The Secure Medical Data Challenge

  • What's interesting now is that visual data is being used with a passport. I have registered travellor in the UK, so I don't visit an agent. I put my passport in a machine and it takes a picture of me, then approves/ disapproves my passage through border control.
    It doesn't work with my glasses, so I need to take them off, but it's being used to validate I have the correct passport (and it is valid).

  • Steve Jones - SSC Editor - Thursday, March 2, 2017 10:20 AM

    What's interesting now is that visual data is being used with a passport. I have registered travellor in the UK, so I don't visit an agent. I put my passport in a machine and it takes a picture of me, then approves/ disapproves my passage through border control.
    It doesn't work with my glasses, so I need to take them off, but it's being used to validate I have the correct passport (and it is valid).

    I've wondered about that. The facial recognition is supposed to be so sophisticated and yet it gets confused by eyeglasses. Something smells of BS somewhere.

    As far as fingerprints, yes there are circumstances where they won't work. But will for the vast majority of cases, and probably are a LOT more specific than facial recognition.

    ...

    -- FORTRAN manual for Xerox Computers --

  • jay-h - Thursday, March 2, 2017 11:20 AM

    I've wondered about that. The facial recognition is supposed to be so sophisticated and yet it gets confused by eyeglasses. Something smells of BS somewhere.

    Facial recognition != facial recognition. The technology is disparate and depending on what you use, it may or may not be good enough. In casinos, they can tolerate a "close enough" and accept false positives. They use people to then discern if there is an issue. Here, I think they want a very, very high probability of match, so glasses aren't allowed. In fact, if you go for a new passport, you aren't allowed to wear glasses.

  • jay-h - Thursday, March 2, 2017 6:38 AM

    Also we need to realize that PCR amplification used in DNA matching is a slow process that must be performed under meticulous laboratory standards to prevent cross contamination. Not close to be currently usable as a quick test.

    [And be sure not to shake hands with anyone before putting your hand in that scanner]

    The on-site DNA scanning device need not be self contained. If it has something like an electron microscope, the digitized DNA sample can then be offloaded via a web service call to a data center for heavy duty processing, which will then return back the hash code. Assuming the technical expertise of Google or Microsoft, combined with the blessing and billion dollar funding of the government, this is totally feasible within a few years.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Eric M Russell - Friday, March 3, 2017 8:27 AM

    jay-h - Thursday, March 2, 2017 6:38 AM

    The on-site DNA scanning device need not be self contained. If it has something like an electron microscope, the digitized DNA sample can then be offloaded via a web service call to a data center for heavy duty processing, which will then return back the hash code. Assuming the technical expertise of Google or Microsoft, combined with the blessing and billion dollar funding of the government, this is totally feasible within a few years.

    A literal electron microscope is useless for this purpose. The process is slow and chemically based, with the DNA sample placed in an EXTREMELY clean chamber with PCR primers (there are different primers for different areas being examined, sometimes it's necessary to create a special primer). It's then put through a series of heating and cooling cycles. Once this is complete, the resultant solution is placed in an electrophoresis machine (often with sever comparative samples running in parallel) and the different components are teased out along a strip. All of this must be performed in a sterile laboratory setting.

     Analysis of the aggregations along this strip enables identification, however there are so many thousands of locations along DNA a degree of variation which needs to then be interpreted in light of other information about the source and condition of the original sample.
    It's not like a CRC check that reads DNA and produces a result. It's a slow process, with a lot of variables, and produces rather generic information that needs to be matched against reference samples.
    It may never be a system that produces a clear unambiguous value. No matter how much money you throw at it.

    ...

    -- FORTRAN manual for Xerox Computers --

  • Gary Varga - Wednesday, March 1, 2017 9:27 AM

    andrew gothard - Wednesday, March 1, 2017 8:50 AM

    ...So, depanding on how many and which are tested ...

    I'm a DBA. 

    Funny when considering your signature 😀

    Ha.  How long have you been waiting for that?!

    I'm a DBA.
    I'm not paid to solve problems. I'm paid to prevent them.

  • One thing I've picked up from watching various investigative shows (the ones that give the story of an *actual* case, not "Law and Order" type things) is that even DNA evidence isn't an absolute.  You've got all the various places it can get contaminated (at the scene, during transport, during testing) plus there's still a good bit of ambiguity even when the collection and testing goes perfectly.

    It's another one of those things that for the purposes being put forth doesn't need to be "perfect," but certainly needs to be both far better and far faster than currently before I'd be willing to trust my identity to it...

  • jasona.work - Tuesday, March 7, 2017 10:35 AM

    One thing I've picked up from watching various investigative shows (the ones that give the story of an *actual* case, not "Law and Order" type things) is that even DNA evidence isn't an absolute.  You've got all the various places it can get contaminated (at the scene, during transport, during testing) plus there's still a good bit of ambiguity even when the collection and testing goes perfectly.

    It's another one of those things that for the purposes being put forth doesn't need to be "perfect," but certainly needs to be both far better and far faster than currently before I'd be willing to trust my identity to it...

    I remember that actual prosecutors and defenders were constantly bothered by the fact that jurors, having seen these show, actually expected clear black and white evidence. They had to teach the jurors that the real world is not like TV before the case could continue.

    ...

    -- FORTRAN manual for Xerox Computers --

  • jasona.work - Tuesday, March 7, 2017 10:35 AM

    One thing I've picked up from watching various investigative shows (the ones that give the story of an *actual* case, not "Law and Order" type things) is that even DNA evidence isn't an absolute.  You've got all the various places it can get contaminated (at the scene, during transport, during testing) plus there's still a good bit of ambiguity even when the collection and testing goes perfectly.

    It's another one of those things that for the purposes being put forth doesn't need to be "perfect," but certainly needs to be both far better and far faster than currently before I'd be willing to trust my identity to it...

    Trying to establish someone's identity by interrogating them with a series of questions like: (What is your social security number?), (What was your maiden name?), or (Where did you graduate from high school?) isn't perfect either. Probably not today, but one day we will have a reliable method of immediately and positively identifying an individual using only their DNA, and as an added bonus it will also provide links to the individual's next of kin.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Eric M Russell - Tuesday, March 7, 2017 12:52 PM

    jasona.work - Tuesday, March 7, 2017 10:35 AM

    One thing I've picked up from watching various investigative shows (the ones that give the story of an *actual* case, not "Law and Order" type things) is that even DNA evidence isn't an absolute.  You've got all the various places it can get contaminated (at the scene, during transport, during testing) plus there's still a good bit of ambiguity even when the collection and testing goes perfectly.

    It's another one of those things that for the purposes being put forth doesn't need to be "perfect," but certainly needs to be both far better and far faster than currently before I'd be willing to trust my identity to it...

    Trying to establish someone's identity by interrogating them with a series of questions like: (What is your social security number?), (What was your maiden name?), or (Where did you graduate from high school?) isn't perfect either. Probably not today, but one day we will have a reliable method of immediately and positively identifying an individual using only their DNA, and as an added bonus it will also provide links to the individual's next of kin.

    unfortunately at this point, BOTH might need to be active.  Having questions, especially those particular ones are easy to anticipate (and thus "guess"), and like you said STILL don't help with Id in all cases (you can't answer questions if you're unconscious.)  Unless we can solve how to securely ID you even while you're hurt and/or incapacitated, no matter how good your security is on the ID itself, we've failed in the primary mission (i.e.  support actually making you better when you're hurt, etc...).

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Gary Varga - Tuesday, February 28, 2017 7:52 AM

    Eric M Russell - Tuesday, February 28, 2017 7:03 AM

    In a world with 7 billion people, most of whom have (or soon will have) digitized records, we need some type of unique universal identifier, like a SSN...

    It just isn't practical. If solely in the US you lot couldn't manage to keeps SSNs unique do you think you'll do any better when the rest of us join in? Each of our countries probably have the same horror stories. Definitely here in the UK we have had the same, or at least similar, problems with our National Insurance numbers (a.k.a. NI Number or NIN).

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    There might be a problem with chimerism there.  It's not as rare in humans as most people think.  It will probably become less rare as in vitro fertilisation becomes more common, and with increased use of transplants.   Then there's another problem with identical twins.

    Tom

  • Eric M Russell - Wednesday, March 1, 2017 6:14 AM

    That sounds conceptually similar to (but of course an order of magnitude more complex than) the challenges involved in retina, fingerprint, or voice recognition which already exists. They would have to isolate specific DNA sequences that are proven to be suitable for the task. If the government or a well funded corporation like Google wanted to, I believe they could invent a process to scan a DNA sample and produce a unique and repeatable hash code that would scale for a population of 7 billion people. The technology wouldn't be small or cheap enough to incorporate into a cell phone, at least not until a generation later, but would rather be a device installed at banks, court houses, police departments, immigration offices, and other institutions where show-up-in-person positive identification is required.

    That "unique" claim will be false unless it can be proved that the hash function can never give the same result for two people's distinct bits of DNA, and that can't be one unless the number of hash codes is at least  the same as the number of possible DNA patterns - so the hash code will have to be something of the order of 16 Megabytes long. I suspect that "repeatable" is equally broken as a possibnility within the forseeable future as well.   Claiming a unique and repeatable result is possible in the forseeable future is just ducking the issue that we need to decide how sure we want to be and accept that we won't reach the currently unattainable certainty any time soon.
    In fact I'm fairly convinced that a reasonably short (even as short as 10000 times as long as the 12 charaters someone has suggested) hash is an impossible target if it is to be obtained by sampling , measuring, and computing in anything less 12 than hours.  I doubt if we can put the sealed-off clean-room with all the sample processing gear in it into every bank and post-office branch anyway, and I don't think most people would be happy to wait for a day or so in the bank (if I go away and come back how do they know that the person who came back is the person who came and went away yesterday?) while the processing is going on.

    Tom

  • Eric M Russell - Wednesday, March 1, 2017 1:52 PM

    There may yet be hope for you and your twin brother.

    ... Using what’s known as ultra-deep, next-generation sequencing, a team in Germany has developed a test that claims to reliably identify which twin a biological sample belongs to. The test works by taking a close look at the genetic letters (called base pairs) comprising the 3 billion-base-pair human genome. Because mutations randomly occur during development, even genetically “identical†twins will vary at a handful of locations, says Burkhard Rolf, a forensic scientist at Eurofins Scientific, the company that developed the test. ...

    DNA Test That Distinguishes Identical Twins May Be Used in Court for First Time 
    https://www.wired.com/2014/12/genetic-test-distinguishes-identical-twins-may-used-court-first-time/

    As for a consumer end device that can scan DNA and calculate something like a 12 character hash code, that's probably years away, but if Google or DOD set their mind to it, I fell confident they could puzzle out a solution, especially when next generation quantum processors are readily available.

    I'm amused to see that you think a 12 character hash code will produce perfect security when you are looking at objects which  consist of 3 billion pairs of nucleotide bases so that they carry potentially 12 billion bits of information. Of course a lot of those 12-billion bit values won't correspond to viable human beings or inded viable animals of any sort, but designing a 12 character (96 bits) hash code that doesn't deliver the same value for any two distinct viable human sequences of 3-billion pairs is probably impossible because because the number of possible viable human DNA sequences is probably rather a lot bigger than 2**96.  Of course it may be good enough, given that there are far fewer than that human beings alive at one point in time, if there is a lucky choice of hash algorithm - but it can't possibly be perfect so errors can't be ruled out.
    As for a consumer end device, I can't see getting the necessary physical and chemical processing of the sample so that it can be scanned and hashed into less than a few cubic metres as a viable proposition. Nor can I believe that getting the physical and chemical processing to take place in a short enough time to be acceptable to many consumers is going to be possible.
    So lets try to educate the insecure IT managers or there insecure bosses instead of pretending there's a magic solution just around the corner.  And apply some effective sticks - stop letting organisations and individuals get away with being deliberately insecure with other people's PII because it saves money or effort, and introduce  laws that will put those responsible for declining to undertake proper security measures (like encryption and masking data that should be kept secure instead of having it in clear) in the dock (and preferably in jail) as well as imposing fines big enough to be a real pain to the corporations or government organisations  that allow it to happen.

    Tom

  • jay-h - Tuesday, March 7, 2017 11:01 AM

    jasona.work - Tuesday, March 7, 2017 10:35 AM

    One thing I've picked up from watching various investigative shows (the ones that give the story of an *actual* case, not "Law and Order" type things) is that even DNA evidence isn't an absolute.  You've got all the various places it can get contaminated (at the scene, during transport, during testing) plus there's still a good bit of ambiguity even when the collection and testing goes perfectly.

    It's another one of those things that for the purposes being put forth doesn't need to be "perfect," but certainly needs to be both far better and far faster than currently before I'd be willing to trust my identity to it...

    I remember that actual prosecutors and defenders were constantly bothered by the fact that jurors, having seen these show, actually expected clear black and white evidence. They had to teach the jurors that the real world is not like TV before the case could continue.

    And several people commenting here have obviously based their ideas on the misleading TV shows (or cinenma films) that they've seen.  That seems blatantly obvious because it's difficult to imagine anyone gettig it quite so wrong if they havent been specifically misled.

    Tom

  • TomThomson - Monday, June 26, 2017 2:23 AM

    Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Gary Varga - Tuesday, February 28, 2017 7:52 AM

    Eric M Russell - Tuesday, February 28, 2017 7:03 AM

    In a world with 7 billion people, most of whom have (or soon will have) digitized records, we need some type of unique universal identifier, like a SSN...

    It just isn't practical. If solely in the US you lot couldn't manage to keeps SSNs unique do you think you'll do any better when the rest of us join in? Each of our countries probably have the same horror stories. Definitely here in the UK we have had the same, or at least similar, problems with our National Insurance numbers (a.k.a. NI Number or NIN).

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    There might be a problem with chimerism there.  It's not as rare in humans as most people think.  It will probably become less rare as in vitro fertilisation becomes more common, and with increased use of transplants.   Then there's another problem with identical twins.

    If we can come up with a system that can identify an individual with 99.9% reliability, then that's better than the system we have now. Is Chimerism more common than duplicate assigned SSN codes or identity theft?

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

Viewing 15 posts - 46 through 60 (of 62 total)

You must be logged in to reply to this topic. Login to reply