Friday, March 26, 2010

News: Airport Worker Disciplined for Abuse of Full Body Scanner

From the Guardian: police gave a warning for harassment against a 25 year old man for taking a photo of a female co-worker as she inadvertantly walked through a full body scanner. Tabloid newspaper the Sun reports that he 'ogled her' and made 'lewd' comments.

BAA said: "We treat any allegations of inappropriate behaviour or misuse of security equipment very seriously and these claims are being investigated thoroughly," a BAA spokesman said. "If found to be substantiated we will take appropriate action."

Wednesday, March 17, 2010

News: US Government Accountability Office on the Cost of Full Body Scanners

Via Privacy.org: The Government Accountability Office , the audit, evaluation and investigative arm of the US Congress, has estimated that rolling out full body scanners worldwide will cost the American taxpayer about $3,000,000,000:

The audit agency said TSA estimates each unit costs about $170,000, meaning it would cost about $300 million to buy 1,800 units, enough to cover about 60 percent of screening checkpoint lanes at the highest-priority commercial airports. Each scanner requires three people to operate. Based on the administration's request for $219 million to hire 3,550 TSA staffers next year alone, GAO estimates it will cost $2.4 billion overall to staff the machines over eight years.

They also have raised the issue of effectiveness, noting in particular that the operation of such machines on the 25 of December would not have stopped Umar Farouk Abdulmutallab. The House Homeland Security Committee is due to have a hearing on the proposed use of the machines this afternoon.

Detecter partner Mathias Vermeulen has a piece summarising the growing opposition to full body scanners over at the Lift.

Tuesday, March 16, 2010

DETECTER on BBC Midlands Today

News: More Details on ID Card Databases - Ministers Seeking Advice from Industry on Security

The Register is reporting this morning that the Identity minister has announced that UK ID Card scheme is to have 3 different databases: "There is the one that holds the fingerprints and facial image, the biometric data, and then the other information which is broadly what is on your passport already and the third bit is the one that links the two,"

The announcement was made at a meeting organised by the Social Market Foundation. Meg Hillier, the minister, also revealed that her department is still researching how best to to make remote use of ID Cards work.

An example of an ID card reader, visually like a larger version of a card reader used by retailers, was available at the conference. Hillier said that the government "needed to do more work on this" and was keen to hear the views of industry about how this will work, particularly about security.

Monday, March 15, 2010

Comment: The Case for a Universal, DNA Database

There's an interesting Op-Ed piece on the NYTimes.com site today responding to Obama's apparent endorsement of a national DNA database to include profiles of everyone arrested, whether found guilty or not. The author, Michael Seringhaus, make the case for that the national DNA database ought to hold profiles on everybody not just those who are arrested.

He argues that at present, DNA databases are 'fraught' with problems of discrimination, the disproportionate bias towards racial minorities already having prompted one commentator to dub it 'Jim Crow's database'. This is exacerbated by the use of profiling methods and 'familial DNA search' - searching among the relatives of partial DNA matches as potential suspects when full matches cannot be found.

Instead, he recommends the far more just solution of placing everybody's DNA profile on the database:

Your sensitive genetic information would be safe. A DNA profile distills a person’s complex genomic information down to a set of 26 numerical values, each characterizing the length of a certain repeated sequence of “junk” DNA that differs from person to person. Although these genetic differences are biologically meaningless — they don’t correlate with any observable characteristics — tabulating the number of repeats creates a unique identifier, a DNA “fingerprint.”


The genetic privacy risk from such profiling is virtually nil, because these records include none of the health and biological data present in one’s genome as a whole. Aside from the ability in some cases to determine whether two individuals are closely related, DNA profiles have nothing sensitive to disclose.



He thinks this would be relatively easy to administer, requiring only the introduction of a mandatory sample taking either at birth, or as prerequisites to a drivers licence or social security card. Samples taken at this point would be used only to produce one of these 26 numbered profiles, after which they would be destroyed. I think there may still be objections to make here, however, that derive simply from the administrative scale of the proposal. It seems plausible to me to worry about DNA samples being taken for the purposes of creating a profile being destroyed in a timely fashion and being kept securely in the interim. I can well believe that the process would be secure and efficient much of the time, for much of the country, but if the proposal is to take samples from every single citizen I suspect its inevitable that there will be some malfunction of the sort that has become all too familiar - the information is placed on a CD or laptop that is left on a train, or some disgruntled employee decides to start selling the information on.

One part of his argument I find even more interesting is what he has to say about how this would change people's attitudes to the security and integrity of such a database:

Since every American would have a stake in keeping the data private and ensuring that only the limited content vital to law enforcement was recorded, there would be far less likelihood of government misuse than in the case of a more selective database.

I'm sympathetic to this line of thought, but I'm not wholly convinced that it would change people's priorities as much as Seringhaus thinks: 'everybody' has been quite vulnerable to clumsy losing of private government held data on previous occasions without it turning into an enormous issue. Furthermore, malfunctions in the security of such a system might easily be localised to particular areas or sectors of the community. For example, suppose that the function of generating profiles becomes the responsibility of those issuing driving licenses or birth certificates and that these are matters for local authorities. Some will fulfil this function much better than others and thus, the security of the DNA may be much lower in areas where these local authorities perform poorly. In such a case a majority could remain unconcerned about the risk the policy poses to a minority.