Tuesday, May 11, 2004

John Lettice is on the ID card case again at the Register, this time pointing out that Department for Homeland Security and a biometric company, Identix, which is is also supplying equipment for the UK Passport Service's ID card pilot, are on the receiving end of a lawsuit in the US. Two men are suing for slander and product liability as the Identix system helped to give them other people's criminal records.

One of the men actually got jailed for being a convicted felon carrying a gun, despite the fact that the crime on his record had been perpetrated by someone else who even had a completely different name, Kellogg as opposed to Benson.

How could that happen? Especially when UK Home Secretary, David Blunkett, seems to believe these seems are "impossible" to fool. It seems Benson had been fingerprinted for a traffic violation. Kellogg convicted of multiple crimes. But the admin number on their respective electronic fingerprint cards was accidentally duplicated. And when the records were entered on the criminal justice database, Benson got credited with Kellogg's crimes.

As Lettice concludes:

"For the rest of us, the real issue is how fallibility in software and human input can produce
extremely serious errors in systems which are intended to provide virtually infallible
identification. There is here no dispute that Benson's and Kellogg's biometric records are
entirely different (Benson has only nine fingertips, for starters), but the processes operated
in such a way that Benson's record got the convictions. These spread from Oregon to
California, and Benson's attorney claims that he is still recorded by the FBI as having
been arrested as a felon in possession of a firearm.

Organisations deploying such systems should of course be extremely concerned that they
are not subject to such errors. Aside from the impact on the victims, the creation of false
records will damage the integrity of the database they're used in initially, and the sharing of
this data will result in the corruption spreading into other systems. The further it gets, the
harder it will be to undo the damage. But the more sure the designers are that they've
ruled out problems like this, the harder it will be to have errors corrected. If it's
impossible, then the people complaining have got to be mad, right? The issue of how you
deal with the data is actually far more important than getting the technology to produce a
"unique" biometric."

No comments: