A meeting with the Home Office
A meeting was arranged to discuss the matter at the kind instigation of Lin Homer, Chief Executive, UK Border Agency (UKBA):
Karen Kyle (UK Border Agency)
The meeting took place at 2 Marsham St from 2-3 p.m. on Tuesday 23 February 2010 with Alex Lahood in the chair. The agenda was set by the annex to Ms Homer's letter dated 3 February 2010:
Item 1 was quickly disposed of. It took the Home Office some time to take advantage of the Interpol database of lost and stolen passports. It now transpires from Ms Homer's letter that UKBA have been making use of this facility for over a year. That seems eminently sensible and there was nothing to add at the meeting. Item 2 was even more quickly disposed of, the UK may or may not be able to start using SIS II from 2012, we shall see, there was nothing to add.
The meeting moved on to item 3.
UKBA issued a press release dated 23 November 2009 asserting that the installation at 10 UK airports of "smart gates", which rely on face recognition, increases the UK's security. According to me, given that biometrics based on facial geometry have a history of failure, UKBA's press release is misleading, our security is not increased.
The point was made that these (Portuguese) smart gates are only one component of the wider border security system, they successfully handle a lot of the more banausic work, and free UKBA staff to concentrate on the difficult cases.
That begs the question, is this technology reliable anough to handle the banausic work? Yes it is, according to the Home office team.
How reliable is it, I asked. That question can't be answered, for security reasons. If certain people knew that the failure rate is 5%, say, i.e. 1 in 20, then they would know that if they send 20 people, on average 1 of them will get through.
The point was also made that the installation of smart gates is only a trial. In that case, I said, they could be found not to work reliably enough and the trial could be abandoned as a failure. This suggestion was met with laughter.
Are UKBA and the Identity & Passport Service (IPS) using the same facial geometry system, I asked? Yes, said one person. No, said another. The Sagem algorithm is being used, said one person. The Cogent algorithm is being used, said another. The two algorithms comply with one standard, said a third person. Everything comes through the National Identity Register (NIR), said someone. The NIR doesn't exist yet, said someone else. We ended on the word "co-ordinated" the approach is co-ordinated, said someone.
Everyone can understand what UKBA are doing with biometric visas. What are IPS doing? That is, I asked, what is the point of the National Identity Service (NIS)? The point of the NIS is as stated in the literature, said someone.
But UKBA seem to be getting on with it, I said, they are registering millions of visa applicants every year, in the UK and abroad, and they have issued tens of thousands of biometric visas. How many ID cards have IPS issued?
People misunderstand, someone said, the NIR isn't a box with everyone's name in, it's a legal construct of the Identity Cards Act. It's a question of risk management, said someone, we have to be prepared for future applications which are currently unknown.
The House of Commons Science and Technology Committee recommended that IPS conduct field trials before choosing the biometrics for the NIS, I said, and that recommendation has been ignored. It's very difficult to conduct competitive trials, said someone, one supplier is likely to complain that another supplier is being favoured.
Since the matter was raised in Ms Homer's letter, at some point in the meeting while we were discussing face recognition, I noted the heartfelt apology I have issued to Mr James A Loudermilk II of the FBI.
At some point, the meeting moved on to item 4 on the agenda.
Flat print fingerprinting seems to fail about 19% of the time, I said. That is based on the UK Passport Service biometrics enrolment trial. And on the rate of secondary inspections in the first year of operation of US-VISIT.
Someone argued that my inference from the early experience of US-VISIT secondary inspections is invalid.
We agreed not to argue about the UKPS trial. The Home Office say that it wasn't a performance trial. I say that it could nevertheless be an accurate indication of experience in the field ...
... and a lot more accurate than the predictions made by the US National Institute of Standards and Technology (NIST). NIST have a very good reputation, said someone. I said that their work on biometrics is impugning NIST's good name.
Someone said that the reliability of the biometrics chosen by the Home Office is generally accepted, people in the industry no longer argue about it, it's been climbing a gradient and, holding his hand up to his forehead as if in a salute, he said that it's now "right up here".
What about the trial of biometrics conducted by IBM, I asked? According to Sagem, IBM have tested various biometrics offerings against a database of 10 million images. The upshot is that they have appointed Sagem to provide biometrics technology for the NIR.
Someone said that IBM's 10 million images comprise two fingerprints each from 5 million people, that the data was supplied to IBM by the Home Office, and that the trial will be discussed at an upcoming NIST conference.
When we got to any other business, I asked why the Home Office wouldn't consider mobile phones as the vehicle for identity management. Someone offered me his mobile phone and effectively said, "go on, identify me". Out of time, the meeting ended.
David Moss has spent seven years campaigning against the Home Office's ID card scheme.