Stuff has posted a really good primer on facial recognition technology related to retail loss prevention and security.
There’s actually a brief discussion of confidence scores in there, which is pretty rare in mainstream articles.
Barriers to facial recognition technology are tumbling down (Stuff – New Zealand)
An interesting, if speculative, look into the future of work for government employees:
How the government will operate in 2030 (The Hill)
“Imagine it is 2030 and you are a U.S. government employee working from home. With the assistance of the latest technology, you participate in video calls with clients and colleagues, augment your job activities through artificial intelligence and a personal digital assistant, work through collaboration software, and regularly get rated on a one-to-five scale by clients regarding your helpfulness, follow-through, and task completion.”
But it’s not just the government sector. The convergence of cloud, AI, and biometric identity assurance among other emerging technologies like the blockchain will change the way individuals interact with large organizations throughout the economy.
The proof is in the fingerprint: how biometrics are proving security doubters wrong (memeburn)
Biometrics is not the uncharted Wild West or the strange cousin who lives next door, it is one of the fastest growing markets in the world because it works. It is also predicted to be worth around US$23.3 billion by 2019 with a CAGR of 20.8%. This is one market which is on a steady trajectory thanks to its potential and its ability to reduce fraud and data theft by significant amounts. The proof as they say, is not so much in the pudding as it is in the fingerprint…
Welcome to the Biometrics Age! (Finextra)
A future sci-fi world of disappearing passwords, the internet of things and the unique human characteristics of our body parts to verify who we are is now actually a reality!
Here’s why the password isn’t going anywhere (IT Pro Portal)
There’s no point in arguing about which security solution is the “best”. It’s pretty clear that the future lies with individuals using a combination of security options, each making up for the weaknesses of the others…
So rather than try to prove that a new technology is the Holy Grail and should replace passwords, it’s time to educate the public to use more than one factor of authentication. Using multiple factors will certainly increase a user’s security more than using one factor alone, no matter how secure we believe that one factor may be.
Roundtable: Identity and access management (SC Magazine)
It’s a line that’s hard to walk, the one between usability, security and privacy – one that might get harder and harder to walk if things keep going the way they are. Increasingly, businesses depend on personal information offered by customers, Chandler reminds us: “We’re going on to a shared business environment, where we share information in order to make the community better.” With the growth of wearables, sensors and the Internet of Things – voice-activated TVs for instance – this trend might be hard to mitigate.
Security vs. usability—that’s the choice we make with passwords (Phys.org)
We all need some kind of authentication process if we are to access information systems at work or at home. We know why we need to do it: to make sure we have access to our data and unauthorised people don’t.
So why do we routinely ignore such advice[…]?
Not all passwords protect equally valuable access. It turns out that many people are choosing weak passwords on low-priority systems like retail and media sites, and stronger authentication measures on high-priority systems like finance and work-related systems.
This sheds light on why even rigorous security measures like biometrics are being applied to instances where people are willing to jump through more password-related hoops but find the password regime horribly inconvenient.
MorphoTrak Leads With Face Comparison Training (Financial Content)
MorphoTrak, a U.S. subsidiary of Morpho (Safran), announced today that it will offer vendor-independent training* in face comparison, filling an acknowledged gap in the field of computer-aided face recognition and facial identification. Automated face recognition systems are common in both law enforcement and civil applications, yet facial matching software can only present the reviewer with potential matches. It is up to the human reviewer to decide whether two facial images belong to the same individual.
*“Vendor-independent training” means that the techniques the course will teach work for all face examiners, no matter what face recognition software they are using.
Kudos to Morpho. Facial recognition is a powerful tool for well-trained users. This challenge is well known among those who have worked to place facial recognition capabilities into the hands of law enforcement and security professionals.
Computers don’t look at the world the way we do. Whether that’s a good thing or not depends on what you’re trying to accomplish. For facial recognition in a law enforcement context, it’s a good thing to have a radically different point of view applied to a challenge.
First, faces are probably the most meaningful objects in human existence. It’s not too much of an exaggeration to say that for millennia human survival has depended upon our abilities at one type of facial recognition: recognizing people you know. Sorting through hundreds of thousands of pictures of people we don’t know in order to match the two that are of the same person, however is not something we’re inherently good at.
Computers can do that in less than a second, then give the two pictures to a human which is very good at making the single comparison — if that person understands their role in the machine-human partnership well.
Training is the key.
A Millennial’s Mindset: Money and Biometrics (Finextra)
The best thing for me would be a fast, easy and secure process, designed around me. Why can’t I use my biometric data to have a joined up experience? Without removing body parts, it is hard to steal from you. Biometrics would enable me to identify myself immediately.
We agree; and we’re working on it.
If it seems like things are moving slowly, it’s only because there’s a lot that had to be done on the infrastructure side first. A whole lot.
Biometric Cloud-Based Offers Attractive Deployment (Engadget)
Cloud-based biometric technology offers attractive deployment possibilities, such as smart spaces, ambient intelligence environments, access control applications, mobile application, and alike. While traditional (locally deployed) technology has been around for some time now, cloud-based biometric recognition technology is relatively new. There are, however, a number of existing solutions already on the market…
How mobile identity can unlock the DNA of trust for the financial sector (Information Age)
More than two-thirds of UK consumers think that using biometrics – such as voice, fingerprint, iris and facial recognition – would be more secure and help reduce the risks of fraud. These findings were consistent with consumers across Australia, Singapore, Indonesia, Malaysia, the United Kingdom and United States.
Biometric Technologies Are Competent To Use In Homes Or Any Establishments (World TVPC)
So as you can see using biometric scanners as a means to secure your home or office building is absolutely necessary. It is one of those things that you would be thankful for that human ingenuity worked towards your favor instead of against it.
Much of the discussion of biometrics tends to represent the technology as something foisted upon ordinary people by governments or corporations. That is changing.
Biometic Security Measures Put Slow Squeeze on Passwords (IT Business Edge)
One of the touchstones for the computer age and, more specifically, its insecurities and dangers, is the password. Very slowly, however, the password may be on its way out, both for stationary and mobile users. In favor are various biometric security measures.
Lots of good links in the article.
Unisys Security Insights: U.S.
A Consumer Viewpoint – 2015 (Unisys – Browser-based PDF)
 |
|
Source: Unisys
|
The survey, in general is concerned with data security and has interesting survey data reflecting the relative data security concerns of the United States public broken down by industry.
Is facial recognition tech really a threat to privacy? (BBC)
Facebook has decided not to offer its photo-sharing app Moments in Europe because of regulator concerns over its facial recognition technology.
And earlier this week, talks between US tech firms and privacy campaigners broke down over fears about how the industry is planning to use the tech.
So why is there so much concern over facial recognition tech, and is it justified? We unpick some of the issues.
Biometrics Market Forecasts (Tractica)
Tractica’s forecasts indicate that key industries in the biometrics market over the next decade are likely to be finance, consumer devices, healthcare, and government, followed by enterprise applications, defense, education, law enforcement, and non-government organizations. Key use cases that are likely to drive biometrics revenue over the next decade include consumer device authentication, mobile banking, automated teller machines (cashpoints), government IT systems, point-of-sale transactions, pharmacy dispensing, and wearable device authentication.
Biometrics May Ditch The Password, But Not The Hackers (NPR) — The piece itself is rather de rigueur, but the comments are a great way to start Friday.
It looks like that Paypal piece was pretty widely read.
Is Samsung’s Galaxy S5 ‘leaking’ YOUR fingerprints? Flaw means hackers can intercept and steal biometric data (Daily Mail); Forbes piece, here.
The pair told Thomas Fox-Brewster from Forbes that the flaw lies in older versions of the Android operating system, up to and including Android 4.4.
Subsequently, anyone running Android 5.0 or above are not at risk and the security experts are advising people on older models to update as soon as possible.
The semi-technical press seizes upon biometrics as a proxy for personal data. This is old news, but here’s a great example.
A close reading of the article reveals that earlier releases of Google’s version of the Android mobile OS weren’t as secure as they are now. This will come as news to few. The article points out that, “Once inside they can monitor all data sent to and from the phone, as well as data recorded by the handset’s built-in sensors, including the fingerprint scanner.”
Get it? Exploiting the security flaw means that the whole device is compromised: Email apps, microphone, location information, and possibly even the contents of phone calls themselves, but according to the author and editor(s), the news value is in the possibility of capturing a fingerprint image. Of course, it’s their outfit; it’s their call.
For readers here, instead of “OMG fingerprinst[!],” I’d emphasize that:
Not all mobile operating systems are created equal.
Different mobile applications offer a different mix of privacy costs and benefits.
Installing OS updates and patches is very important.
If the OS is compromised, the applications it runs are vulnerable.
Left out of the information readily available online about this hack is how the people at FireEye got their malware onto the hardware in the first place. Past “hacks” of biometric systems have been executed on a playing field that is far more favorable than the real world to the the hackers, where all the other layers of the security regime are stripped away from the one security link they want to test. Here’s a particularly striking example. If FireEye rooted the phone, side-loaded their malware onto the device, and went from there, this isn’t a hack in any real sense — it’s a malware test.
That hypothetical scenario would mimic a real world example where a user lost their phone and bad guys got it, loaded software on it and then returned the mobile device to the user who continued as if nothing had happened. In the security world, if you lose control of the hardware, all bets are off for anything that isn’t encrypted (with a strong key).
So, without more information, it’s hard to say how big a deal this is, or in many (most?) cases, was. In the bigger picture, this is a Google Android OS story. The subtext is that users who care about mobile device security should be thoughtful about what device/OS/app combinations they adopt, keep their device’s software up to date, and be careful about malware.
As automated and convenient security including biometrics becomes better and more common, the highway robbers of the 21st Century are increasingly forced to turn to social engineering techniques rather than frontal assaults on security technology.
Kill all passwords by eating them says PayPal (Techworld)
He says external body methods like fingerprints are “antiquated”, and that internal body functions like heartbeat and vein recognition using embedded and ingestible devices are the future, to allow “natural body identification”. LeBlanc says internal devices could include brain implants, and that ingestible devices could be powered by stomach acid that runs batteries.
Time will tell, I guess, but user acceptance has been has been a big issue for identity management solutions using biometrics. A bank asking customers to put something in their body in order to access their money would seem to be of another character entirely.
Perhaps the analysis is meant to provide a perspective on what far-distant ID management technologies will look like. Even then, with the exponential growth of the computing power in “externally carried computers” i.e. smartphones, it’s hard to see how gaining a foot or so of proximity distance by moving the token inside the body lowers error rates enough to justify the mess.
The subtext is this, though:
“We know how to identify machines. People are a pain. If we can just turn the people into enough of a machine, all our problems are solved.” In other words, engineering! There’s a problem here, though. If you turn the machines into people, the machines will probably get harder to identify.
At SecurLinx, we’ll keep at it just in case.
The question: when will biometrics take over from passwords? (The Guardian) — Four smart takes on large-scale customer-facing authentication.