A discussion of facial recognition and advertising

Consumers Have No Constitutional Protection From Facial Recognition (Internet Evolution)

Over the past decade, marketers have increasingly relied on facial recognition technology (FRT) to create personalized advertisements. FRT depends on complex algorithms to identify a person by measuring the size, angle, and distance between a person’s facial features. FRT then uses this information to search a database of similar features and matches the image to a stored reference photo. Within seconds of capturing an image, FRT can detect and identify a single person in a crowded public area.

Unlike earlier discussions of the use of facial recognition technology used to ascertain demographic characteristics rather than a unique identity, this article discusses true facial recognition in advertising.

Other posts containing longer comments on demographics vs. identity with respect to facial recognition:
Burgeoning Facial Recognition: How come no pitchforks?
FTC Freestylin’ on Face Recognition

TSA ‘PreCheck’ expansion expected to enroll 88,000 in six months (Los Angeles Times)

Starting later this year, the TSA will allow all travelers who pay a $85 fee and submit background information, including fingerprints, to qualify for the program for five years.

In a report filed this week, the TSA estimated that 88,111 travelers would apply for the program in the first six months, with an additional 383,131 fliers applying in the following year.

The vetting process will take two to three weeks, the TSA said.

US: Iris and government ID

Who Are You? NIST Biometric Publication Provides Two New Ways to Tell Quickly (NIST)

A PIV card is a government-issued smart card used by federal employees and contractors to access government facilities and computer networks. The PIV card carries a photo, fingerprint information, personal identification number (PIN) and a cryptographic credential–random computer-generated data that are recognized only by the PIV card–all of which serve to bind the card to the card holder.

To assist agencies seeking stronger security and greater operational flexibility, NIST [ed. National Institute of Standards & Technology] made several modifications to the previous version of Biometric Data Specification for Personal Identity Verification. Major additions include:

On-card comparison of fingerprints for improved privacy. The specifications describe how to place one or two compact fingerprint templates and a recognition algorithm on the card. When the user wants to sign a document digitally or open a secure file, for example, she can place her finger on a reader attached to the keyboard to verify her identity. Currently, employees have to type in a PIN for matching, which is subject to error and misuse.

Iris recognition capability for increased security. Standardized compact images of one or both irises (the images are no more than 3 kilobytes each) can be loaded on the PIV card for compact on-card storage and fast reading times. The document provides performance specifications for iris biometrics to assure high accuracy and provides specifications for iris cameras to guide implementers on camera selection. These standards-based elements support interoperability within and across agencies using iris recognition technology.

Agencies may choose to add iris images as an alternate biometric over fingerprints, because, for some users, fingerprint collection can be difficult. At times, the fingerprints are too dry to yield a good image, and lotions, wounds or illness also can make for poor images. Agencies now have the option of using two biometric sources to avoid such circumstances.

Several recent NIST research projects have led to improved technologies for identity management that are included in the updated specification.

The full publication is available from NIST here.

See also: Iris ID tech is ready, but agencies might not be at Deep Dive Intel.

Scolding university professors on fingerprint time and attnedance

Stories bemoaning the adoption of biometric time-and-attendance systems are a dime a dozen. This piece from Calcutta, India takes the opposite stance in a humorous way.

Look who doesn’t want to get caught bunking (The Telegraph – India)

The attendance system was introduced at the varsity some five months ago and has since burdened teachers with regular classes, a habit hitherto unseen at most colleges in the capital.

“Biometric attendance is insulting. Do professors have to punch their fingers on a machine to prove they work? Does not the varsity believe in our honesty?” said Babban Choubey, the president of Federation of University Teachers’ Associations of Jharkhand.

…yet (continued)

Google Glass Will Not Be Offering Facial Recognition (States Chronicle)

This is an appropriate time to repost what we had to say the last time Google felt compelled to disavow facial recognition technology in relation to Glass.



June 3, 2013

If it’s a camera, it can be used for facial recognition

Google outlaws facial recognition apps on Glass for now (CSO)

Google announced late Friday that it will outlaw facial recognition and other biometric identification apps on Glass, its networked eyewear still in prototype phase that’s expected to be commercially released later this year.

“As Google has said for several years, we won’t add facial recognition features to our products without having strong privacy protections in place,” Google’s Project Glass team said in on its Google Plus page.

Google may have publicly said this, however until now its developer policy did not explicitly rule out apps that can do facial recognition.

If it’s a camera, it can be used for facial recognition. Facial recognition is really just a specific type of image analysis. It doesn’t matter where the image comes from. It could be a 19th Century daguerreotype or a picture taken from space. The software doesn’t care. Presumably running the open source Android operating system, as a head-mounted sensor array with a camera, there is little or nothing preventing application developers from passing images collected via the headset through facial recognition applications not developed by Google.

Google’s announcement should be taken to mean that Google isn’t going to integrate facial recognition into Google Glass. Facial recognition apps won’t be on the Google Play store. And, at least for now, they won’t be facilitating face rec. in other Google services such as YouTube, search, Gmail, and Google+. [end repost]

In a twitter exchange, John at M2SYS nails exactly why every Google Glass face rec denial sounds so silly: The device screams for facial recognition applications and everybody knows it.

Terrible with names? Suffer from prosopagnosia? Wonder where you’ve seen that person before? There’s an app for that.

July tweet chat: Steria and their recent survey of European opinions on biometrics

When:
July 25, 2013 11:00 am EDT, 8:00 am PDT, 16:00 pm BST, 17:00 pm (CEST), 23:00 pm (SGT), 0:00 (JST)

Where:
tweetchat.com/room/biometricchat (or Twitter hashtag #biometricchat)

Host:
John at M2SYS

Guest:
Steria Group (Twitter: @Steria) will be discussing the results of a recent European survey on biometric technology they conducted which revealed that although many support the use of biometrics for criminal identification and for use in passports and identity cards, less than half of those surveyed were amenable to using the technology to replace personal identification numbers (PINs) in banking.

Topics:

  • Results of recent European biometric public acceptance survey
  • Convenience vs. security
  • USA vs. European view of how biometrics impacts privacy and civil liberties
  • “Passive” biometrics
  • How vendors can advance public education of biometrics
  • Viability of new biometric modalities

UPDATE and bump:
John has posted the questions for tomorrow’s discussion:

  1. How do you explain the dichotomy between public acceptance of biometrics for identity cards or passports and the use of biometrics to replace personal identification numbers (PINs)?
  2. While we see “civil liberties” and “privacy” as one of the obstacles to wider use of biometrics in the US, is that the same thing you are seeing in your European survey?
  3. One of the dynamics that appears to be evident is that while people want to guard their biometric data, if they can get to the head of the line (e.g. Clear Me airport security program) they are willing to give up their biometrics.  Can you comment on how convenience and faster transactions might impact the more pervasive use of biometrics?
  4. Some country’s public sector organizations that have collected biometrics for a specific purpose are making them available for use by the private sector to prevent fraud, assure a person’s identity, etc.  Do you believe this is a trend we will see more of?
  5. How will “passive” biometrics like facial recognition, voice recognition and iris at a distance be accepted since it doesn’t require any specific actions by a person for it to be used?
  6. What strategies can biometric vendors deploy to help advance the public’s understanding of biometric identification that may help it to be more acceptable as a replacement for personal identification (PIN) numbers?
  7. What new or forthcoming biometric modalities (e.g. – heartbeat, thermal imaging, gait, DNA, etc.) do you predict has the best chance to become sustainable in the industry? Are there any specific modalities that you feel the public accepts more readily than others?

What is the BiometricChat:
Janet Fouts, at her blog, describes the format:

Twitter chats, sometimes known as a Twitter party or a tweet chat, happen when a group of people all tweet about the same topic using a specific tag (#) called a hashtag that allows it to be followed on Twitter. The chats are at a specific time and often repeat weekly or bi-weekly or are only at announced times.

There’s more really good information at the link for those who might be wondering what this whole tweet chat thing is all about.

This one, the #biometricchat, is a discussion about a different topic of interest in the biometrics landscape each month. It’s like an interview you can participate in.

More at the M2SYS blog.

Earlier topics have included:
Privacy
Mobile biometrics
Workforce management
Biometrics in the cloud
Law enforcement
Privacy again
Biometrics for global development
Large-scale deployments
The global biometrics industry
Biometrics markets

Modalities such as iris and voice have also come in for individual attention.

I always enjoy these. Many thanks to John at M2SYS for putting these together.

INDIA:
Lessons Learnt From UID Data Loss (Biztech2.com)
Flashback: Tuesday, April 23, 2013 – That’s not good: 300,000 UID enrollments lost in hard drive crash

UNITED STATES:
TSA set to expand pre-check, biometrics (FCW)

Ohio Woman ordered to spend next 5 Christmases in jail for driver’s license scam (Columbus Dispatch)

NFL teams might start checking draft prospects’ tattoos after Aaron Hernandez mess (Yahoo)

AUSTRALIA:
Immigration Department audits reveal large-scale fraud of visa system by Indian students and workers (ABC)“That was a porous, very bad system”

TECHNOLOGY:
Could Thermal Imaging Soon Replace Fingerprint and Iris Scans? (M2SYS blog) — Short answer: No, at least not any time soon. A biometric modality depending on the vasculation of the face is, however, an interesting idea because unlike most novel biometric modalities, face biometrics and vascular biometrics are fairly well understood. The further into the future you look and the higher the value of the identification transaction, the better the technology looks.

The sensor-screen: Two giant leaps

Two things struck me about the news that Christian Holz and Patrick Baudisch of the Hasso Plattner Institute in Potsdam, Germany have developed a type of digital display that can sense fingerprints. World-first: Biometric screen recognises fingerprints (Techworld)

The first is the engineering of the screen itself:

The key that allows Fiberio to display an image and sense fingerprints at the same time is its screen material: a fibre optic plate,” said Holz.

The fibre optic plate is comprised entirely of millions of 3mm-long optical fibres bundled together vertically.

Each fibre emits rays of visible light from an image projector placed below the glass. At the same time, infrared light from a source adjacent to the projector bounces off the fingerprints and back down to an infrared camera below.

That sounds like each pixel is controlled with its own fiber and, theoretically at least, should allow for two-way communication of all sorts of information through the screen. At that point the screen might eventually become the camera, too.

Then there’s the approach to authentication the screen technology facilitates.

Security is one of the main issues around deploying public computers and the researchers addressed this by implementing an additional security layer, which authenticates users every time they try and do something to verify if the respective user has the authority to perform the task they are trying to complete.

The other really big idea this screen-sensor allows is authentication on a per-input-event level, or constant ID verification. Because the screen can “see,” it could always “know,” to some degree, who is using it. With that, the whole log-in/log-out regime could get an overdue overhaul.

Mississippi: Fingerprint verification for subsidized services, finally

Mississippi implements finger scan system for daycare (The Commercial Appeal – Memphis, TN)

Under the system being implemented by the state Department of Human Services, parents must use a finger scanner to sign their children in and out. Proponents say it will save money and cause parents to visit preschools more often, but opponents argue the system is intrusive and creates technical headaches.

About 18,000 children will be affected by the move.

You have to read between the lines, but this is at least partly a ghost-busting mission within government-subsidized child care.

We first commented on this deployment in September of last year in Biometric deployment winners and losers. Follow the links for great examples of arguments made in opposition to tightening up ID management.

More here.

Not only does a fingerprint biometric raise the burden of proof that subsidized services are actually being provided, it makes it harder for unauthorized individuals to remove a child from a child care facility.

Citizens want strong driver licenses

MorphTrust commissioned Zogby to survey 1,000 U.S. adults.

Survey: Majority in favor of facial recognition (SecureID News)

Overall, when it comes to better driver licenses, 83% support making sure the documents are secure to protect against terror attacks, underage drinking and identity theft. In addition, 83% are in favor of biometric background checks for transportation and warehouse workers who handle hazardous materials.

Interesting usability research out of the University of Washington

Read the whole thing; it’s good. My little quibbles after the quote are meant to reinforce the general point of the research which is “if people won’t use it, it won’t work (and vice versa).” The importance of research is the attempt to identify and quantify, and therefore perhaps predict, how much people will endure before they throw their hands up in the air and quit on the technology.

Technology to Replace Passwords Fails User Tests (PsychCentral)

University of Washington engineers are trying to figure out why fingerprint- and eye- and face-recognition authentication technology have not gone mainstream. They found in a recent study that the user’s experience could be key to creating a system that doesn’t rely on passwords.

“How humans interact with biometric devices is critically important for their future success,” said lead researcher Cecilia Aragon, Ph.D., a UW associate professor of human-centered design and engineering.

“This is the beginning of looking at biometric authentication as a socio-technical system, where not only does it require that it be efficient and accurate, but also something that people trust, accept and don’t get frustrated with.”

So true, but hardly new. Security is, and always has been, a socio-technical system. We’ve all seen a waste basket used to keep a self-locking door propped open. If the security measure is disproportionate to the cost of a security breach, people will reject the system. Thoughtful security planners have always known this and it’s why one of our mantras around here is “biometrics is about people.”

Passwords are also likely to be around for a long, long time, but if biometrics could displace passwords in certain cases and allow for simpler passwords in other cases, that’s a big advance. Where simple passwords (PIN’s) are sufficient today, biometrics should be able to displace them altogether. Where increasingly complex passwords are required today, applying biometrics should allow for simpler passwords such as 4-digit PIN’s.

That’s nothing to sneeze at.

Expect to see a whole lot more of this…

Chicago police go high-tech with facial recognition software (Chicago Sun-Times)

Story Image
Pierre Martin

Police had a photo captured on a CTA surveillance camera on Jan. 28 of a suspected mugger, looking to the side, after he had just allegedly stolen a cellphone from a man at gunpoint on a Pink Line train.

Police also had an ocean of photos for comparison — 4.5 million criminal booking shots.

They ran the program.

And Pierre Martin ranked No. 1 on a list no one wants to top.

We at SecurLinx deploy help police deploy these capabilities. The article is correct to note that officer training is a hugely important factor in successfully adding this capability to law enforcement efforts.

…and this.

Source

New technology allows retailers to spot a celebrity approaching (The Telegraph – UK)

…[A] purpose-built facial-recognition system has been designed to ensure no hapless shop assistant accidentally snubs their best customer again, the Sunday Times reported.

The VIP-identification technology, created by NEC IT Solutions, is already being tested in about a dozen top stores and exclusive hotels in Britain, America and the Far East.