Sunday 31 May 2009

Biometrics - Securing the Border

Back in 2007 I interviewed Associate Professor Stephanie Schuckers from Clarkson University for the Spoofing Biometric Security Systems article and podcast. Last week I attended the 2009 Border Security Conference in Melbourne and one of the major topics discussed was the role of biometrics in securing the border. It reminded me that I never actually published my full article on biometrics on Mr Science, so without further ado, here is an intro to biometrics, the role it plays in border security, and some of the controversies associated with it.

Can you control everything that is carried through an airport or onto a plane? Most of us are familiar with metal detectors, and the long queues that accompany checking-in. But new technologies are hoping to not only decrease the time you wait before jetting off on holiday, but also more tightly control what, and who, is taken onboard.

However, whilst this sounds like a marvellous plan, appealing to every world-weary explorer, business traveller or family with screaming kids, there is a certain amount of debate associated with the technologies at the core of the strategy.

The approach is founded on the evolving concept of biometrics, the study of methods for identifying people based upon their physical or behavioural traits. The concern is that, to be identified by these means, there must somewhere be a database of our personal traits. The technology could potentially allow us to be identified out of a crowd without our consent. Is this storage of information a breach of our civil liberties? Should we always be being watched? Or is this technology simply too crucial for law enforcement not to pursue?

Old and New Technology:

The word biometrics comes from the Greek words bio and metric, meaning “life measurement”. It is the study of methods for identifying people based on their behavioural or physical characteristics and includes well-known methods such as fingerprint analysis, which is used on every visitor entering the US, as well as retinal and iris scans, facial and voice recognition techniques, and behavioural recognition procedures that can identify you by your walk.

Airports have always been very concerned about their security. Let's have a look at some of the technologies currently being used, and investigate the progression from old-fashioned x-ray machines, to modern biometric tools.

Metal Detectors and X-Rays:

On checking in, every traveller in every airport around the world walks through a metal detector. Metal detectors work by electromagnetic induction – changing magnetic fields cause changing electric fields in metals, and vice versa. When a piece of metal is near the changing magnetic field being produced by the detector, electrical currents are induced in the metal, which then produces an alternating magnetic field of its own. This new magnetic field can then be detected and is why you need to remove metal objects like your belt when you walk through airport security.

Whilst you are walking through the metal detector, your bags are passing through an X-ray machine. As they move along the conveyor belt, X-rays, which are electromagnetic waves like light but much more energetic, are shone on the luggage. Many of the X-rays pass through unblocked by your suitcase and its contents, and detectors on the other side of your luggage measure how many of these X-rays make it through. By knowing that different things absorb different energy X-rays, a picture of your bag’s contents can be built up.

Explosives and Drug Detection:

Dogs have been used to sniff for explosives and drugs for many years, but it was only in 2003 that Explosive trace detection was introduced at Sydney airport. This system employs Ion Mobility Spectrometry. Firstly, a sample is taken by wiping a swab on your luggage or clothes. The swab is placed in the detector, and the sample is ionised – converted from its molecular form into its ionic (charged) form. The ions are separated by an electric field – different mass ions move at different speeds towards the detector, and so the time taken to arrive at the detector tells us if the telltale explosive, or drug, signature is present.

Another new method of explosive detection is terahertz spectroscopy. This technique uses radiation with a frequency between microwave and infrared, and can be more useful that X-rays as, although both X-rays and terahertz radiation can see through material, terahertz rays are non-ionising and so harmless to humans. They can also probe for chemical information, rather than just physical shape information, as many molecular excitations are within the terahertz frequency band.

Andrew Burnett, terahertz spectroscopy expert at the University of Leeds, says that the information obtained from terahertz spectroscopy is more sensitive than other radiation:

“This information is very specific, even allowing us to differentiate between different forms of the same drug… The aim is to eventually produce a system that gives us chemical specific information through clothing.”

Fingerprint analysis:

Fingerprint analysis is the oldest form of biometric identification, and is still regarded as one of the most reliable. Every visitor to the US has his or her fingerprint read on entry through an airport.

A fingerprint is an impression of the raised areas of epidermis – called friction ridges – on your finger, and everyone’s fingerprints are unique. You leave your fingerprints behind on things you touch by depositing the natural secretions – mainly water – from the eccrine glands in the friction ridge skin. These are called latent, which means hidden, fingerprints. If contaminants on the skin are also left behind, such as dirt, then they are called patent fingerprints. Patent fingerprints are easily seen by the human eye and so can be photographed and then identified as they are. Latent fingerprints are made visible by electronic, chemical and physical processing techniques such as “dusting” a crime scene.

Fingerprint analysis was traditionally completed manually by comparing the fingerprint with ink fingerprints on paper. As you can imagine, this was a very time consuming task. Modern day techniques are able to match fingerprints by using computerised databases.

An interesting fact is that the koala is one the few mammals that also has fingerprints.

Iris and Retina Recognition:

Iris scans look for patterns based on high-resolution camera images of the iris, whose intricate structure is unique to the person. Identification is unambiguous and as long as you do not damage your eye during your life, your iris scan will not change. The technology has been employed at Schiphol Airport in the Netherlands since 2001 to allow passport-free travel. The United Arab Emirates has such systems at all 17 air, land and seas ports.

Retinal recognition is slightly different, as the scan maps the capillaries feeding blood to the retina. These blood vessels absorb light more readily than the surrounding tissue, and when a ray of low-energy infrared light is shone into the eye, the reflection of the light, which depends on the capillaries, is measured. Even identical twins have different retinal scans, and like iris recognition, your retinal scan will stay the same throughout your life.

Facial Recognition:

Facial Recognition is a relatively new technology that compares facial features in the live image with those in a database. The Australian Customs Service’s SmartGate system compares the face of the examined with their image on their ePassport microchip, and replaced manual passport checks for Qantas staff in 2003.

Facial recognition is the way forward for the aviation industry, with the International Civil Aviation Organisation issuing a resolution endorsing the use of face recognition as the:

“globally interoperable biometric for machine assisted identity confirmation with machine-readable travel documents.”

Voice Recognition:

These days, it seems every time you call up your phone company or book a cab, you talk to a machine. These systems are based around voice recognition technology.

Clive Summerfield, biometrics and voice recognition expert, and CEO of Three S Holdings Pty Ltd in Canberra, thinks that over the next five years, voice biometrics will eclipse iris and facial scans and become second only in market share to fingerprinting systems.

“Voice recognition, when configured correctly, is 10 times more accurate that face, 2-3 time more accurate than fingerprint and approaching the performance of iris.”

Passports:

A new Australian passport, the biometric ePassport, was introduced in 2005 and has an embedded microchip that stores the holder’s photograph, name, gender, date of birth, nationality, passport number, and expiry date. European countries are currently issuing passports that have the owner’s photograph and fingerprints on the chip. The US passport has a chip that is big enough to store additional biometric information such as facial recognition and retinal scan information.

Will biometrics really shorten airport queues?

Even if these new technologies work perfectly inside the airport, they will not shorten check-in queues if the public does not like them or cannot use them. M. Angela Sasse, Professor of Human-Centred Technology at University College London, researches the usability of security systems and concludes that even if a system works well, it will not gain approval if it is not easy to use or looks unpleasant. A recent iris scan trial at Heathrow airport, in which participants could not adjust the height of the scanners, and a recent US airport trial, in which dirty fingerprint readers were used, are examples of poorly designed systems.

“You should design all the processes the traveller encounters to be as easy and pleasant as possible … Make sure the system is clean and pleasant to use.”

The ethics and future of biometrics:

Identity theft is one of the fastest growing crimes in the world, and estimates have valued identity-related crime as a $2 trillion problem. Biometrics is seen as a potent weapon in the fight against identity theft, however the concern surrounding biometrics is that there must somewhere be a database of your traits. Could someone steal this information? The common fear is that once your fingerprint or retinal information is stolen, it is compromised for life, as these patterns never change.

What differentiates biometrics from other forms of security is that there must be a match between the “live” biometric scan, and the “stored” information. Unless an identity-stealer has recreated your facial expressions or other biometric information to the minutest detail, they will not be able to pass through security.

Mathew James, Managing Director of UK Biometrics Ltd., says that the fingerprinting technology used by UK Biometrics is ethically sound as a biometric thief is likely to just end up with a bunch of useless numbers:

“We do not store fingerprints and it is impossible to recreate a fingerprint from the data we store. Our scanners register up to 17 minutiae points on a fingerprint, convert these into data which is then encrypted for future comparison. Even if this data were stolen, the thief would have a lot of meaningless numbers, useless without the scanner and its attendant technology.”

Whilst biometric technologies may tightly safeguard information, desperate thieves can, however, always find a way. In 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal his car so that they could use his fingerprints to start the vehicle. And the popular television show MythBusters broke into a secured building with a photocopied fingerprint.

Stephanie Schuckers, Associate Professor of Electrical and Computer Engineering from Clarkson University, conducts research into how to prevent fingerprinting systems from being spoofed by creating fake fingerprints out of such materials as Play-Doh, and thinks that biometric security systems are an improvement on traditional methods, even if there may be some vulnerabilities.

“I try to caution people to ask, what is your security question and what is your solution now, and does biometrics improve this in terms of whatever your goals may be – convenience, improved security. Just because there is a vulnerability – well all security systems have a vulnerability – it doesn’t mean it’s not necessarily a technology that might (not) be useful.”

Schuckers raises the example of a passport, and says that by adding a biometric element, you take a step forward to improved security.

“The current state of passports is a photo that may be 10 years old and a guy looking at you to see if it matches. Would adding a fingerprint improve the security at the borders? I would argue that that would be a step above the present technology. Can someone somehow slip a thin fake finger over their hand? Sure. That’s the state of the technology now, but you’ve made steps to improved technology.”

She believes that whilst there may be some vulnerability in biometric systems, they can be overcome by a combination of systems that would make it extremely difficult for the identity stealer to be successful.

“You can make it more difficult for someone to spoof the system by combining say a fingerprint, a card, and a PIN. So now your potential identity stealer would have to have all of those items to access the bank account… There are very simple steps that you can take now with commercially available devises that would minimise the risks”

Whether or not identity theft is likely or even possible, biometric systems are more and more being within society, with facial recognition software used in Closed Circuit Television (CCTV) all over the UK. Is this a breach of our privacy? Should Big Brother track our every move?

Schuckers believes that these are serious questions that need to be addressed by society, but that they also open up research areas to maintain the security of your personal information.

“I think those are reasonable questions that we need to ask as a society. What applications are meaningful that you would take the trade-off between privacy and the extra security you might get using the biometrics? I also see it as a research avenue. There are a lot of people researching ways to use biometric information in such a way that doesn’t actually give up your private information.”

Clive Summerfield sees the issue as a legal one, revolving around privacy and storage of sensitive personal information, as opposed to the technical challenge of safeguarding the information.

“At the end of the day, I think this will become a legal issue, where the privacy, protection and confidentiality of such information becomes legislated and that senior executives of organisations collecting, using, communicating and storing biometric information will become legally responsible for any breaches, along with biometric systems developers, implementers and vendors, who will be required to certify that their system implements the functions necessary to protect the biometric information.”

He draws a parallel with the postal service, in which stealing a letter is a federal crime, and thus protects the confidentiality of the contents of letters. There is a similar law regarding eavesdropping on telephone conversations, and these systems are widely accepted by society, despite the fact that there is little or no technological protection of information conveyed in these ways.

“Similar legal protection needs to be in place for biometrics for the mainstream of society to start to access biometrics… Anyway, I’m no legal expert – so how you go about implementing such laws, I’ll need to leave to the legal experts!”

Another concern is the storage of personal information on a single chip in your passport. Data on the chip can theoretically be stolen using wireless technology, and even if the information is encrypted, experiments in the Netherlands showed that the Dutch passport encryption could be cracked within two hours. Whilst you would never be able to set up the sensitive equipment to steal the information in our ever-more secure airports, the same could not be said about hotels and other places where you need your passport.

Mathew James thinks that in any situation in which there is a need to make sure of a person’s identity, there is a future for biometrics:

“Think of the number of keys, swipe cards, prox fobs and PINs that keep a modern airport secure. They can all be replaced by the one key which cannot be lost, stolen, forged or hacked – the human fingerprint. People can be added to, or deleted from, the system in seconds. Security staff can ‘access all areas’ without carrying a bunch of keys and passengers need only ever register once.”

As for biometric passports?

“We see a future where the only passport you will ever need will be your fingerprint, registered once in your home country.”

Saturday 23 May 2009

Correlation of the Week: Zombies, Vampires, Democrats and Republicans

A friend of mine recently pointed me in the direction of an article in signonsandiego.com called With Obama election comes the return of the vampire. This article puts forward the theory that more vampire movies come out when Democrats are elected to the US Presidency, and more zombie movies come out when the Republicans are in office.

Recent evidence of this is the new Twilight vampire flick - coinciding with the election of Democrat Obama - and the spate of zombie films during George W. Bush's presidency - for example 28 Days Later, 28 Weeks Later and Dawn of the Dead. The original article looks back in time at various presidencies and it makes compelling reading.

What is the reason behind this (if there really is one)? One argument put forward is that the movies depict what we fear at the time.
Democrats, who believe in redistributing wealth among the people, fear the Wall Street vampires who bleed the nation dry. Vampires, such as Dracula, represent the aristocracy. Republicans fear a revolt of the poor and disenfranchised, and as such fear zombies.

But, is there any truth to this argument? Let's turn to the data. The easiest way to determine the number of vampire and zombie films which have come out over the last 50 years is to look at The Internet Movie Database. Using its power search, I was able to find the number of movies (not TV-movies , TV-shows or direct-to-video movies, but only big screen movies - imagine trying to quantify every TV-show ever made, not even imdb is that complete) made each year in the US since 1953 (a seemingly good point to start this analysis as there is plenty of data about the movies made in this time - it's also the presidency of Republican Dwight D. Eisenhower), as well as the number of movies tagged "vampire" and "zombie". You can see this data in the following table, where the year is the starting year of the presidency:

We've plotted the number of zombie and vampire films produced as a percentage of all films produced that presidential term in the US:

A stand out result is the large number of zombie films made in the 1980s under Reagan. It seems clear that zombie films peak in Republican years, but it is less clear whether vampire films have similar peaks under Democrats.

Indeed, the average percentage of movies that are zombie-themed produced during a Democratic presidency is 0.372%, whilst under the Republicans it is 0.571% - this is a large difference. The average percentage of movies that are vampire-themed produced during a Democratic presidency is 0.544%, whilst under the Republicans it is 0.491% - the percentage moves in the direction of our theory, but not by much.

Using a single-tailed Student's t-test (named after its inventor William Sealy Gosset, whose nom de plume was Student - I thought at school that it was named this because it was used by students, anyway...) to test between the null-hypothesis that the governing party makes no difference to the types of movies made and the theories that zombie movies go up under Republicans and vampire movies under Democrats, we find the t-statistic for the zombie case to be -1.69 which gives a p-value 5.7%. What this means is that there is a 5.7% chance that there is no significant difference between the zombie results under Democrats and Republicans. This is very close to the 5% level most statisticians accept for significance, and as such is a very intriguing result.

For the vampire case, our p-value is 33% and so there is little chance of significance. Both tests could be improved with more data (what every statistician needs!)

In summary, there just might be something in this (for the zombies anyway.) There is an almost significant difference between the percentage of zombie movies made under Democrats and Republicans. To predict the next election, it could well be worth looking at how many zombie movies are planned for the inauguration year and the 3 years after it. As most movies are planned more than a year ahead of time, this could be an interesting election predictor.

I guess we now know where George W. Bush's brains went! Brains.....

Thursday 14 May 2009

Ep 106: The Global Financial Crisis - The Mathematical Causes

This week on the podcast we are tackling something dear to all our hearts, money.

The Global Financial Crisis has hit many people hard, with the resultant economic recession causing job losses, stock market crashes and company failures. But what started it all? Why are we in the midst of the worst financial crisis since the Great Depression?

I spoke to Nick Davis from the World Economic Forum to answer some of these questions and to toss up ideas on how we might emerge from the crisis. The World Economic Forum is an independent international organisation committed to improving the state of the world by engaging leaders in partnerships to shape global, regional and industry agendas. Nick is based in Geneva, Switzerland and is Associate Director and a Global Leadership Fellow within the World Economic Forum Scenario Planning Team. The team examines possible world scenarios that could arise in the future. The scenarios are not attempts to predict the future; rather, they aim to sketch the boundaries of the plausible. They explore the possibly diverse eventualities of how the world might look if the most uncertain and important drivers unfold in different ways. Some of the scenarios they have looked at include the world's ageing population, the future of engineering and construction and what the world's economic systems might look like post-crisis.

Nick has worked extensively in understanding the causes of the global economic crisis and chatted to me down the phone from Geneva. It should be noted that the opinions he expressed are his and not necessarily those of the World Economic Forum.

Listen to this podcast here:







We noted a number of causes of the crisis, including the fact that the world financial system was metastable - that is, before the crisis it was at a delicate equilibrium and susceptible to collapse. The factors that built this metastability included:

  1. A worldwide expansion of credit since 1980 - money became cheap as international monetary policy kept interest rates low. Essentially, you could borrow heaps of money from within your own country and outside of it, and lots of people were giving out loans;
  2. The subprime mortgage crisis - a large percentage of housing buyers in the US could not securely finance their property loans;
  3. The false assumption that housing prices always go up and the notion that we should all become homeowners - this created a housing bubble;
  4. Globalisation - more and deeper connections between institutions were created. This meant that when one company went down, it would trigger a collapse like a house of cards;
  5. Securitisation of home loans to make them tradeable. This meant the inherent risk that banks take on when they give out a loan was spread across many financial instruments, all across the world. This obscured the level of risk people were holding. Even rating agencies got the risk levels wrong. Here is where the maths comes in - and we got it wrong.
So what we did we get wrong with the mathematical models? For a start, they assumed a high level of liquidity, which means that it was assumed that whenever you wanted to trade, you could find someone to trade with . But this was not true - companies were unable to trade their securitised mortgages due to a loss of investor confidence, and so they were stuck with assets with falling value. Homeowners also found this when the bubble burst.

The models also used normal distributions of stock market movements. What's wrong with this, you may ask. Well, the world of finance unfortunately doesn't work this way. It is worth here noting the distinction between risk, which is something we can model, and uncertainty, which is more difficult. You can fit a probability curve to risk based on past experience - for example, you toss a coin, bet on tails but heads come up. You took a quantifiable risk. Uncertainty refers however to things you can't even predict.

Nick used the examples of Mediocristan and Extremistan to illustrate the difference between risk and uncertainty. In Mediocristan, everything fits nicely under a bell curve. Extreme events are so rare that we can essentially ignore them. For example, if you surveyed 1000 people and plotted their weights, you would come up with something like a normal distribution. If you then found the heaviest person on Earth, he would be to the far right of our curve, but not so much that the normal distribution fit would become inappropriate. Finance, however, does not work this way. Imagine you surveyed the incomes of 1000 people. This may also look like a normal distribution - but then take the richest man on Earth and look at what it does to the distribution. Bill Gates would probably earn more than everyone you sampled put together. This is Extremistan. The worlds were the inventions of Nassim Nicholas Taleb who came up with the idea of the Black Swan. The name comes from the idea that before black swans were discovered, everyone thought swans were white - they had no reason to think otherwise. This is an example of uncertainty as you can not quantify the probability of finding a black swan when you don't even know they exist.

It's very difficult to deal with black swan events - like in Extremistan when we discovered someone a million times richer than anyone we have ever seen. The mathematical models dealing with securitised mortgages attempted to model risk in a far too simple way and did not take into account the uncertainty of the entire housing market collapsing (many defaulting on their loans at once - our black swan). The fact that uncertainty is so difficult to model is why we have the World Economic Forum Scenario Planning Team!

Listen to this podcast here:







And for all the Nick Davis fans out there, check out his blog Managing Uncertainty and watch the following video of Nick in action for the World Economic Forum. Thanks again Nick!



There is more from the World Economic Forum and the Global Financial Crisis on youtube here.

Tuesday 12 May 2009

The Muppets are responsible!

Having spent the night browsing around youtube, it seems to me that The Muppets might have some explaining to do re bird flu and swine flu.

Bird flu, or more specifically Influenza A virus subtype H5N1, is considered a significant pandemic threat. It is passed between birds in their saliva, nasal secretions and faeces, and past outbreaks in humans have started in crowded conditions, where humans and chickens live in close quarters. In these conditions the virus is more likely to mutate into a form that can infect humans. It is thought that some of the humans who have died from bird flu were cock fighters who sucked the mucus from the bird's beak before a fight. There are some suspected cases of human-to-human transfer.

Keeping this in mind, check out what the Swedish Chef is doing to this poor turkey. He is not only kissing it, but prodding it rather inappropriately with his skewer and exposing himself to the turkey's body fluids...



Swine flu is a new strain of Influenza A virus subtype H1N1. H1N1 is the most common cause of influenza (flu) in humans. The new strain seems to be a new mix of the genetic material of the human influenza, swine influenza and avian influenza viruses. One of the reasons why this new flu is considered a significant threat is that it is now being spread human to human. This contrasts bird flu which was almost entirely animal to human. As the strain is new, we have no natural immunity, nor are we vaccinated against it, so there is a considerable threat of a pandemic. Currently we are not sure if the virus originated in pigs, humans or birds. Check out this video of Miss Piggy, she does sneeze and spread her flu around a lot - I think she might have been the source!



So essentially the major flu outbreaks of the 20th Century are due to The Muppets. Not to mention the rats they have running all over the place, I'm sure they had something to do with the Plague...

Saturday 2 May 2009

Ep 105: Music and Intelligence

This week's podcast is about a recent study that correlated intelligence with music choice - it won our new regular prize Correlation of the Week!

You can read more about this study in the original Mr Science post on the topic put out in March 2009 - Correlation of the Week: Intelligence and Music Preference

Listen to his podcast here:






Friday 1 May 2009

Mr Science over at the 365 Days of Astronomy Podcast

A little while back in our 99th episode, we discussed the 6 unknown mysteries of our solar system. This show has recently been played in the 365 days of astronomy podcast, which is a project that publishes one astronomy-themed podcast per day for all 365 days of 2009. 2009 is the International Year of Astronomy, which is described as a global effort initiated by the International Astronomical Union and UNESCO to help the citizens of the world rediscover their place in the Universe through the day- and night-time sky, and thereby engage a personal sense of wonder and discovery.