CIMM Committee Meeting

Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.

For an advanced search, use Publication Search tool.

If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.

Previous day publication Next day publication

37th PARLIAMENT, 2nd SESSION

Standing Committee on Citizenship and Immigration

EVIDENCE

CONTENTS

Tuesday, April 1, 2003

1115

The Chair (Mr. Joe Fontana (London North Centre, Lib.))

Mr. Massimo Pacetti (Saint-Léonard—Saint-Michel, Lib.)

The Chair

Mrs. Diane Ablonczy (Calgary—Nose Hill, Canadian Alliance)

The Chair

Mr. Joel Shaw (President and CEO, BioDentity Systems Corporation)

1120

1125

The Chair

Mrs. Diane Ablonczy

Mr. Joel Shaw

1130

Mrs. Diane Ablonczy

Mr. Joel Shaw

Mrs. Diane Ablonczy

Mr. Joel Shaw

Mrs. Diane Ablonczy

The Chair

Mr. Sarkis Assadourian (Brampton Centre, Lib.)

1135

Mr. Joel Shaw

Mr. Sarkis Assadourian

Mr. Joel Shaw

Mr. Sarkis Assadourian

Mr. Joel Shaw

Mr. Sarkis Assadourian

The Chair

Ms. Madeleine Dalphond-Guiral (Laval Centre, BQ)

Mr. Joel Shaw

1140

Ms. Madeleine Dalphond-Guiral

Mr. Joel Shaw

Ms. Madeleine Dalphond-Guiral

Mr. Joel Shaw

Ms. Madeleine Dalphond-Guiral

The Chair

Mr. Jerry Pickard (Chatham—Kent Essex, Lib.)

Mr. Joel Shaw

1145

Mr. Jerry Pickard

Mr. Joel Shaw

Mr. Jerry Pickard

Mr. Joel Shaw

The Chair

Mr. Massimo Pacetti

1150

Mr. Joel Shaw

Mr. Massimo Pacetti

Mr. Joel Shaw

Mr. Massimo Pacetti

Mr. Joel Shaw

Mr. Massimo Pacetti

Mr. Joel Shaw

Mr. Massimo Pacetti

Mr. Joel Shaw

The Chair

Mr. John O'Reilly (Haliburton—Victoria—Brock, Lib.)

1155

The Chair

Mr. John O'Reilly

Mr. Joel Shaw

The Chair

Mr. Joel Shaw

1200

The Chair

Mr. Joel Shaw

The Chair

Mr. Joel Shaw

The Chair

Mr. Joel Shaw

The Chair

Mr. Joel Shaw

1205

The Chair

Mr. Ron Arends (President and Chief Operating Officer, Canadian Bank Note Company, Limited)

1210

1215

The Chair

Mr. Jerry Pickard

Mr. Ron Arends

1220

The Chair

Mr. Ron Arends

Mr. Jerry Pickard

1225

Mr. Ron Arends

The Chair

Mr. Ron Arends

The Chair

Mrs. Diane Ablonczy

Mr. Ron Arends

Mrs. Diane Ablonczy

The Chair

1230

Mrs. Diane Ablonczy

The Chair

Mrs. Diane Ablonczy

Mr. Ron Arends

Mrs. Diane Ablonczy

Mr. Ron Arends

Mrs. Diane Ablonczy

Mr. Ron Arends

1235

The Chair

Mr. Ron Arends

The Chair

Ms. Madeleine Dalphond-Guiral

Mr. Stephen Dopp (Vice-President, Government and Commercial Services, Canadian Bank Note Company, Limited)

Ms. Madeleine Dalphond-Guiral

M. Stephen Dopp

1240

The Chair

Mr. John O'Reilly

Mr. Ron Arends

1245

The Chair

Mr. Sarkis Assadourian

Mr. John O'Reilly

The Chair

Mr. Sarkis Assadourian

The Chair

Mr. Ian Shaw (President, Identity Systems, Canadian Bank Note Company, Limited)

1250

The Chair

Mr. Sarkis Assadourian

Mr. Ian Shaw

The Chair

Mr. Ron Arends

The Chair

Mr. Ron Arends

The Chair

1255

Mr. Ron Arends

The Chair

Mr. Ron Arends

The Chair

Mr. Ron Arends

The Chair

Mr. Casey Witkowicz (President and Chief Executive Officer, Rycom Inc.)

1310

1315

The Chair

Mr. Massimo Pacetti

Mr. Casey Witkowicz

Mr. Frank Fitzsimmons (Chief Financial Officer, Iridian Technologies, Rycom Inc.)

Mr. Casey Witkowicz

1320

Mr. Massimo Pacetti

Mr. Casey Witkowicz

The Chair

Mrs. Lynne Yelich (Blackstrap, Canadian Alliance)

Mr. Casey Witkowicz

Mrs. Lynne Yelich

Mr. Casey Witkowicz

Ms. Mandy Sandhar (General Manager, Business Development, Rycom Inc.)

Mr. Casey Witkowicz

Mrs. Lynne Yelich

Mr. Casey Witkowicz

1325

Mrs. Lynne Yelich

Mr. Casey Witkowicz

The Chair

Ms. Madeleine Dalphond-Guiral

Mr. Casey Witkowicz

Ms. Madeleine Dalphond-Guiral

Mr. Casey Witkowicz

1330

The Chair

Mr. Jerry Pickard

Mr. Casey Witkowicz

1335

Mr. Jerry Pickard

Mr. Casey Witkowicz

Mr. Jerry Pickard

Mr. Casey Witkowicz

The Chair

Mr. John O'Reilly

1340

Mr. Casey Witkowicz

Mr. Frank Fitzsimmons

1345

The Chair

Mr. Sarkis Assadourian

Mr. Casey Witkowicz

The Chair

1350

Mr. Casey Witkowicz

The Chair

Mr. Casey Witkowicz

The Chair

Mr. Casey Witkowicz

The Chair

CANADA

Standing Committee on Citizenship and Immigration

NUMBER 051

2nd SESSION

37th PARLIAMENT

EVIDENCE

Tuesday, April 1, 2003

[Recorded by Electronic Apparatus]

Á (1115)

[English]

The Chair (Mr. Joe Fontana (London North Centre, Lib.)): Good morning, colleagues. We have a busy day planned this morning and this afternoon with regard to technology.

Let me first thank those members who had an opportunity to travel with us to the United States, to Washington specifically. We will fully brief all the committee members about the exceptional meeting we had with our American counterparts, the congressmen and congresswomen we met with.

I can report there is a great appetite among legislators, on both their side and ours, for common issues that relate to our border, and there is a proposal on your behalf to explore having a binational working group or binational meetings so we can deal with the border issue in a very constructive, cooperative, partnership way.

There's no doubt we need to be seen and we need to inform our American counterparts of our new immigration and refugee bills. There are also a number of 30-point border security issues that I think will help build a foundation for working together in partnership to ensure that their northerly border and our 49th parallel is secure.

There was a lot of talk about some of their new bills that are coming down the pipe, which may or may not affect Canada with regard to entry and exit, and the potential requirement for biometric identifiers. We spent a lot of time in Washington speaking to some very knowledgeable people on the whole issue of biometric identifiers and national ID cards or foundation documents, which they may or may not require of different countries, including Canada, as well as our needs as a country.

Therefore, that's what we're doing today. We will continue our discussions about the use of technology to better equip both of our countries, but specifically Canada, to ensure the free movement of people and goods as safely across our border as possible.

We will have further discussion with regard to our trip to the United States and I will fully inform you when our colleagues there get back to us on this novel and unique concept that two legislators can meet binationally to discuss common matters of immigration, border security, and so on.

I want to thank the members who were able to attend our meetings. They were exceptional in nature and they were very timely with regard to that.

Mr. Massimo Pacetti (Saint-Léonard—Saint-Michel, Lib.): How many elected members did you meet? Were they congressmen, senators...?

The Chair: I think there were close to a dozen congress people, and as you know, the United States House of Representatives is still trying to reorganize itself under its new homeland security, which now encompasses I don't know how many subcommittees. We met the ranking members as well as the chairs of the immigration committee, border security, drug enforcement, and a number of other people who are going to sit on the Select Committee on Homeland Security as well as the immigration subcommittee.

On a secondary issue, you will recall our colleague Diane had given us notice of a motion with regard to the whole issue of retroactivity and the legal opinion that was given by a judge in the Dragan case. Diane and I have spoken, and I told her the format and the notice of motion she proposed to bring forward would be technically out of order; therefore, she has agreed to withdraw that notice of motion. She has another that may or may not be in order. She's giving us notice now, but she is not formally moving the motion.

Diane, you may want to raise this while we have a couple of minutes here.

Mrs. Diane Ablonczy (Calgary—Nose Hill, Canadian Alliance): Thank you, Mr. Chairman.

I would like to tell colleagues who were not able to be in our meetings last week that they were very positive.

I'd also like to commend our clerk, who put together an excellent cross-section of witnesses, briefings, and meetings for us. It takes a lot of work, I know, and we really appreciate his dedication in that regard.

With respect to the notice of motion I tabled on March 20, I'm not going to proceed with that motion, as the chair mentioned. I blush to say it was not completely in order; i.e., it was out of order.

I am tabling another motion today, which is that, given the judgment of Mr. Justice Kelen of the Federal Court of Canada on February 21, 2003, which found the Minister of Citizenship and Immigration to have misled this committee, this committee feels it is its duty to place this matter before the House at this time, since privilege may be involved, and to give the House an opportunity to reflect on this matter.

I'll table that motion today.

Thank you, Mr. Chairman. I'm sure we will deal with this, as time permits, in the chair's judgment. Thank you very much.

The Chair: Thank you, Diane.

Let me also take this opportunity to thank you, Diane, and your staff for making it possible and helping to arrange some witnesses in Washington--some of the interesting people from NGOs and think-tanks we met with over and above the congressional people, from the chamber of commerce to a number of different organizations. I want to thank you for making it possible for us to meet. I like the spirit of cooperation that exists around this committee.

Anyway, we have some important business of the nation to do. It's my pleasure to welcome, from BioDentity Systems Corporation, Mr. Joel Shaw and Jean-Paul Sirois, as we continue our discussions with regard to the national identity card. Welcome, Joel and Jean-Paul. We look forward to your presentation.

Mr. Joel Shaw (President and CEO, BioDentity Systems Corporation): Thank you very much, Mr. Chairman.

Good morning. My name is Joel Shaw, and I am the chief executive officer of BioDentity Systems Corporation, located here in Ottawa. With me is Mr. Sirois, who is our public affairs counsel.

I would like to begin my address by sharing my insight into the global need for improved border security and personal identification. I can offer this committee a unique perspective and equally speak with authority, for in addition to being the chief executive officer of BioDentity I am convenor of a working group set up by the International Organization for Standardization, or ISO, headquartered in Geneva, to work with the United Nations International Civil Aviation Organization to create international standards for official travel documents such as passports, visas, and official documents of identity.

As working group convenor, I coordinate ISO's collaboration with ICAO. ICAO was given the mandate to establish international conventions for such documents, including form and information content, by the United Nations. The focus of ICAO and ISO work is to ensure the standardization and global interoperability of these vital identification documents and the information they carry, specifically information that must be read both visually and by machine.

Experts participating with ICAO and ISO had worked collaboratively prior to the tragic events of September 11 and have since reconfirmed that interoperable face biometric details embedded in travel and official identification documents can best address the two equally important identification tasks assigned to those who must protect our borders, those being to identify the presenter of the document as the rightful holder of that document as well as to identify those who should be denied entry to the country or possibly even detained.

The events of September 11 underscore the benefits that could have been realized if the ICAO solutions had been in place to allow border control authorities to quickly and accurately identify those who should have been stopped when they attempted to secure a visa, enter the country, or board an aircraft.

Selection of face recognition as the globally interoperable biometric identifier for travel documents and official documents of identity is based on a multi-year assessment conducted by ICAO, working in collaboration with ISO, in which the requirements for biometric technology were identified, the various biometric options were considered, and the importance of the myriad of needs were quantified. In the end, facial recognition was found to be the most compatible with the unique needs of document issuance and border security, while fingerprint and iris technology were found to have only limited compatibility with those needs.

The need for a non-intrusive identifier, one that was widely acceptable and used internationally, figured prominently in the choice of face recognition. BioDentity recognized that facial recognition would emerge as the globally interoperable biometric identifier during the late 1990s. It set out to build a suite of enabling technologies that would let government strengthen border security and businesses, such as airport operators and airlines exposed to related threats, to protect the travelling public.

BioDentity's suite of technology includes smart cameras that are capable of capturing facial biometric details at upwards of 60 feet; technology that will allow passport and visa application photos to be checked to confirm identity as well as identify persons who should not receive a document; special technology for searching very large databases at high speed to assist issuing and inspection authorities in confirming identity; and special application solutions that allow immediate and effective use of face recognition technologies in support of travel identification document issuance and the inspection of persons seeking to enter the country.

The governments of the United Kingdom, Germany, and New Zealand have already sought out BioDentity's unique talents and products to assist them in meeting the new ICAO standards. I understand that this committee was considering the examination of biometric systems employed abroad, and I would encourage the committee to tour implementations in Europe and elsewhere to see our made-in-Canada technology at work.

I know the committee was in Washington just last week, as was I, and I can assure the members that the BioDentity system will ensure that citizens of those nations using our technology and travelling to the United States comply with the new U.S. public law that requires persons presenting passports to conform to the ICAO specifications governing biometrics by October 26, 2004.

Á (1120)

Governments around the world have recognized the necessity of strengthening their existing passport and visa programs and their official document of identity programs through the introduction of face biometric information within the documents and within the related issuance processes. They have equally recognized the importance of the immediate deployment of face biometric technology to allow machine-assisted identity confirmation in support of enhanced border security. The Canadian government, like others, will be required to address these international conventions and standards.

While enhanced border security and the stemming of international terrorism are foremost in many of our minds, given the current conflict in Iraq, the need to restore public confidence in global air travel and the need to take steps to protect the travelling public through stemming the existence of continued terrorism are important reasons cited in many countries for moving quickly and decisively with implementation.

In an effort to contribute to Canada's enhanced border security and the restoration of public confidence in global air travel, BioDentity has made an offer to the ministers of immigration, customs, and foreign affairs as well as the Deputy Prime Minister and the Solicitor General. This offer involves the donation of BioDentity state-of-the-art identification technology to border control authorities for testing at Ottawa airport to allow early alignment with the global standards established by ICAO.

I would like to thank you for the opportunity to address the committee. We have provided each of you with a summary document on our views, which the clerk has, on the unique Canadian-built products.

I would like to remind the committee that the clerk has organized a tour of our Kanata facility and a technology demonstration this coming Thursday, and I look forward to seeing many of you then.

Now, Mr. Chairman, I would be pleased to answer any questions the committee might have. Thank you.

Á (1125)

The Chair: Thank you, Joel. I'm sure we have some questions.

Diane.

Mrs. Diane Ablonczy: Thank you, Mr. Shaw and Mr. Sirois. I did have the pleasure of receiving some information about your technology a few weeks ago and have looked at it with great interest. You also have a CD, which makes it very easy to follow the technology you're working on.

It was mentioned to us at some of our briefings in Washington that face recognition is less intrusive than some of the other technologies, particularly fingerprinting, which has been for a long time linked with criminal activity and may have some psychological barriers for public acceptance.

With respect to the face recognition technology, though, it was mentioned, for example, that if cars or trucks were coming across the border with four or five people in them, for face recognition to work, let's say in rainy or foggy weather or with people moving around, it would be difficult, first of all. Second, it would take some time. One witness told us that even if each person's identification only took 30 seconds, that would back up the traffic at the border for five days. Those were the figures we were given; whether they're accurate or not, I don't know.

I wonder if you would speak to that concern, that face recognition in a vehicle with a lot of people and, let's say, imperfect weather conditions, all of those things, could be a problem.

Mr. Joel Shaw: Thank you.

I will approach my answer in two ways. BioDentity was led into the area it is in right now because of our extensive experience with border clearance and processing people crossing borders. We realized that to have people get out of a vehicle or stand in a very regimented way in front of a surveillance camera was not going facilitate the process. It was going to back up the borders, as you've described.

The basis of our camera technology is to find the face and move in close to the face, regardless of where that person is. We can actually capture a facial image from about two feet in front of the camera to 60 feet away in an area of about 45º in front of the camera. The camera seeks out the face and finds the face and the person. It goes in close and actually ensures that the image is captured at a specific resolution that is required by the facial recognition software to perform properly. In other words, we were trying to make sure we didn't suffer from garbage in and garbage out. So this technology we've developed seeks out people. It can seek out people who are in a vehicle or moving around in front of an inspection area.

On the time required, we have developed infrastructure technology that supports the algorithms. We do not make the facial recognition algorithms. We use the commercial algorithms that are available around the world. I can tell you it would take less than a second and a half to recognize someone once we captured their face. To capture their face would take less than a second with this type of camera we have.

Á (1130)

Mrs. Diane Ablonczy: Would you also explain for us the effects of aging on facial recognition?

Mr. Joel Shaw: An interesting aspect of that is that none of the scientific studies that have been conducted, like the facial recognition verification test in the United States just completed recently, have had the opportunity to work with people over more than a 14-month or 18-month maximum elapse in time.

BioDentity was chosen by the New Zealand Department of Internal Affairs to explore the potential of face recognition with passport photographs. We have had access for over a year to a database that was held and collected by the New Zealand Passports Office. It has photographs up to ten years old.

We first had to convert that database, because it was in image form. We were able to convert 99.99% of it and have found, interestingly enough, that the facial characteristics of everybody over the age of about 18 to 20 years old become stable. The performance does not degrade in the time between the first image we try to compare and the second image.

Tests have been run by the New Zealand Passports Office because the database we've converted is ten years old now. Approximately 60% of some 6,000 people a week who come into the New Zealand Passports Office have a photograph in that database with a ten-year life expectancy. We have had no problem recognizing these people, unless the original photograph that was captured ten years ago, when no one really had any sense that they would want to do this, was very poor.

So in short, we have had access to a process that no one else has ever had, and our results with that database are quite leading-edge.

Mrs. Diane Ablonczy: Finally, one of the real concerns about biometric identifiers is privacy and function creep; that once faces are in the database they can be tracked for a whole bunch of reasons, some of which would be severe invasions of privacy and quite unnecessary for any security purpose.

Can you give us any idea whether any safeguards could be built into this system to alleviate this concern about function creep or improper surveillance? It seems to me that would be quite difficult, but perhaps you have some thoughts.

Mr. Joel Shaw: I have to leave it to the authorities who are operating on the behalf of government. Government must set down rules and regulations to ensure that what they do with this data is proper, under what you people in Parliament set down.

Our goal in building this technology is to allow border control authorities to identify you as who you say you are--to process a passport photo, to process a data record on you that is stored. So we would identify you as an unique individual. It would also allow the control authorities to potentially look at a control list--which none of us would be on--of the really bad people they were looking for and trying to stop at our borders, and identify those people. But it really comes down through the regulations and policies that are set by the government.

Mrs. Diane Ablonczy: I wish sometimes that governments and officials were as trustworthy as technology, but that's another issue.

Thank you, Mr. Chairman.

The Chair: Sarkis.

Mr. Sarkis Assadourian (Brampton Centre, Lib.): Thank you very much.

You mentioned, sir, instituting international standards for travel documents with ICAO. What are the chances of the U.S. government accepting standards set by ICAO, or developed countries versus developing countries? We have difficulty convincing them to accept Canadian passports. If you're going to go with ICAO standards with 185 countries, I think the standard will be much lower than American standards, although I may be wrong.

Wouldn't it be better if you or your company instituted standards at a similar level with the EU, or the Organization of American States, or with Commonwealth countries, or whatever the case may be, rather than with ICAO and its 185 countries, which would make it very, very difficult for the Americans? This is especially so because we're concerned mostly with the American standard, which covers 200 million people who travel back and forth. How would you handle that case?

Thank you.

Á (1135)

Mr. Joel Shaw: Thank you.

First of all, let me say that ICAO published an international convention. In the early 1980s, it was raised to an international standard by the ISO, which I represent. All of the countries agreed to that standard, which embraces a standard-sized document, passports, and data residing within those documents. All of the countries have implemented it, including the United States, Europe, Canada.

The United States has also adopted the international convention on biometrics that is coming out. Its Enhanced Border Security and Visa Reform Act of 2002, or the public law that I'm referring to, says that passports have to have biometric details in them by October 26, 2004. It says that the biometric details will conform to the ICAO standard.

Mr. Sarkis Assadourian: Mr. Chairman, with everything going on around the world, what are the chances of achieving that deadline of October 2004? Is that deadline realistic or can we meet it?

Mr. Joel Shaw: Yes, I think so. As recognized by experts across the world, one of the tremendous advantages of face recognition technology is that the first thing you can do to implement it is to put in a system whereby you're monitoring a person standing before the border control authority who is not already on the lookout list, or someone who should denied entry to the country.

As citizens begin to participate in this activity, you would have the ability to compare the person to their photograph, which is one of the other aspects of this. So it can achieve a critical mass almost instantaneously.

Then, as someone possibly introduces a technology in the travel document to store details, you could move to this additional level where you're comparing data to encoded data, which is protected and secured within the travel document. This establishes an immediate critical mass that can be implemented.

Mr. Sarkis Assadourian: I have one final point. How much time do you think it's going to take for us to convert our documents after October 2004 to make them accessible to everybody?

Mr. Joel Shaw: Unfortunately, having done issuing systems for passport issuing authorities around the world since 1985, I think that it will take five to ten years. What I mean by this is that it's the normal term of a document; the Canadian passport is a five-year document, and the U.S., British, New Zealand, Germans, and people like that, have a ten-year document. You could not accept the fact that all of the people holding a passport—85 million or so in some countries, and 100 million in the case of the United States—could come in overnight. It couldn't happen. That's why it's important to use the face and the photograph, and to introduce and integrate the citizenry into the process.

Mr. Sarkis Assadourian: Thank you very much.

The Chair: Okay. Marie.

[Translation]

Ms. Madeleine Dalphond-Guiral (Laval Centre, BQ): Good morning, Mr. Shaw. Good morning, Mr. Sirois. I'd like to know, because I find it quite intriguing, on what points you base facial recognition. I'm sure you've seen the example of women who, in the course of a year, gain 10 pounds--we've all seen examples of this--and of men who suddenly lose weight to the point where they are no longer recognizable.

What particular anthropomorphic characteristics do you target? I imagine it could be the distance between the eyes, for example, or the particular type of eyelid. I'd like you to give us some details. The subject is quite fascinating.

[English]

Mr. Joel Shaw: There are about four basic algorithms or types of techniques for recognizing the face, but these are fundamentally distilled down to one. As you say, it is the unique characteristics of the face, the distance between the eyes, the relationship of the tip of the nose or the mouth, certain shadows created by the eye cavity, and things like that, including in our experience around the world things like hair, and even a—

Á (1140)

[Translation]

Ms. Madeleine Dalphond-Guiral: A moustache.

[English]

Mr. Joel Shaw: Yes, a moustache. Actually, it can be ignored and avoided. I would say to you that there are some programs that would react to a moustache in an inappropriate manner or, in other words, misrecognize.... But we have worked with algorithms and have worked extensively to ensure that our technology does not have those issues. But generally speaking, it is the generic, ingrained features of the face that it's working on.

[Translation]

Ms. Madeleine Dalphond-Guiral: You mentioned that in some countries a passport is valid for 10 years. As far as facial recognition is concerned, the data is certainly valid for more than 10 years. In Canada, where a passport is valid for five years, the photograph must be changed. This practice will be continued and it implies certain costs.

Do you take these factors into account or do you leave it up to the individual, in the hopes that the person and the person in the photograph will be one and the same?

[English]

Mr. Joel Shaw: The international standard is calling for the ability to put electronic storage into travel documents. Of course, you know that you can do this in wallet-sized cards with computer chips. There has been technological development in many countries allowing this to exist in a book form, or to exist in something that we would consider to be a passport. This gives the issuing authorities and the border control authorities the ability to update the information, to protect it, and to secure it in the document.

I can equally tell you that even though there is a cost implication to this, many of the countries that I witness in the ICAO and ISO environment are actually now thinking about reducing the term of their documents to five years. At ICAO meetings recently in New Orleans, I ran into two countries who were actually talking openly about this. Over the past few years it was not in consideration. The reason that they're even talking about it is because of their concern for identification and for having up-to-date information available to them.

[Translation]

Ms. Madeleine Dalphond-Guiral: Thank you.

[English]

The Chair: Jerry.

Mr. Jerry Pickard (Chatham—Kent Essex, Lib.): Thank you very much, Mr. Chair.

There are a couple of issues that pop into my mind very quickly. You mentioned that you could identify someone through the cameras within a second. At the same time, information from the face must go on a screen and come back to the person who's operating the screen. At that point, I assume that if there are four people in a vehicle, he's got to go through some type of record of those four people. How much time do you think this personal side of it will take? This will be helpful to me to know.

Second, maybe you can't give a specific cost, but I think you might be able to give us a ballpark figure on what the cost might be every five years to produce the documents and to manage the system—although the latter may be a little difficult to cost. But can you give us an idea of what we're talking about, as far as the cost of working in the system per individual is concerned, realizing that you're potentially going to have millions of clients at a huge overall cost? I think that most people can understand better what the individual cost is.

The third point is that the minister has taken the point of view that this type of technology will protect people, rather than create privacy problems. He's saying that this card can well protect your identity, so that if a passport is stolen or if someone is using false IDs, or whatever, it is a very fast means by which you can identify perpetrators of theft or false documents.

Could you comment on these three issues.

Mr. Joel Shaw: Let me, if I understand you correctly, sir, address your first point, which is really the additional time to display all of this data and facial recognition. We've actually put together software programs that allow primary and secondary inspection to take place. It takes an image and runs it against a comparison. In other words, I identify myself as Joel Shaw. It compares a one-to-one check and goes through a lookout list of, say, 500 to 600 people who are really bad guys and comes back with a response, and then it puts that on the screen. You're probably talking about two to three seconds.

Traditionally, the U.S. immigration and custom authorities are very demonstrative about the time to inspect people, and they say that is about 30 seconds. This process can take place in parallel while they're talking to the person, looking at the documents. It's very important to look at the document. The results are presented on the screen in probably two to three seconds maximum while all of this analysis is taking place.

As to the cost, you were very specifically, I believe, talking about the issuance of a document.

Á (1145)

Mr. Jerry Pickard: You have ongoing costs as well, so issuance is one aspect of it and operations is the second.

Mr. Joel Shaw: Let me deal with the issuance issue. The interesting aspect of our work in New Zealand is that we've actually used the database that's been constructed over the years by using traditional scanning equipment, which they use. They scan applications. They scan photographs in because most of these countries now print the passport photo onto the paper. We actually have used the data that is there.

There is a cost for facial recognition, having programs running. Depending on the volume, that could be something in the order of $200,000 to $300,000 or $400,000 a year for something such as the Passport Office--a recurring cost. In the case of border clearance, border inspection, of course there is a much larger implication because of the databases and things like that.

I think in the federal budget there was a border and security line item that indicated about $3.3 billion Canadian was to be spent. Based on our experiences around the world doing this sort of thing, we estimate that to put this infrastructure in Canada would be less than 1% of that amount of money, to do the entire country.

Mr. Jerry Pickard: Do you have an idea of capital costs initially?

Mr. Joel Shaw: With somewhere such as Ottawa airport, where you would be talking about 10 inspection positions, I can give a sense of that. In all, with the equipment, you're probably talking about something less than three-quarters of a million dollars to put that equipment into the Ottawa airport, something in that kind of range. Now that would be to use the FOSS terminals that are there and everything like that, so you utilize the computer system. You're not talking about an awful lot of expensive equipment that has to go in.

As for protecting the people, I have probably an interesting perspective on this because of having worked in helping the United States develop a border clearance system back in the late 1980s and early 1990s. The computer system you see was actually prototyped and developed by Canadians. I've learned what the people do that are in the immigration and border guard environment and the questions they ask. They ask a lot of less-than-specific information--what's my name, where was I born, what's my nationality, what's my date of birth, and things like that. Those are less specific pieces of information because their lookout lists are based on names of people they're looking for.

I think I would agree in this way--that if we could provide one very precise piece of information that in fractions of seconds could identify me as Joel Shaw, a Canadian, approved to hold a Canadian passport, and probably at the same time that I'm not on that lookout list, I would welcome it. I think it is strong, because by the time they go through and ask me all these ancillary questions, they really don't have very strong information to connect me with that individual or even identify me. It's very, very weak information.

The Chair: Massimo.

Mr. Massimo Pacetti: Thank you, Mr. Chair.

I guess my question is going back a little bit. I still don't really understand who's going to have the technology and how it's going to work. Everybody asked separate questions, but it was conflicting a little bit.

When we get to the border, they're not going to ask us any questions. We're just going to show them our face and they're going to take a copy. How is this all going to work out? Are we going to have databases from 140 countries? What are we trying to do? Recognition? Or are we trying to find...? Perhaps you could just go back one step.

Á (1150)

Mr. Joel Shaw: The application of this technology will be across several aspects of government delivery. First of all, I expect it would be used in visa issuance. When someone comes in seeking a visa, there would be a check of a photograph or a live picture compared against a file of facial images of people who should be denied access to a passport or visa.

As a Canadian citizen, if I were to go in to get my passport, they would be responsible for putting biometric details onto the Canadian passport. They would most likely run a check to see if my face matched the one that was on file for Joel Shaw, for that passport number, from the existing document I hold. They would probably run it against a list of people who should not be given a passport--someone trying to perpetrate fraud on the Canadian Passport Office. They would actually check fraud in this context.

Mr. Massimo Pacetti: Mr. Shaw, where would this information come from? Again, that information would still be available, so whether you provided them with a photo or some type of identification.... The Passport Office still does those types of research.

Mr. Joel Shaw: Actually, passport offices around the world hold a photo database, for no other reason right now than to go back and look at your face. For example, when you come in to get a new passport, they say, yes, that's the person. They do that visually.

Mr. Massimo Pacetti: It's for recognition, to say who you are.

Mr. Joel Shaw: Correct. What they would do is introduce machine assistance to do it, because then they can do it much faster, and for facilitation, they can do it more accurately. So they would have that kind of technology.

Border control authorities--

Mr. Massimo Pacetti: Sorry, but how do we get your original picture onto that database? How do we validate that? I think that's one of the problems we have.

Mr. Joel Shaw: Yes.

Mr. Massimo Pacetti: It's the same thing when we're saying there's theft in the birth certificate, so if people provide birth certificates.... It's the same way. How do we validate or say the information that's to be provided to go into the original database is correct?

Mr. Joel Shaw: Right. This is where it's absolutely vital that you look beyond the document itself, the passport. This is a system. I could go in and get a very authentic passport that has my name in it, yet I wouldn't be who I say I am, because of the breeder document. It's absolutely important, I think, that this committee take into consideration that there are other weak points in the delivery system in our country. It happens all over the world. That has to be strengthened in order to ensure that the documents are being given to the right people.

If I were bent on getting a passport illegally in this country, I sure wouldn't try to counterfeit a Canadian passport or fraudulently produce one. I would try to go through some other mechanism to come in with a valid set of documents to get one.

The issue that I think ICAO is dealing with is, once you are given that document, there is an ongoing problem of identifying you or ensuring that you are truly who you say you are.

We've seen all over the world a problem that I never expected to hear, and I've heard about it time and time again, and that is impostors--people actually taking my passport, presenting it as the one described in that portrait. That happens, and the numbers are very striking. Biometrics are designed to weed out those people and to make sure that if someone is trying to impersonate you.... As hard as that is to imagine, it does happen, and the numbers are large.

The Chair: Mr. O'Reilly.

Mr. John O'Reilly (Haliburton—Victoria—Brock, Lib.): Thank you very much, Mr. Chairman.

Thank you very much for attending. I want to get back to the business at hand, which is the national identity card, not the passport, and I want to talk about and get some answers on that.

I take it the three sets of witnesses attending today are in competition with each other for the same business. I guess what I'm interested in is what parts are used by competitors, what types of patents you have, and what restrictions are in place to guarantee security. I'm talking about your equipment, not the input that the general public has, because that's really a police matter. I want to know how many countries use the technology you own by patent.

Off that a bit, does the face scan use any type of radiation? Is there any danger to a pregnant woman who has to go across the border five or six times in a month? Is there a radiation problem with having your face scanned? Is there any radiation used in it?

I want to know about your facility. Is your equipment in a secure area? How is it secured?

Those are basically my questions. I want to tell you I was a printer for 16 years. I recognize the equipment and I know how it works, so I'm not really interested in the actual part of the equipment.

Á (1155)

The Chair: Those $50 bills that you produced were very--

Mr. John O'Reilly: Mr. Chairman, the only time I ever got into trouble was when we did a $1,000 draw and I did reproduce the $1,000 bill, and the RCMP did come and clean out the bins and take it all away. I admit that, but it was for the Kinsmen Club, so it wasn't all bad.

Mr. Joel Shaw: There's a patent pending on the technology we have developed at BioDentity. A European patent action has indicated that there are no patents out there that are applicable, so we expect to have patent-related technology. That would relate to the camera equipment and some of the special things we do to process images.

As far as the scanning is concerned, it's a standard camera. There's a standard camera system capturing images, so there is no potential of danger in the sense of looking into a particular device with an eye-type scan, or touching something. There are issues like that we've encountered with people being concerned about it. So there's no radiation or anything like that. It's a standard camera.

As far as our facility is concerned, of course, we are simply providing the equipment. We manufacture the equipment there and sell it to the government. There's nothing we do within the confines of our building at this point in time that warrants any concern about security issues. If we were to have access to specific databases or something like that, which we do not, then we would take steps to ensure that protection was there.

The Chair: I have a couple of questions.

Members, you all know that you will be attending those facilities, so in terms of some of those security questions, you will actually be able to see how they work on Thursday.

What is your false acceptance rate? At the end of the day, even in our discussions in the United States, and as we continue to discuss with Canadian technology firms the new technology and what's standard, there is no perfect technology. They all make mistakes. Therefore, the standard that ICAO was looking at, or that countries are looking at, hopefully will be a standard that's probably the most foolproof, even though we understand that there's no foolproof system around.

So what's your false acceptance? As I understand it, it's under ideal conditions, proper lighting, but I think Diane started to ask about the fact that you could be sitting behind a smokey, dark glass, you might be in the back seat, and a camera is supposed to pick up your facial features, which would be tested somewhere, and so on. So I need to understand a little bit about the false acceptance rate. Does it improve with frequency, or decrease with frequency in terms of its false negatives, false positives?

Mr. Joel Shaw: First of all, there are two scientific parameters that are at work here: false acceptance, which is to identify somebody else with my documentation, or as myself; and a false reject, which is to fail to recognize me as the individual. These parameters, from our perspective, are dynamically set. In other words, they're altered depending on the circumstance.

In border clearance, what you would want to do is to ensure that an imposter didn't substitute for me. Therefore, you'll want a very low false acceptance rate. But, at the same time, as you push that downwards, say 1% or 2%, then you create an imbalance for me to be accepted, because they work against each other.

So I think the first answer to your question would be the following: that these are set individually, depending on the circumstances. What we have found from experience around the world, and not only ourselves but other people who are working in this area, is they're trying to have a false reject rate in the order of 3% or 4%. The reason is that you have an empowered border clearance official standing at a terminal and they see that image coming up on the screen and if it says, I think this person is not the person described in the biometric details, and it obviously is, they can say, you can proceed, I allow you to move into the country, or they could deem you to go to secondary.

So in that sense, I would say that a false reject rate would be in about 3%, 4%, or 5% maximum right now with the technology. A false accept rate would be balanced out at about 5% as well.

Â (1200)

The Chair: Let me ask you about a couple of examples. For September 11, now we know who those terrorists were, there are pictures and everything else. But before that, nobody knew who they were; they didn't exist in any particular system. So explain to me, how would September 11 have been prevented if in fact the United States had had a full-blown system of facial? These guys come into the airport, because they all boarded aircraft, and if there had been some device or some system there, they would have had to be on the bad guy list first in order for them to be picked up.

This is my second example. Joel Shaw is a bad guy. You've been photographed, and they know that Joel Shaw is a bad guy, and you decide to go a big football game, the Super Bowl--and I think that this has happened. Some 80,000 people are there and they want to find out whether or not Joel Shaw, the bad guy, is somewhere in that football facility. So you're going to take these cameras and you're going to scan all those 80,000 people. What are they looking for? For Joel Shaw, if your facial parameters are somewhere in that crowd. That's the system, right?

Mr. Joel Shaw: Right.

The Chair: Or do you take 80,000 pictures and then that's your database? You see, I'm trying to find out whether the database is the bad guys and you're trying to find the bad guys as compared to the people coming across the border, or are you saying that everybody is going to have a facial, that the database of good guys is going to exist and it's going to take us years to get this database in place, and then you're going to try to find the bad guy.

I'm trying to understand what you want to do.

Mr. Joel Shaw: In the case of border clearance, the ICAO initiatives, and the initiatives that are being implemented around the world, are to put biometric details onto the passport. So it would be available to the border control authority, Canada Customs in our case, staffing the bill to actually take my passport, compare the details on that passport against my live facial image, and say that is the person who was endorsed by the Canadian Passport Office as the valid holder of that document.

At the same time--and this is where the very unique requirement exists within border control authorities--they're looking for the bad guy, and that is the exception list. So at the same time, they're taking that facial image, they're running it against a small list, a few hundred thousand images, and they're saying, that fellow standing before you, despite the fact that the document may say it's Joel Shaw, is he on a list of people that we need to talk to right now? And both of those are running in parallel.

The Chair: One is the identifier to make sure that you are who you say you are, and the second is to test that facial on a database that may or not exist.

Mr. Joel Shaw: Correct. And I think the important issue is that because of the introduction of the passports and other documents, whether it be a national ID or whatever it is, it'll take years to bring that kind of biometric data into place.

So either you put the citizens of this country on the critical path and wait for them all to be carrying these documents before you can secure the border or you put the lookout system in place and then let the citizens integrate in with it, and at the same time, protect the document issuance with the inspection system or the facial recognition system.

So it's a system you're building. No one solution can solve the problem.

The Chair: Finally, last week we talked about standards for bio-identifiers, and I wonder, which are the best? We talked about facial, we talked about fingerprints, we talked about iris. In your opinion, which is the best identifier?

Mr. Joel Shaw: It is face. I've always felt it was face, and the reason I say it's face is that it's the only one that can do a lookout check, which is required for border security, when you have never had the participant enroll. And one thing a terrorist is not going to do is enroll; he is not going to give you a biometric.

Â (1205)

The Chair: Thank you very much, Joel. And for the record, instead of Super Bowl I should have said the Grey Cup. I watch both.

Joel, thank you very much. We'll see you on Thursday.

And thanks, Bill, for protecting my backside.

The next witness I'd like to invite is the Canadian Bank Note Company, another good Canadian company. We have Ron Arends, president and chief operating officer; Ian Shaw, president of Identity Systems; Stephen Dopp, vice-president of government and commercial services; and Jack Sinclair.

Welcome, gentlemen.

Ron, go ahead.

Mr. Ron Arends (President and Chief Operating Officer, Canadian Bank Note Company, Limited): Mr. Chairman, members of the committee, distinguished guests, ladies and gentlemen, my colleagues and I are pleased to have the opportunity to share our thoughts with you on a national identity card. The tragic events of September 11, 2001, have brought many to realize that more must be done to safeguard national and individual security. We share this concern and are actively working with many governments, including Canada, to deal with the significant security risks that exist.

Canadian Bank Note has supplied Canadian governments with security documents such as bank notes, passports, and immigration documents since 1897. Over the past 10 years we have transitioned from a more narrowly based security printer to become a world-class provider of security documents, related issuing and control systems, and services to markets and applications that have a significant security requirement.

Our company has extensive manufacturing operations for security printing, and specialized hardware devices such as security document readers, and a large complement of software engineers to design and deliver systems. We are fully Canadian owned and are based in Ottawa. Canada is our home market, but our international sales now comprise more than 50% of our revenue. Last year we sold to 40 countries.

CBN's identification systems division develops and supplies fully integrated secure solutions for the issuance and inspection of passports, visas, and other identification requirements, including national identity cards, drivers' licences, foreign workers' cards, and permanent resident cards. Over the past few years we have provided turnkey solutions for 15 passport issuing systems, two visa issuing systems, nine border control systems, and five identity card issuing systems. We have supplied passport readers and visas to 25 countries. Our document readers have been purchased by 61 government agencies in 43 countries. We can tell you that the U.S. State Department today is deploying our readers in Pakistan, Afghanistan, and Yemen.

Canada has a specific set of foundation documents such as birth certificates and immigration and citizenship documents. We also have a group of entitlement documents such as drivers' licences, passports, and health cards. The reality is that entitlement documents are used as identity documents, as is in the case of drivers' licences and passports. The security threat varies by degree in nature from application to application. For example, the security issues in travelling from country to country are not the same as those involved in the provision of health services; nevertheless, secure personal identification in some form is required in each.

Document security is a critical part of any solution. However, security goes beyond the document to include effective enrolment and ongoing systems management. What does it do to have a secure card if the individual holding the card was not entitled to receive it in the first place, or if controls are not in place to eliminate fraud as the system operates over time? The challenge is to provide security across a range of interrelated applications, including documents and systems, while dealing with privacy concerns.

Two examples from our experience might help highlight the variety of approaches being considered and adopted throughout the world. In New Zealand, where CBN has a five-year contract for the supply of a secure machine-readable passport and issuing system, the Ministry of Internal Affairs has created an identity services department. New Zealand does not intend to have a national ID card and has decided not to issue a birth certificate, but rather, has introduced systems that share limited amounts of common data and incorporate one to many biometric searches to verify applicants when documents are issued.

In Azerbaijan, CBN has deployed a 70-site national ID card-issuing system--that is, that the cards are issued from 70 sites throughout the country--and supplied 13 million secure ID cards. The ID card-issuing system is linked to the passport-issuing system and the inspection system. Government legislation requires that children are issued with an ID card minus a photograph, but at the age of maturity, 16 years, they are reissued an adult ID card, which also bears a photograph. A birth certificate issued regionally is required in order to obtain a national ID card. Part of our system installation in Azerbaijan was a border control system that replaced the CIA's Pisces system that was in Azerbaijan. We believe that Azerbaijan has one of the most advanced border control systems in the world today.

Â (1210)

A number of initiatives have been taken recently to introduce changes to documents and systems that will significantly increase security in Canada. CBN has participated in a number of such projects, including a new Canadian passport with enhanced security features, a new Canadian citizenship document and issuing system, the new permanent resident card and secure issuing system, the supply of specialized travel document readers, and a new marine certificate of competency document and issuing system.

In Canada, the Passport Office, in line with ICAO recommendations, is currently tendering for the supply of a one-to-many facial recognition biometric system to prevent the fraudulent issuance of duplicate passports. CBN is currently short-listed to supply this system to the Canadian Passport Office.

CBN has been on a leading-edge drivers' licence project for the Government of Alberta. If successful, CBN will personalize and issue high-security laser-engraved drivers' licences from its secure service bureau in Ottawa. A facial recognition biometric capability will be included.

CBN, working closely with CIC, implemented the new high-security permanent resident card and related issuing system for Canada. The card is recognized in the U.S. and internationally as the most secure entitlement card in the world today. The card has recently won two awards for security and design from the International Card Manufacturers Association. The security of this foundation document has been dramatically upgraded.

These initiatives represent significant steps forward. Further steps should be taken in areas such as vital statistics, drivers' licences and health cards, whether or not a national identification card is introduced.

With the introduction of a national ID card, one would need to understand precisely the problem that is targeted and carefully consider the role that such a national ID card would play. Is it to be the foundation document that replaces other foundation documents and feeds other applications, such as health, travel, and drivers' licences, or would it replace all documents? The choice has a considerable impact on system design, project complexity, cost, and the extent to which databases are linked, accessed, and shared. Where might Canada go from here?

Effort must be directed to upgrading the foundation documents and systems that feed entitlement applications. Important progress has been made with regard to immigration processes and systems and the permanent resident card, and this work should continue.

Vital statistics documents and systems, such as birth records, must be improved. The validity and security of this information is a vital foundation for other applications, including any national ID card that may be contemplated.

We believe there is merit in upgrading provincial drivers' licences in accordance with the emerging North American standards post-September 11, as recommended by the American Association of Motor Vehicle Administrators. All Canadian provinces are represented in this association. It is our understanding that the U.S. has decided not to issue a national ID card, but to rely more heavily on drivers' licences than they have before.

The national ID card could augment these upgraded documents and systems. Consideration could be given to expanding the role and security of the citizenship document. Many Canadians born in Canada do not realize they can apply for the same citizenship card that is issued to immigrants who become Canadian citizens. All Canadian citizens would have the same identification card. Both citizenship and permanent resident cards and systems would then form a solid foundation for entitlement systems.

I'd like to make a few comments on the role of biometrics and personal identification solutions before closing.

First, with regard to privacy, it is our view that how biometrics are integrated and used is a more critical question than the use of the biometric itself. Biometrics are powerful identifiers and there seems to be little doubt that they will be increasingly used to identify and verify individuals as they are better understood and accepted by the general public.

Â (1215)

Today, there are three main technologies, each with its advantages and disadvantages: iris, fingerprint, and facial. The choice of technology or mix of technologies will very much depend on the specific application at a specific point in time.

CBN has experience with all three biometrics. In fact, I would just add that we're not in competition with either of the one before us or after. Actually, we use biometrics suppliers as part of our integrated solutions.

Let me say again, Mr. Chairman, we are grateful to have the opportunity to meet with you and your committee on this important subject, and we look forward to addressing any questions you might have.

Thank you.

The Chair: Thank you very much, Ron, for updating us on some of the fine work you're doing and some of the things you're working on.

Jerry.

Mr. Jerry Pickard: I was very interested. The debate around a national identity card and all that creates the question of protection for citizens, clearly people's right to have privacy. Those have all been there.

On your comment with regard to the card, and that we have to make some decisions about how that card would be handled--I believe you said linked to other services, accessed to other services, shared with other services--my question, and one of the things that I've seen that really needs to be explained well to the public, is, number one, can you create a card that does protect each individual caveat or list that may be associated, that needs some identity, to privacy? Do you believe we cannot build a card that creates privacy for individuals? In other words, somebody with a driver's licence doesn't want somebody else getting her health records. Somebody who has certain aspects doesn't want another group....

To me, all those lists will always exist. There's no question that in a society such as ours, they exist. My view is that a national ID card can identify a person as to who they are. It doesn't set lists to be shared with different folks. Everything can be used in one way or another, but to me, the main effort here is to identify a person as to exactly who they are. Then, once you know who they are, you can see if they are on a list somewhere that you have access to. But if somebody else doesn't give you that access, they have total privacy protection. At least that's my view.

Could you comment on that kind of issue, which has been the centre of the debate?

Mr. Ron Arends: I'll try, because in preparation for today we spent some time really trying to get inside the multitude and the matrix that exist, how feeder documents feed entitlement documents. Actually, we have a chart in the office that tries to track what documents feed other documents and how they all interrelate, and it's very complicated.

The first observation I made as I looked at it was that when one talks about a national identity card....

This is just a chart we have that has all the documents laid out and the interrelationships that we think exist today.

Â (1220)

The Chair: Is it available?

Mr. Ron Arends: No, it's not. We could make it available, though, if it were of value.

But when one talks about a national identity card, it's exactly what's intended to be done with it. Is it one that replaces foundation documents, or is it one that replaces the entitlement documents as well, which is the driver's licence, the health card?

As soon as you move up to the level where it replaces everything, I believe you have significantly expanded the cost and the complexity of the application. If you get into chip technology and smart card technology, you theoretically can separate the applications and provide certain protection--that health information wouldn't be available to a driver's licence application. But it is certainly a more complex undertaking, and what you have is a relationship between the document and the reader, who's reading the document.

If you went into a hospital and they took your ID card and were going to swipe it, we'd say, how do we make sure it goes into a health application and not into a driver's licence application? That requires work between the reader and the document itself. Theoretically, you could switch readers. There are ways to subvert the system.

In my mind, a simpler way to think about it is in terms of, does it replace foundation documents? When I move to foundation documents, I know there are others, but primarily in Canada there are a couple today. There's the birth certificate, and there is the permanent residency card.

There is a citizenship card, as I would see it, that one usually applies for after one has permanent residency status. There are other situations where one could take out a citizenship card. Those who are born in Canada don't usually apply for a citizenship card. It's just not required today. But you could. A citizenship card could be a document that would be used. It would be a form of identity card. You'd still have a permanent resident card along with it.

If you brought in an ID card in addition to the birth certificate and in addition to the permanent residency card, then the question would be, exactly what is it trying to identify? You ask what it identifies. It's identifying that the person is a citizen, I guess, or a permanent resident.

Mr. Jerry Pickard: I'll go back to just one fundamental thing. I think what you're saying is the same thought I had.

You talked about replacing fundamental documents. If we had a national identity card that replaced fundamental documents, it would say Joe Smith was a Canadian citizen and entitled to Canadian government benefits. If he asked for other kinds of services, whether it was travelling documents, health card documents, or driver's licence documents, it would be up to those agencies to maintain their own lists, in the same way as they have drivers' licences in this country, a service, and health care, a service.

If you could do that, a person from Ontario who became ill in British Columbia could walk in with that national identity card and be recognized as a legitimate Canadian citizen. He could receive a health care service in British Columbia and that could be billed back to Ontario.

So I see a huge resource of services that could be fundamentally executed if the person had the right basic card. You still wouldn't be sharing lists with that card by any means, because health systems would be responsible for those they treated...drivers' licences for those they received in the provinces, and people with passports would be required to have passports. The card would just prove that the person with that passport was that person, or the person claiming who they were was that person.

I see it as a fundamental document base that would facilitate the exclusion of any fraudulent attempt to get services they were not entitled to. Is that pie in the sky, or is it fundamentally accurate to do that type of thing?

Â (1225)

Mr. Ron Arends: It's certainly not pie in the sky. There's still the question of whether you would do away with the health card or continue to have the health card in any case. You could have an ID card that said you were a Canadian citizen, but you could still have a health card and a driver's licence. Or do you move to a system where one card replaces all?

The Chair: So I guess that's what you've asked this committee. We're getting around to whether this is going to be another foundation document or an entitlement document.

You didn't mention passports. Do I take it you don't believe the passport is a foundation document and is an entitlement document? In my opinion, all of a sudden the passport has become a foundation document, whether or not it functions or is foolproof enough.

Can you tell me what you think about that?

Mr. Ron Arends: I use the term that is generally used today, and most often now, since September 11, it is called an entitlement document. There is no doubt that a passport is used as an identity document, and I don't see that changing.

The Chair: Okay, thank you.

Diane.

Mrs. Diane Ablonczy: Thank you, Mr. Chairman.

Thank you for a good presentation.

You will be interested to know that when we met with officials and individuals in the U.S., they said Canada's passport was as trusted as the U.S. passport. So you've done a good job for us. We know some changes were made about a year or a year and a half ago. Apparently the passport is respected internationally, so we appreciate that.

Mr. Ron Arends: If I could interrupt you, I might just add a little perspective on what's happened in the world. I find this story interesting because we often talk about biometrics.

We did a passport and passport-issuing system in Burkina Faso about three and a half years ago. We designed the Canadian passport with the Passport Office, of course, but it was our design.

Burkina Faso, because they were coming to this later, were able to incorporate certain technologies late in the game. They have a photograph, and then stored in a two-dimensional bar code on the back is the photograph again. So if you wanted to counterfeit a Burkina Faso passport, you would not only have to replace the photograph itself, you would have to replace the photograph that's embedded in the two-dimensional bar code. It is one of the most advanced passports in the world.

So a lot of countries have moved ahead. There are other technologies you can use to make sure the person carrying the document is the person in front of you--that you can identify the person.

Sorry, I just interrupted.

Mrs. Diane Ablonczy: No, that's good information.

I note that you raise in your presentation a concern about the foundation documents, and I must say I share that concern. You even read in spy stories from World War II about how birth certificates and other personal documents were beautifully executed. That was in that technology. Today there's just no limit to how foundation documents can be counterfeited, and that is a real concern, especially in some parts of the world.

You'd be interested to know--and the committee might be interested to know too--that we had a break-in in our home several years ago, and my original birth certificate, which is not from this country, a nice paper document, disappeared. I often wonder what happened to my original birth certificate. It was a neat document to have. Now all I can do is write away and get a photocopy from the records of the place I was born, which is nearly as good, but I do wonder what happened to that document and what it might be used for.

The Chair: It's probably been reproduced 110 times. There are so many Diane Ablonczys in the world you don't know about. You may meet her one day.

Â (1230)

Mrs. Diane Ablonczy: If it was Diane Ablonczy, I might not mind because that's such an unusual name, but my maiden name was Broadway, which is probably a little--

The Chair: I like that even better, Diane.

Mrs. Diane Ablonczy: --less identifiable.

But anyway, the point is that any document with biometrics is only as good as the base documents. I would also point out that those of us who are likely to have legitimate and provable foundation documents are probably not a threat to anybody. It's the people who will be counterfeiting these and producing them through illegal means who will be the real problem. They will almost certainly have them.

When we were in China last year, I was given a student card from Beijing University that said I was enrolled as a student there. It was the very document that is given to students; it was simply bought on the street and filled in. So these things can happen, we know that. That is one reason we want to be careful about what security could really be offered by these kinds of biometrics.

Having said that, I agree with my colleague Jerry Pickard, who keeps pointing out that if all the document does is say you are the person you say you are, then that could be very helpful. I do worry about function creep--maybe more than he does, I'm not sure--but new technology can be very helpful, and your work on the new passport is an indication of that.

But having said that, I would just like to have your comments. It's one thing for a document to say this is Ron Arends, but it's another thing for a document to provide an entrée for researching somebody's background when they might mean harm to our country. Can you give us some idea of how the card could serve that expanded security purpose, or even if it could?

Mr. Ron Arends: You're asking, are you, to what extent could you use the document to then further research the background, and the other side of that, what is the privacy concern about being able to do that? To me it would all depend on the system that's behind the issuance of the document and what information is put on file at the time a document is first granted. Then there is the question of to what extent you interrelate the databases that are in a country. That is, today, to what extent, when somebody goes and applies for a passport, does the Passport Office have a direct link to the vital statistics?

You could consciously decide to design a system with that kind of linkage or not. You could consciously design a system that gave you linkage from a passport issuance into the permanent residency card file and then told you the history that was there. To me, just having the biometrics on the card and proving the individual is who they say they are does not constitute so much of an issue as does the design of the system that's behind it.

Mrs. Diane Ablonczy: Well, precisely so, and that is the issue.

Mr. Ron Arends: And you could design a system to do it.

Mrs. Diane Ablonczy: Anyone can produce a document, a baptismal certificate, a fake birth certificate, or whatever, with whatever name they want, put their fingerprint forward, and then have some kind of identification. But that doesn't necessarily say that person is not a security threat without, as you say, the information being linked to other databases. That really is one of the difficulties we are struggling with.

The other question I have for you is this. We were told by other experts that in order to positively identify somebody, you would need at least two fingerprints and another biometric so as to make sure there's no overlap or so they couldn't be confused with other people in a several-million database. Can you give us your thoughts on that, as experts.

Mr. Ron Arends: What seems to be happening, as is likely to happen as technology is moving and as the crooks get more advanced as well, is that they will come to the conclusion that it's not foolproof and that you need other checks, so you move from one fingerprint to two fingerprints. But you can fake fingerprints, so now we'll include another biometric. There's a lot of talk today about a combination of biometrics, and I think in each case it increases the likelihood of a correct match.

Would that be entirely foolproof, two fingerprints and another biometric? Probably not, but it is certainly better than just one fingerprint.

Â (1235)

The Chair: Before you know it, we'll ask everybody for two fingerprints, an iris--

Mr. Ron Arends: And a toe.

The Chair: --and a facial all at once.

Madeleine.

[Translation]

Ms. Madeleine Dalphond-Guiral: Thank you, Mr. Chairman.

In your presentation, you spoke very enthusiastically about the famous Maple Leaf card. You even said, and I quote from your text:

[English]

“This card is recognized in the U.S.A., and internationally, as the most secure entitlement card in the world today.”

[Translation]

There has been quite a debate in Canada about this matter and it is far from over. If this card is so extraordinary, what explains the determination to come up with another one? I cannot imagine that it is so extraordinary if it does not contain biometric data. Can you tell me what biometric data are included in this card?

Mr. Stephen Dopp (Vice-President, Government and Commercial Services, Canadian Bank Note Company, Limited): If I've understood you correctly Madam, you would like to know what features of this card are so extraordinary and, in view of the lack of biometric data, why the card should be considered so exceptional.

At the back of the card there is an optic tape that will allow for the inclusion of biometric data, as required. At the present time, the government has not yet decided to include biometric data in this optic tape.

An optic tape is not like a magnetic strip, it is like a CD. Compared to conventional cards, these cards are capable of holding an enormous amount of information.

As for why we do not adopt these standards to create a more secure identity card, I agree with you on this point. When we look at the secure cards that exist in different parts of the world, we note that they all have the same security features as the Maple Leaf card, that is they contain a laser-generated image. The international association that looked into this matter of cards determined that it was the safest one in the world.

The Government of Alberta has already chosen this technology for its new driver's licence. They have already put out a call for tenders and we are among the suppliers who responded. The card we are proposing would contain the same features as the Maple Leaf identity card.

Ms. Madeleine Dalphond-Guiral: I'll try to wrap up. When this matter of adopting a card for permanent residents first came up, I tended to be of the opinion that if our permanent residents were required to have a card, then all Canadian citizens should have one too. It's hard for me to understand that we could have two categories of citizens but of course that is another debate.

M. Stephen Dopp: Permanent residents can in effect be required to have such a card on them because being a permanent resident is a privilege that involves certain responsibilities. But it might also be a good idea to have the same features in a Canadian citizenship card, thus improving its level of security. This card is already available. Any Canadian citizen can obtain one.

Â (1240)

[English]

The Chair: Or, as Madeleine indicated, the maple leaf card could represent citizens and/or permanent residents, who essentially have the same entitlement, except that you can't vote when you're a permanent resident, right?

John.

Mr. John O'Reilly: Thank you, Mr. Chairman, and thanks to the witnesses for attending. Again, I recognize some faces from Bancroft, of all places that we've passed in the night--Mr. Dopp and so forth.

I'm trying to get a handle on the national ID card. If only 28% of Canadians have a passport, and if identification of a driver's licence, health card, birth certificate, passport, and citizenship card could all be standardized to contain similar information.... I'm not sure how that would work, because the driver's licence is issued provincially, the health card is issued provincially. Yet there's no ID specific to people with, say, a learning disability. If a person has a problem and is being looked after by the state, they don't have a driver's licence, they don't have a passport, they don't have any of the above, but they could have a national ID card.

A group of people have asked me to push this as hard as I could, because they feel it would give people with Down's syndrome, for instance, an opportunity to have an actual piece of documentation they could be identified with. Right now, probably the only way you could do it is to get a credit card from Costco or some place. I don't know how you'd get identification for a certain class of people within our society.

So I see the opportunity to do a combination of things that aren't available to the general public.

We talk about being able to get an immigration certificate or a citizenship card after you've passed an immigration hearing, but most people who were born and raised here don't feel that's an option for them, because it identifies them as immigrants, which some people don't want to be identified as--they're blue-blood Canadians. If there is a way to combine some of that information so an ID card covers it, I would be interested in knowing that.

I have the usual questions, as I said, from being an old printer. Ms. Broadway would know that the difference between a graphic artist and a forger is very small. I don't know which one I was.

You print our currency, and obviously nobody is breaking into your facilities to steal it. So I assume your facilities are pretty secure. But every day you're trying to find a new way to overcome the facilities that are available to us, the laser printers and so forth that are able to copy things.

One of the places I worked actually produced egg cartons, butter wrappers, and church envelopes in a continuous form. So I know something about the technology, although it's all antique now. I'm sure theirs is much better.

But I want to know about your facilities, their security, and the combination of those cards I mentioned.

Mr. Ron Arends: I'll try the last question first, but I will come back to the first one.

With regard to our facility, in Ottawa we have a fully secure...it has grown up as a security printing facility. We have two other offices in Ottawa, one on Auriga Drive and one on Lady Ellen Place. All of them are fully secured buildings with regard to physical security. Also, with very extensive cameras throughout the operation and from having long experience in the business, they have very tight and elaborate procedures to ensure we have the security we need.

And we're proud of it. We've been in it since 1897. We are printing currency for Canada and for other countries. I think last year we probably had 8 to 12 passports for 8 to 12 countries going through our operation.

Since September 11, frankly, we are more concerned than ever that somebody is trying to find some way of getting into the building or getting product out. We have iris technology. We have fingerprint technology. We have bar code technology that we use to control access throughout the building, and entry and exit.

When it came to the permanent resident card, one of the things--maybe you'll understand, but it is interesting--CIC had to make a decision on was whether or not the cards would be personalized or where they would be personalized. By “personalization”, we mean you make the card itself and then you have to put the information on the card.

Passports today are personalized in passport offices. I think there are two major issuing centres right now for the Passport Office. CIC looked at it, and we talked with CIC. It was decided that the personalization for the permanent resident cards would be done in our premises for security reasons. So the information comes through secure lines to our facility, and then the photograph is laser engraved and the personal information is put on in our facility.

When we bid to Alberta with regard to their driver's licences...you'll be very interested in the decision that obviously Alberta has made. They are clearly upgrading the security on their driver's licences. Our proposal to them is that we would do the personalization in our facility here.

So there's a whole thing of how you also control to make sure blank cards or blank passports do not fall into the wrong hands.

With regard to certain other individuals who might not have ID cards today or forms of identification, it is interesting that in Alberta there is a driver's licence and a non-driver's licence. Maybe you are aware of that. They have an ID card in Alberta today that is issued to people who do not qualify for a driver's licence for one reason or another, but need an identity card. They issue that today.

Conceivably you could have a national identity card that would handle those situations. It could be an extra card beyond the ones that exist today. Or you look at whether you'd eliminate some of the documents that exist today, such as a citizenship card, and replace it with an ID card.

Â (1245)

The Chair: Okay.

Sarkis, one question, please.

Mr. Sarkis Assadourian: Thank you very much.

When we were in Washington last week...this is the issue I'll raise with you again. How would you handle identical twins?

Then we were told by the CNN and the CIA that Saddam Hussein has two or three different personalities who travel at the same time. What prevents me or you from taking my personality, travelling with my face, or whatever the case may be?

As my friend mentioned earlier, Michael Jackson had about 36 operations for facelifts. Michael Jackson's face today is not the face he had about 10 years ago. How will you check for facelift operations on individual faces?

Mr. John O'Reilly: I'll take the Michael Jackson question.

The Chair: No, no, Jay Leno can. You're lucky you have parliamentary immunity. How do you know that Michael Jackson had 36 facelifts?

Mr. Sarkis Assadourian: I watched it on CNN.

The Chair: No, no, you probably watched Jay Leno.

Mr. Ian Shaw (President, Identity Systems, Canadian Bank Note Company, Limited): I would answer that in this way. We've said that all the biometrics really come with--and I'm sure you're learning that very much now--their advantages and their disadvantages. The straightforward answer to the question of how facial recognition technology would deal with identical twins is that it wouldn't be able to discern between them. If they are so good, if they are so close--the identical twins--that we can't see it, then for sure the system won't see it.

Facial recognition has developed leaps and bounds since September 11. It really has developed as a good technology, but it isn't going to help you with identical twins. That's where you get into this concept of a biometric mix. As to how you choose the other biometrics, then you're into the advantages and disadvantages of those biometrics.

With regard to the imposters, as Joel Shaw mentioned earlier, imposters are an issue around the world. If I were to ask you how you think the bad guys try to travel or use travel documents illegally, most people would say it's through photo substitution. They suspect that to be the case. In fact, it's not. It's through imposters. That whole issue of imposters is an important issue. Of course, then, if the facial recognition system can detect it, it will. Fingerprints are clearly another way to detect an imposter.

Â (1250)

The Chair: Can I just follow that up...? Sorry.

Mr. Sarkis Assadourian: What about facelifts?

Mr. Ian Shaw: Facelifts? Well, it depends on the extent of the change.

The Chair: As long as you're not moving your bones around, that's okay.

Mr. Ron Arends: There's one other point I'd like to make with regard to biometrics. There is the issue of a biometric with regard to verifying an individual; that is, you have a document and you want to prove this is that person. But then there is also the use of a biometric when you are originally enrolling. It's important to understand that what's the best technology to use depends on whether you're into enrolment or whether you're into verification.

The Chair: Can I just follow that up with a final question, because we have to go to our next witnesses.

If in fact we only want a card or some foundation document to be improved as to be the sole identity, to actually say that Ron Arends presents himself at an airport or land border and says, I'm Ron Arends and here's my ID card of some sort, and it has a biometric identifier--iris, facial, or fingerprint, or all three of them, who knows. Although that card will tell you this is Ron Arends, won't Ron Arends also have to put his finger or iris someplace or his face through another thing, so he can verify that the person who is saying, “I am Ron Arends” is actually Ron Arends, because that's who's on the card? This is a whole system here. It's not just a card anymore.

Mr. Ron Arends: That's right. That's called the one-to-one verification. But now I've verified that this card has your biometric, so I can put the card together with you. The next question is, when you are issued the card, what qualified you to get the card? You can go through having the card perfect, but if it's not issued properly or if you don't qualify properly, then the whole thing falls apart.

The Chair: It's simple to have these cards, but you have to actually prove that the person carrying the card is actually the same person on the card. If we're trying to protect the border, if we want to make the border safe and efficient but as open as we possibly can, because our discussions revolved around trying to catch a bad guy, now we're going to subject 99% of the people who are good guys and gals to try to catch 1% who may be bad. And how long is it going to take to verify that Ron Arends showing up at the border is actually Ron? There are two or three steps to identifying, and then there is this whole issue of database and so on.

I'm just wondering now, because we're going to have a whole legislative framework behind all of this, as an example, will we have to license only people for these readers? At the end of the day, how do you protect the information or how do you make sure that the people who need to have that information are the only ones who get it? The card is one thing, but if somebody could get a reader, boy, that's a pretty powerful piece of equipment, because then you can start to use the information in all kinds of ways.

Â (1255)

Mr. Ron Arends: I was in Aruba a few weeks ago and--

The Chair: Lucky you.

Mr. Ron Arends: Well, we supply a lottery in Aruba.

I visited with their ministry of justice and was talking with them about their immigration. They are trying to move toward one national identity card and are looking at how they may replace all of the existing documents with one. They're in the very early stages of it, and privacy issues are very much on their minds with regard to the databases and the linking of the databases. It's not only in the card itself, but it's in the systems that are written and how much data is going to be shared across the various applications.

The other issue is, if we have these cards, how are we going to read them? It's something that really hadn't occurred to them. The infrastructure that ends up having to be put in place is to have readers that read relatively sophisticated cards. That is quite costly and extensive, so it's another important consideration.

The Chair: I think someone said it wouldn't be impossible to have a price tag of between $3 billion and $5 billion to create a total system that is so sophisticated and so on. I mean, if you were going to require 32 million Canadians to essentially put in place the most sophisticated award-winning card--

Mr. Ron Arends: There's a side to me that would love that.

The Chair: Of course.

Thank you. We're also looking forward to seeing you on Thursday.

Thank you so much.

Perhaps we should take five minutes for those who might want to get some sandwiches, after which we'll be right back with our next witnesses.

Â (1259)

· (1307)

The Chair: Colleagues, we'll resume with our witnesses.

We now have Rycom Inc., represented by Casey Witkowicz, president, and Mandy Sandhar, Frank Fitzsimmons, and Bill Willis.

Welcome, gentlemen and lady. We look forward to your presentation.

Mr. Casey Witkowicz (President and Chief Executive Officer, Rycom Inc.): On behalf of Rycom and our technology partner, Iridian Technologies, I would like to thank the committee chair and its members for providing us the opportunity to contribute to this very important debate.

Rycom is a Canadian engineering and solutions company that has partnered exclusively with Iridian Technologies to commercialize the use and deployment of iris recognition in Canada. The Rycom Canadian commercialization strategy is part of a coordinated initiative by Iridian to commercialize the use and deployment of iris recognition globally.

Our joint mission is very simple--we provide absolute identity and ensure the elimination of identity fraud. In Canada, Rycom is commercializing the use of iris recognition in the following market segments. In the federal Government of Canada, in particular it is with Customs Canada and Revenue Agency, where we are currently deploying a CANPASS air pilot program, which allows for expediting custom clearance; also Transport Canada, access for secure areas within in airports; Immigration Canada, document identity; Corrections Canada, access and identity. Those are the initiatives we are currently working on with the federal government.

In addition, outside the federal government we are working with transport local authorities throughout Canada to support their identity and access needs--law and order, book-and-release applications, and financial services, where they are looking to protect information.

In addition to Rycom's domestic efforts, Iridian and their partner affiliates are working with governmental and commercial segments on deployments and pilots throughout the world, some of which are the following: the general director of Abu Dhabi police in the United Arab Emirates launched the world's first national iris-based expelleestracking and border control system; JFK is testing iris recognition to protect access to the tarmacs; iris recognition helps the United Nations administer aid to Afghan refugees; the Federal Aviation Administration is using iris to protect sensitive information; Narita Airport in Japan is using it in the ticketing and boarding of passengers, with the intent, once the pilot is complete, to use it as a border passage vehicle; Amsterdam's Schiphol Airport is using it for automatic border passage; Heathrow Airport is utilizing it in immigration passport control; and Singapore, Malaysia, is using it in border crossing.

Both companies are working with governmental and standard bodies throughout the world to put operational and technical standards into effect as quickly as possible, the result of which would create the framework for global interoperability of identification systems. Some of the standards groups that we are providing varying levels of contribution and leadership to are the National Institute of Standards Biometric Working Group; the Biometric Application Program Interface Steering Committee, approved by the American National Standards Institute; the International Committee for Information Technology Standards M1 Biometrics Standards Committee; and the International Standards Organization, working with the Joint Technical Subcommittee 37; and also, ICAO, as was mentioned earlier, the International Civil Aviation Organization's New Technology Working Group that was formed a couple of years back.

Iris recognition was invented by Dr. John Daugman in the early 1990s and, through the stewardship of Iridian Technologies, has evolved globally over the last decade to a commercial biometric solution for use in foundation documents, entitled documents, access control, and many other identity-oriented applications discussed earlier.

Iris recognition is the use of the coloured portion of the human eye, called the iris, to identify an individual's identity. Dr. Daugman, a world-renowned computer scientist at Cambridge University in the United Kingdom, has theorized, studied, and proven that the human iris is highly unique, with the chance of two irises being the same estimated at 1 in 10⁷⁸. For those mathematicians in the room, let's compare that against the estimated population of the earth that ever lived, which is approximately 10¹⁰. We declare that the human iris is unique. Further, after 12 months of age, the human iris takes on permanent lifetime characteristics.

By taking a black and white picture of the iris and converting that picture into digital bits called an iris code template, a unique number representation of the iris is achieved. This process of taking the iris picture is safe and simple and the same as taking a close-up family photo with a camera. Health Canada has stated that iris cameras do not pose any health risk.

· (1310)

An iris code template can be stored on an identity card or in a database or both. Rycom has demonstrated this to the Canada Customs and Revenue Agency for the fast identification, storage, and retrieval of iris code templates for the CANPASS air pilot program currently being deployed throughout Canada. We believe the flexibility and interoperability of iris recognition make it an ideal biometric for the next generation of identification documents for domestic and global use.

Today's use of biometrics, such as face and finger in Law and Order, foundation and entitlement documents, verify an identity in contrast with iris recognition, where we identify an individual.

The material difference is that each and every time individual identity is requested with iris, the identification is done--every time. With advancement in technology, illegal reproduction of fingerprints and doctoring of facial images is within the reach of a wide range of criminal elements globally. The human iris cannot be doctored, manipulated, or falsely reproduced, hence it is the only biometric other than DNA blood sampling that is a true identity identifier.

With the immense domestic and global finger and face databases in existence today, it would be impractical to abandon these databases and replace them with iris in a short time. A multiple biometric solution must exist going forward, so the existing databases can be used to verify background checks for foundation and entitlement documents, while using iris recognition to accurately identify the identity.

The current problem with foundation and entitlement documents is they have not kept up to date with technological advancement, barring my predecessor in this committee. In part, the ease with which some documents can be reproduced with sophisticated or off-the-shelf technologies is alarming. Further, some of the current planned solutions of using enhanced identity document materials or markings to protect the authenticity of the identification documents are merely a race against time between the ID issuer and those elements of our society seeking to defeat and replicate these safeguards.

Iris recognition solutions will make the identification document a convenience instrument for the near term and practically non-relevant in the future. I say this because once an identity has been established at birth or at immigration, locking it with an IrisCode template will preserve the identity forever.

The current state of alert globally and in Canada puts enormous pressure on identification documents' authenticity, domestically and abroad. The need to act swiftly to raise the standards of authenticity and accuracy in all types of documents is now. We believe that technologies like iris recognition are instruments for use; however, they can have an impact on our current government policies and laws and can generate privacy concerns. As we are advocating permanent and lifetime identification documentation through iris recognition, a national strategy would have to consider these impacts and concerns, some or all of which will be addressed by this committee.

As a Canadian citizen, I have no reservations about the creation of a foundation document that provides me with entitlements domestically and globally. However, as a businessman and a marketeer, I would prefer a new name along the lines of travel card or global card, as an alternative to a national ID card. We believe that the responsibility for creating a national identification foundation document rests with the federal government, in close cooperation with other governments throughout Canada and the world.

A well-designed and implemented foundation document could become a multi-purpose and multi-biometric document that might include entitlement capabilities, such as passport, licence, and potentially some commercial entitlements. This consolidation would have a positive economic effect on the reduction of multiple identity systems operated by all levels of government today, and reduce the number of identity instruments Canadians carry today in their wallets.

The creation of a foundation document after birth or during immigration into Canada would start with basic information, such as date of birth and place and Canadian status, and grow as additional entitlements were requested. The storage, management, use, and protection of this information would be the responsibility of the entity that was granting the entitlement. This entity would be guided by new or existing laws that would protect this information in its use.

In closing, many countries, including Canada, have elected to deploy some form of iris recognition solution. For the most part, these countries have typically created a new front-end application using iris, while relying on old and existing systems and databases as support for deployment. This approach expedites the use of iris and dramatically lowers the cost of deployment.

· (1315)

This committee has an important responsibility, and any decision and recommendation reached by this committee must bear in mind that a change of this magnitude will take significant commitment, cooperation, and time at all levels of government to succeed.

Thank you very much for your time and attention.

The Chair: Thank you very much, Casey, for a great presentation and for asking some very fundamental questions of us on where we're going with regards to foundation documents.

Massimo.

Mr. Massimo Pacetti: Thank you, Mr. Chair.

How do you rank it in terms of the other forms of biometrics that we've seen in terms of facial or even fingerprinting? I mean the ranking in terms of space, in terms of how much of a database or what resources it would take. I mean the recognition time, if we're just going to do a verification process, those types of rankings, and, of course, costs. I wonder if you have any of those numbers available.

Mr. Casey Witkowicz: From a ranking perspective, we have submitted our biometric to independent global labs. One is the British science and technology lab. I'm sorry?

Mr. Frank Fitzsimmons (Chief Financial Officer, Iridian Technologies, Rycom Inc.): The National Physical Laboratory.

Mr. Casey Witkowicz: Thank you.

Basically, it's a bake-off. Everybody provides their biometric. Iris recognition is facial. There are a multitude of different fingerprint technologies--hand geometry. The accuracy, the speed, the space that it occupies are all parameters that were evaluated.

To put it in the order of how the labs concluded, iris recognition was the fastest in terms of your being able to look into a camera at a distance of about 18 inches to 2 feet, and within two seconds your identification would be validated. Hence, this was the requirement that we had to meet and exceed with the CCRA in their current deployment of the CANPASS air program.

The other part of the measurement is false acceptance and false rejection. It is a measurement that is again quite commonly used within the biometric community. The scoring for iris recognition is tops compared to others. That really, again, goes to the accuracy of Dr. Daugman's research over a decade ago, where, using the iris and its unique characteristics, the accuracy level compared to other biometrics is as close to being 100% foolproof as humanly possible, next to that of DNA sampling.

The physical size of iris recognition equipment is really like the size of an instamatic camera, three inches by four inches. That's as small as it comes. Or it comes in a bigger form that is being deployed throughout the Canadian airports as part of an integrated kiosk configuration.

So after the size standpoint and the accuracy standpoint comes the more difficult challenge, to assess the costing of it. Fortunately for us, our portion of it is the least costly when you're looking at locking down identity with iris recognition. We have currently in front of the federal government a pricing scheme that is $9 per iris for lifetime. That is the capital cost on that.

Unfortunately, the systems that go behind it--namely, the databases, the officers required to support and evaluate applications for foundation documents or entitlement documents--are the ongoing costs that far exceed any kinds of biometric costs that we would put forward here.

· (1320)

Mr. Massimo Pacetti: Does the storage file take less computer capacity than the facial file?

Mr. Casey Witkowicz: The storage we have is 512 bytes, compared to the facial file, which can range anywhere from 1,000 bytes and beyond, depending on the intensity of the search and the kinds of characteristics you are looking at and so forth.

The Chair: Okay, good.

Lynne.

Mrs. Lynne Yelich (Blackstrap, Canadian Alliance): Have there been any studies on health concerns caused by frequent scanning? For example, eye injuries from hockey or car accidents are commonplace injuries. Does it make former ID templates useless after eye injuries?

Mr. Casey Witkowicz: There has been some research on it, and that's the outer layer. If individuals have enrolled and used iris recognition as a means for identification and they have damaged permanently their iris so it functionally distorts their iris up to, I believe, 50% or so, then we will be able to still identify the individual. But if it's massive damage, then we would not be able to identify the individual.

Mrs. Lynne Yelich: You said that the cost is $9 per iris for a lifetime.

Mr. Casey Witkowicz: Correct.

Ms. Mandy Sandhar (General Manager, Business Development, Rycom Inc.): Not per iris, per pair.

Mr. Casey Witkowicz: We recommend, as we have with CCRA, that you enrol both eyes. The idea behind that is that your eyes are different, so you can actually have dual identities. If you were going to establish foundation or entitlement documents, you'd want to make sure that you don't have the ability to have multiple identities.

Further to this gentleman's point, the size of the information we store in the database gives us the capability to search databases. Because individuals can apply for an entitlement document at one place and physically travel to another location and apply for maybe a foundation document, individuals could have multiple identities. If there were an integrated database where one could check for an iris template, we would be able to scrub the whole database and make sure this individual doesn't have any aliases, what we call a one-to-all search. In this instance it would again be the use of both irises and testing them against a full database.

Mrs. Lynne Yelich: Do you see this just being used for international travel, or do you see it getting out of hand in any way? Do you agree in principle with a national ID card?

Mr. Casey Witkowicz: In principle, absolutely. I think a foundation document such as a national ID card, or call it a travel card or global card, does endorse the privileges a Canadian citizen has. Whether they're immigrated or born, their birthright is Canada.

With the use of an iris recognition biometric, this document could be a lifetime document. As I said earlier, the iris does not change. As was mentioned in a previous panel discussion, using Michael Jackson as an example, a facial example would probably change over time, whereas with the iris, it does not.

· (1325)

Mrs. Lynne Yelich: All scientists agree on that. That has been proven. It's not just your company that says this. This has actually been investigated or determined by statistics.

Mr. Casey Witkowicz: That's correct. It has been scientifically proven. We have demonstrated it in databases as large as 5 million irises. The mathematics and the science behind the marketing, if you wish, really is fundamental. Any government that has selected the use of Iridian Technologies has opened the intellectual property to allow these governments in an escrow environment to review the fundamentals behind it. Because of its importance and the role it might play in this government's application of it, we would extend the same offer here.

The Chair: Madeleine.

[Translation]

Ms. Madeleine Dalphond-Guiral: Thank you, Mr. Chairman. I have two questions, and you will have no trouble answering the first.

Everyone has a debit card along with a personal identification number. Someone can easily record my number and steal my card. I can imagine that if I didn't have a PIN number, but rather an iris scan on my card, then I would simply have to place my eye in front of the device. It would be very easy and also very safe. Do you agree with me?

[English]

Mr. Casey Witkowicz: Yes, I do. The iris information that would be stored in a card, such as a debit card or any kind of entitlement card, would be a collection of ones and zeros in a chip or mag stripe. The beauty of iris recognition is that we're always looking for a live eye. In other words, if you're presenting your eye to an ATM or ABM machine or you wish to confirm a debit or credit transaction, we're always looking for a live eye. So a picture of your eye would not do. Again, the application and the software that convert that black and white picture into the 512 bits and bytes is always looking for a live eye. So the improvement in terms of security and the virtual elimination of fraud, in particular identity fraud, is a mission that we believe would be achieved.

[Translation]

Ms. Madeleine Dalphond-Guiral: I imagine that the costs involved must be enormous, particularly when you think of all the places where you can withdraw money using your debit card.

In your presentation, you show a document that contains a photograph of the iris and you say that it could be put to many uses. Of course, my wallet is very bulky and sometimes I'd like it to be a little less so.

The economic impact might be significant, but if all the data is stored on a single card, what assurances do people have when it comes to the transfer of information and privacy issues?

[English]

Mr. Casey Witkowicz: I'll start with your closing comments. We neither recommend nor believe that iris recognition, or any biometric for that matter, would be deployed immediately. If we picked an implementation date, say January 1, 2004, and eliminated what we had in place and went with the new, it would be most dangerous in economic and safety terms—and for many other reasons as well, including policy.

Using biometrics, iris recognition included, to create a foundation document would be the basis to start. I can't tell you today that's where we will finish, and how long it will take, because we would have to get very comfortable as a society with the notion that you just presented, that one card does everything. The way systems are today, I would say as a technologist that, yes, we can design anything that you want; we can design technology to protect against fraud. In fact, our applications and software today have countermeasures in them to do just what your question implied—to eliminate people from tampering and basically having your life on one card if they were to steal that identity.

As much as technology and technologists going forward would suggest to you that we can accomplish anything technologically, I think the readiness of systems and the people who support them is really a more guiding principle that I would suggest we look at. Technology today could create a wonderful foundation document. As for whether or not commercial entitlements, such as banking and debit, would live on the same card, a lot of debate needs to take place in one room with commercial and government agencies to be able to conclude that the purpose and the roles each party wants to undertake adhere to the same principal objectives. I think those would be the most difficult to accomplish.

So from a basic, fundamental or theoretical perspective, absolutely, you could have one card accomplishing everything. In fact, one could argue, why have a card if we have the utopian view with iris cameras everywhere—which of course I'd love to see as a businessman. We could virtually make any kind of plastic, any kind of PIN, any kind of formal identity requirements...because the iris is unique. It's like the DNA of your physique. We believe that it's theoretically possible, but practically I believe it will take time, which I think is the comfort that this committee will pass on to the body as well.

· (1330)

The Chair: Jerry.

Mr. Jerry Pickard: Thank you very much, Mr. Chair.

Thank you for coming in.

I have a couple of things to say. I hear that you aren't really comfortable with a national identity card. We've called it a travel card, which very much limits anything that is fundamentally or extremely.... I don't know what we should call it, but changing its name is a good point to consider.

Quite frankly, I'm a supporter of having a secure card, and I think biometrics is the way to develop it. But the other thing that pops into my mind immediately, and that puzzles me, is that I hear so much about bank fraud, the compromising of credit cards, and all kinds of issues surrounding modern technology and changes. As a matter of fact, my own credit card was compromised three times in the last two or three years. So why are large financial institutions not moving to biometrics or to more security when everybody at this table hears reports that it's costing billions in fraud?

Mr. Casey Witkowicz: It's a most difficult question to answer on their behalf. However, in conversations, I can only comment on reasons and issues they have today, and some of them are operational in nature.

Payment systems such as credit card and debit systems are integrated. So if you have all the financial institutions in Canada deciding that we wish to lock down all transactions and, instead of a PIN, use a biometric, it would be most difficult for them to do, because all would have to do it. Because of the interrelationships between the payment systems, the interchange fees that they charge each other, the weakest link would basically become the most fraudulent source of fraud.

So it's one of those instances where technically it can be done, but all the financial institutions would have to do it at the same time to really eliminate the risks. That's just on the domestic front in Canada.

Further to that, the Canadian Payments Association sets up the guidelines and procedures with other global trading partners, so if we have an issued card such as Visa, Amex, or Mastercard, and you're travelling abroad, those same interchange fees and the same settlement arrangements would also apply.

So if the source of a settlement arrangement is in, say, Europe--you're travelling in Europe and make a transaction, and you're trying to settle an account but your card was stolen in Europe--that transaction will go through. If the Canadians and all the banks agree that they're going to use biometric as a measure, and in the European theatre they don't...basically, again, it really isn't a situation where you could have one macro. You would have to be all doing it at the same time.

· (1335)

Mr. Jerry Pickard: Thank you very much. That's a really good explanation, but that raises in my mind the next question, which is, if we have a national identity card and we use it as a travel document to enter the United States, England, or Australia, what is to say they have the kinds of security measures that can monitor Canadian IDs? It's not an international spectrum. So it works the same way for different countries as it works for different financial institutions.

How does that application work? Are there special techniques that we would have in Canada that would be international, or would it only be on a national basis that we use those kinds of identifiers, the hardware, the equipment that goes along with whatever cards are produced in Canada?

Mr. Casey Witkowicz: The first part, in answer to your question, is the work that's being done by ICAO, which is really a UN subgroup that is writing a standards document on identification documents. That report will be released later this year, in May or June.

Its intent is to define the standards that speak to some of the technology fine points that you brought up, the format of the document, and it even goes as far as saying the format of the biometric that may be selected. It doesn't define which biometric will be used. It gives each country their choice to choose the biometric, but it sets some standard guidelines. So the first ambiguity, if you wish, is that, in the case of Canada, we may adopt a degree of biometrics, and iris may be one of them, and if you go to the U.K. or Germany, for instance, and they're using facial, you have two documents that are non-compatible, which then creates a situation where, at customs at a port of entry, the identification becomes more difficult.

So the intent with this ICAO group is to create a standard and give the 180 UN member nations the opportunity to adopt part or all of it, which is the first major step to really globalize the standards for foundation documents. I think that is going to be the major step.

Unfortunately, that will take time. So in the interim, I think every country has to make sure the citizens it's putting abroad have documents that the country endorses.

Mr. Jerry Pickard: To follow this one little step further, until those agreements are in place and until there is some structure in place, are we almost premature at looking at the evolution of security cards in Canada?

Mr. Casey Witkowicz: I would say categorically no. I think from a standards standpoint every country will implement at their own pace. Some of it will be economical, some of it will be practical and operational. But from a global community standpoint, it is my opinion that this government has to make sure any document it issues that represents, on behalf of Canada, that I'm a Canadian citizen travelling abroad has the highest accuracy available. So the initiation of biometrics is now.

The opportunity for the use of iris or other biometrics as a key-lock mechanism to accurately identify individuals could take place today. Technology platforms, as discussed earlier by Canadian Bank Note, can substitute whatever standard...there's enough flexibility in the documents today to allow you to adjust the actual implementation 5 to 10 years from now, because it will take that long to have a global standardized document system.

The Chair: Thank you.

John.

Mr. John O'Reilly: Thank you very much, Mr. Chairman.

Thank you very much for your information. I see a cutting-edge technology taking place here, because I'm looking at the current bank machine technology, which involves a camera. Obviously, if someone steals your credit card and uses it at a bank machine, their picture is taken, because everything is recorded.

I'm looking at the iris portion of the readability. I think it could easily be adopted into the mainframe structure of a bank. When a hacker goes into a bank machine now, they actually go behind the machine, because when you enter a PIN number, something on the other side of that machine has to recognize it. You know how that works. It's not exactly that way, but I'm trying to make it easy--for myself.

How much technology would have to be added to a present bank machine, which is already hooked into the mainframe, for it to have an iris reader on it, just in that little form of technology?

I can see that no national identity card.... I think we should keep in mind we're not trying to do a travel card; we already have a passport. So we're not necessarily talking about replacing every card, because I don't know how we would ever get together with all the provinces to do that. If we're talking about a national identity card and the technology that goes into it, isn't the technology you're talking about already available in, say, the major banks for their ability to identify customers by a PIN number? Couldn't they forget about PIN numbers and use an iris scan? How much would have to be added to do that?

· (1340)

Mr. Casey Witkowicz: The technology for iris recognition is not, in technology terms, a fork-lift change. We don't ask you to retire what you have today as a security measure for identifying individuals. So in the case of the banks, they're using a four-digit PIN number.

To integrate iris recognition into their current approval process for debit and credit would be very easy, but as I said earlier, they all have to do it, otherwise the benefit they accrued because of their back-end interoperability becomes minimized.

But physically, in the ABM machine that you walk up to, we would put in a camera that would be roughly the size of this card, maybe a little bit wider, and instead of punching in a four-digit PIN, you would look into the camera and you'd identify yourself.

Further, because we do deploy both irises, you could use your left eye for a non-duress bank withdrawal, and your right eye for a bank withdrawal under duress. So if there's anybody standing behind you wishing to have you withdraw funds for other than yourself, you would be able to signal to the operators of the ABM machine that you have a distress situation.

That's the physical side of it.

In terms of the actual software application, that really is exactly what it would be, an addition to their current computing systems. Instead of looking up a four-digit number and matching it against your account, they would look at the black-and-white picture that's been taken, look it up in the database, compare the iris that was presented at the time of the transaction with what they have on record, and compare it against the banking activity you wish to do. So it is very easy to implement practically.

Our strategy to commercialize this product globally is not to go and tear down existing systems, but rather, just refresh them.

Mr. Frank Fitzsimmons: If I could, I'll just add some perspective to this in terms of the history of iris recognition in banking and perhaps the future, because I think it is a compelling application of the technology.

The technology was put into two tests about three or four years ago, one in Texas and one in the U.K., where an iris camera was put on the top of an ATM machine. It worked very, very well. The customer satisfaction surveys were actually one of the primary reasons I joined the company, because I saw the reaction. Even the elderly, who most people thought might be technophobic, enjoyed the technology because it was easy to use. They didn't have to carry their card, which could be stolen, and they didn't have to remember their PIN number.

Having said that, I'll reiterate Casey's discussion of economics. There were two issues with the economics. First of all, an iris camera at that time was about this big and they cost you $20,000 to $30,000 each. Today, an iris camera can be as big as the nail on my pinky and costs about $15 to put in a cell phone. We've seen the technology improve to match the plunging costs of ATMs, and it's a better match of economics now.

The other aspect to the economics was the transactions between the ATM machine and the mainframe, because when ATM's were put in, bandwidth was very small. Those transaction types are very, very tight and well defined, and to change those out is obviously going to require an investment in the banking industry around the world.

That being said, we now have iris cameras that are cheaper and are being fitted into Diebold ATMs for use, for instance, by the World Bank to distribute aid directly to aid recipients in Africa.

· (1345)

The Chair: Sarkis.

Mr. Sarkis Assadourian: Thank you very much.

On the last page of your presentation you mentioned in closing that many countries, including Canada, have elected to deploy some form of iris recognition. Can you mention the names of the countries and to what purpose iris technology is used and to what purpose it is used in Canada, and can you give us some examples.

Mr. Casey Witkowicz: In Canada CCRA is using it as the instrument to identify people on the CANPASS air program. Effective as of Monday of this week, I believe, you can apply on the CCRA web page for a CANPASS pass, and you'll be evaluated. When travelling between Canada and the U.S. and coming back into Canada, instead of waiting in a lineup that could be two hours long, you can go to the expedited line, walk up to the kiosk that is equipped with an iris camera, and look into the camera; it'll issue you a customs card and you basically walk through. That is intended and that is being implemented as we speak today. That's a pilot.

In other parts of the world, as I mentioned in my opening comments, the United Arab Emirates launched the world's first iris expellee tracking and border control system. Basically, the use of the iris is used to eliminate people who have been expelled from the country who wish to come back. Obviously, these are criminals who wish to come back into the country under a different identity. Because the iris cannot be doctored or tampered with, that makes it virtually impossible.

Recent results, as I was told today, are that with the enrolment system they have caught 75-plus people who had been expelled from the United Arab Emirates, tried to come back, but with the iris expellee program were stopped at the border.

The other application I spoke about earlier is the use as an access vehicle. At JFK, people wishing to have access to or who are authorized to have access to the tarmac or high-sensitivity, high-security areas such as those for loading and unloading aircraft are intended, if this goes according to plan, to have their iris enrolled. Instead of having a card or using a fingerprint, they will use an iris as an identifier for them to be able to get into secure areas to conduct their work. Again, that is used for access control.

In the case of the United Nations administering aid to Afghan refugees, when the aid posts were set up, they had basically set up a computer and an iris camera. When aid was given to an individual, that individual would then provide their iris ID, which was stored on the computer. Then, because the lines were long, as you can imagine, some people would come back a second and third time to collect aid. With the iris they were able to stop anybody coming in for seconds, thirds, and what have you.

The Chair: Mr. Casey, we're going to have to move on. I know you covered this off, and the honourable parliamentary secretary was unavailable during that time you gave us where this thing was used before.

We have to wrap up. Can I follow up with just two quick questions, because I think Jerry asked a very pertinent question about international standards.

At the end of the day, if this card is only for domestic use, that's one thing. If it's meant to facilitate international whatever, then obviously it needs to be a standard that's going to be accepted. While we're still waiting for the international community to do so, we have the United States, which has indicated that by October 2004 they're going to require some sort of biometric identifier for non-exempt or exempt visa countries in order to access. I don't know what's coming, if it's putting the cart before the horse, in this particular thing.

Can I just ask you this. I was taken by your submission, which says we'd better decide the first step: what is going to be our most secure foundation document? We have to decide that first and foremost. Is it going to be a birth certificate, a citizenship card, or the maple leaf card, or is it going to be this new identity card we're talking about? We'd better first and foremost decide what foundation document it is, because as you said, it leads to so many other things. If you put that biometric identifier in that first foundation document, you've essentially created the most secure, at least...because from that foundation document comes everything else.

I understand there's a federal-provincial working group that is looking at foundation documents in our country, as to what they are and how they are going to function. Is that step number one? We'd better decide what is going to be the first foundation document and then talk about entitlement cards and bio-identifiers in the entitlement sorts of cards.

· (1350)

Mr. Casey Witkowicz: I would agree with your statement that we do need to decide on the foundation document, period. If that vehicle is a consolidation of some of the current ones that exist or a new one that is developed, that's a decision of economics, a decision of policy, and a decision of this committee in some respects. That is definitely the first step.

As we go forward, barring the Americans' need for a tighter document that is used for frequent travel or occasional travel, the actual physical part of any document, whether you subscribe to the ICAO standards or whether you're administering standards that currently exist, will not be eliminated. As to the use of a biometric on board, as I said in my presentation, we believe a multiple biometric will be used in a document to lock the identity. We believe the iris will prevail because of the accuracy and speed perspective, but by and large the use of a multiple biometric foundation document is highly probable.

The Chair: What we also learned in the United States was--or at least they indicated that, and I'm talking about our border--that they don't have the people and therefore they're going to rely on technology to do the job. They also indicated it's about risk management, and that's what it is, trying to catch the bad guy in a pool of a lot of good guys.

If on a voluntary basis you are a frequent user of the border and apply for the CANPASS or the NEXUS system or those other systems, and if you therefore want to facilitate your travel and are prepared to go through the pretty stringent security of getting that card, maybe with an iris on it such as with the CANPASS system, then that in itself is helpful to making sure the border can function as well as possible and does not become a mandatory thing in the first instant, until such time as, again, the international community decides what that standard is going to be.

Say, for instance, we pick the iris and find out the Americans seem to be not so much taken with the iris as they are on two fingerprints or a facial. Where does that leave us if the two systems are not going to be compatible?

Mr. Casey Witkowicz: Your point is well taken. The interoperability of this document, the Canadian document, national ID or otherwise, has to be in collaboration with other countries. I can't dispute that.

For the choice of the biometric, once again, if we're going to make fundamental changes to a document, it should be the one that is the most accurate. Independent laboratory tests have shown that iris recognition ranks among the highest in terms of its speed, accuracy, and longevity. In closing, I'd say that obviously the first choice for a biometric would be an iris.

The Chair: Well, thank you very much. It was a fantastic presentation, and you've given us again a lot more to think about. Thank you so much.

Mr. Casey Witkowicz: It was a pleasure.

Thank you.

The Chair: See you Thursday. This meeting is adjourned.