Ethics and privacy by design standardization and certification in biometric access control products

27the November 2015, 11am - 4pm

Friend’s Meeting House

173-177 Euston Rd,

London NW1 2BJ

Agenda:

From 10.30am coffee will be available for early arrivals.

11.00 – 11.15Welcome & Introductions

Tom Sorell (HECTOS, Warwick Univeristy)

11.15 – 11.45Overview of HECTOS and aims of the meeting

Tony Mansfield, NPL, Tom Sorell, Kat Hadjimatheou

11.45 – 12.45Manufacturers’ presentationsand discussion
Gavan Duffy, Genkey

Martin George, Smart Sensors

12.45 – 13.30Case-study on (privacy) impact assessment:seven deadly sins against privacy and personal dataprotection in the (European)smart grids roll-out.

Dariusz Kloza, VUB

13.30 – 14.00Lunch

14.00 – 14.45Biopriv Project

Roch Lescuyer,Morpho

14.45– 15.30Privacy by Design, Standardisation and Certification
John Borking, EuroPrise; Leiden University;ex- Dutch Data Protection Authority, Netherlands.

15.30- 16.00Closing discussion

The HECTOS project

HECTOS is an EU FP7 security research project exploring the issue that there are very few evaluation and certification procedures in Europe for physical security products that are mutually recognized by EU Member States. As pointed out in the EC Communication on Security Industrial Policy, this leads to fragmentation of the market, with negative impacts on both suppliers and users.

HECTOS will identify mechanisms to evaluate the performance of security products as well as to evaluate their compliance with interoperability, regulatory, ethical, privacy, and other requirements. The project will produceelements for a roadmap for the development of harmonized European certification schemes for physical security products, and provide standardization bodies with proposals for new work items.

The Biometrics Case Study (Work Package 4)

To analyse, develop, enhance, and experimentally validate evaluation and certification schemes, HECTOS is conducting case studies in two priority areas: Biometrics and Weapons and Explosives Detection. For the biometric case studies, the following topics have been selected:

  • Case study1: Image quality of contactless fingerprint sensors,
  • Case study2: Presentation attack (spoof) detection capability and presentation attack resistance of biometric systems, and
  • Case study3: Products for secure biometric access control to critical infrastructure.

HECTOS Ethics and Law (Work Package 6)

This work stream identifies, assesses, and provides recommendations on legal and ethical aspects of products which may require evaluation and certification in order to show compliance with EU legislation, regulations, and ethical guidelines

Speakers Biographies

Dr. John Borking is the former Privacy Commissioner and Board Member of the Dutch Data Protection Authority (CBP) in The Hague. He is Of Counsel and external advisor on Privacy-by-Design issues for CMS Derks Star Busmann in Utrecht. He is one of the leading experts on law and privacy in Europe, and advises national and international public and private sector organisations on privacy and computer law and more specifically the deployment of Privacy Enhancing Technologies (PETs) and alternative dispute resolution. He also is involved in several EU funded research projects in the area of privacy enhancing identity management and PETs and acts as ICT arbitrator and mediator. Dr Borking holds a PhD from Leiden University.

Gavan Duffy is Executive Director Technology – CTO of GenKey and responsible for leading R&D activities within GenKey.

Prior to joining GenKey, he worked as a senior technology consultant at Sagentia, UK where he also led research activities in Privacy Enhancing Technology for biometrics. In 2007, these activities were acquired from Sagentia after which Gavan joined GenKey. Gavan graduated in Physics & Electronics from UMIST University in the UK and has subsequently worked in the IT industry over a period of more than 20 years. He has very broad industry experience ranging from commercial expert systems development with Logica Research and Bacon & Woodrow, financial derivatives trading systems with Bank Paribas, and high performance computing with Digital Equipment Corporation. In recent years, he has specialized in digital security systems with particular focus on biometrics and applied encryption.

Gavan combines high level systems analysis skills with deep technical knowledge. He has a track record of combining innovation skill and pragmatic technical expertise, to address all aspects of architecture, design and implementation of challenging systems.

Martin Georgewas co-founder and CEO of Smart Sensors Limited, founded in 2003 and acquired in December 2014 by FotoNation Limited, a Tessera Company. Smart Sensors developed a patented, class-leading set of small footprint algorithms for iris biometrics which have been very successfully deployed worldwide in applications ranging from Physical Access Control, to Military force protection, gun control in Law Enforcement, and Automated Border Gates.

Since the acquisition, the iris biometrics team at FotoNation led by Martin has been working on iris biometric cameras and security strategies for the smart phone world, to address the rapidly emerging market in m-commerce where “payer present” authentication is a key issue for fraud reduction.

Martin George holds a Master’s degree in Engineering from the University of Cambridge (UK). After initial experience as an electronics engineer working on early magnetic stripe card payment systems and PC image processing systems, he moved into sales and business development roles involving the incubation and licensing of Intellectual Property. Over the last 20 years he has applied this experience to business areas involving ID and Smart Card technologies, and biometrics used in identity authentication, protection and tracking applications.

Kat Hadjimatheou has a PhD in Philosophy from the University of Essex. She is a researcher with the Interdisciplinary Ethics Research Group at the University of Warwick. As well as publishing academic articles in the ethics of policing, security technologies, border control and surveillance, she has worked on a number of EU-funded Security Research projects focussing on these issues including DETECTER and SURVEILLE. As part of the SURVEILLE project she and colleagues ran an Ethics Advisory Service for developers and end users of security technologies. Currently, she is looking at the ethical issues arising in connection with security product standardisation and certification for the EU-funded Security Project HECTOS. She co-authored a report on the ethics of border control for the EU Borders agency FRONTEX and consulted on their code of ethics and has recently undertaken empirical work on UK Border Force anti-trafficking initiatives. She sits on UK police-appointed ethical oversight committees relating to undercover policing and digital policing. She is an ethics adviser on the FP7 DRIVER project.

Dariusz (Darek) Kloza, LLM is a researcher in privacy and personal data protection at the Research Group on Law, Science, Technology, and Society (LSTS) at Vrije Universiteit Brussel (VUB) and at the Peace Research Institute Oslo (PRIO). His expertise concentrates on the governance and practice of impact assessments for emerging technologies. To that end, he has been involved in a number of EU co-funded research project, such as PIAF (A Privacy Impact Assessment Framework for data protection and privacy rights) and EPINET (Integrated Assessment of Societal Impacts of Emerging Science and Technology from within Epistemic Networks). He holds both an LLM in Law and Technology (2010) from the Tilburg Institute for Law, Technology, and Society (TILT) at Tilburg University (with distinction) and a master degree in law from the University of Bialystok (2008).

Roch Lescuyer is a research engineer at the R&D department of Morpho since 2013. He is specialized on cryptography applied to the digital identity management and the privacy protection of users. He holds a PhD degree in Computer Science from the University of Paris VII, France. Previously, he was a PhD student at Orange Labs and the ENS Paris. His research interests include cryptography, privacy, and biometrics.

Dr Tony Mansfield's expertise is in the performance evaluation of biometric systems. His involvement in biometrics commenced in 1996, when he was Technical Manager of the EC's BioTest project, seeking to establish and promote objective methodologies for assessing the performance and security of biometric systems. This work has continued to the standardisation of test methodologies in the ISO/IEC SC37 Biometric Standards committee, where he is Principal UK Expert and editor of the standard ISO/IEC 19795 Biometric Performance Testing and Reporting, Part 1 - Principles and Framework, and Part 6 - Methodologies for Operational Evaluation. Tony has been involved in many evaluations of biometric systems, ranging from inhouse scenarion evaluations at the National Physical Laboratory, to larger-scale pilots for automated border-control. He has continued to play a key role in several European research projects, including BioVision (a European Roadmap for Biometrics), MTIT (Minutiae Template 2009 Biometric Consortium Conference Interoperability Testing), and BioTesting Europe (identifying the coordination and developments needed to support testing and assurance of large-scale biometric projects).

Tom Sorell is Professor of Politics and Philosophy and Head of the Interdisciplinary Ethics Research Group in PAIS. He is an RCUK Global Uncertainties Leadership Fellow (2013-2016). Previously, he was John Ferguson Professor of Global Ethics and Director of the Centre for the Study of Global Ethics, University of Birmingham. In 1996-7 he was Fellow in Ethics at Harvard. He was also the Tang Chun-I Visiting Professor in Philosophy at the Chinese University of Hong Kong in 2013.

He was Co-ordinator of the FP7 DETECTER project and is leader of two Work Packages in the FP7 SURVEILLE project. He directs the major AHRC project, FinCris, and is a participant in the FP7 ICT ACCOMPANY project on care robotics. Formerly, he was Co-Director of the Human Rights Centre, University of Essex. He has published extensively in moral and political philosophy, including four books, and many journal articles. His current research is in the moral and political issues raised by emergencies, including terrorist emergencies. He has led a project on ethics and border guarding for FRONTEX, and advises the FP7 security projects INDECT, FOCUS, MOSES and FASTPASS. He is advisor to the FP7 ICT project FROG. He has also worked as a consultant on security-sensitive material in UK universities and on the committee advising the AHRC on the Internet of Things

Venue information

173-177 Euston Road
London
NW1 2BJ

Tel: 020 7663 1100

Friends House is located..

By rail: From its position opposite Euston’s rail and tube stations, it is aten minute walk from King’s Cross Station and St Pancras International Terminus. All major rail terminals are easily reached by tube.

By tube: The nearest tube stations are Euston and Euston Square, which are on the Northern, Victoria, Metropolitan, Circle and Hammersmith & City lines. Between July 2014 and March 2015 Euston Square will have refurbishment work taking place on various underground station escalators, please see below for alternative routes.

By bus: Numbers 10, 18, 30, 73, 205 and 390 pass the door whilst 59, 68, 91, 168, and 253 stop nearby.

By car: Friends House is within a meter parking zone. Charges must be paid Monday to Friday 08:30 - 18:30 andSaturday 09:00 - 13:30. There are alternative, longer-term parking facilities under Euston Station. Please note that Friends House is within the congestion charge zone. For details of how to pay please go to

International visits: St Pancras International Terminus is aten minute walk away. Nearby Paddington Station offers a frequent shuttle service to Heathrow Airport. All London airports are easily reached from Euston.

For any queries/issues contact Kat Hadjimatheou on +44(0)7837549931