The idea of gait recognition has been around for a long time. In G.K. Chesterton’s short story The Queer Feet, Father Brown prevents a crime by “merely by listening to a few footsteps in a passage.” Gait analysis has been widely deployed in professional sports and medicine, enabling sports stars to improve their golf swing, running stance or cycling position and helping in the design of prosthetic limbs for example.

As a means of identifying someone at a distance, without any need to inconvenience the people being analysed, it would appear to be a useful proposition. It is important to note, however, that identifying someone in a crowded city square and verifying that someone is one of 200 people who have walked down a colourful corridor with clear contrast under carefully controlled laboratory conditions, are two entirely different problems.

Technically speaking, checking the gait of one person, in a psychedelic corridor with perfect lighting conditions, to find a match in a database of 200 recorded gaits, is relatively straightforward.

Detecting individual gaits in a dynamic, crowded city square, under less than ideal lighting conditions and pinpointing a baddie by attempting to match those (potentially) millions of readings against a database of millions of recorded gaits, is a much more difficult problem.

And we haven’t even thought about how we would get accurate measurements of millions of people’s (or indeed the baddie’s) walking styles on our benchmark database in the first place yet. Then if the baddie puts a stone in his shoe to change his walk to deliberately fool the software, as Dallas did with his funny walk on the first programme in the Bang Goes The Theory series, it becomes even more difficult.

From a security perspective, the notion that mass surveillance with advanced technology will magically detect the baddie, turns out to be fundamentally flawed. (It should be noted that mass surveillance is widely and wrongly promoted as an effective anti-terror tool but it is not advocated by the team at Southampton.)

Because terrorists are relatively rare, finding one is a needle in a haystack problem. You don’t make it easier to find the terrorist by throwing more hay (say the biometric data of millions of innocent people) on your data haystack. The technology doesn’t simply home in on the criminal as it does in Hollywood movies.

The police and security services end up spending so much time dealing with innocent people and false leads that their limited resources get swamped.

If each of the UK’s population of around 60 million were monitored once a day and our system was 99% accurate (e.g. flags 1 in a 100 innocents as terrorists and detects 99 out of every 100 terrorists), the police will have to process 600,000 false leads per day.

Given those of us who traverse public places are monitored multiple times a day you can see how that could quickly become unmanageable. It’s also unacceptable from a social, legal and economic point of view.

So it is probable that the use of gait recognition and other biometrics will prove to be more useful for small scale authentication - e.g. employee access to the workplace, rather than large scale surveillance e.g. picking a terrorist out of a crowd.

On small-scale authentication

Technically speaking authentication or verification is an easier thing to do than identification. Authentication (assuming we’re not trying to do it remotely) with biometrics merely asks whether a biometric belongs to the person presenting themselves for authentication. It compares their proffered biometric with the one on file under their name and determines whether there is a match.

Identification is much harder to do and is what security systems at airports or busy shopping areas or sports stadiums attempt to do – measure the biometrics of everyone passing through and attempt to check whether there is a match with a large (and not necessarily particularly reliable) database of biometrics.

The difference appears pedantic but is very important. In the authentication case one biometric is checked against one specific biometric on the database. In the identification case, millions of biometrics are checked against millions (potentially) of biometrics on the database.

Even with highly reliable technologies – say 99.9% accurate and none of the modern systems approach that yet – these millions of checks searching for matching pairs generate huge numbers of false positives (innocents flagged as malcontents) and dangerous levels of false negatives (real bad guys flagged as innocents and it only takes one to get through to cause serious security problems).

The police and security services then spend so much time, energy and resources dealing with innocent people they don’t have the time to deal with the real criminals.

Find out more

Floyd Rudmin, Professor of Social & Community Psychology at the University of Tromsø in Norway, explains why, statistically speaking, mass surveillance cannot work in this article:
The Politics of Paranoia and Intimidation: Why does the NSA engage in mass surveillance of Americans when it's statistically impossible for such spying to detect terrorists?
Counterpunch magazine, May 24, 2006

For those interested in the use of biometrics and security more generally I’d recommend:
Beyond Fear: Thinking Sensibly About Security in an Uncertain World
Bruce Schneier, Springer-Verlag New York Inc

Freedom to Tinker blog - hosted by Princeton's Center for Information Technology Policy.

Jerry Fishenden Blog - New Technology Observations from a UK Perspective.

UK High Court Judge, Hon Sir Jack Beatson explains the legal issues with the use of biometrics in crime detection in Forensic Science and Human Rights: The Challenges [pdf], his valedictory address as President of the British Academy of Forensic Science, 16 June 2009.

Nuffield Council on Bioethics report, The forensic use of bioinformation: ethical issues [pdf], published in September 2007.

Human Genetics Commission Citizens Report, July 2008.

Biometrics: Enabling Guilty Men to Go Free? Further Adventures from the Law of Unintended Consequences - Jerry Fishenden blog post

Digital Decision Making: Back to the Future - chapters five and six
Ray Corrigan, Springer-Verlag

Study information and communications technologies with The Open University

Some years ago I attended a conference at which an IT expert gave one of the most straightforward and insightful accounts of the design and use of modern day databases and data mining technologies. Drawing on a range of examples he demonstrated how the interpretation and management and control of decision and policy making is passed down to database developers and then transferred (i.e. embedded) into these technological systems. At this point these value-laden, subjective, actions appear to become autonomous political calculations – that is, technical and technological, and therefore 'neutral' and free from human influence.

The expert went on to demonstrate how the integration of databases via network technologies such as the internet, and the extensive opportunities for data mining and matching this creates, enables the creation of data doubles. In plain English: versions of ourselves that are assembled from data about us that we leave behind as we make our way around cyberspace or other IT systems. For example, the web sites we visit, the books, music, travel tickets, and holidays we purchase, what we watch, our profiles on social network sites like Facebook, the discussion groups we participate in, the blogs we read, and so on. When mined, matched and reassembled, whether by commercial organisations, or governments and their agencies this creates and defines our data double.

Is your data double a true reflection?
[Image © copyright Photos.com]

At first glance this sounds as if it’s a relatively straightforward and fairly innocuous process of aggregation, except it’s at this point that those seemingly autonomous political calculations that are embedded into these IT systems re-enter the equation. In reality the identity of a person’s data double is defined less by our own actions than it is by the assumptions, beliefs and opinions of the people who are the policy and decision makers behind the deployment of these systems and how these have been interpreted by the system’s developers. Or, to use a topical example, if you’ve been on holiday to an eco-friendly holiday resort, purchased books by the environmentalist George Monboit, and contributed to blogs opposing the extension of Heathrow airport, it’s currently highly likely that your data double will have been defined accordingly, even if the other 90 per cent of the 'real' you is more akin to Jeremy Clarkson.

While the identity of our data double has limited interest (as far as we know) to commercial organisations such as Amazon, who would simply use it for marketing purposes, it’s not a so straightforward matter when it comes to government. Of course, on the surface, the situation today appears little different to the position that has long applied: pretty much anyone who had leftwing tendencies, joined CND, and/or who visited the Soviet Union prior to its collapse would have a data double that was defined accordingly – albeit on paper (a not insignificant factor, by the way).

Then, as now, the collection of personal data and its use in defining individuals in accordance with the assumptions and beliefs of policy makers, intelligence operatives and other servants of the state was largely justified on the grounds of the search for intelligence in pursuit of national security. I would argue, however, that nowadays this overlooks a far more profound development – the convergence of a number of policy agendas under the seemingly well meaning pursuit of joined-up government.

Put very briefly, the doctrine of joined-up government emerged shortly after the election of new Labour in 1997 and signalled a new, systematic approach to government and policy making. It was, as Bogdanor states, a wider perspective on public administration and management that sought to "make a frontal attack on the so-called 'wicked issues'". That is, issues that pose "a problem for which a solution is either intractable or not easily found, perhaps because of uncertainty as to how to define the problem itself, or uncertainty or disagreement about its causes." (Bogdanor, V. (Ed) (2005: 6) Joined-Up Government, Oxford University Press)

This is an admirable aim, and one that almost anyone who’s had dealings with government bureaucracy would see as inherently progressive. It is not surprising then that, within in a few years, joined-up government had been absorbed into the culture of UK government. Here it coalesced with older public management goals, such as the pursuit of the three E’s (economy, efficiency and effectiveness), and became instrumental in shaping such strategies as Transformational Government (Cabinet Office, 2005), a key objective of which is information sharing across government and the deployment of the IT systems that allow this. But the true significance of the doctrine of joined-up government is much more profound, I’d suggest, for two interrelated reasons. First, its progressiveness rationalises and legitimises the exchange of information across government and thus promotes a highly uncritical and unquestioning attitude to data mining, matching and profiling. Second, it encourages ignorance of the tensions between liberation and control that are inherent in the development of the technologies that allow this. In short, when the doctrine of joined-up government is combined with the security and intelligence policy agendas and the capabilities of IT, I’d argue that we are creating a ‘perfect storm’ in which the real identities of a large and growing number of citizens will be supplanted by our data doubles and our lives will be circumscribed accordingly.

The routine retort to this type of claim is that it’s scaremongering, and anyway, the 'innocent' have nothing to fear. And yet there are enough examples from the relatively recent past of the failure of the ‘innocent are safe’ claim to almost entirely negate this lazy and dubious defence. I’d also suggest that the policy and decision makers whose beliefs and assumptions translate into the autonomous political calculations of the IT systems that underpin the surveillance state are at least implicitly aware that their reputations and positions in society mean they can be confident their data doubles will adequately reflect the real them, and, even if they don’t, anomalies can be easily corrected or safely ignored.

Unfortunately most of us aren’t in this position, which means that if features of our data double attract the attention of these systems, it may prove very difficult to convince our accusers that our data double isn’t really a very good likeness of our 'real', physical selves. Ask anyone who’s been a victim of identify theft for confirmation of what an uphill task claiming a 'clean' identity back can be. What the pursuit of joined-up government and its sister and sibling policies and practices requires, therefore, is a new search for intelligence: an intelligence that fully recognises the threats posed to the majority of the citizens of the UK if our identities are reduced to our data doubles.

About the author

Ivan Horrocks is a lecturer and member of the Technology Management Group at The Open University. He has written many publications about the relationship between information and communication technologies (ICTs) and government and politics.

Subscribe to Ivan Horrocks's posts

 

Blogging about

Money Programme

Get the facts behind the big business and finance stories from around the world – and down your street, in The Money Programme.

Recent corporate scandals and cases of corporate espionage have focused attention on business ethics. Are these instances of a few unscrupulous individuals or are business managers less ethical? The quest for answers to questions such as this has led to internal scrutiny within the academic community about the way qualifications such as the Masters of Business Administration (MBA) are being taught in business schools.

The late Professor Sumantra Ghoshal of the Advanced Institute of Management Research (AIM) and London Business School argued that the roots of business misconduct may be traced to ideas expounded by business schools over the last three decades. He suggested that “by propagating ideologically inspired amoral theories, business schools have actively freed their students from any sense of moral responsibility”. This was because attempts to make management a science meant denying any moral or ethical considerations.

For example, Ghoshal asserted that few managers would question the economist Milton Friedman’s assertion that a business organisation’s only responsibility was to its shareholders. Yet Thomas Kochan, Professor of Management at MIT’s Sloan School of Management, attributed corporate scandals in the United States to widespread overemphasis on shareholder value at the expense of other constituencies. Ghoshal challenged the priority given to shareholder value, reasoning that other constituencies such as employees, including managers, produce the value created by a company. Furthermore, he argued that employees bear more risk, because it is generally more difficult for them to find alternative employment than for shareholders to sell their stocks.

Robert Cooke, who was the Director of the Institute of Business Ethics at DePaul University, has identified fourteen danger signs that an organization that is at risk of unethical behaviour. These are if it:

• normally emphasizes short-term revenues over long-long considerations
• routinely ignores or violates internal or professional codes of ethics
• always looks for simple solutions to ethical problems and is satisfied with ‘quick fixes’
• is unwilling to take an ethical stand when there is a financial cost to the decision
• creates an internal environment that either discourages ethical behaviour or encourages unethical behaviour
• usually sends ethical problems to the legal department
• looks at ethics solely as a public relations tool to enhance its image
• treats its employees differently than its customers
• is unfair or arbitrary in its performance-appraisal standards
• has no procedures or policies for handling ethical problems
• provides no mechanisms for internal whistle blowing
• lacks clear lines of communication within the organization
• is only sensitive to the needs and demands of the shareholders
• encourages people to leave their personal ethical values at the office door

There are signs that things are changing. Ethics are increasingly being woven into the curriculum of business schools. Recognition of the need for attention to ethics is evident in the Association of MBAs’ (AMBA) requirement that a business school’s curriculum pay attention to ethical and social issues to meet its accreditation criteria. Finally, Ghoshal concluded that the situation be rectified by encouraging a diversity of ideologies and positive perspectives on behaviour.

Find out more

An introduction to business studies

Marketing and society

Managing human resources

Take it further - sharpen up your business skills

Corporate Accountability and Ethics - a disregard for ethics can lead to trouble: remember the Enron saga

‘Danger signs of unethical behaviour: how to determine if your firm is at ethical risk’ by Robert Cooke, in the Journal of Business Ethics, volume 10, (April 1991)

'Bad management theories are destroying good management practices' by Sumantra Ghoshal, in the Academy of Management Learning & Education,  volume 4 (2005)

'Addressing the crisis in confidence in corporations: Root causes, victims and strategies for reform' by Thomas Kochan, in the Academy of Management Executive, Volume 16 (2002)

About the author

Fiona Harris is a lecturer in management in the OU Business School. Her research interests include social marketing and marketing ethics.

Subscribe to Fiona Harris's posts