Thread Subject: Re: biometrics continued

From: terry.weaver@gsa.gov
Date: Thu, Jul 19 2007 3:00 PM

• Return to this mailing list's archives
• View all messages in this thread
• Next message in thread: Hoffman, Allen: "Re: biometrics continued"
• Previous message in thread: Hoffman, Allen: "Re: biometrics continued"
• Messages sorted by: Author | Thread | Date

This subject has also been raised with the Federal Identity Credential
Committee (FICC), who are working with GSA and NIST on ID standards for
all Federal employees. I have been speaking with Judy Spencer, who works
in another division in my office and we have met with the Access Board
regarding the standard that agencies need to follow in selecting, creating
and using Federal Identity cards.

I forwarded some of our emails and ask that she share the discussion
regarding the two forms of biometric identification (fingerprint and
retinal scan) with the members of the FICC and here is Judy's reply - "I
will share this. Currently, FIPS 201 does have an alternative - the
facial image. Since we all have faces (if you can show me someone without
a face, I'd be very interested) and facial recognition software is really
quite good (it deals well with changes in facial hair and glasses) and
getting better, I think this is the best and least invasive alternative.
Retinal scans require you to put your eye up to a sensor and hold
relatively still, someone with a palsy would have as much trouble, if not
more, with this alternative as with presenting a readable fingerprint."

I will be happy to forward responses to her.






"Hoffman, Allen" < = EMAIL ADDRESS REMOVED = >
Sent by: = EMAIL ADDRESS REMOVED =
07/19/2007 04:39 PM
Please respond to
"TEITAC General Interface Accessibility Subcommittee"
< = EMAIL ADDRESS REMOVED = >


To
"TEITAC General Interface Accessibility Subcommittee"
< = EMAIL ADDRESS REMOVED = >
cc

Subject
Re: [teitac-general] biometrics continued






This sounds like you and I are thinking along similar lines.


Allen Hoffman -- = EMAIL ADDRESS REMOVED = ; v: 202-447-0303


From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Gregg
Vanderheiden
Sent: Thursday, July 19, 2007 3:44 PM
To: 'TEITAC General Interface Accessibility Subcommittee'
Subject: Re: [teitac-general] biometrics continued

Me personally?

My approach is to start with the ideal, then explore all the
approaches. Then see what is possible and practical.

There are different environments here so I think I would look for

1) a general guideline that seeks what is needed
2) sub provisions that cover situations
a. e.g ir x is not possible then y.
b. if non-biometric is not possible then at least two (or finger and
hand) (or one not requiring vision or eyes) (o r something else ) OR
the biometric does not involve something that a person can lose (e.g.
biometric analysis of circulatory system).

So I don't start out with any preconceived limitations.

Will be great to hear from people who may know about security issues
across the gov - including high and low security use of biometrics.



Gregg
-- ------------------------------
Gregg C Vanderheiden Ph.D.



From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Hoffman,
Allen
Sent: Thursday, July 19, 2007 1:47 PM
To: TEITAC General Interface Accessibility Subcommittee
Subject: Re: [teitac-general] biometrics continued
Gregg:

Do you have any philosophical problem with this approach? I think this
path may get us moving toward more accessible biometrics, or alternates
more quickly than basically just leaving the full or nothing on the table
only. I'm saying this from some direct experiences here at DHS where this
is indeed an active continuous challenge. If, AB indeed did say that path
is not what they want, then we can certainly consider offering our
experiences up for consideration as supplemental information. To be
honest what is needed is hard research on identifying the accessible
biometric or alternative that is accepted by the security community as
real.






Allen Hoffman -- = EMAIL ADDRESS REMOVED = ; v: 202-447-0303



From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Gregg
Vanderheiden
Sent: Thursday, July 19, 2007 2:42 PM
To: 'TEITAC General Interface Accessibility Subcommittee'
Subject: Re: [teitac-general] biometrics continued
Ok

Not sure it is an AB issue is it?
I think they will tell us it is our decision.

Oh � when I said I was told �two biometrics wasn�t acceptable� � it wasn�t
by the Access Board. It was on one of our calls (or one of the calls. I
can't remember if it was in general or another group)


Gregg
-- ------------------------------
Gregg C Vanderheiden Ph.D.



From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Hoffman,
Allen
Sent: Thursday, July 19, 2007 1:34 PM
To: TEITAC General Interface Accessibility Subcommittee
Subject: Re: [teitac-general] biometrics continued
I'll raise this with the Access Board.
thanks.


Allen Hoffman -- = EMAIL ADDRESS REMOVED = ; v: 202-447-0303



From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Gregg
Vanderheiden
Sent: Thursday, July 19, 2007 2:33 PM
To: 'TEITAC General Interface Accessibility Subcommittee'
Subject: Re: [teitac-general] biometrics continued
Oh you are correct. The new language does not allow two biometrics. But
that was because I was told that was not acceptable. I was told it only
reduced the problem but still barred the rest from access.

So the wording covered that. If covering that vast majority is good
enough � then we can look at two biometrics. I was just trying to go
with the constraints laid down.

Lets take this up and discuss it again. We certainly need to determine
what we are TRYING to say �before we can figure out the words.


Gregg
-- ------------------------------
Gregg C Vanderheiden Ph.D.



From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Hoffman,
Allen
Sent: Thursday, July 19, 2007 9:51 AM
To: TEITAC General Interface Accessibility Subcommittee
Subject: Re: [teitac-general] biometrics continued
I think our practical experience in dealing with this at the present time
is that adding at least one additional biometric as an alternative will
address the vast majority of people affected, e.g. the same approach of
"lets deal with the things we can first", as we are doing in lots of 508
now.

Your suggested language:

�When biometric forms of user identification are used, an alternative form
of identification must also be provided unless the biometric measure is
not affected by any disability.�
NOTE: Disabilities routinely involve loss of hands, eyes, limbs, and
voice.

Is not operationally much different than what we have now, and doesn't
provide steps to solutions we can move towards to the final aspirational
solution.

I don't think this is clear that adding alternate biometrics is accepted.
My experience with security requirements is that they are very specific,
so our requirements must be as precisely defined as we can make them to
leave little room for unclarity. I believe the Access-Board was looking
for some expertise that could identify acceptable alternatives to
biometric usage. I don't think we have done that yet, so we need to
encode the practical acceptable "real world" approach first, as long as
the aspirational solution is not prohibited.

So my previous suggestion was:

When biometric forms of user identification or controlor activation are
used which rely upon a person possessing one unique biological
characteristic,
an alternative form of identification or control or activation must also
be provided which uses alternate biometric unique characteristics, or does
not
rely upon biometrics. Agencies must provide an alternate means of access
for anyone who can not use the provided biometrics-based form of
identification,
control or activation.

Explanatory note:
Until nonbiometric forms of identification, control or activation have
been integrated into security best practices, such biometric-based
systemsmust be
developed to allow multiple biometrics to be used. For example,
fingerprints and retina patterns are just two examples. It is less likely
for people
to have both missing fingerprints and retinas than either stand-alone.
Even if multiple biometrics are available, when people can not use those,
alternate
means of access must be provided in policy and implementation for those
affected. For example, for someone who has no retinas or fingers, another
procedure,
which could involve physical assistance may be needed to provide
comparable access.

It is strongly recommended that the Access-Board direct research to
identify nonbiometrics forms of identification, control or activation to
be integrated
in to security best practices and standards in the near future.

I think this can be strengthened to include the aspirational more clearly
to reconcile both.

Revision:

When biometric forms of user identification or controlor activation are
used which rely upon a person possessing one unique biological
characteristic,
an alternative form of identification or control or activation must also
be provided which uses alternate biometric unique characteristics, relies
upon a biometric characteristic that all people have, or does not
rely upon biometrics. Agencies must provide an alternate means of access
for anyone who can not use the provided biometrics-based form of
identification,
control or activation.

Explanatory note:

People who do not have fingers, eyes, etc are not able to make use of
biometrics-based E&IT simply because currently these solutions rely upon
only one unique biometric measurement, such as a fingerprint. Allowing
such solutions to accept alternative biometrics will decrease the number
of people who are unable to use such biometrics solutions greatly, since
people with multiple disabilities of this type are a smaller portion of
the population. This, however, is only an interim step until biometric or
nonbiometric alternatives are identified and integrated into security best
practices that "all people" regardless of disability are able to use the
procedure. For example, one potential solution may rely upon circulation
only, and it may be true that no people are missing circulation, so this
would be an accessible biometric.


Until nonbiometric forms of identification, control or activation have
been integrated into security best practices, such biometric-based
systemsmust be
developed to allow multiple biometrics to be used. Alternatively, until a
biometric solution is identified that all people can use, biometrics
systems that use multiple biometrics or nonbiometrics must be employed.
For example, fingerprints and retina patterns are just two examples. It
is less likely for people
to have both missing fingerprints and retinas than either stand-alone.
Even if multiple biometrics are available, when people can not use those,
alternate
means of access must be provided in policy and implementation for those
affected. For example, for someone who has no retinas or fingers, another
procedure,
which could involve physical assistance may be needed to provide
comparable access.

It is strongly recommended that the Access-Board direct research to
identify nonbiometrics forms of identification, control or activation, or
biometric alternatives that all people can make use of, to be integrated
in to security best practices and standards in the near future.





Allen Hoffman -- = EMAIL ADDRESS REMOVED = ; v: 202-447-0303



From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Gregg
Vanderheiden
Sent: Thursday, July 19, 2007 9:14 AM
To: 'TEITAC General Interface Accessibility Subcommittee'
Subject: Re: [teitac-general] biometrics continued
Thanks Allen,

- first � thanks for catching the �control� part. That was supposed to
be removed. It should be identification only. The word control confuses
biometric issue with the biologically activated controls issue. We
decided to make this biometrics only � but forgot the edit. (done in
conjunction with hardware)

- on your point 2 � please say more. I don't quite understand.
Those are the words that allow the type of solution we were instructed to
include. Your proposed language is easier to understand or read but does
not include the option we were instructed to include.

- on your point 3 regarding �unique characteristic� � that
should be covered by the word �biometric� � but perhaps it would be good
to spell it out a bit since there was already confusion with biologic
controls.

How about

�When biometric forms of user identification are used, an alternative form
of identification must also be provided unless the biometric measure is
not affected by any disability.�
NOTE: Disabilities routinely involve loss of hands, eyes, limbs, and
voice.

This language does NOT allow for a double biometric approach. Do we
think two biometric is OK? Which two? What about employees who lose
two? Should there always be another option � so they are not barred?

Remember that if there was an �iris or passcode�, only the person without
an iris would need to be able to use the passcode. Not everyone.

Thoughts?

There was a suggestion to bring in some people with security background.
Does someone know some people we could invite?

Thanks


Gregg
-- ------------------------------
Gregg C Vanderheiden Ph.D.



From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Hoffman,
Allen
Sent: Wednesday, July 18, 2007 3:14 PM
To: TEITAC General Interface Accessibility Subcommittee
Subject: Re: [teitac-general] biometrics continued
Specific items:

1. language says when identification or control, and then identification
or activation, reconcile this.
2. The language on "all people" while potentially functionally
equivalent, may not read as precisely.
3. There isn't the "unique characteristic" language anymore and that is
key to the biometrics usage.


original:
When biometric forms of user identification or control are used, an
alternative form of identification or activation must also be provided
unless all people



Allen Hoffman -- = EMAIL ADDRESS REMOVED = ; v: 202-447-0303



From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Gregg
Vanderheiden
Sent: Wednesday, July 18, 2007 4:08 PM
To: 'TEITAC General Interface Accessibility Subcommittee'
Subject: Re: [teitac-general] biometrics continued
At the last TEITAC meeting we were specifically asked to create a
provision that allowed a single biometric device to be used if the
biometric was something that everyone had. Like a biometric system based
on a persons circulatory system. You language would seem to prevent
that. So we would have to go against the TEITAC directive.

Other than that they look much the same.
What did you see that the working group language allowed that it shouldn�t
(and your�s prevented) or that the working group language
prevented/required that it shouldn�t and yours allowed.


Gregg
-- ------------------------------
Gregg C Vanderheiden Ph.D.



From: = EMAIL ADDRESS REMOVED =
[mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Hoffman,
Allen
Sent: Wednesday, July 18, 2007 1:38 PM
To: TEITAC General Interface Accessibility Subcommittee
Subject: Re: [teitac-general] biometrics continued
Current language:

When biometric forms of user identification or control are used, an
alternative form of identification or activation must also be provided
unless all people
can use the biometric device.

Suggested update:

When biometric forms of user identification or control or activation are
used which rely upon a person possessing one unique biological
characteristic, an alternative form of identification or control or
activation must also be provided which uses alternate biometric unique
characteristics, or does not rely upon biometrics. Agencies must provide
an alternate means of access for anyone who can not use the provided
biometrics-based form of identification, control or activation.



Explanatory note:

Until nonbiometric forms of identification, control or activation have
been integrated into security best practices, such biometric-based systems
must be developed to allow multiple biometrics to be used. For example,
fingerprints and retina patterns are just two examples. It is less likely
for people to have both missing fingerprints and retinas than either
stand-alone. Even if multiple biometrics are available, when people can
not use those, alternate means of access must be provided in policy and
implementation for those affected. For example, for someone who has no
retinas or fingers, another procedure, which could involve physical
assistance may be needed to provide comparable access.

It is strongly recommended that the Access-Board direct research to
identify nonbiometrics forms of identification, control or activation to
be integrated in to security best practices and standards in the near
future.






Allen Hoffman -- = EMAIL ADDRESS REMOVED = ; v: 202-447-0303

• Next message in Thread: Hoffman, Allen: "Re: biometrics continued"
• Previous message in Thread: Hoffman, Allen: "Re: biometrics continued"