This Will Be Interesting

About 100,000 workers at the Olympics site in London are to be screened using advanced face and palm recognition techniques in one of the largest and most expensive security operations undertaken on a British construction project.

Every worker on the site – up to 10,000 at one time at the peak of construction in 2010 and 100,000 in total – will pass through a two-tier biometrics access system that includes palm-print reading and face recognition.

“The gates will be like the Jubilee Line – put your hand down and it will open,” John Armitt, chairman of the Olympic Delivery Authority (ODA), said.

Keep an eye on this. I suspect that it will be an expensive disaster: and that such will be covered up. Because if biometrics cannot be made to work on such a scale then of course, they won\’t work for the National Database either, will they?

13 thoughts on “This Will Be Interesting”

  1. “I suspect that it will be an expensive disaster”

    Builders often don’t have fingerprints (they wear off because of the handing of bricks etc.) and so palm prints are being proposed. But it will still be a disaster because it combines Government and IT.

    Even if it works, it won’t prove the ID card system will work: that uses fingerprints.

  2. Has anyone done this before?

    I’ve had a read around and the police are working with handprint matching system, but the key thing there is that it doesn’t have to be done too quickly. With something like ID systems, you want to be getting people through within a few seconds.

    Image matching is tricky. You have to deal with the image not being an exact match, not placed in the same location. And in the case of this database, you’ve got to match it against potentially 100,000 records?

  3. ” I wonder what assurances, and concerns as per the DNA database, there will be about these prints being added to the police records?”

    I’m much less worried about it than DNA. The issues aren’t much different to fingerprints, and the police have been keeping those since the 19th century. The problem I have with DNA is that it is easily subject to accidental and deliberate contamination, and that DNA potentially gives away all kinds of information the State shouldn’t have access to.

  4. “Image matching is tricky. You have to deal with the image not being an exact match, not placed in the same location. And in the case of this database, you’ve got to match it against potentially 100,000 records?”

    I assume palm prints are more accurate than fingerprints, but nevertheless, I bet it’s not great. The chances of false match go up exponentially with database size.

    It’s all daft, really. What they need is not identification, but verification: carry an RFID token that makes the claim to an ID, and use palm prints to verify against the claimed ID (stored on the RFID with a suitable digital signature, if you like). That’s easy because there’s no issue with false matches (it’s a simple yes/no determination).

  5. It would be of great interest to know whether the workers being scanned are on piece rate or day rate.
    If they’re being paid by the job there will be a great incentive to either get the system to work or bypass it. The incentive will be supplied by a load of hulking contractors in big boots standing around on their own time whilst security cowers in its hut quivering in terror.
    Conversely, if they’re paid day rate, they’ll be 100,000 minds working on the problem of crashing the system ’cause there’s nothing better than standing around reading the paper whilst you’re being paid to do so.

  6. With reference to Kay Tie’s concerns about DNA, the worrying aspect for me is that DNA identification is completely out of the competence of the ordinary person.
    With finger print evidence, its quite possible for a member of a jury to make an independent assessment of the validity of the evidence. Does the print of suspect ‘A’ look similar to the print on murder weapon ‘X’? The materials & the techniques used are easily comprehended & could even be reproduced in court given a stamp pad & a piece of paper.
    With DNA the evidence can only be understood by a lab technician. It could just as easily prove that a bird crapped in both places. So what a jury has to decide is not the reliability of the evidence but the reliability of those providing the evidence.

  7. “With reference to Kay Tie’s concerns about DNA, the worrying aspect for me is that DNA identification is completely out of the competence of the ordinary person.”

    Yes, it’s true. It’s sometimes outside the competence of the prosecution and defence. In fact, it’s so common to misunderstand the meaning of DNA matches that there’s a term for it: the Prosecutor’s Fallacy.

    http://en.wikipedia.org/wiki/Prosecutor's_fallacy

  8. Wikipedia should be dinged for having a URL with an apostrophe in it. At least we should be grateful that it’s not a grocer’s apostrophe.

  9. I’m somewhat more intrigued as to how they are going to enforce this. Taking the place where I work as an example; we have a large area to secure and there is a strong legal requirment to keep the perimeter secure and intruder proof (on account of the explosives, big kit etc). yet we still find holes in the fence and occasionally find the odd civilian or his cows wandering ariound inside the fence. Short of laying minefields or building Berlin Wall II there’s not a lot we can do. We certainly can’t make the place airtight.

    Now consider the olympic site. Spread over a much larger area(s) with many more entrances and constant changes of perimeters, activities, people and kit. I can’t even begin to comprehend the scale of the nightmare whoever will become responsible for implementing this is about to face.

    And that’s before one adds the world’s greatest guarrantor of clusterf**kery, Her Majesty’s Government.

    The system is doomed.

    Fortunately news of its failings will leak out and it will be yet another nail in the coffin of the proposed National ID Database.

  10. I don’t think, even if physical security were as stringent as RM would like, that a biometric scheme of this magnitude is practicable. It’s in the nature of Bayesian statistics for low individual error rates and scarce incidence of the thing you are testing for to cause lopsided errors. The two error conditions we are worried about in a biometric system are false negatives and false positives. A false negative is the case when someone who should be granted access is denied it. A false positive is when someone who should be denied access is granted it. In the one case it means someone who should be allowed on-site to be detained while his bona-fides are being checked. In the other case it means Abu bin Nasty being allowed in, where he can get up to mischief.

    Let’s say 1 in 100,000 people attempting to gain access to the site is a terrorist. Let us assume that the a priori probability of error (both kinds) is 1%, so that 99 times out of a hundred if a person is in the database, he will match, and 1% of the time that he is not in the database he will also match. What is the probability that if someone matches, he is a terrorist?

    Using Bayes’ theorem:

    M means match i.e. access granted
    probability of being a terrorist P(T) = 0.00001
    probability of being a worker i.e. not being a terrorist = P(W) = 99999/100000
    probability of giving a false match P(M|T) = 0.01
    probability of giving a true match P(M|W) = 0.99
    probability of a match regardless of other information P(M) = P(M|T)P(T) + P(M|W)P(W) = 0.98999

    probability that, given a match, the person is a terrorist P(T|M) = ((P(M|T)P(T))/P(M) = ~ 10^-7

    So far so good. Only one in ten million times does a bad guy get in by accident (until you consider that if there are 100,000 users of this system over some period of time, this might not be adequate).

    But, what is the probability that someone who is denied access is in fact a worker who should be allowed in?

    D = no match i.e. denied
    Again, P(T) = 10^-5
    P(W) = 99999/100000
    P(D|T) = 0.99
    P(D|W) = 0.01
    P(D) = P(D|T)P(T) + P(D|W)P(W) = 0.0100098

    P(W|D) = ((P(D|W)P(W))/P(D) = 0.999011

    i.e in the case where access is denied, 99.9% of the time it will be denied to a legitimate user, and only 0.0989% to a terrorist.

    The scope for hold-ups and bypassing of the system that this might entail can only be imagined.

  11. RM didn’t say he’d like that level of security, he just noted that for the concept to work, that’s what might be necessary.

    There is one thing I did forget to mention: Here at the mine it usually takes two days for a simple swipe card ID to be issued – that’s the time it takes for the system to process some fairly basic data. We only have two thousand employees and they are a fairly stable workforce. I wonder how long a system needed to process many thousands more contractor employees some arriving to do a few days work some for longer would take to process a significantly higher amount of data.

Leave a Reply

Your email address will not be published. Required fields are marked *