Home
Search
Login
<mosaic.cnfolio.com>
Technology Exploration Project – M591

Identification: Fingerprints and Driving Licenses


In this article I am going to look at and compare aspects of two different methods that are used to identify people: fingerprints and driving licenses. Fingerprint identification is discussed in the context of decentralized identification of documents and also in the context of police and criminal investigation, and the pros and cons of this centralized approach. Driving licenses also use a centralized approach and this approach contains more information that is generally required to identify a driver.

Fingerprints


The idea with fingerprints is that no two fingerprints are exactly the same, or as Francis Galton put it: "they are incomparably the most sure and unchanging of all forms of signature". It is unclear how long this fact has been known (that fingerprints are unchanging and unique, not that they are the most sure form of signature), as various cultures have used fingerprints for different purposes and reasons, but it was in 1880 that Scotsman Henry Faulds started writing to police authorities about the idea that this fact could help identify criminals, but his advice fell of deaf ears. In 1892, Galton put some scientific weight behind the idea and fingerprinting started to become widely accepted.

A patent (obvious) impression of a fingerprint is traditionally made by pressing the finger onto a very thin layer of ink which only attaches to the ridges of the print, not into the groves. Then the finger is pressed down onto a piece of card or paper. Latent (hidden) impressions can be made visible by chemical vapor or a powder collecting on the oil residue left after the finger has touched something.

Modern patent fingerprinting technology uses digital imaging to scan a copy of a fingerprint. A Scanning Kelvin Probe can also be used to collect impressions of latent fingerprints left on metallic surfaces.

Fingerprint impressions can be used simply and effectively to help prevent fraud, without much loss of privacy


Fingerprints can be used to prevent fraud, by 'signing' important documents with an impression of a fingerprint. This is discussed in Finger Prints for use with land registration and pensions, where a fingerprint impression would be made on the record of the land owner or pensioner. Then if the identity of the land owner or pensioner was ever in doubt, their fingerprint can be compared to the original impression.

This concept was also used recently in a trail in Sussex that I participated in, where a fingerprint impression was made on the back of the store copy of a credit card transaction. If the validity of that particular transaction was ever called into question, the card holder (and suspects) could have their fingerprints compared to the impression on the slip to indicate that they did or did not use the card.

This kind of retrospective, decentralized identification method is good because the information stored only relates to a particular item and is not personally identifiable in anyway, it can only be used in a comparison. If there is a claim that a credit card was used without the owner's permission, and the fingerprint impression on the back of the slip is not similar to that of the card holder, then there can be a high level of confidence in the claim.

However, my experience of this trial was that people were generally not inclined to used their fingerprint as a form of identification, fearing that their privacy would be compromised. This was probably due to lack of understanding, as this use of fingerprints can greatly benefit card users without drastically compromising their privacy. A company could ask to see a driving license as proof of identity as the correct card holder, and this form of identification would yield a much higher degree of personal information.

Fingerprints in larger centralized database may help the police, but are a privacy risk and go against the 'innocent until proven guilty' philosophy


Fingerprints are also used in criminal investigations, where the Police will take a fingerprint found at a crime scene or on a piece of evidence, and try to match it with the fingerprint of a suspect. The Police have access to a history of the fingerprints taken from previous criminals, and can use a computer to search through these to find a match. Their claim here is quite different; it is that a person's fingerprint in their database is the same as the fingerprint taken from the evidence, and therefor the named person is guilty of handling that evidence and so potentially guilty of the related crime.

This brings into question the aspect of "the same as". Two impressions of the same print are never exactly the same, but if the quality of the impression is good then there is a high level of confidence that the two impressions came from the same finger. The patent fingerprints left on a credit card receipt will be of reasonable quality, as will police fingerprint records. Latent fingerprints are usually not as clear. Developing a positive correlation between a latent fingerprint impression and that of a fingerprint taken from a large population gives us a lower level of confidence that it is a true positive. The chance of getting a false positive must increase with the size of the sample population.

This also moves on to another point about whether a nationwide database of fingerprints should be created to aide police investigations. An argument for this idea runs along the lines of "Innocent people should have nothing to hide". This is quite true, but is not the same as "Innocent people should be treated as a suspect until they are proven innocent", as would be the case every time a fingerprint database was searched.

Larger fingerprint databases like this would benefit the police, because it should help them catch criminals from time to time. It does not benefit the people within the database. If there is no evidence to link someone to a crime they would not usually be treated as a suspect, but if their fingerprint details are in a database then they are treated as a suspect by default, until they are found to not be a match for a fingerprint.

A national fingerprint scheme would also mean a centralized database which would have serious privacy implications if the security of it were to be compromised. Such a database would hold at least the name and address of the person that corresponds to the fingerprint. These details could be used to find the fingerprint information, and false prints created. For example say a criminal organization obtained a credit card and had access to the centralized fingerprint database. They could then find out what finger print should be used with that card and thwart any attempts to use fingerprinting to protect that card. This would be a much harder task is the fingerprint information was decentralized as in my previous example.


Driving Licenses


Driving Licenses have a very different approach to identification. A license to drive a vehicle became a requirement with The Road Traffic Act 1930 and the current method of identification is a plastic card.

The key identifier on a driving license is the license number. Like fingerprints, this number is unique to each person. But unlike a fingerprint, it contains a plethora of personal information. The license number is made up of five sections. Firstly there is the first five letters of your surname (if your surname is less than five letters then '9's are used to fill the gap), then there is a six digit code which is a re-arrangement of your date of birth plus an indicator of gender. The first digit of the month value is increased by 5 for females (5 or 6 instead of 0 or 1 for males). Then there are your first two given names initials (again, only one given name results in a 9 for the second character), three checksum characters and a two digit issue number. For example, the driving license number MORGA657054SM9IJ35 belongs to a Ms S M Morga(n?) who was born 05-07-1964.

The driving license number is held in a database and is used to track traffic offenses and driver eligibility against that number. Anybody can pay to access the database (e.g. through a service like drivercheck.co.uk), and can obtain information about the drivers eligibility to drive, their endorsements and their address. Other information contained on the driving license card includes surname, given names, date of birth, address, a copy of their signature and a photograph.

Driving licenses are used at the national ID card, at the expense of privacy


Because of all this extra information, and no national identity card, driving licenses have ended up being the standard identity card. A survey I conducted showed that almost everybody (95%) had used their driving license to claim things completely unrelated to driving, like their age for buying alcohol and their address for loan applications. 70% of people have had their driving license photocopied by a company as a record of their identity. These secondary uses are not good for privacy.

If a method of establishing whether some one was of legal age to buy alcohol was required, the least intrusive way of doing this is to have a method that answers yes or no to this question. Using a driving license to answer this question provides the asking party with far more information than they require, and this may be more information than the claimant would like to divulge. The claimant shouldn't have to divulge their address and full date of birth to prove that they are over eighteen.

This use of driving licenses as general ID card also discriminates against the portion of the population that do not drive and thus don't posses a driving license.

The information content of driving licenses help to decentralize the identification methods, but not the data itself


Licenses have this abundance of information contained on them so that the person checking the identity of the claimant can be fairly confident in the claim without having to check with the issuing party. Because the issuer is a trusted party (the government) and the process of obtaining a driving license is known, i.e. that the government only issue a driving license if they have a high level of confidence in you claim of identity, the validator can use one of the other attributes on the card to verify your claim. For example, if the picture on the driving license looks like you, then you probably have a license to drive and no check with the DVLA is necessary.


Final thoughts


Centralized systems are a risk to privacy and need to be thought out properly. However, a national identity card, designed properly, could increase our privacy by replacing the current use of driving licenses for general identification purposes. Storing biometric information on such a card (or the card's related database) would not be necessary and would reduce privacy. An increase in decentralized biometric authentication, like fingerprints, would create a stronger trust between parties and maintain a good level of privacy.

A fingerprint system has the potential as a better system of identifying authorized credit card holders than the current chip and pin method, if the fingerprint was checked by the card and not held in a centralized database. A difficulty with this system is the initialization of the credit card, as pin numbers can easily be sent in the post. This may increase to cost of set up per card, however the fingerprint readers themselves would not cost much more than the current keypad system.



References


Galton, F. (1892). Finger Prints. London: Macmillan and Co.

Tredoux, G. (Dec 2003). Henry Faulds: the Invention of a Fingerprinter. Retrieved October 22, 2007, from http://galton.org/fingerprints/faulds.htm

Swansea University. (n.d.). Forensic fingerprint detection. Retrieved October 22, 2007, from http://www.swan.ac.uk/engineering/Research/MaterialsResearchCentre/ResearchAreas/CorrosionandCoatings/Forensicfingerprint/

DVLA. (n.d.). INF45/1 Your New Driving License. Retrieved October 22, 2007 from http://www.dvla.gov.uk/media/pdf/leaflets/inf45x1.pdf

Travis, A. (2005, April 12). Passport applicants must give fingerprints [Electronic version]. The Guardian Retrieved October 22, 2007, from http://www.guardian.co.uk/idcards/story/0,15642,1457297,00.html

Kent, S. T., & Miller, L. I. (Eds.). (2003). Who Goes There?: Authentication Through the Lens of Privacy. Washington, D.C.: The National Academies Press.




Page revised 2007-11-04 14:12 • ©2012 University of Portsmouth • This website uses wikkawiki.org software.