technology

DARPA, passwords, technology

Biometric passwords feature in list of 15 awesome DARPA technologies

15 Advanced Military Research Projects That Will Change Your Life (Business Insider)

The Defense Advanced Research Projects Agency (DARPA) gets a ton of funding to develop the science and techological future of the military. This is the agency responsible for GPS, the internet and stealth planes. They’re the real deal.

We looked at their active projects to find the ones that might have massive civilian implications if they eventually produce real-world tech. For this round, we focused on only their Defense Science Office and their Information Innovation Office, two of six DARPA branches.

There’s some really cool stuff there, much of it to do with speech/language and blood.

development, government, public, technology

A look at digital government services

Of course, I’d say policy and technology must be good bedfellows…

Policy and technology can be good bedfellows (The Guardian)

Technology-enabled reform of public services can create friction, as the public is required to adapt to new platforms for interacting with the state and its administrators have to learn a new way of working. At its worst, this friction can result in disjoined state paralysis following the wrong kind of policy making and subsequent commissioning. At its best, it can reduce the state running costs and better fit the mould of citizens’ lives, such as being able to book a GP appointment via a laptop or mobile.

AFIS, chat, CJIS, FBI, ID management, interoperability, Kirkpatrick, law enforcement, management, modality, standards, technology, tweetchat

Michael D. Kirkpatrick FBI Assistant Director in Charge of Criminal Justice Information Services (Ret.) to Discuss Biometrics & Law Enforcement at July #BiometricChat

When: July 19, 2012 — 11:00 am EDT; 8:00 am PDT; 16:00 pm BST; 17:00 pm CEST; 23:00 pm SGT; 0:00 JST

Where: tweetchat.com (hashtag #biometricchat

What: Tweet chat on Biometrics and Law Enforcement with Michael D. Kirkpatrick (@MDKConsulting)

Topics: The past, present and future of biometric ID management applications in law enforcement, interoperability, modalities.

To send questions for the #BiometricChat:
Email: SecurLinx blog
Twitter: @SecurLinx, hashtag #biometricchat

When John at M2SYS asked me to guest host the July #BiometricChat, I immediately thought of Michael Kirkpatrick. I’m happy to announce that he’s agreed to join us. I offer my sincere thanks to both of them for the opportunity.

Michael Kirkpatrick

Michael D. Kirkpatrick, as the FBI’s Assistant Director in Charge of the Bureau’s Criminal Justice Information Services (CJIS) Division from January 2001 – August 2004, led the Division through profound IT changes especially relating to the application of biometric technologies to the challenges of law enforcement.

Back in the day (i.e. before 1999), fingerprint analysis for law enforcement purposes was a much different ball game. Everything was accomplished with paper, ink, and highly-trained, dedicated  fingerprint analysts. That made law enforcement biometrics pretty much the only biometrics game in town because there weren’t really any commercial applications for that type of set-up. Sure, some professions required criminal background checks, but the fingerprinting part was mostly there to make it easier to catch people in the event they committed crimes at some later date.

Presently, the FBI maintains the world’s largest collection of biometric data and facilitates information sharing between law enforcement organizations and a range of both public and private entities. The CJIS center handles more than 61 million ten-print submissions a year. Average response time for an electronic criminal fingerprint submission is about 27 minutes, Electronic civil submissions are processed within 72 minutes.

The successful transition from a paper system to an Integrated Automated Fingerprint Identification System (IAFIS), presented a range of technical, organizational and managerial challenges such as: What to do with all the paper records; What technical standards to apply to digitization; Determining what confidence level constitutes a match; How to receive input remotely and transmit results;  How to store the information securely; What policies to put in place; Determining whether current international agreements were adequate or forging new ones necessary. The list goes on and on.

Without the hard work sorting out these kinds of questions done by those at CJIS, biometric ID management applications, beginning with fingerprint biometrics, simply would not have nearly the impact in the public and private sectors that they do today. Michael D. Kirkpatrick was one of the many people who helped make it all possible.

Over the course of his career, Michael has done far too many interesting things in law enforcement and biometrics than can be listed here. Thankfully, he has posted a brief overview of some of his experiences at his site, here. He tweets at @MDKConsulting

We hope that you will spread the word among your colleagues and friends and join us Thursday, July 19 at 11am EDT.

Please send questions via:
Email: SecurLinx blog
Twitter: @SecurLinx, hashtag #biometricchat

We’ll publish the chat questions in an update to this post early next week.

IT, leap-frogging, technology

Three Sides of the Same Coin

Late last week, while engaging in my routine news perusal, I came across a few items that while very different, struck me as being somehow connected:

Getting a facial (BCS.org – UK)

Reversing Poor Data Management Culture (This Day Live – Nigeria)

Coriander, son of Pulao, Aadhaar No 499118665246 (DNA India)

In order, they are: a high-level interview with a computer scientist interested in quantifying the behavior of the human face at both the macro and micro levels; a litany of failures to even bring order to — much less make the most of — a developing country’s IT investments; and a high-profile case of how one individual can make an entire national effort look bad.

But this summary is, well, more summary: They are a visionary’s perspective, a cat-herder’s lament, and an embarrassing insubordination.


Each piece captures a slice of the dramatic interaction of humans and IT-based technologies (in these cases, biometrics and biostatistics) designed to identify people or interpret their physical state.

Together they inform some of the themes I’m always banging on about here. “ID management is about people.” “It’s not the tech, it’s the people.” “Technology is an management tool, but it can’t run an organization by itself.” “ID management systems are an amazing leap-frogging technology for the developing world.” “ID perfection is not the proper metric, Return on Investment (ROI) is.”

A closer examination of each article follows in…
A Visionary’s Perspective,
The Cat-Herder’s Lament – IT and Organizational Culture and
An Embarrassing Insubordination – It Takes a Human To Give Coriander an ID

behavior, exceptions, innovation, science, technology

A Visionary’s Perspective

The Chartered Institute for IT has published a wide ranging interview, Getting a facial, with Professor Maja Pantic, from Imperial College, London.

Prof. Pantic has been working on automatic facial behaviour analysis. This type of research, if successful, could lead to a revolution in the way humans interact with technologies devoted to security, entertainment, health and the control of local physical environments in homes and offices.

The interview is long, wide-ranging, and worth reading in it’s entirety.

I would, however, like to point out two passages that have great bearing on some of the themes we discuss regularly here.

Why computer science?

But with computers, it was something completely new; we just couldn’t predict where it would go. And we still don’t really know where it will go! At the time I started studying it was 1988 – it was the time before the internet – but I did like to play computer games and that was one of the reasons, for sure, that I looked into it. [ed. Emphasis added]

You never know where a new technology will lead, and those who fixate on a technology, as a thing in itself are missing something important. Technology only has meaning in what people do with it. The people who created the internet weren’t trying to kill the record labels, revolutionize the banking industry, globalize the world market for fraud, or destroy the Mom & Pop retail sector while passing the savings on to you. The internet, much less its creators, didn’t do it. The people it empowered did. 


Technologies empower people. Successful technologies tend to empower people to improve things. If a technology doesn’t lead to improvement, in the vast majority of cases it will fail to catch on and/or fall into disuse. In the slim minority of remaining cases (a successful “bad” technology) people tend to agree not to produce them or place extreme conditions on their production and or use i.e. chem-bio weapons, or CFC’s. There really aren’t many “bad” technologies that people actually have to worry about. 


It makes far more sense to worry about people using technologies that are, on balance, “good” to do bad things — a lesson the anti-biometrics crowd should internalize. Moreover, you don’t need high technology to do terrible things. The most terrible things that people have ever done to other people didn’t require a whole lot of technology. They just required people who wanted to do them.


The interview also contains this passage on the working relationship between people and IT…

The detection software allows us to try to predict how atypical the behaviour is of a particular person. This may be due to nervousness or it may be due to an attempt to cover something up.

It’s very pretentious to say we will have vision-based deception detection software, but what we can show are the first signs of atypical or nervous behaviour. The human observer who is monitoring a person can see their scores and review their case. It’s more of an aid to the human observer rather than a clear-cut deception detector. That’s the whole security part.

There’s a lot of human / computer interaction involved.

It’s not the tech; it’s the people. 


Technology like biometrics or behavioral analysis isn’t a robot overlord created to boss around people like security staff. It’s a tool designed to help inform their trained human judgement. This informs issues like planning for exceptions to the security rule: lost ID’s, missing biometrics, etc. Technology can’t be held responsible for anything. It can help people become more efficient, and inform their judgement, but it can’t do a job by itself.

Back to Three Sides of the Same Coin

algorithm, modality, science, technology

Artificial Intelligence & Multimodal Biometrics

Neural network mimics the brain for improved decision-making in biometric security systems (EurekAlert!)

“Our goal is to improve accuracy and as a result improve the recognition process,” says Gavrilova, a professor in the Faculty of Science. “We looked at it not just as a mathematical algorithm, but as an intelligent decision making process and the way a person will make a decision.”

The algorithm can learn new biometric patterns and associate data from different data sets, allowing system to combine information, such as fingerprint, voice, gait or facial features, instead of relying on a single set of measurements.

A system like this is a very long way from seeing the light of day in an actual real-world deployment, but the concept strikes me as having huge potential for extremely complex high value deployments of the future such as airport ID.

face, facebook, search, social, surveillance, technology

What if? Online Real-Time Searchable Sensor Data

Each of these articles is extremely interesting and when they’re read together, they become even more so.

The first one was published in the Washington Post a week or so ago and concentrates on industrial control systems (probably because Stuxnet has been in the news a lot lately). The second article below talks about the development of a search engine that could combine social networking with data collected by sensors that are hooked up to the internet.

Cyber search engine Shodan exposes industrial control systems to new risks (Washington Post)

It began as a hobby for a ­teenage computer programmer named John Matherly, who wondered how much he could learn about devices linked to the Internet.

After tinkering with code for nearly a decade, Matherly eventually developed a way to map and capture the specifications of everything from desktop computers to network printers to Web servers.

He called his fledgling search engine Shodan, and in late 2009 he began asking friends to try it out. He had no inkling it was about to alter the balance of security in cyberspace.

“I just thought it was cool,” said Matherly, now 28.

Smart City Search Engine Uses Sensors (Tech Week Europe)

Researchers at the University of Glasgow are helping build a search engine that will combine data from social networks with real-time sensor information such as recognition of faces in crowds to help users locate individual people or events.

The European-funded project, called Search engine for MultimediA Environment geneRated contenT (SMART), takes advantage of the already widespread presence of sensors such as CCTV cameras and microphone arrays, according to Dr. Iadh Ounis of the University of Glasgow’s School of Computing Science.

The combination of what these two efforts envision — a crawler that finds online devices, an engine that makes them searchable, datamining of social media and real-time access to sensor data — would really be something.

But what would it take for someone sitting at a computer terminal to find and commandeer a surveillance camera, grab an image of my face, run it through a facial recognition search of social media platforms and find out something as simple as my name?

For now, it would be pretty difficult. Without significant help from disparate entities, the challenges associated with such a query are extremely daunting and that will probably be true for the foreseeable future.

A simple facial recognition search of all the photos on (for example) Facebook’s servers would be pretty close to useless. The ‘book simply has far too many faces. Based upon the (low) image quality from surveillance cameras and the (high) number of Facebook photos, there would be far too many false positives. I’ll make an educated guess that the reason Facebook gets the facial recognition results that it does is that it uses its (highly proprietary) knowledge of its users to limit the face rec search only to people that Facebook already believes have a significant likelihood of actually knowing each other. So, without Facebook’s help, that random someone sitting at their computer would have a pretty difficult challenge even if their target is a heavy user of social media.

Other challenges apply. Finding a device online is not the same as controlling it. Controlling some functions of a device such as a surveillance camera doesn’t necessarily imply that all functions are available to the user. Speed and storage are also issues.

Nevertheless, some challenges, such as the co-operation of service providers, can already be overcome by governments. Others will become easier to overcome as technological progress is made.

What is possible? That’s an interesting question. What does it cost? That may be far more important. Stuxnet proved that some amazing things are possible. As for pulling a mini-Stuxnet to see if I’m over-sharing on the social webs, theoretical possibility may not be the most important consideration. A private detective is still the way to go.

But if Moore’s law holds and techy things continue get cheaper, better and faster, who knows?

face, integration, library, technology, Virginia

Four Seventh Grade Girls Bring Facial Recognition to the People

This is a very cool story involving market research, technology, training and integration. Congratulations to the Rocky Run Seventh-grade eCybermission team.

Rocky Run Girl Power: Seventh-grade eCybermission team is second in Virginia (The Connection)

“Our project was about biometrics and how people use passwords and user ID every day to access various online resources,” said Rashel. Aisha explained that biometrics is comprised of the individual characteristics used to identify a person.

“We did a survey at the Chantilly Library and discovered that 76 percent of the people didn’t know what biometrics was — and the 4 percent who did didn’t consider using it.”

They decided to share their solution with the community. “So we set up an experiment in the library, having people try it out,” said Nayana. “Then we gave them a follow-up survey on biometrics to get their feedback,” said Aisha.

“Over 70 percent said they liked the facial-recognition software and thought it was more efficient and secure than the traditional method of logging on,” said Rashel. It’s important, said Aisha, because “This is one of the many things that people forget to keep secure.”

Read the whole thing.