Iris scanners can now identify us from 40 feet away, but we don’t have to accept it

Anne-Marie Oostveen, University of Oxford and Diana Dimitrova, Katholiek Universiteit of Leuven

Biometric technologies are on the rise. By electronically recording data about individual’s physical attributes such as fingerprints or iris patterns, security and law enforcement services can quickly identify people with a high degree of accuracy.

The latest development in this field is the scanning of irises from a distance of up to 40 feet (12 metres) away. Researchers from Carnegie Mellon University in the US demonstrated they were able to use their iris recognition technology to identify drivers from an image of their eye captured from their vehicle’s side mirror.

The developers of this technology envisage that, as well as improving security, it will be more convenient for the individuals being identified. By using measurements of physiological characteristics, people no longer need security tokens or cumbersome passwords to identify themselves.

However, introducing such technology will come with serious challenges. There are both legal issues and public anxiety around having such sensitive data captured, stored, and accessed.

Social resistance

We have researched this area by presenting people with potential future scenarios that involved biometrics. We found that, despite the convenience of long-range identification (no queuing in front of scanners), there is a considerable reluctance to accept this technology.

On a basic level, people prefer a physical interaction when their biometrics are being read. “I feel negatively about a remote iris scan because I want there to be some kind of interaction between me and this system that’s going to be monitoring me,” said one participant in our research.

But another serious concern was that of “function creep”, whereby people slowly become accustomed to security and surveillance technologies because they are introduced gradually. This means the public may eventually be faced with much greater use of these systems than they would initially agree to.

Crowd control, Shutterstock

For example, implementing biometric identification in smart phones and other everyday objects such as computers or cars could make people see the technology as useful and easy to operate, This may increase their willingness to adopt such systems. “I could imagine this becoming normalised to a point where you don’t really worry about it,“ said one research participant.

Such familiarity could lead to the introduction of more invasive long-distance recognition systems. This could ultimately produce far more widespread commercial and governmental usage of biometric identification than the average citizen might be comfortable with. As one participant put it: “[A remote scan] could be done every time we walk into a big shopping centre, they could just identify people all over the place and you’re not aware of it.”

Legal barriers

The implementation of biometric systems is not just dependent on user acceptance or resistance. Before iris-scanning technology could be introduced in the EU, major data protection and privacy considerations would have to be made.

The EU has a robust legal framework on privacy and data protection. These are recognised as fundamental rights and so related laws are among the highest ranking. Biometric data, such as iris scans, are often treated as special due to the sensitivity of the information they can contain. Our respondents also acknowledged this: “I think it’s a little too invasive and to me it sounds a bit creepy. Who knows what they can find out by scanning my irises?”

Before iris technology could be deployed, certain legal steps would need to be taken. Under EU law and the European Convention on Human Rights, authorities would need to demonstrate it was a necessary and proportionate solution to a legitimate, specific problem. They would also need to prove iris recognition was the least intrusive way to achieve that goal. And a proportionality test would have to take into account the risks the technology brings along with the benefits.

The very fact that long-range iris scanners can capture data without the collaboration of their subject also creates legal issues. EU law requires individuals to be informed when such information was being collected, by whom, for what purposes, and the existence of their rights surrounding the data.

Another issue is how the data is kept secure, particularly in the case of iris-scanning by objects such as smart phones. Scans stored on the device and/or on the cloud for purposes of future authentication would legally require robust security protection. Data stored on the cloud tends to move around between different servers and countries, which makes preventing unauthorised access more difficult.

The other issue with iris scanning is that, while the technology could be precise, it is not infallible. At its current level, the technology can still be fooled (see video above). And processing data accurately is another principle of EU data protection law.

Even if we do find ourselves subject to unwanted iris-scanning from 40 feet, safeguards for individuals should always be in place to ensure that they do not bear the burden of technological imperfections.

The Conversation

Anne-Marie Oostveen is Research Fellow at University of Oxford.
Diana Dimitrova is Legal researcher at Katholiek Universiteit of Leuven.

This article was originally published on The Conversation.
Read the original article.

Amsterdam Privacy Conference 2015

Today I received the good news that the Scientific Committee of the Amsterdam Privacy Conference 2015 has accepted our panel ‘Privacy, Data Protection, and Ethics of Automation and Identification in Border Control’.

The Amsterdam Privacy Conference 2015 brings together researchers, practitioners, policy makers, and professionals in the field of privacy to share insights, exchange ideas and formulate, discuss and answer the challenging privacy questions that lie ahead of us. The APC conferences are fully interdisciplinary and aim at societal relevance by building bridges between academics, regulators, civil society and companies and between different countries and continents. APC 2015 provides general and inspiring plenary sessions, aimed at an international and interdisciplinary public, and small scale and interactive parallel sessions, with an average number of 20 to 30 participants, which allows for in-depth discussions among peers. Have a look at the conference programme and register for what promises to be a really interesting event.

Our own panel will examine privacy challenges related to the use of new technologies in border control, emphasising the European experience and current context. In discussing the varied viewpoints of stakeholders in the field (e.g. authorities, civil society, travellers), the panel will touch upon how the particular context of border control (where issues of national security, human rights and freedoms, and other ethical norms and governance become particularly important) impacts the prioritisation of data protection and privacy issues. Much research and policy debates on border control regimes focuses on the issue of irregular migration. This panel will look at how technological developments in border control impact all border crossers – whether irregularly crossing, or “legitimate”. The panel participants are: Huub Dijstelbloem (University of Amsterdam), Diana Dimitrova (University of Leuven), Maegan Hendow (ICMPD),  Irma van der Ploeg and Sanneke Kloppenburg (Maastricht University), Franziska Boehm (University of Luxembourg), and Anne-Marie Oostveen (University of Oxford).

Oudemanhuispoort, Universiteit van Amsterdam

Oudemanhuispoort, Universiteit van Amsterdam

It will be very enjoyable to be back at my old university for a couple of days and to have the opportunity to show my (non-Dutch) colleagues the most amazing places to hang out. After all, Amsterdam is the best city in the world!

CfP: Identification and Surveillance for Border Control Workshop, ISBC2015

ISBC 2015 is the 1st international workshop on Identification and Surveillance for Border Control and will take place at Karlsruhe (Germany) on August 25th.

This workshop proposes to bring together a wide range of researchers, industry, and practitioners of biometric and/or monitoring/surveillance technologies in ABC to share innovative ideas and solutions in biometrics and surveillance for ABC. The focus of the workshop is four-fold:

  • on exploring the development, application and evaluation of (prior and) current applied biometrics (including face, fingerprint, iris) as well as the potential application of emerging innovative biometrics (e.g. finger vein, palm prints, ocular biometrics), stand-off, on-the-move and contactless modes for ABC;
  • on exploring the development, application and potential of innovatve monitoring/surveillance for ABC;
  • towards harmonisation and standardisation of biometric and monitoring/ surveillance technologies for ABC;
  • consideration of the legal and ethical issues surrounding the adoption of biometrics and surveillance monitoring in ABC and other border control situations.

Important Dates

Deadline for submission of electronic paper:
May 31, 2015

Notification of acceptance:
June 21, 2015

Deadline for camera-ready version:
June 29, 2015

Workshop in Karlsruhe:
August 25, 2015

A promised ‘right’ to fast internet rings hollow for millions stuck with 20th-century speeds

Bianca Reisdorf, University of Leicester and Anne-Marie Oostveen, University of Oxford

In response to the government’s recent declarations that internet speeds of 100Mb/s should be available to “nearly all homes” in the UK, a great many might suggest that this is easier said than done. It would not be the first such bold claim, yet internet connections in many rural areas still languish at 20th-century speeds.

The government’s digital communications infrastructure strategy contains the intention of giving customers the “right” to a broadband connection of at least 5Mb/s in their homes.

There’s no clear indication of any timeline for introduction, nor what is meant by “nearly all homes” and “affordable prices”. But in any case, bumping the minimum speed to 5Mb/s is hardly adequate to keep up with today’s online society. It’s less than the maximum possible ADSL1 speed of 8Mb/s that was common in the mid-2000s, far less than the 24Mb/s maximum speed of ADSL2+ that followed, and far, far less than the 30-60Mb/s speeds typical of fibre optic or cable broadband connections available today.

In fact a large number of rural homes still are not able to access even the previously promised 2Mb/s minimum of the Digital Britain report in 2009.

Serious implications

As part of our study of rural broadband access we interviewed 27 people from rural areas in England and Wales about the quality of their internet connection and their daily experiences with slow and unreliable internet. Only three had download speeds of up to 6Mb/s, while most had connections that barely reached 1Mb/s. Even those who reported the faster speeds were still unable to carry out basic online tasks in a reasonable amount of time. For example using Google Maps, watching online videos, or opening several pages at once would require several minutes of buffering and waiting. Having several devices share the connection at a time wasn’t even an option.

So the pledge for a “right” to 5Mb/s made by the chancellor of the exchequer, George Osborne, is as meaningless as previous promises for 2Mb/s. Nor is it close to fast enough. The advertised figure refers to download speed, of which the upload speed is typically only a fraction. This means uploads far slower even than these slow download speeds, rendering it all but unusable for those needing to send large files, such as businesses.

With constantly moving timescales for completion, the government doesn’t seem to regard adequate rural broadband connections as a matter of urgency, even while the consequences for those affected are often serious and urgent at the same time. In Snowdonia, for example, a fast and more importantly reliable broadband connection can be a matter of life and death.

The Llanberis Mountain Rescue team at the foot of Mount Snowdon receives around 200 call-outs a year to rescue mountaineers from danger. Their systems are connected to police and emergency services, all of which run online to provide a quick and precise method of locating lost or injured mountaineers. But their internet connection is below 1Mb/s and cuts out regularly, especially in bad weather, which interferes with dispatching the rescue teams quickly. With low signal or no reception at all in the mountains, neither mobile phone networks nor satellite internet connections are alternatives.

All geared up but no internet connection. Photo: Anne-Marie Oostveen

Connection interrupted

Even besides life and death situations, slow and unreliable internet can seriously affect people – their social lives, their family connections, their health and even their finances. Some of those we interviewed had to drive one-and-a-half hours to the nearest city in order to find internet connections fast enough to download large files for their businesses. Others reported losing clients because they weren’t able to maintain a consistent online presence or conduct Skype meetings. Families were unable to check up on serious health conditions of their children, while others, unable to work from home, were forced to commute long distances to an office.

Rural areas: high on appeal, low on internet connectivity. Photo: Bianca Reisdorf

Especially in poorer rural areas such as North Wales, fast and reliable internet could boost the economy by enabling small businesses to emerge and thrive. It’s not a lack of imagination and ability holding people in the region back, it’s the lack of 21st-century communications infrastructure that most of us take for granted.

The government’s strategy document explains that it “wants to support the development of the UK’s digital communications infrastructure”, yet in doing so wishes “to maintain the principle that intervention should be limited to that which is required for the market to function effectively.”

It is exactly this vagueness that is currently preventing communities from taking matters into their own hands. Many of our interviewees said they still hoped BT would deploy fast internet to their village or premises, but had been given no sense of when that might occur, if at all, or that given timescales slip. “Soon” seems to be the word that keeps those in the countryside in check, causing them to hold off on looking for alternatives – such as community efforts like the B4RN initiative in Lancashire.

If the government is serious about the country’s role as a digital nation, it needs to provide feasible solutions for all populated areas of the country, which means affordable, and future-proof, which entails fibre to the premises (FTTP) – and sooner rather than later.

The Conversation

Bianca Reisdorf is Lecturer in Media and Communication, Director of Distance Learning at University of Leicester.
Anne-Marie Oostveen is Research Fellow at University of Oxford.

This article was originally published on The Conversation.
Read the original article.

New Publication: Why Electronic Voting?

This week my EINS colleagues Marco Prandini and Laura Sartori from the University of Bologna will be in Hong Kong to present our paper on electronic voting at the CeDem Asia 2014 Conference. This International Conference on e-Democracy and Open Government aims to bring together researchers, policy-makers, industry professionals, and civil society activists to discuss the role of social and mobile media in the future of citizenship and governance, and analyze current research, best practices, and emerging topics that are shaping the future of e-government, e-democracy and open government in Asia and around the world.

Scientists have been studying electronic voting for 30 years, and some countries have been using it for almost 20 years. Yet, arguments in favor of its adoption or against it usually take into account only a limited subset of the issues at stake. As we show in this paper, no study has ever tried to draw a comprehensive picture of the interplay between social and technical aspects of the voting process. We claim that this kind of interdisciplinary research is needed for the scientific community to be able to exert its positive influence on stakeholders. We propose some urgent research questions that to our knowledge have no clear answer.

Prandini, M., L. Sartori and A. Oostveen (2014) Why Electronic Voting? International Conference for e-Democracy and Open Government (CeDEM Asia 2014), 4-5 December 2014, Hong Kong.

So, …

Qualitative research not only allows you an in-depth exploration of what other people think, feel or do (and why), it also makes you aware of some of your own quirks and habits.

Once the audio recordings of interviews and focus groups have been professionally transcribed, it is sometimes slightly embarrassing to be confronted with your own contribution to the conversation. The text you have spoken is far removed from the polished papers you normally write. I have noticed that in my most recent focus groups I use the word ‘so’ rather excessively. Many of my sentences start with “So, …”, and the word also appears somewhat randomly in the middle of a sentence. Analysing the transcripts, this really gets on my nerves.

So, wWhy have I not noticed it in previous interviews? Is it a quirk I have picked up recently? Or have I been driving people mad with this habit for years? And why do I constantly use this sentence-initial?so

I first assumed that I insert “So, …” to give me extra time to think about the rest of the sentence. However, I had already noticed the irritating habit in my informal emails as well. I now specifically edit my mails to delete the Sos before sending them off. I don’t need extra time to think when writing emails, and still I scatter the Sos around as if they’re going out of fashion.

Apparently I am not the only person with a so-habit. Jane Solomon has written a blog post for the site about the observed increase in speakers beginning sentences with the word so. She points out: “One explanation is that in this case, so is being used as a filled pause, much in the way that “well,” “um,” and “like” are used in conversation. However, […] this explanation is overly simplified; so as a discourse marker is “more nuanced” than that. […] So is not being used just to fill a pause, it seems, but as a tool for conversation management”. We also learn from her article that the word ‘so’ is very versatile. It can be used as an adverb, a conjunction, a pronoun, an interjection, or an adjective. No wonder I manage to squeeze it into almost every sentence!

Now that my research has made me aware that I am part of this new (and annoying) trend, I will try to cut down on my ‘so’ abuse. No doubt it will be replaced with the overuse of another word.

New Publication: Child Location Tracking in the US and the UK

Mina Vasalou, Peter van den Besselaar, Ian Brown and I have a new paper out in Surveillance & Society (an international, interdisciplinary, open access, peer-reviewed journal of Surveillance Studies).

Real-time location tracking of individuals has become relatively easy with the widespread availability of commercial wearable devices that use geographical positioning information to provide location-based services. One application of this technology is to allow parents to monitor the location of their children. This paper investigates child location tracking technology in the US and the UK and compares its privacy implications. Although overall the price levels and the technical capabilities are the same, we find that the features of the technology are different depending on the social context. This can be attributed to national regulations and law that shape how a technology can be used. These laws and regulations, influenced by cultural frameworks, values, and morality, differ considerably between the countries. Clarifying the expected impacts of technology on the lives of users and other stakeholders in terms of these contextual factors will help to inform public debate about technical possibilities and societal needs.

Oostveen, A., A. Vasalou, P. v.d. Besselaar and I. Brown (2014) Child Location Tracking in the US and the UK: Same Technology, Different Social Implications. Surveillance & Society. Vol. 12, No. 4, pp. 581 – 593.


Outside the cities and towns, rural Britain’s internet is firmly stuck in the 20th century

Bianca Reisdorf, University of Leicester and Anne-Marie Oostveen, University of Oxford

The quality of rural internet access in the UK, or lack of it, has long been a bone of contention. The government says “fast, reliable broadband” is essential, but the disparity between urban and rural areas is large and growing, with slow and patchy connections common outside towns and cities.

The main reason for this is the difficulty and cost of installing the infrastructure necessary to bring broadband to all parts of the countryside – certainly to remote villages, hamlets, homes and farms, but even to areas not classified as “deep rural” too.

A countryside unplugged

As part of our project Access Denied, we are interviewing people in rural areas, both very remote and less so, to hear their experiences of slow and unreliable internet connections and the effects on their personal and professional lives. What we’ve found so far is that even in areas less than 20 miles away from big cities, the internet connection slows to far below the minimum of 2Mb/s identified by the government as “adequate”. Whether this is fast enough to navigate today’s data-rich Web 2.0 environment is questionable.

Yes… but where, exactly? Rept0n1x, CC BY-SA

Our interviewees could attain speeds between 0.1Mb/s and 1.2Mb/s, with the latter being a positive outlier among the speed tests we performed. Some interviewees also reported that the internet didn’t work in their homes at all, in some cases for 60% of the time. This wasn’t related to time of day; the dropped connection appeared to be random, and not something they could plan for.

The result is that activities that those in cities and towns would see as entirely normal are virtually impossible in the country – online banking, web searches for information, even sending email. One respondent explained that she was unable to pay her workers’ wages for a full week because the internet was too slow and kept cutting out, causing her online banking session to reset.

Linking villages

So poor quality internet is a major problem for some. The question is what the government and BT – which won the bid to deploy broadband to all rural UK areas – are doing about it.

The key factor affecting the speed and quality of the connection is the copper telephone lines used to connect homes to the street cabinet. While BT is steadily upgrading cabinets with high-speed fibre optic connections that connect them to the local exchange, known as fibre to the cabinet (FTTC), the copper lines slow the connection speed considerably as line quality degrades with distance from the cabinet. While some homes within a few hundred metres of the cabinet in a village centre may enjoy speedier access, for homes that are perhaps several miles away FTTC brings no improvement.

One solution is to leave out cables of any kind, and use microwave radio links, similar to those used by mobile phone networks. BT has recently installed an 80Mb/s microwave link spanning the 4km necessary to connect the village of Northlew, in Devon, to the network – significantly cheaper and easier than laying the same length of fibre optic cable.

Connecting homes

Microwave links require line-of-sight between antennas, so it’s not a solution that will work everywhere. And in any case, while this is another step toward connecting remote villages, it doesn’t solve the problem of connecting individual homes which are still fed by copper cables and which could be miles away from the cabinet, with their internet speeds falling with every metre.

An alternative approach, championed by some community initiatives such as the Broadband For the Rural North (B4RN) project in Lancashire, is fibre-to-the-home (FTTH). This is regarded as future-proof because it provides a huge increase in speed – up to 1,000Mb/s – and because, even as minimum acceptable speeds continue to rise over the following years and decades, fibre can be easily upgraded. Copper cables simply cannot provide rural areas with the internet speeds needed today.

However FTTH is expensive – and BT will opt for the cheapest option or nothing at all. This needs to be addressed more assertively by the government as the UK’s internet speeds are falling behind other countries. According to Akamai’s latest State of the Internet report for 2014, peak and average speeds in the UK lag behind. The UK ranks 16th in Europe, behind others usually perceived as less connected and competitive such as Latvia or Romania.

If the government is serious about staying competitive in the global market this isn’t good enough, which means the government and BT need to get serious about putting some speed into getting Britain online.

The Conversation

Bianca Reisdorf is Lecturer in Media and Communication, Director of Distance Learning at University of Leicester.
Anne-Marie Oostveen is Research Fellow at University of Oxford.

This article was originally published on The Conversation.
Read the original article.

New Publication: Non-use of Automated Border Control systems

In September I will have the opportunity to present a short paper about the non-use of Automated Border Control (ABC) systems at the British Human Computer Interaction Conference (HCI 2014) in Southport. The overarching theme of the conference is ‘Sand, Sea and Sky – Holiday HCI’.

The paper is based on research within the FastPass project at two North-European airports with each between 50 and 60 million passengers per year. We carried out 155 face-to-face surveys to ask passengers about their experience with ABC and biometric systems. We also conducted in-depth expert interviews with border guards and border management and found that at the moment, usage of ABC systems does not live up to the projected scenarios.

The low uptake of a technology that has been in existence for several years, and that has become readily available at many European airports raised the question why so few travellers are using e-gates. In order for designers to build better systems with higher uptake by end-users they need to have a more thorough understanding of the non-users. Wyatt (2003) developed a theory about non-users of the Internet identifying four types of non-users: 1) The Resisters – those who do not want to use the technology; 2) The Rejecters – former users, who decided not to use the technology any longer; 3) The Excluded – those who can’t use the technology, regardless of whether they want to or not; and 4) The Expelled – former users who do not have access anymore (who stopped involuntarily)[1]. This paper investigates the reasons of non-use of Automated Border Control at European airports by applying Wyatt’s taxonomy and adding an “unawares” category. It also presents possible solutions to turn current non-users into future users of e-gates.

Oostveen, A. (2014) Non-use of Automated Border Control Systems: Identifying Reasons and Solutions. 28th British Human Computer Interaction Conference (HCI 2014). ‘Sand, Sea and Sky – Holiday HCI’, 9-12 September, Southport.


[1] Wyatt, S. (2003) ‘Non-users also matter: The construction of users and non-users of the Internet’ in Oudshoorn and Pinch (eds.) How Users Matter: The Co-construction of Users and Technology, Cambridge, MA: MIT Press.

Progress Bar Blues

[Originally written for the Access Denied project]

Internet users living and working in areas with slow Internet speeds are per definition overly familiar with the ‘progress bar’. Wikipedia describes the progress bar as: “a graphical user interface used to visualize the progression of an extended computer operation, such as a download, file transfer, or installation”.






Progress bars come in many different shapes and sizes, but will be seen by those in Internet slow spots as a visualization of their frustration.


Interestingly, there is a whole UX (user experience) science behind the design of progress bars. Researchers from the Human-Computer Interaction Institute of Carnegie Mellon University note that human perception of time is fluid, and can therefore be manipulated [1]. Several design considerations and tricks can make progress bars appear faster and thereby improve users’ computing experience. UX Movement summarises the above mentioned study as follows (providing some clear illustrations in their post):

  1. Ribbings that move backwards and opposite to the progress direction feel faster to users.
  2. The more revolutions an activity indicator has, the faster loading time will feel to users.

Another study [2] found that:

  1. Pauses at the beginning of a progress are more tolerable to users than at the end. According to the researchers, a progress bar can cache progress when the operation is first starting to mitigate negative progress behaviors such as pauses or slow-downs later on. When you downplay actual progress in the beginning and then accelerate it towards the end, users have the feeling the process is speeding up, leaving them more satisfied.

The Carnegie Mellon researchers argue: “By minimizing negative behaviors and incorporating positive behaviors, one can effectively make progress bars and their associated processes appear faster”. Yet, no fancy designed progress bar – however cleverly manipulated – will reduce the frustrations felt when it takes up to 5 minutes to check a bank statement online due to inadequate broadband speeds. We can clearly use our time in far more satisfying ways…




[1] Harrison, C., Yeo, Z., and Hudson, S. E. 2010. Faster Progress Bars: Manipulating Perceived Duration with Visual Augmentations. In Proceedings of the 28th Annual SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, April 10 – 15, 2010). CHI ’10. ACM, New York, NY. 1545-1548.

[2] Harrison, C., Amento, B., Kuznetsov, S., and Bell, R. 2007. Rethinking the progress bar. In Proceedings of the 20th Annual ACM Symposium on User interface Software and Technology (Newport, Rhode Island, USA, October 07 – 10, 2007). UIST ’07. ACM, New York, NY. 115-118.