Author: D Rosen
I have written previously about stealing identity, but what of looking like, or emulating their features in a ‘Single White Female’ moment, copying and imitating looks, etc…?
Humans are patternistic. [SB] We seek a reason or a pattern to make sense of what we do, or what has been done. Sometimes there just is no pattern, and we have an unexplainable chain of events which can not be reconciled.
When identifying someone from a human perspective, we look for identifying features. It need not be the shape and size of a person. It may also be the way they walk; the way that they talk. One will look for mannerisms, or reactions known to that particular individual. The way that they smile, or do not smile; the way they frown, etc…
When identifying someone from a digital perspective, key parts of the body assessed, produce data, which is then compared to a database to identify an individual. Can 2 people have the same features? At a glance, yes. Can 2 people when analysed by way of biometrics, produce the same identifying features? I am told by forensics in this field, that there is a possibility, but an extremely small and unlikely probability of one in a billion.
Obviously, if we could harness non-evasive DNA testing, this would likely be the best tester of identity. How that could be done, and in what circumstances in a random scanning atmosphere such as a Bank or an Airport is beyond the scope of this blogpost.
Identity recognition/Identity evasion/Identity reaction/Identity theft
In each of us, we have key identifying physical characteristics (i.e. a scar on the face, a big nose, a small nose), but on a micro-scale, such features can be considered fleetingly, and more scientifically, when passing through a security-check, via fingerprints, ears, facial features, and now knees, by way of biometrics.
The key objective to biometric testing is to identify users, or people.
There must be at least 4 reasons for biometric testing:
1. To identify the user;
2. To prevent access;
3. To detect access;
4. To deter access.
Fingerprints
Fingerprints have been the main source of key identification for the Police and Security for decades.
Each finger has its own individual marking, as do palm prints.
Those details have been stored in Government security databases for years. To the unassuming or less-sophisticated criminal, they will likely be identified.
To a highly-sophisticated criminal, silicone and other forms of plastic, can be moulded not only to emulate fingerprints, but to disguise them.
In other scenarios, individuals have had their fingerprints removed…ghastly.
Eyes
There are 2 types of biometric eye-testing. Iris recognition, and retina scanning. They are different.
Quoting from Wikipedia:
‘Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of the irides of an individual’s eyes, whose complex random patterns are unique and can be seen from some distance.
Not to be confused with another, less prevalent, ocular-based technology, retina scanning, iris recognition uses camera technology with subtle infrared illumination to acquire images of the detail-rich, intricate structures of the iris. Digital templates encoded from these patterns by mathematical and statistical algorithms allow the identification of an individual or someone pretending to be that individual.[1] Databases of enrolled templates are searched by matcher engines at speeds measured in the millions of templates per second per (single-core) CPU, and with infinitesimally small False Match rates’.
The problem with iris recognition, or retina scanning, is that you have to look directly into something which scans your eye. It takes longer to scan than other parts of your body. To my knowledge, such a scan cannot be carried out without a degree of invasion. It is almost virtually impossible to scan anyone without them knowing about it.
Ears
We all have different shapes and sizes of ears. Ears and ear lobes grow larger, proportionately in age, but the ear canal itself is generally formed from birth, and the shape does not change.
This is a far less evasive scanning technique than for the eyes, because your ear can be scanned as you walk past a post with a scanner. You may not know or realise you are being scanned.
Face Recognition
There are patterns and proportions that can be measured between the nose and the mouth, the eyes, and the ears, the eyes and the nose, the mouth and the chin, etc…There are a number of points on a face that can be measured and that data captured relatively easily through a CCTV camera.
The problem with face recognition is that when people get older, those proportions can change; A squint, or a facial expression different to a straight face, can distort the face-recognition techniques.
I like this type of biometric testing the most, but given that it works on accuracy of proportions, and those proportions can changed, it is not fail-safe, and can be flawed.
Also, with plastic surgery, and silicon fittings, features can be enlarged, or reduced, rendering this biometric scanning as questionable.
Knees
An individual’s knee shape is different in size, and shape. People walk differently. The joint moves differently. An MRI Scan of a knee is very hard to mask in terms of identity. No amount of silicone will mask the ball and joint of the knee.
This is a new innovation in the Press this week. I really like the idea of this, but it will take some time to build up a database where people can be identified. Also, current technology can not readily take such a scan in just seconds, and whilst in theory, the identification is interesting, it may take a while for technology to catch up with the concept.
Concerns
The problem with biometrics, is like everything else computer-based, key information, converts into a pattern of ones and zeros, or ones and twos. That information is then, but not always, converted through a logarithm into a code, and that code opens doors, pathways, access to Bank accounts access to identities.
Break the code, and you gain access…Is it possible to break such a code? Yes. Has it happened? I do not know. Could it happen? Logic dictates that any biometric code could eventually be cracked.
Confuse the code, and you do not alert Authorities to your presence…
If a known criminal or terrorist wanted to travel seamlessly through a security-check, disguised, could he/she do it?
Other than height, weight, colour, where thousands of people pass through a security-check, a positive identification is what security look for, and not a negative one.
Stealing a biometric code, where only biometric codes are used for identification purposes, is potentially disastrous. If credit card numbers, and Frugging (Wi-Fi mugging), are becoming more and more common, what reason is there to think that biometric data cannot also be stolen, or reproduced?
Possible Solution
We can not rely upon human identification alone. We can not rely upon biometric data alone. Usually biometric testing is carried out upon one feature. If 2 or more human features were tested at the same time, together with human interaction, this would be ideal, but not necessarily practicable.
Professor Rosen is a Solicitor-Advocate, Partner, and head of Litigation and the fraud department at Darlingtons Solicitors. He is a Certified Fraud Examiner. He is on the panel of the Association of Certified Fraud Examiners’ UK Chapter, a working member of the Fraud Advisory Panel, and an associate Professor of Law where he lectures on a weekly basis on Civil Fraud, Criminal Fraud, and Legal Theory, amongst other subjects.
