Federal regulation for face recognition technology?

Microsoft wants regulation of facial recognition technology to limit ‘abuse’ (CNN)

“Facial recognition — a computer’s ability to identify or verify people’s faces from a photo or through a camera — has been developing rapidly. Apple (AAPL), Google (GOOG), Amazon and Microsoft are among the big tech companies developing and selling such systems. The technology is being used across a range of industries, from private businesses like hotels and casinos, to social media and law enforcement.

Supporters say facial recognition software improves safety for companies and customers and can help police track police down criminals or find missing children. Civil rights groups warn it can infringe on privacy and allow for illegal surveillance and monitoring. There is also room for error, they argue, since the still-emerging technology can result in false identifications.”

The details of any such federal regulation will matter a lot. I believe three states have laws regulating face recognition technology today: Illinois, Texas, Washington. Illinois is reportedly considering revisions to its Biometric Privacy Law (BIPA) to limit its scope.

The US Congress will need to decide whether to continue to leave regulation of biometric systems to the States or that it’s time for federal action. We’ll definitely bee keeping a close eye on this.

Positive review for Microsoft facial authentication on new hardware

Windows Hello facial logins on the new Surfaces are rather impressive (RAs Technica)

With Hello enabled, logging in to the machine is as simple as sitting down in front of it. The lock screen shows the Windows Hello “eye” looking around, and the detection is near-instantaneous. It takes longer for Windows to dismiss the lock screen and show the desktop than it does for it to recognize you in the first place. In fact, it’s so quick that a kind of delay had to be built in. If there were no delay, locking your PC with Windows+L (or the Start menu option) would be nigh impossible.

Windows Hello face recognition not fooled by Australian twins

Microsoft’s facial recognition software does something amazing when it encounters twins (Business Insider)

Each set of twins set up an account for one and then the other attempted to log-in — and the software held. According to The Australian, there was not one instance of Windows Hello allowing the wrong twin access to the computer.

The headline to the contrary, notwithstanding, Microsoft’s facial recognition software pretty much does nothing when it encounters a legitimate user’s identical twin.

Microsoft and Synaptics working on fingerprint hardware

Synaptics TouchPads to work with Windows Hello (WinBeta)

The new TouchPads would be able to read your fingerprint to enable Windows 10’s new biometric login feature Windows Hello, which aims to eliminate the use of passwords by replacing them with either fingerprints, facial recognition, or iris scanning.

Morphing the touch pad mouse sensor hardware into a fingerprint reader would be pretty cool. Getting the ID transactions right, though, will be a pretty heavy lift, technically, depending on the use model.

Microsoft, privacy and biometrics

Microsoft moves to quell Windows 10 privacy fears (Daily Nation)

According to the company’s privacy statement, some of the information collected include “your typed and handwritten words”, emails, conversations users have with the digital assistant, Cortana, location data and selections, such as stocks a user follows in a finance app, or the team a user supports in a sports app. Articles detailing privacy concerns have appeared in The Guardian, Newsweek and the Financial Times.

In the statement supplied Monday, the company says Microsoft does not sell the information customers provide it, but makes it available to employees and third-party engineers to improve Microsoft services.

Users can choose the level of information they send to it and selectively remove the information that Cortana, the digital assistant, tracks, while no biometric data from Windows Hello is shared with third parties, the company said.

It looks like the attention Microsoft is getting for privacy concerns surrounding Windows 10 is mostly to do with default settings. It also appears that Microsoft treats biometric information differently by default, not sharing it even with trusted third-party developers.

Two of the issues, surrounding Wifi Sence and how Windows Update Delivery Optimization (WUDO), are covered very well by The Hacker News which provides simple instructions for how to address them by changing default settings.

Reading through both of the Hacker News pieces, a picture of Windows 10 emerges that shows Microsoft giving serious thought to how make connectivity simpler with Wifi Sense while making the Windows ecosystem more resilient to the security threats already out there and those that easier connectivity implies with WUDO.

Windows 10 is here

Microsoft’s big day is here and for biometrics that means Hello, biometric authentication for Windows 10 devices.

The promo is quite snappy.

But even though the promo piece concentrates on face recognition, Hello face logins are limited to the Intel Real Sense 3D camera. With limited options for external face hardware, how about fingerprints? Does Hello support a wider range of fingerprint hardware? It appears that it does.

Foraging around the internet, I found this May, 2015 piece by Richard Hay at WinSuperSite.com that details his experience integrating an off-the-shelf budget fingerprint reader with a beta version of Windows 10 Hello. It seems pretty straightforward. That means that the fingerprint login is probably going to be easier for most people who want to take advantage of Hello, at least on desktops. Carrying a USB connected piece of hardware won’t work as well for mobiles running Windows 10, but it makes sense to expect Windows phones with onboard fingerprint readers soon, especially given Microsoft’s investment in Hello..

My personal preference on fingerprint hardware is for sensors that capture the whole image of the fingerprint instantly over the swipe readers, but they are more expensive.

All the early Hello press revolves around access to the device, and it’s true that Windows and fingerprint hardware manufacturers have supported a lot of this functionality for years, now. It remains to be seen how deeply into the operating system the biometrics go. Still, one fewer password is welcome.

Hello, Windows. Microsoft does biometrics.

Windows 10 News: New Authentication, New Storage Savings, And Launch Timeframe (AnandTech)

Microsoft will be taking a two pronged approach to authentication. The first is the actual authentication. Windows Hello will work with several biometrics, including fingerprint scanners, facial recognition, and iris scanning, as examples. This will be used in conjunction with hardware cryptography on the device to unlock the device. Microsoft is claiming false unlocks at around one in one hundred thousand. Fingerprints are well known, but the facial recognition will not rely on just a webcam, but rather will require new hardware such as the Intel RealSense 3D Cameras to ensure that it is a real person in front of the device and not just a photo. The unlock is tied to the actual device, and none of the unlock information is ever sent off of the device. Existing fingerprint readers can be used with Windows Hello.

Windows 10 and biometrics

Microsoft Announces FIDO Support For Windows 10 (The Verge)

Soon, you may be able to log in to Outlook with a fingerprint or an eyescan. At the Stanford Cybersecurity Summit on Friday, Microsoft announced that Windows 10 would support the next version of the Fast Identification Online (FIDO) spec, allowing devices to work with a wealth of third-party biometric readers and providing an easy framework for any hardware makers that want to build extra security into a laptop or phone.

Windows 10 pregame

What to expect (and what you won’t see) at this week’s Windows 10 launch

The Windows 10 technical preview released last fall was aimed squarely at enterprise customers, bringing back the Start menu and allowing sandboxed Windows Store apps to run in windows instead of full screen. This week’s update should be much more focused on consumer devices and services.

Here’s what I’ll be looking for in Redmond on Wednesday…

There is a brief biometric mention, but it’s mostly big-picture analysis of Microsoft’s consumer offerings.

All is proceeding as we have foreseen

Windows Phone 8.1 with fingerprint support, UI customizations — A new WP 8.1 SDK leak points to fingerprint scanner support in the next OS update, which should put Windows Phone level with iOS and Android. (GSM Arena)

Samsung’s next flagship phone will feature a swipe fingerprint scanner embedded in the home button (uSwitch)

April 22, 2014: LG G3 specs leak points to integrated fingerprint scanner (Trusted Reviews)

The prediction to which this post’s title refers can be found here.

So this is what Microsoft has been up to…

SILICON REPUBLIC:  Xbox One dashboard video highlights biometric abilities of new console (with video)  “The Kinect camera comes with biometric capabilities that recognise the voice of each individual in the household, as well as their body shape because it reads their skeletal frame.”

The linked article comes at the technology on display from an Xbox One angle but I think it’s bigger than that. Is Microsoft just highlighting it’s vision for the Windows 8 world? Is it signalling that the future of Microsoft is going to be more bound up with hardware like the Xbox, Surface and Kinect? Biometrics in the OS? Taking it’s huge market share and moving to a business model that looks more like Apple’s?

More questions than answers, I know. But if you have 12 minutes, give it a watch and see if the same isn’t true for you.

To touch on the biometrics a bit, it looks like the capability billed as voice recognition is indeed true voice recognition and speech recognition rather than speech recognition alone. A post dealing with the distinction is here. Each of the two people in the video tell the system to “show my stuff” and the software shows different sets of “stuff” even though prompted in identical terms by the different users.

I’m not exactly sure what the presenters mean when they mention that the system distinguishes among individuals by skeletal structure, but in the Skype demonstration the technology does seem to recognize a dog as something worth paying attention.

Can respect for privacy be a competitive differentiator?

Though biometrics get quite a lot of attention from people interested in privacy, the real action is in the internet browser and online services. Just remember — If you are not paying for it, you’re not the customer; you’re the product being sold*.

The Microsoft “Scroogled” ad campaign against Google is interesting because it indicates that the high-level marketing types at Microsoft believe the public is open to the message that some web services are taking too much information from users compared to the value the users receive in “free” services. Whether respect for privacy is a competitive differentiator among web services remains to be seen, but the fact that Microsoft has spent real time and money on the assumption that it is should not go unnoticed.

Google Privacy Chief Blasts Microsoft’s “Scroogled” Campaign at RSA Conference (CIO)

The bulk of the article linked above is devoted to privacy standards, privacy policy and corporate management. While that’s not nearly as eye-catching as a slug fest between Information Age titans, it is a much more substantial issue and one worth of serious attention.

Microsoft Acquires Mobile Hardware Security Firm

Microsoft Boosts Mobile Security with PhoneFactor Acquisition (CMS Wire)

Microsoft will be able to tout these features as built-in or an option once the acquisition and integration is complete. PhoneFactor currently offers services for enterprise, government, banking healthcare and other verticals, while also supporting Citrix, IBM Tivoli and VMWare.

It claims that the PhoneFactor Agent service reduces the risk of compromise and increases security with benefits including; instant fraud alerts, biometric voice authentication and transaction verification, with the advantage of no extra dongles or training needed.