|
|
July 25 2005, Virtual Earth
MSN has launched a preview of its new Virtual Earth. The integration of state of the art mapping and photography with search helps bring together a whole range of associated information in a compelling and more useful way than has been possible in the past. The mapping information for the UK is limited at the moment, so I drilled in on Seattle to find out what this tool can really do. Starting from a satellite photo of the whole of the US I was able to double-click on Seattle and drill down deeper and deeper until I had a very highly detailed set of photographic shots of the downtown area. The detail is remarkable - right down to trash cans outside doors and clear views of parked cars.
Combining this type of new infrastructure with overlay technologies is going to offer some highly compelling innovations in the way we think of and manage issues such as emergency response planning or local urban development. Using either Web-based overlays, which can show for example where the nearest restaurant or hospital is, right the way through to the rich client experiences offered by the likes of Avalon, which can dynamically model and map highly compelling 3D overlays, managing and visualising information is going to be far more easy than in the past. This has huge potential for managing real-time issues such as emergency incident handling - enabling the mapping of affected areas, the location of individuals and resources and so on. I'm looking forward to seeing these new technologies develop in innovative and productive ways.
July 21 2005, Progress on Security
Tracking the UNIRAS alerts, it's interesting to see how, three years on, the commitment to security pledged by Bill Gates has had tangible results. Whilst security remains an issue where much work will always need to be done, looking at the UNIRAS stats shows some interesting results:
Service Pack (SP) 2 for Windows XP was a defining moment in our progress in tackling security issues and is really beginning to pay dividends. The above figures show that security remains an industry wide problem, but at least we are making some headway into the issue and will continue to do so as new versions of the Windows platform come to market. I'm particularly looking forward to Longhorn - the next version of Windows - and the additional benefits that will bring to build on the great work that was done with SP2.
July 18 2005, Longhorn Beta
I've written before about the upcoming new release of the Windows client - codename Longhorn. Well, for those of you keen to adopt new technology, the good news is that the official Beta 1 will be with us in the early part of August. This will be a good chance to familiarise ourselves with the new client - although some of the richness of the new UI and some of the more visually exciting features will only become fully available in Beta 2 (anticipated for January 2006).
Some of the key features that users have been requesting will be evident in Beta 1 including new security features such as secure start-up and the ability to lockdown an installation. Productivity and manageability (including, for example, tools to ease migration, deployment and maintenance) are also major value-adds to this latest release of the Windows client. In many ways, Longhorn will be as radical as Windows 95 - although whether we will witness any of the excited and somewhat manic scenes that greeted the Windows 95 launch happening again around Longhorn remains to be seen.
July 12 2005
Day two of the Global Border Control Technology Summit here in London. And another day of interesting insight into the state of the art around electronic documents, the use of biometrics and automated e-channels.
Joseph Atick, President and CEO, Identix, talked about the challenges of both authentication and knowledge discovery. The quality of biometric images is the single biggest impact on false positives and false negatives. This has been a major focus for NIST (the US National Institute of Standards and Technology) and the US-VISIT programme, aiming to find metrics for scoring quality of images. At the best quality, image accuracy of 99.4% is achieved. But at the other end of the scale, just 27.8%. The impact of image quality is far greater than the impact of the difference in algorithms: so it's likely that terrorists will aim to ensure image quality is poor - but checking all individuals will be too time consuming since about 20% fall into this category. This has led to multi-finger sampling becoming the main strategy - to overcome poor image quality: it is able to improve to over 95% accuracy, using "slap devices" that capture full multi-fingers. Overall, the best combination has proved to be 10-print slaps (ie. all fingers) + face - leading to over 99% accuracy.
Next up was Gary McDonald, Executive Director, Corporate Services, Passport Office, Canada. He started with a brief recap on ICAO, which just happens to be based in Montreal. Even at this level, there is the same debate about standards versus specifications that we are seeing take place elsewhere. When is a specification a standard? And who decides what is and is not a standards body? Gary chairs the New Technologies Working Group which includes ISO, IATA, the Airport Council International and Interpol. The latest specifications (or is that standards?) can be found at http://www.icao.int/mrtd.
Frank Moss, Deputy Assistant Secretary for Passport Services, US Department of State gave a very straight and insightful talk on the US learnings from early work on biometrics and more sophisticated border control systems. One of the first points he was anxious to make was that biometrics are a tool not a solution and that too many vendors have oversold what they can achieve. The US is aiming to have a fully biometric process by the summer of 2006. This has been an interesting set of challenges since the US has no tradition of ID cards and no desire to introduce them. In addition, with some 7000 acceptance agents for Passport applications, taking on biometrics would be a huge challenge.
A major problem they countered was the fact that it was possible to read the new e-Passports well beyond the 10cm range of the ICAO specification. They are working on ways of ensuring this can be blocked and cut down to just 2cm: they are very alive to the concerns that distance reading of passports can raise. One difficult but inevitable fact is that the cost base also keeps moving and dramatically increasing. In addition, Frank acknowledged that privacy concerns are highly valid and must be dealt with: "We need a security in depth process around privacy issues" and taking on privacy feedback has helped produce a much better e-Passport.
This is the same point we've been making for some time: well designed systems make a partnership of security and privacy instead of setting them at loggerheads.
NIST has done much of the real testing on the new e-Passports and they intend holding an open day to include privacy organisations to show what has been done and discuss what else might be needed. This is a maturity of engagement between government, its agencies and various interest groups that appears lacking elsewhere. Frank also emphasised the need to tap into existing industry expertise - disagreement can be healthy to produce better outcomes. Absolutely. One key lesson to take away: don't rush these things, it's worth putting in the time and investment to get them right.
The next speaker was Marcel van Beek, Program Manager, Passenger Process, Amsterdam Airport, Schiphol. They now have a frequent flyer programme that uses an expedited e-channel and has some 20,000 people enrolled. It makes use of an iris scan and provides a 12s average passing time, with a rejection rate of 1.5%. That said, Marcel admitted the rejection rate does start higher but then drops as people acclimatise to use of the system. Some 500,000 crossings were made last year using it. In addition, the airport has deployed a staff access system using contactless badges with iris verification. The verification is to a token - there is no storage of raw biometrics in databases or systems, with a deliberate decision taken that only conscious capture should be possible (ie. that the system should not enable remote monitoring of people's movements and presence without their awareness).
Following on was David Leppan, CEO, World-Check, who talked about whether we should all be making more use of open source (public) intelligence information for border control. He cited a few examples of individuals they had spotted as potential problems before anyone else, including apparently the Bali bomber. But he also mentioned some 300,000 people they are currently tracking which does beg the question of how anyone can sensibly track, monitor and evaluate risk in any meaningful way. That said, David was one of the few people during the conference to step outside the immediate authentication/verification issue and consider that without accompanying intelligence about the person you have just authenticated we are all missing a major part of the story.
Claudia Hager, Executive Director, Austrian State Printing House stated that global interoperability was the key goal of much of what they are trying to achieve with e-Passports. They also of course need to be reliable and durable (Claudia demonstrated some interesting experiments that have taken place with hammers, nails, washing machines, acids and ovens, to name a few) to test how well chips are likely to survive in the real world. As with Frank Moss pointing out that biometrics are just an additional tool, not a solution in their own right, Claudia pointed out that the chip is just a supplement to a high quality document. Claudia also highlighted that the new ICAO 9303 standard will shortly be published in its 6th version.
The final speaker of the day was Barry Kefauver, Principal, Fall Hill Associates. He dealt with the topic of travel document system integrity - "the gun waiting to smoke" as he put it. New Zealand was cited as a country that has used database linkages (which involved legislative changes) to help with the associated intelligence systems that need to accompany border control and anti-fraud measures foe example. Over 70% of identity theft/fraud is apparently attributed to stolen and lost identity documents - with the main impact being felt elsewhere (rather than directly on border control) for relying parties such as banks. Improved data sharing of identity and threat information between public and private sectors is needed in Barry's view to reduce risk. This again echoes the ongoing debate here in the UK about secure, appropriate data sharing across public and private organisations.
July 11 2005
Day one of the Global Border Control Technology Summit here in London. There's a large, international turnout reflecting the importance of the topic of border control and related identity systems. It's stated theme is to look at...:
... resolving the technological and logistical challenges in the global deployment of biometrics for travel documents, border control and national identity systems
My interest is the broad topic of identity systems and related information - and primarily to hear real world experiences of what is happening (and what is succeeding and - equally importantly - failing). In particular, with relation to the early adoption of large scale biometrics - and what does and doesn't work in practice in both identity authentication terms and associated data sharing in risk assessment following on from such authentication.
The Chairman, Clive Reedman, makes the point in his opening address that when we talk about "borders" we do not just mean national frontiers: a border is better considered as any point where some kind of access control and authentication is required. This is the model used for example to gain access to business offices, where entry is always challenged. But in the public sector - from hospitals, where access is rarely controlled, through to transit systems, where only valid payment is checked for - exist many examples that, given recent events in London and elsewhere, might need to be reconsidered.
All of which are valid points. But authentication of identity is not proof of someone's intentions: improving our identity management tools is only one part of the work we need to be doing. I worry sometimes that some see authentication in itself as the end goal, rather than as a contributory part of a broader citizen safety initiative. Today was a good chance to hear firsthand from some of the leading projects taking place around the world and to consider what lessons we can learn from them. I'll briefly narrate some of the presentations to highlight key content and messages.
Bernard Herdan, Chief Executive of the UK Passport Agency emphasised the point that there is no "silver bullet" for the problems of identity and border control. The UK Passport Agency has conducted pilots using facial recognition with useful results, finding duplicates across their various systems: essentially people claiming more than one identity. The media-quoted high approval ratings of ID systems however turns out to be a survey taken only amongst those who participated in the face, iris and fingerprint pilot. So perhaps it reflects the self-selecting nature of many of those who took part rather than the consensus of the general population.
The proposed UK e-Passport will be contactless, but designed to be used in close proximity to passport readers. There is little discussion of whether the design is intended to respond only to legitimate and authorised passport readers rather than any reader (see my discussion of the 7 Laws of Identity earlier in these blogs). The issuance process for new forms of ID is currently a big focus and includes both public and private database matching - although Bernard comments that it's easer for them to work with private sector databases than other public sector databases. Fingerprints are due to be included in all Visas by 2008 (I'm assuming in some form of encrypted form). They are also looking at outsourcing of biometric capture given the amount of work involved, which raises huge challenges in ensuring the end to end integrity of the proposals: social engineering is always going to be one of the weakest links in these systems, as we saw with the driving licence agency officials bribed with just $100 in the US to provide some of the 9/11 terrorists with fake "ID". One interesting point is made: if I understood correctly the Passport Agency intends to issue an ID card with every UK passport anyway even if the ID Card Bill does not go ahead. Which does raise some interesting questions about the current ID Card debate.
Jim Williams, Director, US-VISIT Program, US Department of Homeland Security talked about the generally high level of acceptance of the new entry controls that the US has implemented, pointing out that they actually were in process before 9/11. One of the likely reasons for such acceptance is that processing time has gone down at entry points - something I've noticed during my last few US visits. In addition, over 700 criminals have been intercepted at the point of entry through the use of biometrics. They are now looking at land borders and the idea of RFID tags in cars at border crossings to automate the process - the ultimate ideal being for legitimate drivers to be able to go through at normal driving speed. The idea would then also be extensible to cover say all passengers on a bus. This seems to imply both some form of extended reach RFID technology as well as raising questions about how you know whether the travellers themselves are really present as opposed to just their travel documentation. I'm not sure aspirations and technology (let alone security and privacy) are quite yet in sync in some of these areas.
The US approach to RFID is hinged on a unique identifier rather than containing any sensitive data: the unique identifier provides a link to an index to a database. They are very aware of the need to include nothing sensitive on the device itself. They are also looking at the potential for an international registered traveller programme for perceived low risk groups (an idea a colleague of mine first proposed some years ago and which now seems to have more widespread acceptance). They have also been conducting e-passport tests between the US and Australia to find out the practical real world experiences of using many of these new technologies and travel documents.
Raymond Wong, Assistant Director of Immigration (Information Systems), Department of Immigration, Hong Kong (People's Republic of China) talked about how they have had an ID Card since 1949. They are now even thinking about a chip in birth certificates to protect their integrity and value given how much of a key role birth documents often play in the process of first asserting your identity. Hong Kong has some 181 million passenger movements a year and although the workload has doubled, staffing has remained largely static due to the way they have implemented their new systems. They offer the traveller the choice of an e-channel (fully automated) or manual channels (for those concerned about privacy or who would rather deal face to face with a human rather than a machine). Of course, even the e-channel is overseen by officers, who can provide a high quality supervisory function and oversight of travellers.
Hong Kong has also applied new methods of control on the road network, with motorists now able to go through borders using their thumb print combined with automated vehicle recognition. This is also being combined with facial recognition. Some of the problems they have encountered are with dry fingers, wet fingers and chipped fingers - which can cause problems with readers, but the numbers have not proved so significant as to cause major issues. Key to facial recognition success is the combination of face position, lighting and sunglasses (another area where ICAO (the International Civil Aviation Organization) has been active in developing standards). China needed to change its laws to allow for immigration checks to be undertaken by machine not human. A standard system is now in place that scans all passports, including the traveller's photo, into their systems in order to undertake facial recognition checks of multiple identities - realising some of the benefits foreseen by the ICAO when they first set out the standards for facial biometrics in passports (passport photos to you and me).
Lots to think about here - and a good day to come tomorrow, followed by a workshop. I'll consider some of the broader themes and lessons to be drawn after the event concludes on Wednesday.
July 8 2005
Yesterday in London was a cruel reminder of the reality of terrorism - something I hoped had finished with the end of the bombing campaigns we lived through in the 1970s and 1980s. My thoughts are with those fellow Londoners and visitors caught up in these savage events. Today is a time for family, friends and colleagues - not technology.
July 6 2005
On the basis of the old claim that a picture is worth a thousand words ...
Although of course, London is no longer the candidate city but the city that will host the 2012 Olympics. This is not only great news for the UK, but will also really help a deprived part of London with its ambitious regeneration plans.
We've been a keen technology partner supporting the London 2012 bid - and it's great to see the hard work of everyone who's been associated with building and presenting the case for London rewarded in this way. My congratulations to all of them for this wonderful and well deserved recognition of the great job they have done.
And here's also looking forward to what will be first truly digital Olympics: as one of my colleagues, Chris Yapp, has pointed out, this will be the first Olympics hosted after the proposed switch-off of analogue television in the UK. With BT's recent announcement of the development of its IPTV-based services over broadband, could this be the first Olympics delivered using entirely digital technologies, from the Internet to broadband based IPTV? Seven years may seem a long time for budding athletes looking forward to competing in 2012: but it's an even longer time in technology terms. It's interesting to speculate how technology will be able to support all aspects of London's Olympic Games by then - and what a truly all-digital Olympics will mean.
July 5 2005
To my old stomping ground, the House of Commons, courtesy of an invitation from the Speaker and the Parliamentary Press Gallery: many thanks to Rob Gibson and Gallery News for including me on this special event. The occasion was a reception to mark the presentation of the 2005 Speaker Abbot Award:
The Speaker Abbot Award was launched to mark the 200th anniversary of the Press being allowed into the back row of the public gallery as a right. William Pitt the Younger's announcement to Parliament in 1803 that Britain was to resume the war against France went unreported because MPs' cronies had paid for seats for the momentous occasion and the Press failed to gain admittance. Pitt was apoplectic and Speaker Abbot designated the back row of the public gallery for the sole use of the press.
The Speaker Abbot award goes to a journalist considered to have made the greatest contribution internationally to the protection and promotion of parliamentary democracy. This year's award went to Alfred Taban, who filed the reports for the BBC World Service that exposed the scale of the killing in the Darfur region of Sudan:
"Despite the arrests and the many closures of my newspaper, I have refused to be intimidated and I am still continuing to fight for media freedom and democracy, without which I do not believe we will have a stable Sudan."
Alfred's newspaper has been shut down more time than he cares to remember. He's not even sure when he returns to Sudan whether he will have a paper to write for. The Speaker and Alfred made poignant speeches that made even the assembled world-weary Fleet Streeters appreciate the very different circumstances under which journalists like Alfred operate. I found it a little hard to reconcile in my mind the ostentation of the Speaker's apartment with the very different world that Alfred inhabits in the Sudan. If anything, it made his message carry more impact - as an authoritative voice speaking of his first hand experiences of a very different political culture.
Talking with Alfred and his relatives, we discussed how the media, IT and the Internet, and community radio could all help contribute to the growth of a democratic ecosystem. The free flow of factual information and open debate between our media and our politicians is something we take for granted in the UK. Helping build the information infrastructure in countries like the Sudan is not only an effective way of helping ensure the better flow of information, but also to establish skills and a local ecosystem that will help with sustained economic regeneration. I will follow Alfred's - and the Sudan's - future development with great interest.
July 1 2005
I note the public announcement of the Shared Computer Toolkit beta - a significant development for shared PC environments. Although designed for places such as libraries, schools, kiosks, Internet cafes and similar locations, clearly it has potential applications for other shared PC scenarios, such as hotdesk areas in the public sector. Or even for use where there is a need for a clean, stateless re-start that ensures no files or documents 'leak' from one user to the next.
The Toolkit includes options such as protecting a disk and returning it to an original state upon rebooting, effectively providing a stateless PC experience. There are also a host of options for locking down and preventing users putting files on the PC or changing any of its configuration settings. Importantly, the Toolkit will not require any server infrastructure and is usable by non-IT professionals. Any spyware, viruses or other unauthorised changes can be cleared every time the PC restarts. This clean restart also ensures that privacy is protected by wiping user session information (such as passwords, Web history etc).
Features supported by the Toolkit include enabling administrators to set up a custom desktop for different categories of users; controlling access to system resources (such as the Control Panel); preventing or allowing access to any data drives on the PC; blocking any unauthorised software not explicitly installed by the operator; and even session timers that will force a user to log off after a pre-determined period of time.
Importantly, the Toolkit also includes accessibility features. The tools make it possible for users to enable or disable all of the Windows accessibility features in one easy-to-use interface. Such features include an on-screen keyboard, large fonts, high contrast screen, screen magnifier, and more. The operator, can also create user profiles that have accessibility features enabled by default. Accessibility is an important aspect of any shared use PCs, ensuring all users are able to take advantage of the facilities on offer.
I hope the Toolkit will prove a useful additional tool for shared PC environments: and indeed anywhere that the features it offers - such as a clean, known-build restart - will add value.
| (C) 2004/2005 J Fishenden
|
