The idea of gait recognition has been around for a long time. In G.K. Chesterton’s short story The Queer Feet, Father Brown prevents a crime by “merely by listening to a few footsteps in a passage.” Gait analysis has been widely deployed in professional sports and medicine, enabling sports stars to improve their golf swing, running stance or cycling position and helping in the design of prosthetic limbs for example.

As a means of identifying someone at a distance, without any need to inconvenience the people being analysed, it would appear to be a useful proposition. It is important to note, however, that identifying someone in a crowded city square and verifying that someone is one of 200 people who have walked down a colourful corridor with clear contrast under carefully controlled laboratory conditions, are two entirely different problems.

Technically speaking, checking the gait of one person, in a psychedelic corridor with perfect lighting conditions, to find a match in a database of 200 recorded gaits, is relatively straightforward.

Detecting individual gaits in a dynamic, crowded city square, under less than ideal lighting conditions and pinpointing a baddie by attempting to match those (potentially) millions of readings against a database of millions of recorded gaits, is a much more difficult problem.

And we haven’t even thought about how we would get accurate measurements of millions of people’s (or indeed the baddie’s) walking styles on our benchmark database in the first place yet. Then if the baddie puts a stone in his shoe to change his walk to deliberately fool the software, as Dallas did with his funny walk on the first programme in the Bang Goes The Theory series, it becomes even more difficult.

From a security perspective, the notion that mass surveillance with advanced technology will magically detect the baddie, turns out to be fundamentally flawed. (It should be noted that mass surveillance is widely and wrongly promoted as an effective anti-terror tool but it is not advocated by the team at Southampton.)

Because terrorists are relatively rare, finding one is a needle in a haystack problem. You don’t make it easier to find the terrorist by throwing more hay (say the biometric data of millions of innocent people) on your data haystack. The technology doesn’t simply home in on the criminal as it does in Hollywood movies.

The police and security services end up spending so much time dealing with innocent people and false leads that their limited resources get swamped.

If each of the UK’s population of around 60 million were monitored once a day and our system was 99% accurate (e.g. flags 1 in a 100 innocents as terrorists and detects 99 out of every 100 terrorists), the police will have to process 600,000 false leads per day.

Given those of us who traverse public places are monitored multiple times a day you can see how that could quickly become unmanageable. It’s also unacceptable from a social, legal and economic point of view.

So it is probable that the use of gait recognition and other biometrics will prove to be more useful for small scale authentication - e.g. employee access to the workplace, rather than large scale surveillance e.g. picking a terrorist out of a crowd.

On small-scale authentication

Technically speaking authentication or verification is an easier thing to do than identification. Authentication (assuming we’re not trying to do it remotely) with biometrics merely asks whether a biometric belongs to the person presenting themselves for authentication. It compares their proffered biometric with the one on file under their name and determines whether there is a match.

Identification is much harder to do and is what security systems at airports or busy shopping areas or sports stadiums attempt to do – measure the biometrics of everyone passing through and attempt to check whether there is a match with a large (and not necessarily particularly reliable) database of biometrics.

The difference appears pedantic but is very important. In the authentication case one biometric is checked against one specific biometric on the database. In the identification case, millions of biometrics are checked against millions (potentially) of biometrics on the database.

Even with highly reliable technologies – say 99.9% accurate and none of the modern systems approach that yet – these millions of checks searching for matching pairs generate huge numbers of false positives (innocents flagged as malcontents) and dangerous levels of false negatives (real bad guys flagged as innocents and it only takes one to get through to cause serious security problems).

The police and security services then spend so much time, energy and resources dealing with innocent people they don’t have the time to deal with the real criminals.

Find out more

Floyd Rudmin, Professor of Social & Community Psychology at the University of Tromsø in Norway, explains why, statistically speaking, mass surveillance cannot work in this article:
The Politics of Paranoia and Intimidation: Why does the NSA engage in mass surveillance of Americans when it's statistically impossible for such spying to detect terrorists?
Counterpunch magazine, May 24, 2006

For those interested in the use of biometrics and security more generally I’d recommend:
Beyond Fear: Thinking Sensibly About Security in an Uncertain World
Bruce Schneier, Springer-Verlag New York Inc

Freedom to Tinker blog - hosted by Princeton's Center for Information Technology Policy.

Jerry Fishenden Blog - New Technology Observations from a UK Perspective.

UK High Court Judge, Hon Sir Jack Beatson explains the legal issues with the use of biometrics in crime detection in Forensic Science and Human Rights: The Challenges [pdf], his valedictory address as President of the British Academy of Forensic Science, 16 June 2009.

Nuffield Council on Bioethics report, The forensic use of bioinformation: ethical issues [pdf], published in September 2007.

Human Genetics Commission Citizens Report, July 2008.

Biometrics: Enabling Guilty Men to Go Free? Further Adventures from the Law of Unintended Consequences - Jerry Fishenden blog post

Digital Decision Making: Back to the Future - chapters five and six
Ray Corrigan, Springer-Verlag

Study information and communications technologies with The Open University

As mentioned in the programme, many organisations are turning to automated call-handling systems, on-line self service systems and other forms of technology to interact with their customers. Customers can find these approaches off-putting at best – and absolutely maddening at worst, particularly when things go wrong. I am sure most of us have had occasions when we are trying to tell our bank, mobile phone operator, utility company or other service provider about a difficulty we are facing – and getting stuck in what seems like an endless loop of recorded messages, menus of options and requests to key in 16 digit customer passcodes!

However, in addition to providing a source of frustration, these systems also have other side-effects that may be even more detrimental for all of us. The increased use of technology, particularly information technology, to automate the customer interface means that increasing amounts of data about our use of services, our movements and our tastes and preferences are stored on databases of both private and public sector organisations.

For example, my local railway station has recently "retired" the gentleman that worked in the car park pay-station for many years. Rather than handing over coins and notes to pay for parking, while receiving a ticket and a cheery greeting from another human being, users of the car park now have the option of going online or sending a message via their mobile phone.

Rather than displaying a printed ticket on the windscreen, the online or phone booking and payment is recorded in the database of the car parking provider, and all cars in the car park are checked against this database. So, what was a previously private matter, where and when I parked my car, has now become an ongoing record in a corporate database. Replicate this over all the customer interactions that are now based on the use of IT and it is easy to see why many people are concerned about the amount of personal data that is held about all of us and hence the increased potential for misuse of that data. UK citizens are already viewed as the most surveyed in the world; data capture as a by-product of de-personalising the customer interface will simply add to this.

The subject of the collection and use of personal data both from consumers and from people in the workplace has formed a basis of ongoing research at the Open University Business School, see for instance Ball, Daniel, Dibb and Meadows (2009). This team of researchers, which have backgrounds in surveillance, information management and marketing, has recently won funding from the Leverhulme Trust to explore what they have termed “new uses of customer data”; that is, uses of data that customers may not be aware of or that firms are being required to undertake, for example, by regulators and law enforcement agencies.

"So, what was a previously private matter, where and when I parked my car, has now become an ongoing record in a corporate database."

 The focus of the work will be firms in the financial services and travel sectors, which is particularly relevant when two of the three guests on the programme are from the travel sector. Both the financial services and travel sectors espouse the benefits of customer relationship management and the related activities of customer profiling and segmentation. For these activities they collect and store considerable amounts of information on their customers, including personal details and a record of all their transactions and purchases. However, as the focus of the research suggests, this data may be used for purposes that are not obvious to those that are providing it and may have unforeseen side-effects or consequences, both for the individual customers involved and for society at large.

As more and more organisations make use of technology to automate their interfaces with their customers, this collection of data will increase. Indeed, as in the case of the use of my station car park, customers may not even be aware of the information about them that is being stored, let alone how it might one day be used.

Find out more

Open University Business School research project Taking Liberties: New Uses of Consumer Data in the UK

Who's watching you work? Surveillance in business

A Report on the Surveillance Society
by KS Ball, D Lyon, D. Murakami Wood, C Norris and C Raab, Surveillance Studies Network.

Democracy, surveillance and 'knowing what's good for you': the private sector origins of profiling and the birth of 'citizen relationship management
by KS Ball, E M Daniel, S Dibb and M Meadows
from Surveillance and Democracy
edited by M Samatas and K Haggerty

Coercion versus Care: Using Irony to Make Sense of Organisational Surveillance
by G Sewell and J Barker
from the Academy of Management Review, Volume 31, Number 4, pages 934-961

About the author

Elizabeth Daniel is Professor of Information Management at the Open University Business School where she undertakes research and teaching in the fields of e-business and information systems. Elizabeth also undertakes consultancy work for a number of blue chip and leading public sector organisations.

Subscribe to Elizabeth Daniel's posts

 

The drastic cuts in public services that are now touted as necessary to meet the cost of the folly of the banks, and the “light touch” of regulators and government, contain some familiar and unfamiliar features for those of us with long memories of public sector reform: outsourcing and reengineering on the one hand, and a cut in spending on, and better value for money from, IT on the other.

“the greater the overall power of the IT industry in a country, the lower the performance of government IT systems.”

The claim that “a 20% saving on the estimated £16 billion spend (equivalent to £3.2billion) [on IT] appears to be achievable.” appears in a document published recently by the Treasury - Operational Efficiency Programme: back office operations and IT.

This report also estimates that back office operations across government and the public sector cost £18 billion, on which savings of 20 to 25 per cent – “a reduction of around £4 billion” - are achievable. One of the primary ways in which this will be achieved is through business process reengineering (BPR), and surprise, surprise, outsourcing. Neither is a new feature of the public sector, of course. BPR was a staple of the reforms of the 1990s, as it was in the private sector. And in both sectors many BPR initiatives failed to deliver the promised benefits. Outsourcing has an even longer pedigree. Indeed, as I’ve discussed here previously, the UK government and its advisors have been particularly zealous advocates of this approach to organisational change.

While the Operational Efficiency report’s authors have obviously taken a rigorous approach to collecting and analysing the data on which their conclusions and recommendations are based, a number of unrecognised contradictions and omissions did catch my eye.

First, the report notes that “Devolution and fragmentation across the public sector mean that there is a wide variation and substantial complexity in back office operations.” (p.38).

Houses of Parliament.
[Image © copyright Photos.com]

Unfortunately it then fails to acknowledge that much of this is due to the extent to which functions have been outsourced, and the lack of serious consideration that is too often given to the wider - or “hidden” –-costs and implications of this.

Second, the report goes to some lengths to explain why it is difficult to estimate the amount spent on IT and why international comparisons are “very difficult”. Nevertheless, based on an analysis of data from a number of sources it concludes that “the UK public sector’s IT spend is much more than other similar countries and that the UK does not get a proportionate return from this much higher spend.” (p.60).

Given that the report also notes that “£13.2 billion of public sector IT expenditure [of the estimated £16 billion] was committed to external contracts in 2007-08” (p.55), this isn’t exactly a ringing endorsement of the value of outsourcing, either. Furthermore – and despite many references to the lessons that can be learned from the private sector – there is no mention that I can see of the now established trend (particularly amongst large private sector companies) to insource IT requirements.

The most significant omission that struck me was, however, the report’s ignorance of a piece of research that is of direct relevance, particularly to the finding above: Digital Era Governance: IT corporations, the state and e-government. Published in late 2006, and based on research spanning five years funded by the UK’s Economic and Social Research Council, this book details and discusses findings from an international comparative study of, amongst other things, the performance of government IT. Amongst its many findings is this: “the greater the overall power of the IT industry in a country, the lower the performance of government IT systems.” (p.6).

Fingers on keyboard.
[image by Mike Traboe, some rights reserved]

It’s no secret that in the UK by the early 2000s five IT services and supply companies held 90 per cent of the government market: a situation that is unlikely to have changed, given the figure for external contracts I note above. So, rather than pursue the tired logic and questionable returns from outsourcing and reengineering, why not address an underlying problem. Put in place effective mechanisms to address this dominance and dependency. Unfortunately, without a shock to the system of the magnitude of the MP’s expenses scandal - which wasted spending on IT dwarfs, of course - I suspect that may never happen.

About the author

Ivan Horrocks is a lecturer and member of the Technology Management Group at The Open University. He has written many publications about the relationship between information and communication technologies (ICTs) and government and politics.

Subscribe to Ivan Horrocks's posts