At San Jose Superior Court today (11 May) biometrics company Identix will seek to have a product liability and slander lawsuit against it and the States of California and Oregon dismissed. Plaintiffs Roger Benson and Miguel Espinoza are seeking restitution for the damage inflicted on them by duplication in police records which gave them other people's criminal records.
Benson was wrongfully imprisoned for 43 days for carrying a firearm when a convicted felon, although the felony on his record had been committed by someone else, while Espinoza, had his restaurant business destroyed by a false record of a criminally negligent homicide conviction. The plaintiffs claim that their problems stemmed from Identix's Livescan 10-print, a fingerprint scanner used to enter fingerprint data into police systems. Two months ago Identix was re-confirmed as the winner of a Department of Homeland Security Blanket Purchase Agreement (BPA) for fingeprint systems, this being worth and estimated $27 million over five years. Identix is also supplying equipment for the UK Passport Service's ID card pilot, so one might reasonably consider that the stakes in San Jose Superior Court will be rather high.
The case hinges on the origin of duplicate record ID numbers, but it is the fact that these actually existed that is of the broadest significance. Benson, whose case has been going through the courts longest, stepped into trouble when he was pulled in for a traffic violation and fingerprinted. This process was carried out using a Livescan system, which produced an Electronic Fingerprint Card (EFC). Each EFC is assigned a fingerprint control number, FPN, which is intended to be unique. Previous paper-based systems, which are still widely used in the US, use EFCs preprinted with a unique FPN, but this is not the case with EFCs produced with the Livescan system. Benson's EFC was created on February 6th 1998, and on September 10th 1998 one William Lee Kellog, charged with multiple felonies, was put through the booking process. Kellogg's EFC had the same FPN as Benson's.
FPNs are widely used in criminal justice databases, and the duplicate records entered the Oregon Judicial Information Network (OJIN), where Kellogg's convictions were attached to Benson's record. A routine inspection in California the next year uncovered a handgun in Benson's truck, and as his Oregon record said he was a thrice convicted felon, he was arrested for being in violation of the California Penal Code.
The plaintiffs' complaint alleges that the defendants have known since 1996 "that Livescan machines had the identified propensity of creating defective EFCs," and that they therefore knew that this was corrupting criminal justice databases and court records. It is not clear from the evidence presented that the blame rests entirely with the Livescan equipment, but it does seem clear that Oregon was aware that duplication incidents were occurring (a list of 97 of these was compiled), and it has certainly taken Benson some considerable time, against considerable opposition, to clear his name.
He was, for example, unaware of the biometric technology's influence on his case until 2002, and prior to this had come up with some decidedly paranoid theories to explain why his life was being destroyed because of a traffic violation. As indeed, you might.
For the rest of us, the real issue is how fallibility in software and human input can produce extremely serious errors in systems which are intended to provide virtually infallible identification. There is here no dispute that Benson's and Kellogg's biometric records are entirely different (Benson has only nine fingertips, for starters), but the processes operated in such a way that Benson's record got the convictions. These spread from Oregon to California, and Benson's attorney claims that he is still recorded by the FBI as having been arrested as a felon in possession of a firearm.
Organisations deploying such systems should of course be extremely concerned that they are not subject to such errors. Aside from the impact on the victims, the creation of false records will damage the integrity of the database they're used in initially, and the sharing of this data will result in the corruption spreading into other systems. The further it gets, the harder it will be to undo the damage. But the more sure the designers are that they've ruled out problems like this, the harder it will be to have errors corrected. If it's impossible, then the people complaining have got to be mad, right? The issue of how you deal with the data is actually far more important than getting the technology to produce a "unique" biometric. ®