Comprehensive coverage

Biometrics are established in our lives

Arnon Harel

Direct link to this page:

Nozahat Mahan-Younes felt that the time had come to give birth. She traveled to Be'er Sheva and on the way stopped at Fatima's in one of the Bedouin tribes in the Negev and got her Israeli identity card for NIS 100, entered the Soroka hospital and gave birth to a healthy baby girl weighing 3.4 kg. Happy and grateful for the dedicated medical care plus a generous birth grant, Noza returned to Khan-Younes and did not forget to return Fatima's identity card. About a month later Naima from Deir-el-Balakh did the exact same thing. It took the authorities a long time until they began to wonder how it is that the Israeli Fatima gives birth to a son or daughter, sometimes twins, once a month for two years.
The phenomenon of impersonation or identity theft exists all over the world and it occupies a growing share in the statistics of offenses and crime. This phenomenon exists starting with the intrusion into a computer system for curious wandering and stealing commercial information, for a fraudulent way to receive illegal benefits; And including crossing border control with a borrowed identity for the purpose of planning and carrying out an act of mass terrorism.
In our daily lives we identify countless times. In face-to-face meetings with our informant, there is no need to identify yourself, but when we want to enter the corporate computer network, we are asked to enter a username and password, and when we want to enter a classified and segregated area, we are required to present an ID card. These are the two traditional methods in which we identify ourselves using what I know (name, password) or what I have (key, certificate). Both of these methods suffer from the basic weakness that they are indirect: they make use of an indirect medium in order to identify the person. And this indirect medium can be lost, forgotten, forged, duplicated, eavesdropped and passed on to another - in good faith or with the first intention. To overcome the weakness, both methods are sometimes used together, such as when accessing an ATM where the person is required to both present a card and enter a personal secret number.
The hot topic for several years, and even more so after September 11, 2001, is identification through physical or behavioral characteristics that are unique to each person - through biometric technologies, which are automated systems capable of acquiring a sample (photo, voice track) from the person and comparing it to another sample in the database and saying Is the person authentic or an impostor? The biometric technology best known to the public is that of the fingerprint, which has been used for many years in the field of criminal identification. In Israel, we were exposed to the technology of palm geometry at Ben-Gurion Airport, where an automatic system has been operating for about four years to control entry and exit from the country with thousands of people registered in it and with about 50,000 movements per month. Other well-known technologies that are already installed in Israel and around the world are those that identify or verify identity through speech recognition, dynamic hand signature, facial image recognition and the iris of the eye. There are other less known biometric technologies such as identification based on the veins in the palm, the retina of the eye, the shape and ear canal, identification based on smell, based on the rhythm of walking and typing, based on the skin tissue and the nail bed, and more. Some of these technologies are already ready for products and some others are still on the drawing boards, in laboratories or in Hollywood scripts.
The classic applications of biometric technologies are in access control. Physical access control to resources such as gate, door, safe; and logical access control such as to the computer, the network, the bank account or the cell phone line. In the process of access control, we usually identify ourselves to the system in some way by presenting an identification number or an employee card, and present the appropriate limb (finger, hand) for inspection; And the system compares them to a sample of the same finger or hand with the penny under the record of the claimed identity and produces a decision as to whether the person is authentic. If the identity is indeed verified, the appropriate command is transmitted to the door lock or the computer system and access to the requested resources is granted. This process is called "identity verification" and it combines one of the traditional methods (what I know or what I have) and the third method, the biometric, in which the person's identity is represented through an organ or behavior that is characteristic only to him.
Another type of use of biometric technology is for the purpose of identifying a person, without him initially claiming any particular identity. For example, a criminal can be identified by the fingerprint he left at the crime scene or by his face in the album of wanted criminals. An advanced application of this method makes it possible to locate a double registration but with a different identity of the same person, in order to receive permits and benefits such as a driver's license and social benefits.
Another field that is rapidly developing is the mechanized scanning of the secure site using face recognition technology which, in addition to classic access control and identification applications, also allows continuous scanning of the area cell set up for identification and warning of the presence of wanted persons in the field of view of the cameras. Such an application can operate from near and far, day and night, openly and secretly, with and without cooperation from the audience. This type of system opens up a wide front of security applications, starting with a substantial improvement in the functioning of the human inspectors in the control centers of CCTV systems and ending with the targeting of point weapons systems. In this area there are also less "security" applications such as the identification of fraudsters in casino chains and thieves in supermarkets, warning of the presence of hooligans in football stadiums and even a computerized notification to the bank branch manager of the arrival of an important customer.
What all biometric technologies and systems have in common is the need for early registration and the establishment and management of the appropriate biometric database. Here also arise the issues of the management of the databases and their security in everything related to the modesty of the individual and the way the biometric information is used by the managers of the databases. Is it right and appropriate to hand over to an Israel Police investigator the fingerprints of the bank employees who were registered in order to gain access to the computer system? Would it be permissible and appropriate for the manager of the biometric database at the military base to give the picture of a soldier to his soldier friend in love? Would it be right and appropriate to report to a woman that her husband was seen and identified somewhere? The legislation and regulations on the subject are only in their infancy.
As part of the fight against terrorism, the American administration recently decided that every person interested in an entry visa to the USA will be equipped with a digital visa that contains two different biometric characteristics, a facial image and fingerprints (a program known as VISIT and which was allocated 710 million dollars in 2003-2004). All American consulates around the world will prepare for the acquisition of the biometric samples and the issuance of the appropriate visas, and the offices of the Immigration Office officers at the airports and at the land and sea border crossings to the United States should be equipped with the appropriate control measures. This is done for two reasons: one - to check in order to make sure that the requesting person does not appear on the NAF's list of suspects and wanted persons. Me. an island. And the second - in order to make sure that the person who received the visa at the consulate is indeed the one who actually arrives at the gates of the USA. The aforementioned law is about to enter into force in October 2004, but the preparations for its actual implementation are proceeding lazily and it is not clear whether they will actually meet the deadline. In the meantime, the Americans are encountering difficulties with their partners in Europe because the law applies, in addition to the American passports themselves, also to those who do not need a visa to the USA, such as citizens of the common market, but on the condition that their passport includes the prescribed biometric characteristics, while the Europeans are not in a hurry to implement this until they are settled The contradictions with the privacy protection laws of the European community.
Another law enacted in the US that accelerates the implementation and adoption of biometric technologies is the Medical Information Privacy Records Act (HIPAA), which came into effect in April of this year. The law defines, among other things, standards for access control and security of authentication of those who access medical records and within the framework of the law - anyone who violates these standards is liable to a fine of up to $250,000 and up to 10 years in prison, in addition to civil tort claims and the negative reputation to which he may be exposed.
The Israeli government is also preparing for the improvement of the method of identification of its citizens and the integration of biometric technologies in this task. To this end, the government established a special inter-ministerial committee that coordinates the activities carried out in the field in the various ministries, and in June of this year it was decided to begin planning and activity in five leading projects at the state level: in the government identification documents such as civil servant cards, the identity card, the passport and the driver's license, in the entry and exit control processes at the border crossings , in the control of access to sensitive information systems (information security), in the field of verifying the identity of recipients of benefits and payments from the state and in the field of identification of foreign workers in Israel.
If all of these plans, or even some of them, do come true, we can expect a large presence of biometric technologies in our daily lives in the coming years. The scenario of the births from the Gaza Strip will affect them as well as most of the frauds that are perpetrated on the National Insurance funds and are estimated at over a billion shekels per year. Biometrics will reach many business organizations in applications such as time clocks and access control and finally we will even be able to come home and our door will recognize us from afar and open to us with a welcome greeting.

* Arnon Harel is the CEO of Nezar, management and information systems. The article was also published today in issue 1071 of the weekly InformationWeek-Israel in preparation for a seminar that is going to discuss the issue.

The biometrics expert

Leave a Reply

Email will not be published. Required fields are marked *

This site uses Akismat to prevent spam messages. Click here to learn how your response data is processed.