Inkwell: Authors and Artists

    

More this session on Biometrics.

The ACLU is not pleased with facial recognition.  "It has utterly failed
sometimes in astounding ways,"  says  Barry Steinhardt.

He sites a Tampa police experiement with this technology where the officers
simply gave up on the useless technology after six weeks.

Now the industry spokesman is speaking in defense of his growing $300
million dollar business, showing a nuclear industry hand-reader.
  

    
Describe the firehose, Bruce? Or Bruce, either one...?
  

    
Are they mentioning that every negative return in biometric requires a 
secondary check? It's not an identifier, but an indicator. 
  

    
(slippage)

Biometrics Face Off: Can Biometrics Systems Promise Better Security
without Destroying Privacy and Civil Rights?

Barry Steinhardt, ACLU, spoke.

ACLU doesn't oppose any technology in itself, but advocates three 3
principles for new technologies

1) has to be genuineley effective, 
2) level of intrusion should reflect level of risk, 
3) not used in a discriminatory way


Some unjustified uses include large-scale collection of biometrics (as
at airport security)

Facial recognition
  demonstrably doesn't work, so isn't genuinely effective
  is intrusive disproportionate to its risk
  gives a false sense of security


ACLU obtained Tampa Police Face-Recognition Log Sheets from the
surveillance in Ybor City. Over a six-week period they were unable to
make a single accurate identification. There were a lrage number of
flase positives, including obvious mistakes (idenitifying males as
female, adults as potential juvenile runaways, and so on). Three weeks
into it the logs show that they largely stoped writing in the logs,
after six weeks they gave up.

Tampa's experience is no surprise: that's how things have gone
elsewhere in the world when this has been tried.

Quotable quote: 

"When a technology demonstrably does not work, we ought not use it. We
don't even have to debate the privacy issues."
  

    


Martin Huddert, Intl Biometric Industry Assn

Doesn't want us to have the impression that all biometric technologies
are bad, because that simply is not true.

Biometrics has grown fast because a key or card isn't a person.

NY Presby Hospital uses biometrics for employees clocking in and out.
And more examples. So it does work.

The Big Myth: Biometrics erodes priavacy. But biometric devices simply
verify transactions, it's just what privacy advocates should want.

Another myth: Biometric data can tell who you are. But it's the
database that tells that, not the biometric device.

Another myth: Biometric data can be used to steal your identity. No,
if templates exactly  amtched would likely indicate that fraud has
occured.

Another myth: Biometric data can track where you go. No, would require
a database ....

There are many biometric technologies, used for different purposes, so
tracking individuals with biometrics is not realistic.

Use at the Super Bowl was not a good use of biometric technology, so
he agrees with Barry S.
  

    
new speaker"

"The killer app is coming: it's recognition of shoplifters."
  

    
The idea that your biometrics should be the key for an incripted PIN,
not stored as a descriptor of you, is one I've heard at past CFP's but
it is still going strong. This makes your body your pass phrase, not
surveilance data.  It's very interesting, but there are now more
marketplace forces for the other direction.
  

    
Oakland police captain Ron Davis speaks on racial profiling.  Notes
that technology could simply amplify racial profiling.  
  

    

 Capt Ron Davis, Oakland PD: "How many law enforcement officers are in
 the room?"  (Several hands raised, scattered abaout the room.)

 He asserts that law enforcement needs to be at the table in these
 discussions, since they are "the end users" of biometric tech.


 Davis says: Using race recognition to predict crime is wrong, and
 biometrics could improve on existing techniques (whether in person or
 on surveillance cameras) which tend towards discriminatory racial
 profiling.

 Rough quotation: The key is to create blindfolds so that when I'm
 adminstering justice those biases don't come through and I make
 decisions based on objectgive criteria.



 (This thing of LE as the "end users" is interesting. My immediate
 reaction is to think that's bogus, that *we* are the end users of the
 technology. But I don't know that that undercuts his point altogether.)


(Roger Clarke spoke, too, and I intended to link to his stuff on the Web for
this, but it doesn't seem to be there yet.
http://www.anu.edu.au/people/Roger.Clarke/ )
  

    
I think the scary thing is that technology could enhance profiling (not just
by race) to a granularity where it is undeniably predictive in a statistical
sense.  It will be much harder to fight it then, when it isn't coterminous
with crude demographic lines like race.
  

    
slippage
  

    
We moved to Albany (adjacent to Berkeley) in October, and I'm amazed at the
number of shops where you see signs either prohibiting minors w/o adult
supervision, or limiting the numbers of high school (or, presumably,
younger) kids in the store at any one time... is there rampant "shrinkage"
from kids' five-finger discounts in Berkeley?

I can't imagine facial recognition is going to be what solves the
shoplifting problem, esp. as even a convicted felon who's served his/her
time (or is out on bail) deserves the right to shop at Sam Goody.  Detecting
actual shoplifting in progress... that's another story.
  

    
Agree about the likelihood co facial recognition winning the
shoplifting wars.

Thursday morning now (is that right?), in the conference hall, waiting
for the first session of the day, with Patrick Ball, Deputy Director
of the Science and Human Rights Program, American Association for the
Advancement of Science. This cat has done amazing, great, stunning
work:

http://shr.aaas.org/staff.htm
http://hrdata.aaas.org/mtc/
http://www.aaas.org/spp/crypto/crypto.htm
http://www.aclu.org/issues/cyber/censor/gapbaffidavit.html
  

    
Just to whet appetitites, there's a paused RealVideo clip os Slobodan
Mlosovic on the screen right now. 
  

    
IN introducing Ball, Alex Fowler (Zero Knowledge Systems) played the
clip, which turns out to be Mlosovic cross-examining Ball at his trial.

Ball: Understanding mass pheonemena requires mass data . . . you've
gotta use computers. Computers are an essential tool for confronting
mass atrocity.
  

    
Ball: Understanding mass pheonemena requires mass data . . . you've gotta
use computers. Computers are an essential tool for confronting mass
atrocity.

data suggested a common cause for killings and refugee flow in Kosovo

hypotheses:
KLA action motivated Kosovars to leave
NATO air attacks
Yugoslav forces conducted a systematic campaign of killings and expulsions

GIven the patterns observed in the data, we reject the first two hypotheses
as inconsistent with the data. The statistical evidence *is* consistent with
the hypohtesis that Yugoslav forces conducted a systematic campaign of
killings and expulsions. This doesn't *prove* that; Ball is not a finder of
fact.

Ball and others went to the border and collected a stack of lists of those
who crossed the border, where they're from, and when they crossed.

Scanned images, yielding data 20,000 records refistering 272,000 people,
supplemeneted by other border crossing records, conditioned by 4 independent
surveys.

Refugee flow over time ahs a wave-like pattern with occasional peaks
(diminishing over time).

Analysis of killing used four data sources: 1674 ABA/CEELI interviews, 4100
bodies exhumed, 337 HRW interviews, 1837 OSCE interviews. Issue: how many
documented killings are the same? Overlap is not a bug but a feature, as it
allows statistical inference to how many deaths were unreported altogether,
and, so, to the total amount of killings.

Have to identify which people are repeated within and among reporting
systems. Is the OSCE Murat Gashi the same as the HRW Muran Gash?

Multiple people reviewed each in multiple rounds. More than 18,000
comparison decisions, using HTML interfaces,and open software (Linus,
Apache, MySQL, PHP, pythosn). Finally, 94% inter-rater agreement. Very high
rate of reliability.

27 ppl were documented in all four lists. Coomputationally intensive
iterative statistical techniques ==>  estimate that 10,365 Kosovar Albanians
were killed.

Moreoever, this big payoff from the analysis: the wavelike pattern of
killings looks tremendously like the wavelike pattern of border crossings.
So much so that Ball at first thought it must be a statistical artifact or
error of some sort. This led researchers to conclude that there must be some
common cause.

Compared patterns over time by region. Again, similar shapes.

Regression analysis shows that NATO and KLA activity make "astonishingly
bad" predictors of the killing pattern. So, we reject the hypothesis that
NATO and KLA activity caused killing. Similarly, though muddier statistical
pattern, rehect hypothesis that KLA activity is associated with refugee
flow.

There's a trough in the pattern of killing and migration corresponding to
the Yugoslav Army's ceasefire in advance of Orthodox Easter.

http://hague.bard.edu/video.html



Q: How did you get data from NATO? And what might we expect going forward?
A: My 2 calls to NATO went unanswered. I got no NATO data. The Yugoslav
government released daily reports of NATO actions. Similarly, 2/3 of KLA
action comes from Yugoslav condemnations of KLA activity.

Q: Would that suggest what a more clever dictator might do?
A: Well, yeah. But it's really hard. Even a really effective dictatorship
can't completely fake it. Have to say things that have something to do with
reality. And would have to have some idea what analysis the reserachers were
going to do later. And even I didn't ahve that kind of idea in advance.
  

    
http://cultdeadcow.com/panel2001/hacktivism_panel.htm is a report on a
presentation by Ball at last summer's DefCon, "Hacktivism and Human Rights:
    Using Technology to Raise the Bar". It includes some of the graphs that
Ball showed this morning.
  

    
Thanks for posting the Dead Cow notes.

The voting discussion continues now.   One fast quote:

"We are trying to pass magic legislation that gets rid of punchcards in
favor of DRE machines with no accountability."

Peter Neumann  http://csl.sri.com/neumann
  

    
More reporting on CFP:
http://www.newsbytes.com/news/02/175957.html
"FTC Chairman Pushes Net Crime Vigilance, Not New Laws," by Robert
MacMillan (Newsbytes), reports on yesterday's luncheon address by
Timothy J. Muris.
  

    

That URL I posted above is not working for me, that speaker's bio is at
http://www.cfp2002.org/program/bios.shtml#neumann

The voting session was fascinating.  We're already into privacy in
"Identity and Location Services." 

The "problem" I have with CFP is that is I want to reflect on one set of
issues and then there's another one.  On the other hand, that sense 
of the whole gestalt -- the bringing of metaphors and models from one 
issue to another as we go into the next discusson -- is the reason I 
come back to this thing.
  

    
raw meat consciousness:  the passport guy from microsoft, brian arbogast,
says his colleagues thought he was a masochist when he agreed to appear on
this panel.

wg
  

    
Now that the panelists are speaking *directly* to one another, it's
improved.

More of that.
  

    
Yes, that got interesting.  Having Jason Catlett of Junkbusters on the 
panel helped significanly.  here are notes on that, though again I 
feel like they haven't soaked in.  More reflections makes me a better poster.

Avi Rubin AT&T
"location aware service"  may assign temp privacy ID or not.
EXAMPLES:
-  Cell phone wish-list applications -- push a button, get a three star hotel
at nearest exit       (Various levels of reservation making/privacy might
work for this one - arrive with a confirmation number but they don't ahve
your name and card yet, say.)
-  Internet - log in once, never offer a credit card again  (passport schemes)
-  Wireless 802.11 network -- in lobby only get access to publis net, in office
get intranet
-  Highway direct credit card toll billing on roads.

"Don't use the system if you don't want to lose privacy" is a slippery
slope for communications since people might have to get an emergency phone
with unneeded services.
What are motives of companies?  Short term profit, market share, happy
users, avoidance of outrage.  Can't overlay privacy on system designed for
maximum services.  Unless forces, companies will go in the other direction
and force location-aware non-privacy destroying services.  How can we
motivate companies to spend on privacy?  Happy users and avoidance of
outrages are the two points of pressure .

Brian Arbogast, Microsoft
"There is a tremendous opportunity for technology to roll back the clock...
to help people be much more in control of the data they have and how it gets
used and shared."   Long term profits have to respect what users want.  And
of course, Microsoft is a champion of the long view.

Rogger Cochetti, Verisign
Defended LIBERTY passport as having exceptionally high standards.

Jason Catlett of Junkbusters
Noted that most major corporations lobbied furiously against standards.  The
fifth reason is 'because they have to."

Credit cards may be seen as multinational ID cards, with many of the same
issues.  Those are large, deep databases with a lot of history of many kinds
of activities.  Those are the kinds of databases privacy advocates do not
like no matter who has the data.  (He's wearing a tee-shirt iwth a target on
it..  and changes to one reading "security" to huge laughs, using shirts
instead of power-point slides.)  He tells about Yahoo's mass change of
privacy defaults.  Hailstorm - myservices.net - is a service being redefined
by Microsoft.  Collected data from multiple sites. Deception, coersion
alleged in suit filed last year.  Implications of security and requirement
of data to use services.

Verisign (Network Solutions)  marketed whois database.  (Was answered that
the law requires the list be sold) ATT (his former employer) has terms of
service offering phone number to web sites visited in web browser.  Has been
removed, but they left in a unique number sent to sites much like a built-in
third-party cookie.  Palm wireless has this problem too.

Cell phone companies can retain data of where your phone is (in what cell)
at all times, though they are not expected to do that.  Some have!

---  that's my notes up to the questions.

Break time.

Bruce Umbaugh is debating the value of having the corporate POV at these
things with someone as we break.  I am violating his privacy by posting
this of course.
  

    
Jason, btw, has improved upon power point by wearing a series of t-shirts
which can be removed in sequence to reveal new bullet points.  I may copy
this.

I've written a couple of news stories about a few things that might be up at
http://www.theinquirer.net

wg
  

    
in the "Digital Divide" breakout session, much from the panelist has
gone as might be expected.

A good question -- someone asks "the education question" as opposed to
the "stuff question" -- how do you see that the disadvantaged can use
computers safely and appropriately? (Example offered is of woman who
used home computer to communicate with battered womens' groups, thought
deleting e-mail messages made them go away, but her husband read them
and learned she was going to leave and subsequently killed her.)