Biometric verification and online banking
Writer: Wong Chin Huat
Published: Fri, 05 Aug 2011
THE hottest technology in town is perhaps biometric verification. Not only it is used in registering foreign workers, the government wants it to be applied to Malaysian voters, too.
It will be expensive, but it ishigh-tech. So, why do so many people still reject it and insist on using indelible ink, which is used in “primitive” countries like India?
The simple answer is that they are for different purposes – a dog cannot catch a mouse like a cat does.
Indelible ink can only prevent multiple voting but not impersonation. It rejects someone who has voted and has his or her finger inked, but this person could be an impersonator in the first place.
In other words, indelible ink cannot eliminate “phantom voters”, but it can stop “recycling” of phantom voters. Hence, with indelible ink, to rig 10,000 votes, you would need 10,000 phantoms and cannot use 5,000 multiply registered voters to vote twice, or 2,000 IC-ed foreign workers to vote five times. This would make the phantom operation so expensive that it cannot be employed widely.
In contrast, the main function of biometric verification is to prevent impersonation by identifying any mismatch between the data (e.g. fingerprint in database) and the person (fingerprint on thumb). It does not rule out multiple voting directly.
Only if there are no multiple registrations in the database, and the biometric readers are all connected and programmed to reject a repeated biometric profile, then technically multiple voting can be prevented, too.
But what if the voter database is tampered with, and the biometric readers are not connected and programmed to reject a repeated biometric profile? Not only both impersonation and multiple voting can happen, they will actually be “legitimised” because nothing is detected on the system!
A more philosophical understanding of this polemic is that high-tech gadgets can sometime be inferior to low-tech tools, if you don’t have the commensurate degree of trust. The higher the technology, the greater the trust needed.
You need to trust the operators on two fronts: competence and integrity. If the operators are not competent, then the system may be hacked or hijacked to “legitimise” impersonation and multiple voting.
On the other hand, if the operators lack integrity, then they may tamper the system themselves to “legitimise” their crimes.
Think about our daily examples. Who is there to testify that you just withdrew RM1,000 from the ATM and not RM10,000? Who can provide evidence that you have transferred RM2,000 and not RM5,000 to your supplier’s account?
All the evidence of your electronic transactions are held by your bank. You will be on the losing side if you have a dispute with the bank.
So, why don’t we videotape each of our banking transactions at ATMs or online? Because we trust the banks. We believe the bank won’t cheat us and won’t allow others to break into their system to swindle money. If either of these premises does not hold water anymore, we would cease using ATMs or e-banking. It’s just common sense.
Now, would you trust the Election Commission with your money?
The constitution treats the commissioners’ appointment and sacking like it treats top judges, yet they call themselves an election “management body”.
The EC can’t remove dead people from electoral rolls even when the deaths are already recorded in the National Registration Department database. But they can register permanent citizens as voters.
And to justify the vastly varying size of constituencies, the EC can come out with a three-tier classification of “urban” (for a state constituency, >25,000 voters), “sub-urban” (15,000-24,000 voters) and “rural” (below 15,000 voters).
The EC hence makes the oversized Meru and Sementa (outskirts of Klang) “urban”, the average-sized Sungai Pinang and Kota Alam Shah (in the heart of Klang Town) “suburban”, and the undersized Sekinchan (a coastal town) “rural”. They just “redefine” geography.
Can you trust the EC with your money?
In daily life, we deal with the people we don’t trust with the simplest method. We avoid anything fancy to be safe. When in doubt, we don’t accept credit card or even cheque. We go for the most primitive way: cash transaction.
Analogously, biometric verification is internet banking, even more high-tech than credit card or cheque. In contrast, indelible ink is like cash transaction – you can see and touch the money.
If I were to do any business with the EC, I would always ask for cash. No cheque. No credit card. No online payment. Wouldn’t you?