I’ve been working on improving the drafts I’ve been sent of prospective wiki pages. Have just posted the ones on ICT Forensics and global navigation satellite systems. All - or at least most - comments welcome. I have a bunch more to do, but they require a lot of whipping into shape, and I’d like some feedback before proceeding.

wg

Salon has up the story that Jimmy Wales, founder of Wikipedia, is running a project to create an open source search engine. The important point about it, it seems to me, is not whether it can chellange Google or any of the other entrenched search services, but whether it can *survive* - because if it can it might provide an important service in testing the honesty of the main search engines. As things are, as Wales says in that article, access to information stored online is gatekept by secret algorithms. Of course, smart marketing people spend a lot of time figuring out how to work the system to get their sites well up the page rankings. But as a check on these things I think the important thing is know what you *can’t* find.

I see the Salon comments revolve around whether a publicly known algorithm could protect the search engine from being gamed ruthlessly by spammers. Two points: 1) Google *is* gamed by those goddamned shopping aggregators that serve no useful purpose in life - maybe if the algorithms were known more people would be able to come up with ways to prevent that (or to filter them out as a third-party service); 2) does the crypto analogy apply?

wg

Recently, I checked in with James L. Wayman, one of the longer-server researchers into biometrics to ask on the progress of work I had heard he was doing on multiple biometrics. That is, systems which use more than one biometric to authenticate identity. It seems logical to assume that two biometrics would be more accurate than one. In practice, no, privacy advocates have argued to me, because although having multiple biometrics makes the sense more privacy-invasive, in practice one biometric is bound to be more reliable than the other and people will rely on the one that’s more reliable, so there’s no accuracy benefit. Now that my fingertips are practically smooth, I disagree with this: a system that used both iris scans and fingerprinting would be more accurate in my personal case than one that just used fingerprints - 8 of mine are now so poor that they wouldn’t be accepted for enrollment.

In any event, in response to my query Jim sent a copy of this paper, which is beautifully clearly written, in between the pretty, decorative mathematical formulas and equations. The gist: more actually is better, in terms of improving accuracy. However, despite 30 years of research, no one is using multimodal systems because they are expensive to install; they are complex to manage (it’s hard enough to get the right lighting and camera work to do, say, just facial recognition; it’s considerably more difficult to get the right environment for two different types of biometric that have different demands); and these systems are difficult to test because of the privacy implications of collecting and publishing so much personal detail about volunteers.

What is being used and is successful is multi-presentation (but single mode) biometrics (10 fingers instead of 1 or two, two irises instead of one), or multi-instance (but single mode) biometrics (five cameras capturing the face from different angles instead of one), or even multi-algorithmic (for example, using to different speech recognition engines for speech). These do indeed improve accuracy.

This is true despite the fact that these biometrics may be correlated; in other words, they are not entirely independent of one another. The pattern in your iris is not correlated to the pattern of your fingerprints. But the patterns of your ten fingerprints are correlated with each other; that is, thay have similarities (Wayman quotes Galton on the Bertillon system, pointing out that the various meausrements that make up the system are correlated - a tall man is more likely to have a large foot, etc.).

The biggest improvement in error rates is achieved by improving the quality of the information captured (that is - better quality fingerprints; five images instead of one).

wg

Well, this member of the Blindside crew is off on holiday until next week, so I’ll leave you with this.

Yesterday, in a tradition that is becoming as old and respectable as many white wig/red uniform rites, the NAO refused to sign off the accouonts of the DWP due to excess fraud, £2.5 billion having gone missing. It’s the 18th consecutive year this has happened.

According to Kable, “The report identifies limited IT integration as one reason for the high level of error, as well as complex benefits rules, poor business process design and human mistakes. However, NAO head John Bourn accepted that progress had been made in introducing new systems and procedures to reduce fraud and error and improve the recording of identified debts.”

In fact, fraud dropped £200 million over the past year. So how do we score this? Improving but could do better?

Enjoy the rest of your Blindside week–I’ll be back Tuesday.

…in this article found on Kable–can you spot it? Reduced queueing for school lunches.

I’m sure there are some common sense reasons for fingerprinting and retina scanning little children. Indeed, the article does eventually mention one–preventing unauthorised access to school premises (don’t fingerprint the criminal, get the innocent and then exclude… a little scary). But really, biometric collection and storage and identity management system and end of lifecycle data protection considerations… for shorter lunch queues?

Via Kable, we learn that “Health secretary Alan Johnson announced on 24 July 2005 that information about patients’ own and other GP practices will eventually be available through the NHS Choices website. Data will cover practice opening hours and the times GPs are available for appointments, results from the national patients survey, core indicators of patient experience from the Quality and Outcomes Framework, and what extended services the practice offers.”

Er, um, no problem about opening hours and services offered, but results from the national patents survey? Lot of trust you’re placing in the hands of an analyst… What’s the difference (and which is better?) between that and having patients use a star rating a la Amazon book reviews?

Think about possible effects on GP behaviour… squeaky wheels and grease, patient selection, practice selection…

…is your voiceprint. This article in the Economist seems half smoke (how could a company have voiceprint software that is fit for purpose and not have voice recognition for numbers?) but half-exciting. Comments from those more expert?

Happy Monday to you all.

Non-flood related news… From Kable, “An NAO report has said the Driver and Vehicle Licensing Agency should consider using automatic number plate recognition to estimate the level of vehicle tax evasion. The report says that despite receiving many plaudits for its electronic vehicle licensing (EVL) system, which enables customers to pay vehicle excise duty (VED) and obtain a licence online, the Driver and Vehicle Licensing Agency has experienced a significant rise in tax evasion.”

What does HMG want from ANPR? If they want to use it to catch car thieves or monitor serious organised crime, they should use it for that and only that. Then people will support it and comply with it.

If HMG wants to use it to beat people up on taxes, people will dislike it and work to defeat it. Then it won’t be fit for purpose for the more important tasks that ANPR is most appropriate for.

This weblog software application, like others, has a dashboard view when you log in. It shows you who has posted recently, who has commented recently, lists all recent posts and comments, and has room for messages from the content engine’s developers and sponsors.

Yahoo has a MyYahoo home page where you configure the content.

If I had a MyGov page, I could configure it to see who has asked for my identity and why, who has queried my credit status and why, and who has asked other questions about me. All could come with links to query or (gasp!) give permission to release information. It could have a password-protected link to see what information is held about me, with a mechanism to submit updates.

The content management system for this weblog sends an automated email to an address I choose notifying me of an action (in this case, a comment) that might call for a response. It could send it as a text message with relatively little rejiggering.

My thinking is, if I had visibility over the information held about me, and if I had control over usage, and awareness of who is seeking information about me, I’d probably help make sure the information was correct and gettiing to the right parties. I would certainly have a vested interest in flagging up fraudulent use by criminals or inappropriate use by government or private parties.

And no, I wouldn’t mind discreet adverts on the site.

The real question is, regardless of whether this idea or my version of it is relevant to identity management debates, what real-world analogue would be available to those who could not use an Internet portal for this purpose?

Update: Looks like I’m not the first to ponder the subject: Via Subjectivity, I find that Dave Birch discusses similar matters on the Digital Identity Forum. “This was all under Chatham House rules, but I think I’m allowed to disclose my own idea: why not use Facebook instead of a national identity register? Get the government to create a Facebook page and then pass a law that we all have to be its friend. I thought this might have some very beneficial effects.”

I just looked at this over on the Planet Identity weblog. Maybe it’s because it’s early in the morning, but it seems just brilliant to me.

It links to Mark Wahl at Ldap.com and gives Kim Cameron’s ‘Seven Laws of Identity:’

1. Digital identity systems must only reveal information identifying a user with the user’s consent.
2. The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.
3. Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.
4. A universal identity metasystem must support both ‘omnidirectional’ identifiers for use by public entities and ‘unidirectional’ identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
5. A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.
6. A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.
7. A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.

It’s not exactly as simple as Asimov’s 3 Laws of Robotics, but seven… simple… laws.

It follows up with Mike Neuenschwander’s Seven Tragic Flaws of Identity:

1. Failure of the weakest links mustn’t lead to catastrophe
2. Don’t put the role before the start
3. Not every identity nail requires the technology hammer
4. Use of a system invites abuse of it
5. Identifying things doesn’t make them more secure
6. Identity isn’t about the individual
7. There are a lot more than 7 flaws

And Mark Wahl then carries the conversation on from there. Go read it.