From The Telegraph website, and dated 26th March (i.e. it’s not an April fool, unless the date-stamp on the article is part of the spoof):
Typing technique ‘could catch paedophiles’
Researchers believe technology could be used to determine a computer typist’s age, sex and culture within 10 keystrokes by monitoring their speed and rhythm.
Former Northumbria Police detective chief inspector Phil Butler believes the technology could be useful in tracking down online fraudsters and paedophiles.
Mr Butler, who heads Newcastle University’s Cybercrime and Computer Security department, said: […] ”If children are talking to each other on Windows Live or MSN Messenger, we are looking at ways of providing the chat room moderators with the technology to be able to see whether an adult is on there by the way they type.”
Mr Butler said the technology could also be used to prevent convicted sex offenders committing further crimes.
”With this technology the courts could force the offender to provide an example of their typing as a way of ensuring they don’t use a computer.”
Oh, god, where to start?
Ok, let’s start here: the research has apparently shown that analysis of a person’s manner of typing can demonstrate their age, sex and culture. From this, Chief Inspector Plod Butler has embarked on an entirely logic-free flight of fancy, arriving in a happy world of fairy wings and puppy-dog tails where the ability to identify someone’s age, sex and culture means that you can identify them as an individual. That’s what the last quotation from him above implies, anyway.
Now, as it happens, I’m not quite so certain as Mr Butler that a paedophile could be forced to provide a sample of their typing against their will (you can strap someone down and stick a needle in their arm to get a DNA sample even if they’re fighting you tooth and nail, but how in the hell do you force someone to type? Grabbing hold of their fingers and forcing them onto the keys will generate an entirely false result in terms of speed and rhythm, after all). Still, let’s assume for now that you can force a ‘natural’ typing sample out of a paedophile. The researchers are still only claiming that this can be used to reveal the typist’s age, sex and cultural background. I guess this would be the equivalent of a witness description – “the assailant was a white male, and is estimated to be in his mid to late 40s” – but what ex-policeman Butler is talking about is the equivalent of a set of fingerprints – something unique to the individual. And he’s envisaging a world where this tell-tale digital fingerprint is so unique, so individual, so capable of absolute certainty in analysis and interpretation that it can be used to establish in a court of law that a convicted paedophile has violated the terms of their parole by using a computer.
This is a complete fantasy unsupported by the research mentioned in the article, but even if it wasn’t, any attempt at catching a particular individual by the way they type is doomed to fail. Let me provide, as a public service, a summary of just a few of the very many ways an individual could disguise their typing. They could, for example, revert to using a single finger on each hand. Or they could hold their right hand in their lap, and type only with their left (vice versa if they were left-handed). Or they could tape their index and middle fingers together. Or they could make it a policy to type only by stabbing their pinkie at the keyboard. Or they could write (or download) a tiny, simple program that would intercept keystrokes as they are made, then delay the appearance of the text within an instant messaging client or other piece of software so that it seems to be being typed to a completely different pattern. Or they could forget about typing altogether, and use dictation software instead. And you’ll have realised already, of course, that these same techniques will be just as useful in masking the telltale signs of a person’s age, sex, or cultural background as they would be in disguising individual identity.
So it would seem that circumventing this shiny new system would be exceptionally easy, but I find myself wondering about how reliable it is in the first place. I wonder, for example, how the researchers have managed to satisfy themselves that their method of analysis is capable of identifying and excluding the effect of variables besides age, sex and cultural background. So, for example, can they be certain their analysis won’t be thrown off the scent by a person who’s typing is being affected by the fact they have their arm in a sling? What about a learning-disabled person who’s ‘mental age’ is different to their chronological age – is the system capable of correcting for that, too? Can it tell the difference between a person typing slowly and hesitantly because she’s 5 years old and a Russian adult typing slowly and hesitantly in English because he’s having to cope with a second language, an unfamiliar alphabet and an alien keyboard layout? If it can do these things, then how can it? It’s a pretty neat trick for an algorithm, isn’t it, not only recognising that there’s a delay of a particular length between typing the letter ‘a’ and the letter ‘p’, but also divining why there’s a delay?
But even if the method of analysis is 100% accurate 100% of the time, I still find myself puzzling over how this could ever be implemented in practical terms. I wonder, for example, how the effects of network latency are going to be dealt with, if this technology is to be used online. Differences in rhythm can only be measured, presumably, as tiny variations in the delay between keystrokes, and these variations in delay are going to be very small – in the order of hundredths of seconds, I would imagine or, at best, tenths of a second. And isn’t there a strong likelihood, thanks to packet-switching and the effect of sudden peaks of demand – the whole architecture of the internet, in fact – that these kinds of tiny delays will be materially affected in the process of transmitting the data from the user’s computer to the server? I’d be fascinated to know how they intend to adjust for that.
Oh, and just one last thing (he said, channelling Columbo): when you’re using MSN Messenger, or a chat room, don’t you usually type your message, and then, when you’re ready, hit enter to send it? I’ll freely admit I haven’t used these kinds of things for a good couple of years, but last time I did, that was the way it worked. And if that’s right – well, wouldn’t that mean that the text is uploaded to the server in a single lump? And wouldn’t that mean that any analysis program loaded on the server would have absolutely no way of measuring the speed and rhythm of someone’s typing? And wouldn’t that single, solitary fact mean that this whole thing is just a great big pile of horse…nonsense?
I’ve checked the date on the article again, but I still can’t shake the feeling I’ve been suckered by an April fool here. I mean surely no-one would ever think that this could work, would they? They’d see through it in about 5 seconds flat. Wouldn’t they? I mean, ok, maybe a journalist could be busy enough (or ignorant enough) to write so stupid a story. But, surely, the staff in Newcastle University’s Centre for Cybercrime and Computer Security – you know, clever people, experts in computing – wouldn’t believe something so obviously impractical, something so easy to circumvent, could work, would they? I mean, an entire university department’s complement of professors and PhDs couldn’t be that dumb, surely? I mean, surely. Surely?