Retail and CCTV Vendors are Catching on to Facial Recognition

The new face of CCTV surveillance (The Retail Bulletin)

“There have been huge advancements in both facial recognition analytics and in network camera technology, which is ultimately the source that the analytics have to work from.

“In particular HDTV cameras offer higher resolution video and enhanced clarity and sharpness, that complements the accuracy of facial recognition solutions making identification even simpler and more accurate.”

Retail outlets and CCTV vendors are catching on to the opportunities for a return on investment facial recognition technology provide.

The article neglects to mention, however, that the installed base of CCTV cameras is poorly suited to facial recognition.

Facial recognition is what it says: the recognition of faces. It’s not top-of-the-head recognition; it’s not profile recognition; it’s not back-of-the-head recognition. In general, CCTV cameras have been installed to observe and/or record what people are doing, not who they are. They have been deployed to answer the question, “what’s going on?”

This is changing and can be overcome by moving a camera down and changing its zoom to where it is capturing good face images. As CCTV installers become more familiar with facial recognition technology, results will improve dramatically.

Following Attendance Scandal São Paulo City Council Self-Imposes Biometric System

After scandal, 42 of the 55 councilors say they are in favor of presence only with digital (O Estadão de São Paulo)
Google Chrome Translation (with slight edits)

After [this newspaper] uncovered fraud in the attendance record at City Hall, 42 of the 55 councilors said they were in favor of attendance at plenary sessions being recorded only by fingerprint. To change the bylaws of the house, you need the backing of 28 MPs.

The current system relies on passwords.

Nigeria Looks to Biometrics to Help with Border Security

Committees To Investigate Absence Of Biometric Capture Machines (Leadership)

The House of Representatives in Abuja on Tuesday directed its Committees on Aviation and Interior to investigate the absence of biometrics data capture machines at the nation’s entry points.

This resolution followed a motion by Rep. Emmanuel Ekon (PDP–Akwa-Ibom) and 23 others, which was unanimously adopted without debate when it was put to vote by the Deputy Speaker.

Nigeria can’t be sure how much its unstable internal security situation is due to external forces until it gets better control of its borders.

It’s telling that Nigeria’s elected leaders are unanimous in their resolve to examine carefully how biometric systems might help. After all, Nigeria has a biometric election under its belt and it seems like the experience was a positive one.

h/t @m2sys

Indian State of Uttar Pradesh Isn’t Waiting for UID

Uttar Pradesh to give foodgrain via biometric cards (Thaindian News)

Uttar Pradesh will computerise the public distribution system and issue biometric smart cards to its residents, an official said Thursday.

Chief Secretary Javed Usmani said foodgrain would be provided to people only through smart cards to flush out fake ration cards from the system.

In the first phase, 18 districts would be covered as pilot project.

Uttar Pradesh Isn’t Waiting for UID. Judging by the scant information in this article, they’re forging ahead anyway.

We mentioned here how Nandan Nilekani was creating competition for India Post in order to gain access to better services for delivering UID numbers to individuals.

Could the shoe now be on the other foot?

Is UID going to have to improve its performance in competition with states who appear willing to set up their own systems?

UK: Government Abandons Major ID Management Projects

IT recruitment in public sector hits rock bottom (PC Advisor)

Major government projects involving the heavy use of IT contractors, that have been cancelled over the last two years, include the NHS national electronic database, second generation biometric passports, the ID cards programme, the Contact Point child protection database, and the development of new defence technologies.

Judging by the short description here, three of the four cancelled projects mentioned are related to ID management. Even the fourth, defence technologies, could have a large ID management component.

Summit of Central Africa leaders mulls biometric passports

Transitioning to biometric passports is on the agenda of the Economic Community of Central African States (CEMAC) meetings being held this month in Brazzaville.

UPDATE: Link to Afrique Jet was missing before.

Summit of Central Africa leaders (Afrique Jet)

CEMAC

Also on the agenda is CEMAC biometric passport for all member countries.

‘The secure biometric passport will be progressively established and will coexist with the former passports so that there is no break,’ Mr Ntsimi added.

Sahara Mall Bar Owners: Biometrics Bring Fewer: Brawls; Crimes Against Women; Customers

Now, punch in before entering bars at Sahara Mall (Hindustan Times)

All those who come to the Sahara Mall bars have to punch their thumb in the computerised machines, which also records the visitor’s photograph. The machine can store up to 5,000 persons’ records, after which the data is stored in a hard disk.

The mall management was prompted to install the biometric machine in the wake of increasing incidents of brawls and crimes against women. Sahara Mall, one of the city’s oldest on the Mehraulli-Gurgaon (MG) Road houses five bars on its third floor. The spot earned a bad name due to frequent criminal cases in the recent past.

But really, a system like this doesn’t make much sense unless bar staff or security officers use the photos and fingerprints to manage a list of people who have been banned from the mall for previous bad behavior and compare people to that list as they enter. Maybe that’s what they are doing though the article doesn’t mention it. Either way, it seems to act as something of a deterrent.


But the last sentence of the article really got my attention… 

 “While the safety measures have instilled confidence among women, bar managers rue that the footfalls have declined.”

Maybe the headline should be:
Bar Owners Say Best Customers Fight a lot, Assault Women
According to one bar owner: “Since we got rid of all the brawlers and gropers this place is like a ghost town.” 
[OK, I made that quote up.]

Biometrics “Fix” Identity

Even if there is fraud in the identification process, biometrics can be used to fix a single identity upon an individual.

An article in today’s Canberra Times about people smuggling brings home the point.

Despite some unauthorised arrivals’ lack of documents, biometric capability is critical. In a few cases, unauthorised boat arrivals will be identified from international databases, particularly through fingerprints. Even if people cannot be identified, the collection of biometric data on arrival provides a basis for anchoring the identity of an unauthorised arrival, so that the Australian community can be confident it is dealing with one person and that further identity-shifting is difficult. It also leaves open the possibility of identification in the future. [Emphasis mine]

One classic use of identity fraud among professional criminals is the use of multiple ID’s so as to keep a clean identity and a dirty identity. If possible, all the documents involved are “real” in that even the ID card related to the fabricated identity is issued by the legitimate authority.

When the the professional criminal with his family in the car is pulled over for running a stop sign in his neighborhood by a police man who goes to the same church, he presents his “real” ID. When he’s picked up in the course of his job, say 1,500 miles away, with a trunk full of weapons and narcotics, he gives the police the ID containing bogus information.

The arresting officers call the ID authority who created the false ID card. Sure enough, he’s in the database. No criminal record. Light sentence for a first offence and he can still go back to his life, get another ID, and go back to work, too.

The same pattern works well with fraud.

Pretty simple, right?

Well, yes — until biometrics.

Once ID issuing authorities institute biometric checks before issuing new ID documents, even a person who lies on their original ID application is stuck with only the one ID.* Further attempts to obtain additional ID’s can be detected and investigated. Later claims of a false identity (or lost ID) can be unraveled.

This is something that might have given pause to the person who supplied Mr. Coriander with fingerprints. If he thought the only time those fingerprints could be used for a UID number, he might not have found the joke as funny.

*This applies to discrete ID management system. If ID databases aren’t linked, it may be possible to maintain different identities in different databases.

Most Read Posts of June 2012

Thanks to all who visited and helped spread the word. In case you missed a couple, the following posts generated the most online interest last month.

Four Seventh Grade Girls Bring Facial Recognition to the People (JUNE 1, 2012)

One-Time-Only ID Technologies (JUNE 4, 2012)

Canada Moving Toward Biometric Visitor Visas (JUNE 5, 2012)

What if? Online Real-Time Searchable Sensor Data (JUNE 12, 2012)

More Face Rec Tech for Entertainment (JUNE 12, 2012)

Jobs in Biometrics (JUNE 13, 2012)

Biometrics In Art: DNA Portraits (JUNE 15, 2012)

Does Apple’s Siri store users’ biometrics? (JUNE 28, 2012)

“Next Steps in ID Technologies” hosted by TechConnect West Virginia

Here’s a record of the event as documented in the SecurLinx twitter feed and a couple of subsequent follow-ups by @m2sys and @BiometricUpdate. Many thinks to @TechConnectWVa and others for putting the event together.

UPDATE: I deleted the embedded version from Storify because it was making the whole homepage load exceedingly slow. It’s too bad they don’t offer a simple html export instead of the script that loads it from their servers.

You can still read the original content at Storify here.

Three Sides of the Same Coin

Late last week, while engaging in my routine news perusal, I came across a few items that while very different, struck me as being somehow connected:

Getting a facial (BCS.org – UK)

Reversing Poor Data Management Culture (This Day Live – Nigeria)

Coriander, son of Pulao, Aadhaar No 499118665246 (DNA India)

In order, they are: a high-level interview with a computer scientist interested in quantifying the behavior of the human face at both the macro and micro levels; a litany of failures to even bring order to — much less make the most of — a developing country’s IT investments; and a high-profile case of how one individual can make an entire national effort look bad.

But this summary is, well, more summary: They are a visionary’s perspective, a cat-herder’s lament, and an embarrassing insubordination.


Each piece captures a slice of the dramatic interaction of humans and IT-based technologies (in these cases, biometrics and biostatistics) designed to identify people or interpret their physical state.

Together they inform some of the themes I’m always banging on about here. “ID management is about people.” “It’s not the tech, it’s the people.” “Technology is an management tool, but it can’t run an organization by itself.” “ID management systems are an amazing leap-frogging technology for the developing world.” “ID perfection is not the proper metric, Return on Investment (ROI) is.”

A closer examination of each article follows in…
A Visionary’s Perspective,
The Cat-Herder’s Lament – IT and Organizational Culture and
An Embarrassing Insubordination – It Takes a Human To Give Coriander an ID

A Visionary’s Perspective

The Chartered Institute for IT has published a wide ranging interview, Getting a facial, with Professor Maja Pantic, from Imperial College, London.

Prof. Pantic has been working on automatic facial behaviour analysis. This type of research, if successful, could lead to a revolution in the way humans interact with technologies devoted to security, entertainment, health and the control of local physical environments in homes and offices.

The interview is long, wide-ranging, and worth reading in it’s entirety.

I would, however, like to point out two passages that have great bearing on some of the themes we discuss regularly here.

Why computer science?

But with computers, it was something completely new; we just couldn’t predict where it would go. And we still don’t really know where it will go! At the time I started studying it was 1988 – it was the time before the internet – but I did like to play computer games and that was one of the reasons, for sure, that I looked into it. [ed. Emphasis added]

You never know where a new technology will lead, and those who fixate on a technology, as a thing in itself are missing something important. Technology only has meaning in what people do with it. The people who created the internet weren’t trying to kill the record labels, revolutionize the banking industry, globalize the world market for fraud, or destroy the Mom & Pop retail sector while passing the savings on to you. The internet, much less its creators, didn’t do it. The people it empowered did. 


Technologies empower people. Successful technologies tend to empower people to improve things. If a technology doesn’t lead to improvement, in the vast majority of cases it will fail to catch on and/or fall into disuse. In the slim minority of remaining cases (a successful “bad” technology) people tend to agree not to produce them or place extreme conditions on their production and or use i.e. chem-bio weapons, or CFC’s. There really aren’t many “bad” technologies that people actually have to worry about. 


It makes far more sense to worry about people using technologies that are, on balance, “good” to do bad things — a lesson the anti-biometrics crowd should internalize. Moreover, you don’t need high technology to do terrible things. The most terrible things that people have ever done to other people didn’t require a whole lot of technology. They just required people who wanted to do them.


The interview also contains this passage on the working relationship between people and IT…

The detection software allows us to try to predict how atypical the behaviour is of a particular person. This may be due to nervousness or it may be due to an attempt to cover something up.

It’s very pretentious to say we will have vision-based deception detection software, but what we can show are the first signs of atypical or nervous behaviour. The human observer who is monitoring a person can see their scores and review their case. It’s more of an aid to the human observer rather than a clear-cut deception detector. That’s the whole security part.

There’s a lot of human / computer interaction involved.

It’s not the tech; it’s the people. 


Technology like biometrics or behavioral analysis isn’t a robot overlord created to boss around people like security staff. It’s a tool designed to help inform their trained human judgement. This informs issues like planning for exceptions to the security rule: lost ID’s, missing biometrics, etc. Technology can’t be held responsible for anything. It can help people become more efficient, and inform their judgement, but it can’t do a job by itself.

Back to Three Sides of the Same Coin

The Cat-Herder’s Lament – IT and Organizational Culture

Reversing Poor Data Management Culture (This Day Live)

In the conduct of studies in less developed countries (LDCs), while great emphasis is placed on study design, data collection and analysis, very often, little attention is paid to data management. As a consequence, investigators working in these countries frequently face challenges in cleaning, analysing and interpreting data. In most research settings, the data management team is formed with temporary and unskilled persons.

This article offers a lot of detail about how and why organizations crash into the hard lesson that biometrics for ID management (or any IT system, for that matter) can’t run an organization by themselves. The efficiencies and return on investment offered by biometric ID management (and other IT) systems are so great that they are almost irresistible. While they make organizations easier to manage, they can never truly operate outside the cultural environment where they reside.

When a hallmark of a management culture is to carve out administrative turf and defend it to the last, things like this happen:

Nine years ago, Nigeria spent billions of naira on the National Identity Card Scheme (NICS), and another huge amount was gulped by the National Census in 2006. Last year, the Independent National Electronic Commission (INEC), spent close to N90 billion on a voter registration exercise, while the Nigerian Communications Commission (NCC) spent an unjustified N6 billion on SIM card registration. This year, the National Identity Management Commission (NIMC) is at it again as it seeks to expend N30 billion for a national ID scheme.

The issues discussed in the article are faced by all sorts of large organizations, not just LDC’s. A lot of the complaints would sound exactly the same coming from inside large universities in the United States.

Read the whole thing.

Back to Three Sides of the Same Coin

An Embarrassing Insubordination – It Takes a Human To Give Coriander an ID

Coriander s/o Pulao, Aadhaar No 499118665246 (DNA India)

Coriander and an apple, as per the Unique Identification Authority of India (UIDAI), are residents of India as they have been given an Aadhaar number. And this, perhaps, has been the last straw.

Expressing shock at this, not to mention there having been several complaints of impersonation, the Union home ministry has asked UIDAI to get an internal as well as external security audit done by a third party to fix the lacunae in the enrolment system and avoid any more goof-ups.

OK, let’s get this out of the way. This story is funny and embarrassing. We even had some fun with it in April and May of this year: UID Embarrassment: Vegetable Gets an ID and Take that, Cilantro!.

It is also being blown way out of proportion. Nobody used Coriander’s ID to do anything good or bad.

P Keshav, a Member of Legislative Assembly from the district where the fraud occurred has speculated that the fraud was probably a prank played by someone who wanted to show how casually the process of data collection is done in villages and that the private agencies entrusted with the job have no understanding of the job.

So the hoax was probably an inside job. At the very least it required the complicity of an employee of a trusted entity: one of the companies that facilitates enrollment. Nevertheless, a corrupt official at the DMV issuing false documents doesn’t call the whole drivers license regime into question, and the same is true for UID, but it does encourage policy changes.

The unwanted attention the fraud has brought on the UID enrollment process has led to policy changes that should make the situation better. More attention will be focused on the private operators who charge money to collect enrollments. There’s no reason why the private agency and the employee responsible the fraud couldn’t be sanctioned. In fact, UIDAI probably should institute some sort of performance metric that affects payouts to the private firms based upon data quality, which despite The Coriander Affair, has remained high even as costs have fallen.

It’s important to remember that the management challenge of UID is every bit as difficult as the technical challenge.

Back to Three Sides of the Same Coin