Notes on a 43-minute telephone conversation with Marek Rejman-Greene (MRG), head of the Biometrics Centre of Expertise at the Home Office Scientific Development Branch (HOSDB), Friday 29 May 2009.
Updated August 2009
He advised that it is best to approach the Identity & Passport Service (IPS) and the UK Border Agency (UKBA) for information. I made the point that it is because of the difficulty of getting any sensible response out of IPS that I approached HOSDB. MRG believes that there is a new director of communications at IPS and that may improve the situation.
MRG advised that the IPS and UKBA systems such as the National Identity Scheme (NIS) and eBorders need to be looked at in the round. It is not biometrics alone but the total system, including biographical information, that fixes a person's identity in the NIS. He advised that I should look again at the strategic action/business plans published by each organisation.
I made the point that politicians and civil service press releases have consistently claimed for years that it is specifically biometrics that distinguish the NIS and eBorders from all the other unreliable identification systems we already have. MRG could not comment on that. HOSDB make their recommendations, after that it is up to IPS and UKBA what they do with them, and he referred me back to their strategic action/business plans.
UKBA are conducting their trial of facial recognition at Manchester airport. Trials can demonstrate that the technology doesn't work. And yet UKBA have already promised to roll out the technology to 10 UK airports this year. That's not logical. They're prejudging the trial, I said. I should take that point up with UKBA, MRG said. (I have already taken it up with Sir David Normington, with the usual response. None*.)
There have been newspaper reports that the technology being used at Manchester airport can't tell the difference between Osama bin Laden and Winona Ryder. MRG couldn't comment on that.
We discussed the reliability of facial recognition and flat print fingerprints. MRG thinks that they are not as unreliable as I suggest in the January letters. My figures are old/out of date/behind the times he mentioned the advent of a "cascading" algorithm introduced into US-VISIT. And he adheres to the claim that the UKPS biometrics enrolment trial was not a trial of reliability, i.e. I am drawing my figures from the wrong source.
Those two points and others raise the question whether there is a large-scale trial of today's biometrics whose independently reviewed results demonstrate that they have become more reliable. A question which I pressed, and MRG duly came up with the NIST report on FRVT2006, which I defy anyone to be convinced by. Of course NIST have a good name, as MRG said, the problem is that they seem to diluting their good name, I said, when it comes to their reports on biometrics.
Pressed further, he said that there is reliable trial data available all over the web, particularly the data provided by biometrics system suppliers. That data is the problem, I pointed out, it is the claims made by suppliers and subsequently refuted by actual trials which got me and other people looking into the reliability of biometrics.
Pressed again, MRG came up with the example of UKBA collecting people's flat print fingerprints from all over the world for the purpose of visa applications. Those prints are being collected at the rate of two million a year, that is a large-scale trial, and they work hundreds of people have been discovered, thanks to the use of biometrics, to have made previous applications under different identities.
That evidence is not admissible in court, I said. MRG said he is not a lawyer and can't comment on that.
That evidence demonstrates that perhaps when flat prints match, they are reliable, I said, the problem is when they don't match. If the false non-match rate is around 20% (a figure MRG does not "recognise"), then 20% of ID cardholders will have trouble proving their right to work in the UK, if that depends on biometrics, as IPS suggest it will. Straight bat, MRG referred me back to UKBA, and then added something like "we hold the false non-match rate evidence internally but it can't be released because it would make it easier for people to evade detection".
I do not understand this point of his, he would not elaborate, he said nothing when I pointed out that that is not like the normal open way in which scientific data is treated and he referred me back to UKBA and IPS.