine”), to disrupt an enemy’s infrastructure and battlefield operations and to deter and counteract an attack on their own infrastructure and battlefield operations.

The difficulty military planners are having is both in defining cyber-warfare strategies as separate from normal infrastructure protection strategies and in distinguishing cyber-warfare from information warfare.

In the case of the latter, this traditionally has encompassed propaganda, psy-ops and deception operations; communications designed to deter, confuse or mislead the enemy. When you combine these traditional tactics with our modern reliance on Internet technologies, distributed cybernetic systems, the increased speed in information delivery, the increased volume and detail of information available and the panoply of means to access and disseminate information, information warfare has to be given prominence as a military strategy in the 21st century.

This type of warfare has had a direct result on the decline in battlefield intensity since WWI. Body counts have declined substantially since then, as is evident in the relatively low loss of life experienced in the recent US-Iraq conflict. The ability of American forces to locate and isolate Iraqi civilians, troops and installations and to attack with increased precision, speed and distance, resulted in limited troop and civilian losses and contained the conflict to well defined areas.

Information warfare has played and continues to play an increasing role in military operations and plays a prominent role in Rumsfeld’s notion of transformation (the overriding use of technology rather than superior numbers).

Cyber tactics play an important role within the realm of information warfare. However, what distinguishes cyber-warfare from other types of warfare is where the battlefield takes place and the weapons deployed, cyberspace.

Each of these were initially funded and developed by the US military for both offensive and defensive uses. In 1944, the US Navy introduced the first Electronic computer, the “Harvard Mark I”. This was developed to calculate ballistic firing tables, and eventually resulted in the creation of ENIAC in 1946, recognized as the first Universal Electronic computer. ENIAC, in addition to calculating ballistic trajectories, was used to test hydrogen bomb theories. In 1969, the forerunner to the Internet, and cyberspace, was created. “ARPAnet” was created by the “Advanced Research Projects Agency” (created as result of the Soviet Union’s launch of Sputnik in 1957 to ensure the US remains a leader in military science and technology) to act as a command and control centre impervious to nuclear attack. In order to protect sensitive information and the networked path by which information flowed from person to person, computers were located in diverse geographical locations and connected to one another via a common communications protocol (what we now know as TCP/IP). ARPANet utilized packet switching technology to move information securely between computers, contained in a secured network. This networking technology soon evolved into what we now know as the Internet. The Internet and subsequently the World Wide Web have allowed humans via computers and networked devices to interconnect with each other free of geographical constraints and boundaries. Individuals now dream of living a virtual and logical existence free of physical constraints, and in many cases maintain societal connectedness in a virtual context. We have reached a point where modern governments and societies rely on networked technologies, both in an economic sense and in a military sense; thus, they have become vulnerable to attack, not just by competing symmetrical enemies, but also by asymmetrical foes that wish to engage in cyber-terrorism. In the 21st century, with but a click of a mouse, entire economies can be devastated and entire battlefield communications can be disrupted.

Cyber-warfare and cyber-terrorism set forth interesting challenges for military planners. Military strategists must determine to what extent networking technologies will be funded and utilized within the forces (should uniforms be networked?) and the effectiveness of such technologies to deter or launch an attack. More emphasis must be placed on ensuring our armed forces are adequately trained in information and communication technologies and are equipped with equipment and strategies that are at least consistent and complementary with our allies and in keeping with our multilateral commitments. Previous, geographical constraints provided a clear framework for military planning, however, the proliferation of logical devices and the reliance on the Internet to facilitate communication provide countless logical vulnerabilities, in addition to physical ones, that enemies may wish to exploit. Canada can no longer feel safe from ‘invasion’. Our ‘modern’ dependence on technology has made us especially vulnerable to threats from teenage hackers, terrorists and even state espionage.

Mr. Hans G. Bathija is the managing director of Bathijatan, a strategy & risk consulting firm, is a member of the Royal Canadian Military Institute’s Defence Studies Committee and is a former director with the Royal Canadian Military Institute and the Couchiching Institute on Public Affairs.This article was originally published in Sitrep, vol 63 issue 7, October 2003. Republished here by permission.

Posted in Security Measures, North America | No Comments »