Sunday, May 08, 2005

Proposed Texas biometric ID system still may allow thousands of frauds

Caffeinated Security examines the idea of creating a biometric facial recognition database of Texas drivers and ID card holders, authorization for which the Texas House of Representatives initially approved on Thursday. Using Bruce Schneier's security analysis process from Beyond Fear, CS offers a security perspective on the wastefulness and potential for abuse posed by compiling a massive database of drivers' personal facial measurements. Particularly interesting is his analysis of "tradeoffs":
To attempt to prevent license fraud, the state of Texas would compel anyone needing to drive to expose themselves to a great risk of identity theft. There’s no legislative requirement for security of the data in this database, but there is a requirement to use inaccurate technology that will not be effective in its goal of reducing duplicate and fraudulent licenses, particularly where facial recognition is used. Under somewhat optimistic assumptions, 34,000 drivers a year will be initially denied their legitimate licenses, while perhaps 8,000 fraudsters will be initially accepted in their application for fraudulent ID.
The 8,000 frauds per year allowed is based on a very optimistic 1% false negative rate for facial matching systems. Since current error rates for the technology are much higher, it's probable many more frauds could be allowed. (By contrast, estimates provided to the House Defense Affairs Committee at the bill's public hearing predicted the new Texas system might catch five people per week statewide attempting drivers license fraud, or 260 per year.)

Good stuff. Be sure to check out the rest of the post for more background on why this new system won't make Texas more secure. See also prior Grits biometrics coverage.

1 comment:

Stacey Wendler said...

Sorry for omitting to sign - I posted the above.