To day I had the pleasure to participate in the network for Biometrics in Denmark. The network was originally established by Frederik Kortbæk, DeLoitte and others, and todays' meeting had 3 major elements, at status report from the Danish National Police on the biometric passports, a presentation on identity management by Omada, and a user report from the leading architect of the Capital Region, the organisation responsible for hospitals for 1.6 mio inhabitants in the Greater Copenhagen Area.
The representative from the Danish Police was Mrs. Lene Gisselø, a lawyer, presented the status of the bio passport. The passport is based on the EU Directive 2252/2004.
The directive is of course based on the increased focus on terrorism, and demanded the member countries to implement a 2-step strategy, first passports with photos of the card holders, which has always been the case in Denmark, and 2. step due in june 2008 to implement biometric fingerprints as part of the passport. (See the Technology Board report on Biometric Passports - where it is pointed out that also illegal immigration is supposed to be less after the bio passes are introduced. )Denmark is lagging behind the original target date, and in spite of a tender issued 2 years ago and supposed to be closed months ago, is still not signed. The tender called for multiple types of equipment to be used by the municipalities, by the foreign office's representations around the World and by the department for immigrants in Denmark. It was stated that one of the reasons for the delay is the lack of funding, as the preferred vendor was well above the allocated budget.
What wasn't mentioned was that in the meantime 20 municipalities out of the 99 already have established a local workplace to issue not only passports, but also driver's licenses, motor vehicle licenses etc. If the budget discussion drags out much longer, the wisest thing to do will probably be to drop the tender and open a new one based on the experiences with the municipalities.
Lene Gisselø presented all the security features around the Danish passport and pointed out, that even if the holders' picture and fingerprints were stored centrally during a 3-5 week period until the passport was duly delivered to the holder, there would be no centrally stored register on biometrics of the data – 'even if it would have benefitted the police'. The locally captured data is encrypted, the BAC method used to store the photo, and EAC to protect the fingerprint data. Also Lene G. discussed the enormous task of cross-certifying all passports within the European Community.
From the audience a question was raised why the Police didn't choose the 'Match on Card' method for authentication in stead of 'Match off card'. The issue here is that when the border police checks the passport, the passport officer takes a photo of the visitor, takes a digital print of the fingerprint and then let the SW on his workstation extract the data from the passport, convert to some sort of algorithm (which may vary between the countries), and then makes the comparison based on his local algorithm. This means that the data from the passport has to be extracted and at least for some time resides in another computer. The alternative method would be to have a chip residing in the passport with the capacity to perform the comparison without having to extract any data from the passport. Lene G's answer to this question was that is was what met the EU defined standard specifications. This of course raised the question if other countries in Europe were legally prevented from storing biometric data from Danish passports, and the answer to this is, that probably there is no legislation in place to prevent this. For instance UK and Netherlands have active plans to compare the extracted data with the criminal records. The representative from the Data Protection Agency, Janni Christoffersen, pointed out that although the Privacy Officers' forum, the WP29, was looking at these issues, no common agreement has been reached yet. See this excellent book on other outstanding issues regarding use of biometrics, commented buy the WP29.
The question after the presentation remains that one might wonder what will happen to the tender and the selected solution now 12 months after deadline while the World is changing and technology progressing.
The second presentation on Identity Management from OMADA corporation was an OK run down of the issues of ID management, but it clearly showed the lack of standard solutions in a Microsoft world based on Sharepoint, where Omada clearly filled a gap in providing multiple roles access management admin solutions, deploying even Kerberos in a federated security environment, but compared to the solutions offered by for instance the Tivoli portfolio and a Websphere environment, the presentation was not that ground breaking.
The 3rd item of the day was presented by Claus Thorsen, who is the lead enterprise architect from the IT department of the Capital Region. (Region Hovedstaden). This is a merger of 3 former counties, the Island of Bornholm and the city of Copenhagen. They are responsible for the health care and the 12 public hospitals int he region, producing more than 800.000 in take patients pr. year.
Claus' topic was based on the defined need for a single sign on solution for use in the hospitals; One hospital department (Gentofte) claimed, that due to the security regulations, logging on/off, changing workstations, registration of patient data at centrally placed terminals etc. required one additional medical doctor.
Against this, the National Health Domain committee has come to the conclusion, that only 1.2 minute pr. day is waisted because of long log-in procedures.
Claus took us through all the tedious steps required to register patient data, and where he hoped that 'some day' a biometric solution would help. One example is the use of the so-called Medical Card, introduced to increase patient security, so that the doctor checks that the right patient is getting the prescribed medicine. In order to access this application, the doctor is required to use his digital signature issued by the hospital. When he has signed and logged in, he has to make an additional log in using the digital signature to access the Medical Card application. But what happens if the doctor is ill and a substitute has to do the checking? You can't have fast track issuance of official digital signatures, and the result is that the doctor's from time to time borrow each other's digital signature. And this is only one example.
The most promising solution at this stage is to use virtual desktops, so that the desktop of each doctor remains 'active' in a sort of private cloud, so that it is much faster to check in at another terminal later. The Virtual Desktop Infrastructure is one possibility, but the enormous variation in clients and PC-equipment makes is complicated and difficult to implement this at a large scale.
So the biometric solution to assist in an almost-automatic sign on, could be helpful. But so far the conclusion is that you cannot just have one biometric solution: In the operations theatre you need to wear a mask, hence you can't use face recognition. If you wear glasses, Iris recognition is a problem, and if you want to avoid congestion, fingerprint readers (and even keyboards) are doubtful. As Claus put it: The problem is, that we are users, we are many , and we are poor!
The long range solution is probably a combination of RFID active tags and biometrics, but it remains to be seen if this can be implemented in a practical way. Yet the Region intends to start a number of pilot projects, because the problem is real – the workload around log in/log out is simply too heavy – either it takes too long time, or the doctors and nurses are cheating to ensure quality of patient treatment.
To this statement Janne Christoffersen from the Data Security Agency pointed out, that the privacy legislation 'definitely has no intention to be a problem for daily operations, as it only required, that the doctors and nurses only has access to the data, that are necessary!'
'This is exactly the issue,' Claus Thorsen declared, 'For who knows what data are necessary? Take use of Antabuse! If this is an information that is not revealed to the Doctor, the patient might be seriously mistreated!' This seems to be a very central point in designing an up-to-date privacy legislation, that ensures a more holistic treatment of patients.
The next question, equally central for the discussion, is whether Claus' Region are coordination or cooperating with the other regions, and why this is not a centrally managed development program.
The representative from the Health Domain Steering Group - (Digital Health is an organisation supposed to coordinate anything within the health domain) – claimed that they weren't funded to do this, which again lead us back to the fundamental question on whether the Regions should continue inventing hot water all of them or if the Government should step in and define real areas for centralized solutions.
But a very interesting and down-to-earth real-life presentation with lots of areas where a combination of new technology and use of biometrics might be helpful.
Following this presentation, Ulrich Østergaard from CardLab presented the biometric card that they were trying to introduce in a number of countries. As can be seen from their homesite, this seems to be very promising – the card contains an active RFIOD chip, it has a fingerprint reader, which can be used by the proper owner to turn the card on, and can be equipped with various passwords, digital signatures etc. Looking forward to see some pilot projects based on this idea – and of course combined with proper ID/access management systems on the network.