nerdgirl 0 #1 January 24, 2008 Corollary to last week’s threads on real ID and secure documentation … (& perhaps to the dystopian vision of [galvar2439]’s video …) instead of papers, it may be blood, spit, or tears … “The FBI is embarking on a $1 billion project to build the world's largest computer database of biometrics to give the U.S. government more ways to identify people at home and abroad. “The FBI, the main investigative arm of the Department of Justice, has already started compiling digital images of faces, fingerprints, and palm patterns in its systems. “In January [2008], the agency -- which focuses on violations of federal law, espionage by foreigners and terrorist activities -- expects to award a 10-year contract to expand the amount and kinds of biometric information it receives, it said. “If successful, the system, called Next Generation Identification, will collect the biometric information in one place for identification and forensic purposes.” Concerns w/this on 4 fronts (at least): (1) Privacy … slippery slope … As a Washington Post article on the FBI’s project posed: will people’s bodies “become de facto national identification cards”? When one is convicted of certain crimes or when one is in a sensitive national security position (e.g., working with classified materials), one relinquishes certain rights. Homeland Security Presidential Directive-12 requires a Government-wide standard for secure and reliable identification for Federal employees and contractors. Half my initial response was “we don’t have one already? …” Sounds reasonable & good, right? Some of the currently used cards contain biometric information (fingerprints), which are used for authentication or as an alternative to authentication via a PIN. Additional biometric information (retinal images, hand geometry, facial recognition) has been incorporated in pilot tests. Where’s the line on between personal privacy and appropriate actions for security? Where does technology become too invasive, i.e., the parable of the slow frog boil to a dystopian vision? This is not a “DARPA-esque” basic or even applied research program, it’s for commercial development, operations, and maintenance, which may not be justified given the state of some of the technologies included … (2) Technical – biometrics is a huge field. Digging into the Congressional Budget Forms, the program, which started in FY06, plans to focus on fingerprints, palm prints, facial recognition, retinal scans (iris), and speech & movement (i.e., gait) patterns. Nothing on DNA (currently whole genome sequencing is unrealistic/too costly) or limited genomic/proteomic profiling. Akin to concerns w/r/t innapropriate use of less-than-lethal weapons, e.g., tasers, technology should complement not be a susbtitute for good law enforcement. (3) Accountability: When you remember things like this, news like this doesn’t give one that “warm, fuzzy feeling.” (4) Cyber-insecurity: The biometric database will be all ‘on-line.’ The conclusion of the recent National Academy of Sciences report, "Toward a Safer and More Secure Cyberspace," is … well, to put it less than diplomatically, we’re screwed. VR/Marg Act as if everything you do matters, while laughing at yourself for thinking anything you do matters. Tibetan Buddhist saying Quote Share this post Link to post Share on other sites
kelpdiver 2 #2 January 24, 2008 Quote (1) Privacy … slippery slope … There is no slope here. This is El Capitan, or that wall in Norway. Unfortunately, I think we need a watergate threshhold event to get the Feds to swing back towards the side of being less like assholes. And this wasn't just Bush, who used 9/11 to get things done that Reno couldn't. So long as people will accept anything new in the name of fighting terrorism, the water will keep getting hotter. Quote Share this post Link to post Share on other sites
warpedskydiver 0 #3 January 24, 2008 If this is a slippery slope, I suspect there is a pungi pit at the bottom. Quote Share this post Link to post Share on other sites
champu 1 #4 January 24, 2008 1) No comment here... 2) I'm not very familiar with genome sequencing, but could a reliable hashing algorithm be developed to uniquely identify someone with reduced computational complexity? (I feel like some geneticist is going to smack me in the back of the head for asking that question.) 3) Does anyone actually read the Federal Acquisition Regulations? I know it's dry, but there's some good stuff in there to prevent this kinda crap. 4) Does the FBI, in taking on something like this, have to respond to NSA directives regarding information assurance? Hey, if we're lucky they consult the NSA and get told that such an aggregation of information is a national security concern, must be classified, and the FBI has to shit-can the idea because it becomes cost prohibitive. Quote Share this post Link to post Share on other sites
Amazon 7 #5 January 24, 2008 (1) Privacy … slippery slope … As a Washington Post article on the FBI’s project posed: will people’s bodies “become de facto national identification cards”? Welcome to Gattica ow long do you think it will be till we reach the.....defective people based on thier DNA stage??? Quote Share this post Link to post Share on other sites
BIGUN 1,488 #6 January 24, 2008 (6) This directive shall be implemented in a manner consistent with the Constitution and applicable laws, including the Privacy Act (5 U.S.C. 552a) and other statutes protecting the rights of Americans. Homeland Security Presidential Directive-12 "In 2003, the FBI exempted its National Crime Information Center, the Central Records System, and the National Center for the Analysis of Violent Crime from subsection (e) (5) of the 1974 Privacy Act." 28 CFR Part 16 "Moving forward, the FBI expects to make this comprehensive biometric database available to a wide variety of federal, state, and local agencies, all in the name of keeping Americans safe from terrorists (and illegal immigration). The FBI also intends to retain (upon employer request) the fingerprints of any employee who has undergone a criminal background check, and will inform the employer if the employee is ever arrested or charged with a crime." Source Last time I checked... there's a little something about proven guilty? Interesting reading on Prosecutorial Misconduct at the aforementioned "local agency" level. Now, don't get me wrong. I believe in a tier security system for government and contract employees, but as you mention, there's already a good system in place (not great and could use some enhancement), but when it begins to "slide" into the general population's right to privacy; that's a cause for concern.Nobody has time to listen; because they're desperately chasing the need of being heard. Quote Share this post Link to post Share on other sites
nerdgirl 0 #7 January 24, 2008 Quote 2) I'm not very familiar with genome sequencing, but could a reliable hashing algorithm be developed to uniquely identify someone with reduced computational complexity? It’s a great question. Folks are trying. More driven by the prospect of individualized medicine than identification - there’s more $ in healthcare. It’s also a heavily multi-disciplinary problem. Hypthetically, yes ... altho' there's still tremendous basic research in molecular biology and bio-informatics to be done. The first issue is identifying the pertinent molecular markers. More than 80% of human DNA is noncoding or “junk” DNA.* (There is a lively debate as to whether those regions do play a role a more active role than originally thought or are purely evolutionary left over from bacteria.) There are a couple current techniques used, the most common is restriction fragment length polymorphism (or RFLP), which is used for genetic testing, including forensics (OJ Simpson trial) & paternity tests. Other folks like Dave Relman (Stanford), non-profits like TIGR, and federal labs like Naval Medical Research Center are working toward that potential via different routes and different applications. It is still very much basic research. Quote3) Does anyone actually read the Federal Acquisition Regulations? I know it's dry, but there's some good stuff in there to prevent this kinda crap. How do you see the FAR acting in such a way? Most of the folks who *really* know the FAR (I don't), don't know the science & technology or law enforcement, & vice-versa. Also, OTAs can override the FAR, e.g., the pharmaceutical firms Chiron & GSK got OTAs (>$10M) in this program. (Nota bene: please do not interpret that as opposition to those OTAs, just provided as specific examples). May need an Undersecretary signature, but they do happen. Personally, I'm more likely to read the "R-forms" executive agencies submit to Congress. Sometimes wealth of info ... sometimes not. All publicly available, no FOIA request required (as opposed to acquisition sensitive documents). Quote4) Does the FBI, in taking on something like this, have to respond to NSA directives regarding information assurance? Respond to Presidential & DOJ directives, yes. Respond to NSA directives, no; NSA is DoD. VR/Marg Act as if everything you do matters, while laughing at yourself for thinking anything you do matters. Tibetan Buddhist saying Quote Share this post Link to post Share on other sites
nerdgirl 0 #8 January 24, 2008 Thanks for the additional information. I was not aware of the Privacy Act exemption for the FBI program. Quote Now, don't get me wrong. I believe in a tier security system for government and contract employees, but as you mention, there's already a good system in place (not great and could use some enhancement), but when it begins to "slide" into the general population's right to privacy; that's a cause for concern. We may be in, as they say, ‘violent agreement’ here. I’m at the far opposite end of the spectrum from the techno-phobes. That doesn’t preclude asking (even if it’s only intellectual fodder): should we do it? Really most of what the FBI program is asking to do is (relatively) old science, as [champu] observed a lot of the potential practical utility comes from process algorithms that can handle the signal vs noise problem ... maybe. Beyond the FBI’s program, what other technologies are being pursued for nominally law enforcement/security applications that also have privacy implications? E.g., functional MRI for lie detectors. There’s already at least one commercial endeavor: No Lie. Although according to the company President, in this NPR interview, most of his business is coming from folks concerned about something other than national security: “‘We have had a huge number of people contact us with regard to sexuality,’ he said. ‘In other words: “I am being faithful to my partner, but he doesn't believe me.” That's a common complaint. Interestingly, it is mostly women who are calling and asking to do this.” “[Joel] Huizenga says No Lie has received hundreds of requests from people in relationships who want to pay $10,000 for an fMRI scan that proves their fidelity.” VR/Marg Act as if everything you do matters, while laughing at yourself for thinking anything you do matters. Tibetan Buddhist saying Quote Share this post Link to post Share on other sites
BIGUN 1,488 #9 January 25, 2008 QuoteWe may be in, as they say, ‘violent agreement’ here. We are. Quoteshould we do it? Nope. But, the "can we do its and make money at its" will still try. Take away the money and it goes away.Nobody has time to listen; because they're desperately chasing the need of being heard. Quote Share this post Link to post Share on other sites
Richards 0 #10 January 26, 2008 I have no problem with collecting such items (DNA, fingerprints...etc) from people who have been convicted of a felony for a database, but this looks a bit frightenning as it is across the board. My biggest handicap is that sometimes the hole in the front of my head operates a tad bit faster than the grey matter contained within. Quote Share this post Link to post Share on other sites
