resources:face recognition useless for crowdsFace Recognition: Real or Science Fiction?biometrics for consumers?biometric basicsFacial Recognition Technology Get Pwned at Black Hat ConferenceHow reliable are biometric identification methods? Read this article by Bruce Schneier, author of Beyond fear, Secrets and Lies and Applied Cryptography, inventor of the Blowfish and Twofish encrytion algorithms, and CTO and founder of Counterpane Internet Security, Inc.: Biometrics in Airports. If you have trouble opening his link, the article is also at the bottom of this page. Answer these questions after reading Schneier’s article. It is not necessary to read the additional resource links. Submit your answer below. What is the difference between using biometrics to ensure that only certain employees enter a bank vault and using biometrics to identity a terrorist in a crowd? Which application is more reliable and why? Assume that we’re using facial recognition in both situations. (4 pts) According to Schneir, how is it that a biometric system will generate 1000 false alarms for every one terrorist identified? (2 pt) The EFF has concerns about one of the components of a biometrics system, which is also a component of the National ID System. (Read the EFF article down to where it talks about the “types of biometrics”. You don’t have to read about the types of biometrics.) Name the component and provide details as to why the EFF sees it as a potential problem. (4 pts) Biometrics in Airports by Bruce SchneierYou have to admit, it sounds like a good idea. Put cameras throughout airports and other public congregation areas, and have automatic face-recognition software continuously scan the crowd for suspected terrorists. When the software finds one, it alerts the authorities, who swoop down and arrest the bastards. Voila, we’re safe once again. Reality is a lot more complicated; it always is. Biometrics is an effective authentication tool, and I’ve written about it before. There are three basic kinds of authentication: something you know (password, PIN code, secret handshake), something you have (door key, physical ticket into a concert, signet ring), and something you are (biometrics). Good security uses at least two different authentication types: an ATM card and a PIN code, computer access using both a password and a fingerprint reader, a security badge that includes a picture that a guard looks at. Implemented properly, biometrics can be an effective part of an access control system. I think it would be a great addition to airport security: identifying airline and airport personnel such as pilots, maintenance workers, etc. That’s a problem biometrics can help solve. Using biometrics to pick terrorists out of crowds is a different kettle of fish. In the first case (employee identification), the biometric system has a straightforward problem: does this biometric belong to the person it claims to belong to? In the latter case (picking terrorists out of crowds), the system needs to solve a much harder problem: does this biometric belong to anyone in this large database of people? The difficulty of the latter problem increases the complexity of the identification, and leads to identification failures. Setting up the system is different for the two applications. In the first case, you can unambiguously know the reference biometric belongs to the correct person. In the latter case, you need to continually worry about the integrity of the biometric database. What happens if someone is wrongfully included in the database? What kind of right of appeal does he have? Getting reference biometrics is different, too. In the first case, you can initialize the system with a known, good biometric. If the biometric is face recognition, you can take good pictures of new employees when they are hired and enter them into the system. Terrorists are unlikely to pose for photo shoots. You might have a grainy picture of a terrorist, taken five years ago from 1000 yards away when he had a beard. Not nearly as useful. But even if all these technical problems were magically solved, it’s still very difficult to make this kind of system work. The hardest problem is the false alarms. To explain why, I’m going to have to digress into statistics and explain the base rate fallacy. Suppose this magically effective face-recognition software is 99.99 percent accurate. That is, if someone is a terrorist, there is a 99.99 percent chance that the software indicates “terrorist,” and if someone is not a terrorist, there is a 99.99 percent chance that the software indicates “non-terrorist.” Assume that one in ten million flyers, on average, is a terrorist. Is the software any good? No. The software will generate 1000 false alarms for every one real terrorist. And every false alarm still means that all the security people go through all of their security procedures. Because the population of non-terrorists is so much larger than the number of terrorists, the test is useless. This result is counterintuitive and surprising, but it is correct. The false alarms in this kind of system render it mostly useless. It’s “The Boy Who Cried Wolf” increased 1000-fold. I say mostly useless, because it would have some positive effect. Once in a while, the system would correctly finger a frequent-flyer terrorist. But it’s a system that has enormous costs: money to install, manpower to run, inconvenience to the millions of people incorrectly identified, successful lawsuits by some of those people, and a continued erosion of our civil liberties. And all the false alarms will inevitably lead those managing the system to distrust its results, leading to sloppiness and potentially costly mistakes. Ubiquitous harvesting of biometrics might sound like a good idea, but I just don’t think it’s worth it. Phil Agre on face-recognition biometrics: http://terrorism.about.com/gi/dynamic/offsite.htm?zi=1/XJ&sdn=terrorism&cdn=newsissues&tm=13&f=00&tt=8&bt=1&bts=1&zu=http%3A//polaris.gseis.ucla.edu/pagre/bar-code.htmlMy original essay on biometrics: http://www.schneier.com/…Face recognition useless in airports: http://www.theregister.co.uk/2001/09/27/face_recognition_useless_for_crowd/According to a DARPA study, to detect 90 per cent of terrorists we’d need to raise an alarm for one in every three people passing through the airport. A company that is pushing this idea: Visionics CorporationA version of this article was published here. Need 2 different papers 500 words each NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.