Thursday, December 3, 2015

China: Arrests in US OPM case

Chinese government has arrested hackers it says breached OPM database (Washington Post)
Beijing has repeatedly insisted that the government played no role in the intrusions, which compromised sensitive personal, financial and biometric data of the employees, and data on their families.

Costs continue to mount from Target 2013 breach

Target settles for $39 million over data breach (CNN)
The settlement is the latest in a series of payouts Target has made.

In August, Target settled with Visa for $67 million over the data hack. And in March, Target settled a federal class action lawsuit brought by customers for $10 million.

Tuesday, November 24, 2015

Healthcare: Getting serious about multifactor authentication

The Time Has Come for Two-Factor Authentication in Health Care (iHealthBeat)
William Braithwaite -- a health information privacy and security consultant and chair of the Healthcare Information and Management Systems Society's identity management task force -- noted that, no matter how long or complex passwords are, they're still vulnerable to theft. "The real problem is that passwords are being stolen, not that they're being broken," he said.

Tuesday, November 10, 2015

Face recognition in retail

Walmart’s Use of Sci-fi Tech To Spot Shoplifters Raises Privacy Questions (Fortune)
The only company that acknowledged using the software was Walmart. According to a spokesperson, the retailer tested facial recognition software in stores across several states for several months, but then discontinued the practice earlier this year.

“We were looking for a concrete business rationale … It didn’t have the ROI,” or return on investment, the spokesperson says.
Retailers and biometrics companies have been working together for years trying to figure out how to apply face recognition to the problem of shoplifting. As expected in a retail business, it all comes down to Return on Investment (ROI).

First, here's what modern shoplifting looks like. It isn't just teenagers pocketing lip-sticks and candy bars.

Police bust 'amazing' $15,000-a-day shoplifting ring (USA Today)
HAZEL PARK, Mich. — Police say a 7,600-square-foot warehouse served as the business hub for a sophisticated, multimillion-dollar theft ring that stole items from southeastern Michigan retailers and resold them on the Internet.

Veteran investigators said the shoplifting ring, which swiped as much as $15,000 a day in over-the-counter drugs and other goods from area stores, is the largest they have ever seen.

Oakland County Sheriff Michael Bouchard called the illegal business "amazing in size and scope" and one that likely operated for years before drug investigators spotted it last month.

The ring operators stored stolen items in the warehouse and sold them on the Internet through eBay, Amazon.com and other sites, investigators said.
Read the whole thing. Criminal organizations like these cause huge losses to retailers, higher prices to consumers, and increased production of dangerous street drugs. More and more, shoplifting is an organized crime problem, and everyone who isn't in on the scam pays the price in one way or another.

Privacy issues associated with facial recognition in businesses open to the public get a lot of well-deserved attention. Clearly, facial recognition technology could be deployed in businesses open to the public in ways that are injurious to a reasonable person's expectation of privacy. Brainstorming those ways, however, takes us pretty far away from the ROI calculation that is motivating retail outlets to seek out technologies that can help them reduce losses due to theft.

The privacy focus for facial recognition in retail spaces should be on what data is collected and what happens to it. In this case that means the photos and personal information that goes along with them. The easy part is that retail establishments have been collecting information on suspected shoplifters for a long time now and they already have policies about what they collect, when they collect it, and how long they retain it. The hard part is that new facial recognition technology makes sharing the information easier, securing it more difficult (and important!), and it requires new training for loss prevention staff about what, exactly, the technology is telling them.

That brings us back to the ROI. Obviously, using facial recognition to prevent a $15,000 organized crime heist helps the ROI calculation. Using facial recognition to interrupt a shopper based upon a "false positive" ID hurts the ROI calculation. So there's at least a little bit of good news here for privacy: The ROI calculation that is so important to the business's decision whether or not to use a facial recognition system does have a built-in way to account for at least some privacy concerns.

Monday, November 9, 2015

Banks like veins

Banks drawn to vein pattern recognition biometrics (Electronics News)
Vein recognition technology is restricted to checking vein patterns of living body tissues and offers reliable reading. Moreover, vein patterns are nearly impossible to counterfeit. Many banks worldwide consequently have incorporated this technology into their ATMs to improve the user authentication procedure of these machines.
While the ease of duplicating fingerprints to hack biometric systems is regularly overstated, it is a possibility. I've never even heard of anyone trying to spoof a finger- or palm vein biometric system.

The trade-off for vascular biometrics is that the sensors are typically larger and more expensive than fingerprint readers and there are fewer vendors offering vein technology. Nevertheless, certain deployments recommend themselves well to vein biometrics.

Thursday, November 5, 2015

Forecast: Global fingerprint recognition & mobile biometrics market

Global fingerprint recognition and mobile biometrics market to grow at a CAGR of 215.49% during 2014-2019 (Market Research Reports)

Banks using voice biometrics to counter social engineering

More companies are turning to voice biometrics for security purposes (Digital Trends)
Technology known as voice biometrics seems to be the next big thing in keeping your accounts safe and sound, especially with the alarming rise in call-in center fraud. In this latest version of trickery, criminals take advantage of human error and human emotions when they dial into a customer service line, describe some fictional situation that garners the representative’s sympathy, and subsequently gain access to sensitive data and, of course, money. $10 billion worth last year, in fact.
The purpose of identity management technology is to force fraudsters into social engineering. Identity management technologies can still help with that, too.

Biometrics + Cryptography

Keeping your passwords safely in the palm of your hand (electropages)
...[C]ontactless palm vein recognition technology is nothing new and was first demonstrated back in 2002 and is widely used. It works by extracting feature data from biometric data. With previous technologies, confidential data was encrypted with this feature data, but when decrypting, the feature data extracted from biometric data would usually be matched with the encrypted data. This does not present a problem when used in a personal device, such as a laptop or smartphone, but when used via an open network such as in the cloud, a more secure decryption technology is necessary to prevent leaks of biometric data.
The article discusses encryption within biometric templates using Fujitsu's palm vein technology, but the idea would seem to be applicable across biometric modalities.

Monday, November 2, 2015

Kuwait: Ministry discovers approximately 40% of paid workers are ghosts

Fingerprint attendance system exposes workers (MENAFN)
Ministry sources said the application of fingerprint attendance system uncovered many employees who continued to receive their monthly salaries although they were absent from duty for several years, in addition to those who traveled abroad without permission and others held behind bars on legal issues.

The same sources affirmed that the authorities next month will start deducting salaries and hold absentees accountable for their actions, along with those who skip the fingerprint attendance system on a regular basis.

They noted the implementation of the system has uncovered the reality of all problems and complications the ministry endured throughout the years, and last week, about 3,000 of the estimated 7,500 employees were compelled to apply for leave, and "the mass leave application'' was to avoid their inclusion in the fingerprint attendance system, as they fall in the category of 'absentees and evaders' of the fingerprint attendance system.

Positive review for Microsoft facial authentication on new hardware

Windows Hello facial logins on the new Surfaces are rather impressive (RAs Technica)
With Hello enabled, logging in to the machine is as simple as sitting down in front of it. The lock screen shows the Windows Hello "eye" looking around, and the detection is near-instantaneous. It takes longer for Windows to dismiss the lock screen and show the desktop than it does for it to recognize you in the first place. In fact, it's so quick that a kind of delay had to be built in. If there were no delay, locking your PC with Windows+L (or the Start menu option) would be nigh impossible.

Tuesday, October 27, 2015

Iris mobile NFC barcode ATM app

Citi tests ATMs that replace plastic cards with mobile phones, QR codes, NFC and iris scans (NFC World)
Customers using one of the new Irving ATMs download a mobile app and set up the transactions they wish to make when they reach the ATM on their mobile phone. They can then chose to have a QR code scanned by the ATM, tap their NFC phone against the ATM or have their iris scanned to authenticate themselves in order to complete the transaction they previously logged inside the mobile app.
This "grab bag" ID regime is interesting. Throw in Bluetooth, fingerprints, RFID and chip-on-card technology and the number of permutations of possible ID deployments goes up even higher. This is good news both for consumers and for business with ID management challenges.

Monday, October 26, 2015

India: Biometrics for financial inclusion

Financial inclusion and women empowerment (Economic Times)
In 2014, the Bhamashah initiative was refurbished with a broader coverage of gender empowerment, financial inclusion and family-based benefits. It now provides end-to-end delivery system for individuals and various family-based benefits of the government’s social welfare schemes — like the PDS, pension funds, health insurance, MNREGA and scholarships — through a centralised e-government platform by leveraging the enhanced electronic infrastructure of the state.

These transfers are made to the bank account of the woman of the house through the Bhamashah smart card, which also provides biometric identification of family members. The card is also a co-branded debit card with the participation of several banks.

The merits of financial inclusion are deeply rooted in citizen empowerment. Access to credit is a critical link between economic opportunities and outcomes. By empowering individuals and families to cultivate economic opportunities, financial inclusion can be a powerful agent for strong and inclusive growth. With women constituting half the population, their equal participation in society is imperative for sustainable development.
No wonder this man is smiling.


Amartya Sen


One of the important assertions Amartya Sen makes in "Development as Freedom" is that empowering women in developing countries through education and financial inclusion is a tried-and-true way toward economic development for a country as a whole.

He won the Nobel Prize for Economics in 1998 for his contributions to welfare economics.

Biometric technologies can help make inclusion programs more efficient and more affordable.


Europe: Biometrics to be enlisted in attempt to cope with migrant crisis

European leaders try to slow migrants as thousands enter (Toronto Star)
The leaders decided that reception capacities should be boosted in Greece and along the Balkans migration route to shelter 100,000 more people as winter looms.

They also agreed to expand border operations and make full use of biometric data like fingerprints as they register and screen migrants, before deciding whether to grant them asylum or send them home.

Tuesday, October 20, 2015

USAA tops 1 million biometric users (Houston Chronicle) — San Antonio-based USAA reported Thursday that more than 1 million of its members have signed up to use its biometric technology on its mobile app.

Thursday, October 15, 2015

Biometrics market forecast 2015-2021

Global Biometric Market 2015 at $7.0 Billion, Rising to $44.2 Billion by 2021 (University Chronicle)
Biometric modalities include hybrid fingerprint / palm print, facial recognition, iris image, and voice recognition. The global biometrics market is $7.0 billion in 2014, rising to $44.2 billion by 2021. Biometrics revenue and device shipment forecasts are segmented by modality and market segment. There are four market segments, law enforcement, border control which includes government ID systems, workplace access, and consumer ID.

According to Susan Eustis, leader of the team that prepared the study, "Biometrics represent a multi-billion dollar industry because the devices provide personal identity protection. Biometrics is used by civil authorities to permit the organization of people into units of government that are a cohesive group of people, not intruded upon by outsiders. Biometrics provides a cornerstone of law enforcement agencies with fingerprint ID."

Tuesday, October 13, 2015

Biometrics for economic development

Kenya: Biometric Exercise Boosts Kenya Adolescent Girls (All Africa)
Implemented by Save the Children, the exercise uses easy-to-use and inexpensive equipment to read students' fingerprints to record daily attendance.

The biometric information is then used to identify those students who meet the conditional threshold of 80 percent school attendance and, therefore, qualify for a cash transfer twice a term.

The cash transfer goes to their household head, whose biometric details have also been captured and linked to a bank account to facilitate electronic household cash transfers.
Many families in the developing world face difficult decisions about whether to invest in a child's education (even if it's "free") or to maximize the family's current earnings by putting children to work. Programs like the one described above have made a difference in the lives of millions in Brazil, Mexico and Indonesia and backing up the cash transfers with a biometric audit trail should help insure that available funds are used efficiently.

Thursday, October 8, 2015

Thoughts from "a true advocate and enthusiast of biometric technology"

Welcome to the Biometrics Age! (Finextra)
A future sci-fi world of disappearing passwords, the internet of things and the unique human characteristics of our body parts to verify who we are is now actually a reality!

European migrant crisis spurs interest in biometrics

Migrant crisis: EU considers locking up more failed asylum seekers (Financial Times)
EU countries should lock up more failed asylum seekers, according to hardline plans the bloc is considering to increase the number of deportations from Europe.

The proposal is one of a series of tough measures — ranging from increased use of fingerprints to more funding for detention centres — that interior ministers from across the EU will discuss at a meeting in Luxembourg on Thursday.

Wednesday, October 7, 2015

Forecast: Global biometrics market $7.0 billion in 2014; $44.2 billion by 2021 (ReportsnReports)

Pakistan: Ghost workers in Sindh

Over 25,000 'ghost' teachers identified in Sindh Education department (Geo.TV)
Sources said that, during investigation carried out by AG Sindh office and Education Department, about 25,000 out of 155,000 recorded employees have been identified as ‘fake’ in the Sindh Education and Literacy Department.

They added that ghost employees were identified by the Deputy Accountant General Education, security and examination committee with the support of biometric system.
We haven't posted on ghost workers lately, but a 16% fake employee rate is noteworthy.

Tuesday, October 6, 2015

A balanced view on authentication

Here’s why the password isn’t going anywhere (IT Pro Portal)
There’s no point in arguing about which security solution is the “best”. It’s pretty clear that the future lies with individuals using a combination of security options, each making up for the weaknesses of the others...

So rather than try to prove that a new technology is the Holy Grail and should replace passwords, it’s time to educate the public to use more than one factor of authentication. Using multiple factors will certainly increase a user’s security more than using one factor alone, no matter how secure we believe that one factor may be.

Monday, October 5, 2015

India: Prime Minister Narendra Modi has pushed for universal enrollment under the ambitious Aadhaar project by the year-end (Economic Times)

Kyrgyzstan: Fingerprint parliamentary elections

Kyrgyzstan: Nation Awaits Results as Hi-Tech Election Sets New Standard for Region (Eurasianet)
Kyrgyzstan has gone hi-tech in its efforts to ensure as clean an election as possible.

Voters received their ballot papers only after undergoing an electronic fingerprint check. As the information was processed, the voter’s image popped up on a monitor. The screen flashed red when any irregularity was registered.

Atambayev said clean and honest elections were indispensable.

“We cannot have it so that one party or one family rules the country. It is important that we protect genuine democracy and that we have a strong civil society,” he said.

There were sporadic reports of technical difficulties with the electronic system, which was being used for the first time.

While limiting opportunities for ballot-rigging, the painstaking voting procedures did also slow things down and large lines were observed across the country throughout the day.

More insight into US government fingerprint data loss

OPM Says Way More Fingerprint Data Stolen than Reported (Sci-Tech Today)

Payment biometrics growing rapidly

Biometrics to Secure over $5.6 Trillion of Payments by 2020 (Investorideas)
"Biometric vendors are experiencing tremendous growth on the back of the escalation of consumer-led adoption of biometric security. The adoption for payment purposes is a major contributor to this growth and Goode Intelligence forecasts that by 2020 it will contribute US$5.6 billion in revenue from $5.6 trillion worth of payments for companies involved in delivering biometric systems to the payments industry."
The full report from Goode Intelligence is available here.

Tuesday, September 29, 2015

Payments: Visa's chip-on-card biometrics

Visa develops a new spec that enables palm, voice, eye and facial biometrics with chip card payment. (Visa - Tech Matters)
Here’s how it works: Visa’s new architecture enables fingerprints to be securely accepted by a biometric reader, encrypted, and then validated. The specification supports “match-on-card” authentication where the EMV chip card validates the biometric so that it is never exposed or stored in any central databases. Issuers can optionally validate the biometric data within their secure systems for transactions occurring in their own environments, such as their own ATMs.

Wednesday, September 23, 2015

US: Office of Personnel Management raises assessment of biometric hack to 5.6 million individuals

OPM: Stolen biometric data list grows by 4.5 million (Fedscoop)
The Office of Personnel Management underestimated the number of people who had their biometric data stolen in this year’s high-profile hack, with an additional 4.5 million people being affected.

In a Wednesday press release, an OPM spokesman said the subset of individuals whose fingerprints have been stolen has increased from approximately 1.1 million to 5.6 million. That number, according to the agency, comes after OPM and the Defense Department identified archived records containing additional fingerprint data that were not previously analyzed.

Tuesday, September 22, 2015

US: Should governent agencies outsource authentication?

How authentication tools can save hundreds of millions in cash (Federal Times)
Federal agencies across the board are looking to improve cybersecurity by finding ways to validate users accessing citizen services online. But there are also significant savings to be found for the cost-minded agencies (read: all agencies).

Monday, September 21, 2015

Identical twins don't have identical fingerprints

Biometric data helps immigration authorities catch woman using twin's identification (WPLG - Miami).

Security vs Privacy discussion matures...

Roundtable: Identity and access management (SC Magazine)
It's a line that's hard to walk, the one between usability, security and privacy – one that might get harder and harder to walk if things keep going the way they are. Increasingly, businesses depend on personal information offered by customers, Chandler reminds us: “We're going on to a shared business environment, where we share information in order to make the community better.” With the growth of wearables, sensors and the Internet of Things – voice-activated TVs for instance – this trend might be hard to mitigate.

Friday, September 11, 2015

US: Iowa, Morpho Trust, and prototype digital ID's

Iowa DOT Using Digital ID’s (WHOtv)
Iowa Department of Transportation Director Paul Trombino says Iowa is the first state to offer a prototype for digital licenses currently being used by Iowa DOT employees. The new licenses which will only be optional and not mandatory are fitted with even more secure technology than the card version.

Trombino explained, "I use a fingerprint to open up my phone that can help authorize that. You may have to make a facial movement so it`s not just looking at a picture in order to open up the biometric perspective, so only you can open that up." If that isn't secure enough, "The picture physically moves, so it`s not a static picture like your regular driver`s license," said Trombino.

Wednesday, September 9, 2015

Australia funds national face recognition capability

Govt funds $18.5m Aussie facial recognition database (iTnews)
It will allow law enforcement agencies to share citizens' facial images to identify unknown individuals and verify identities.

The 'national facial biometric matching capability' will match a facial photograph to images on passports, visas and driver’s licences, and will initially offer functionality to match the identities of known individuals. It will later be able to match unknown individuals, the AGD said last month.

It will be targeted towards identity theft, fraudulent identity documents and "other serious criminal activity", AGD said.

Tuesday, September 8, 2015

Japan airports to install mobile biometric terminals to screen foreign passengers (Airport Technology)
After capturing the visitors' images and fingerprints, the terminals will send the information to the immigration desk.

The Justice Ministry expects Biocarts to reduce waiting time for travellers as well as ease the burden on the immigration staff.

Another Illinois Facebook face recognition lawsuit

Gillen v Facebook (Scribd)

Note: BIPA = Biometric Information Privacy Act

I have removed two footnotes in original.
NATURE OF ACTION

1. Plaintiff brings this action for damages and other legal and equitable remedies resulting from the illegal actions of Facebook in collecting, storing and using Plaintiff’s and other similarly situated individuals’ biometric identifiers and biometric information (referred to collectively at times as “biometrics”) without informed written consent in violation of the BIPA.

2. The Illinois Legislature has found that “[b]iometrics are unlike other unique identifiers that are used to access finances or other sensitive information.” 740 ILCS 14/5(c). “For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”

3. In recognition of these concerns over the security of individuals’ biometrics – particularly in the City of Chicago, which was recently selected by major national corporations as a “pilot testing site[] for new applications of biometric-facilitated financial transactions, including finger-scan technologies at grocery stores, gas stations, and school cafeterias,” 740 ILCS 14/5(b) – the Illinois Legislature enacted the BIPA, which provides, inter alia, that a private entity like Facebook may not obtain or possess an individual’s biometrics unless it: (1) informs that person in writing that biometric identifiers or information will be collected or stored, see id.; (2) informs that person in writing of the specific purpose and length of term for which such biometric identifiers or biometric information is being collected, stored and used, see id.; (3) receives a written release from the person for the collection of his or her biometric identifiers or formation, see id.; and (4) publishes publically available written retention schedules and guidelines for permanently destroying biometric identifiers and biometric information, see 740 ILCS 14/15(a).

4. In direct violation of each of the foregoing provisions of § 15(a) and § 15(b) of the BIPA, Facebook is actively collecting, storing, and using – without providing notice, obtaining informed written consent or publishing data retention policies – the biometrics of its users and unwitting non-users.

5. Specifically, Facebook has created, collected and stored over a billion “face templates” (or “face prints”) – highly detailed geometric maps of the face – from over a billion individuals, millions of whom reside in the State of Illinois. Facebook creates these templates using sophisticated facial recognition technology that extracts and analyzes data from the points and contours of faces appearing in photos uploaded by their users. Each face template is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person.

6. Plaintiff brings this action individually and on behalf of all others similarly situated to prevent Facebook from further violating the privacy rights of Illinois residents, and to recover statutory damages for Facebook’s unauthorized collection, storage and use of unwitting non-users’ biometrics in violation of the BIPA.
A wrinkle in this lawsuit is that the plaintiff is not, and never has been, a registered Facebook user and therefore could not have agreed to Facebook's terms of service.

Friday, September 4, 2015

Serious ROI in remote patient monitoring

How one health system saves $90,000 per patient (Healthcare IT News)
NAH [Northern Arizona Healthcare] saw hospitalizations drop from 3.26 mean per patient to 1.82 and days hospitalized drop from 13.98 mean per patient to 5.13 and, based on the health system's data about the first 50 patients six months prior to enrollment and six months after enrollment, that added up to savings of approximately $92,000 per patient.
The "biometrics" discussed in the article aren't biometrics for identification, but ID biometrics will certainly be a part of the picture as these kinds of technologies are adopted more widely.

New DHS plans for biometrics should inform current corporate CIO's

DHS Outlines Plans to Enhance Use of Biometric Tech (Find Biometrics)
America’s Department of Homeland Security has released a new strategic framework on how it plans to move forward implementing biometric technologies. Entitled “DHS Vision Statement on Enhanced Biometric Capabilities”, the document indicates a tightening embrace of the technology.
The full DHS vision statement can be downloaded here [.pdf; 13 pages].

Interesting excerpt:
The DHS Office of Biometrics and Identity Management (OBIM) operates and maintains the DHS Automated Biometric Identification System (IDENT) and provides identity management services and expertise across DHS. Front‐end capabilities (i.e. biometric collection devices, applications, interfaces and supporting infrastructure) are each managed and maintained independently by the components, with limited collaboration. National Security Presidential Directive (NSPD)‐59 / Homeland Security Presidential Directive (HSPD)‐24 “Biometrics for Identification and Screening to Enhance National Security,” charges federal executive departments and agencies to use mutually compatible methods and procedures in the collection, storage, use, analysis, and sharing of biometric information. Access to external federal biometric databases however, through bilateral interoperability agreements, is not fully implemented, requiring DHS components to employ mission centric solutions for integrating certain biometric exchanges with the Federal Bureau of Investigation (FBI) and the Department of Defense (DoD). This requires DHS components to work independently with the FBI and DoD to integrate with each biometric system for access to data that assists in identifying and adjudicating subjects. The current IDENT system, although able to store multi‐modal biometrics, offers matching capability for fingerprints only, limiting operational components’ ability to implement the use of alternate biometrics that may better suit operational needs. Current DHS Component systems tend to be encounter‐based – instead of person‐centric – requiring biometrics collection processes to be repeated, rather than just verified. Connectivity for systems that collect biometrics in the field is inconsistent, often not allowing real‐time access to federal biometric databases. Further, existing biometric collection systems in the field are dated, many are at end‐of‐life, impacting the quality of the biometrics collected, which affects overall performance.
Current and prospective CIO's should reread that paragraph. The future of identity management is large-scale, multimodal, interconnected and updated as soon as possible, and provides access to virtual and physical resources. The earliest adopter of large-scale biometrics is coming to grips with the challenges of biometrics 2.0. At SecurLinx, we have designed our technology and approach to help our customers cope with the dead-ends and cult-du-sacs associated with gradual adoption of new ID technologies and provide them the flexibility to take advantage of the opportunities afforded by emerging technology.

Thursday, September 3, 2015

Mature talk on authentication...

Security vs. usability—that's the choice we make with passwords (Phys.org)
We all need some kind of authentication process if we are to access information systems at work or at home. We know why we need to do it: to make sure we have access to our data and unauthorised people don't.

So why do we routinely ignore such advice[...]?
Not all passwords protect equally valuable access. It turns out that many people are choosing weak passwords on low-priority systems like retail and media sites, and stronger authentication measures on high-priority systems like finance and work-related systems.

This sheds light on why even rigorous security measures like biometrics are being applied to instances where people are willing to jump through more password-related hoops but find the password regime horribly inconvenient.

Thursday, August 20, 2015

Windows Hello face recognition not fooled by Australian twins

Microsoft's facial recognition software does something amazing when it encounters twins (Business Insider)
Each set of twins set up an account for one and then the other attempted to log-in — and the software held. According to The Australian, there was not one instance of Windows Hello allowing the wrong twin access to the computer.
The headline to the contrary, notwithstanding, Microsoft's facial recognition software pretty much does nothing when it encounters a legitimate user's identical twin.

MasterCard announces two biometrics pilots

MasterCard puts faces and fingers under microscope (Mobile World Live)
MasterCard and First Tech Federal Credit Union, a US financial institution, will pilot the authentication of payments using facial and fingerprint recognition, in what they claim is a first for the country.

Separately, MasterCard is running another biometrics trial with International Card Services (ICS), the leading credit card provider in the Netherlands.

Biometric ID at issue in California Uber fight

Uber driver background checks 'not good enough' (BBC)
At a press conference, George Gascon, district attorney in San Francisco, said problems with the data that Uber relied on to check drivers meant it could miss some former criminals. For instance, he said, 30,000 registered sex offenders were not in the database Uber used.

An alternative screening system used by other cab firms called Livescan did catch people who were on the sex offenders list, said Mr Gascon.

ID overhaul exposes ghost pensioners in Trinidad & Tobago

4,000 fraudsters lose benefits (Entorno Inteligente)
The Biometric Card will technologically exceed its predecessor, the Debit Smartcard, said Newallo-Hosein, and will translate biological information into digital recognition.

As a result the social safety net will become tight yet more efficient than at present.

Wednesday, August 19, 2015

Market forecast for fingerprint access control systems

Fingerprint access control systems: Market analysis by technology and market segment; forecasts to 2022 (Grand View Research)
The industry can be segment based on application as commercial, consumer electronics, military & defense, government, healthcare, banking & finance, and others. Government and commercial is anticipated to be key application segment over the forecast period.

Commercial fingerprint access control systems market is expected to be dominant over the next seven years, and accounted for over 30% of the overall revenue in 2014. Government application segment is expected to grow at a CAGR of over 6.5% from 2015 to 2022.

Tuesday, August 18, 2015

Market forecast for healthcare biometrics

Biometrics in the Healthcare Industry (Tractica)
...[S]tarting from a base of $250 million in 2015, Tractica forecasts that global healthcare biometrics revenue will reach $3.5 billion by 2024, with cumulative revenue for the 10-year period totaling $12.5 billion at a compound annual growth rate (CAGR) of 34%.

Monday, August 17, 2015

You know better but I know him

If we go to biometric IDs, will hackers try to steal your face? (CreditCards.com)
How much damage could a data thief do with your biometrics? According to experts from three different biometric modalities, the threat of someone virtually slipping into your skin is based far more on Hollywood-fueled paranoia than how biometrics are actually secured and deployed in the real world.
An analysis of iris, vein and heartbeat biometrics follows from there.

The piece also serves as a useful counterpoint to this one at InfoWorld which has biometric authentication technology as "Doomed security technology No. 1," where the author's formulation,
"After all, using your face, fingerprint, DNA, or some other biometric marker seems like the perfect log-on credential -- to someone who doesn't specialize in log-on authentication."
begs the retort: After all, using your face, fingerprint, DNA, or some other biometric marker seems like it is destined for history's dustbin -- to someone who doesn't specialize in biometric authentication.

Thursday, August 6, 2015

Microsoft and Synaptics working on fingerprint hardware

Synaptics TouchPads to work with Windows Hello (WinBeta)
The new TouchPads would be able to read your fingerprint to enable Windows 10’s new biometric login feature Windows Hello, which aims to eliminate the use of passwords by replacing them with either fingerprints, facial recognition, or iris scanning.
Morphing the touch pad mouse sensor hardware into a fingerprint reader would be pretty cool. Getting the ID transactions right, though, will be a pretty heavy lift, technically, depending on the use model.

More baseball stadium biometrics...

Yankees announce improved security and entrance measures for fans (Crain's) — Yankee Stadium visitors soon will be able to avoid long security lines by registering their fingerprints with a biometric identity service used at 12 U.S. airports.

In another deployment the St. Louis Cardinals (baseball's second-most successful franchise in history) have installed iris biometrics for player and staff access control in more secure locations.

Tuesday, August 4, 2015

Kudos to Morpho

MorphoTrak Leads With Face Comparison Training (Financial Content)
MorphoTrak, a U.S. subsidiary of Morpho (Safran), announced today that it will offer vendor-independent training* in face comparison, filling an acknowledged gap in the field of computer-aided face recognition and facial identification. Automated face recognition systems are common in both law enforcement and civil applications, yet facial matching software can only present the reviewer with potential matches. It is up to the human reviewer to decide whether two facial images belong to the same individual.


*“Vendor-independent training” means that the techniques the course will teach work for all face examiners, no matter what face recognition software they are using.
Kudos to Morpho. Facial recognition is a powerful tool for well-trained users. This challenge is well known among those who have worked to place facial recognition capabilities into the hands of law enforcement and security professionals.

Computers don't look at the world the way we do. Whether that's a good thing or not depends on what you're trying to accomplish. For facial recognition in a law enforcement context, it's a good thing to have a radically different point of view applied to a challenge.

First, faces are probably the most meaningful objects in human existence. It's not too much of an exaggeration to say that for millennia human survival has depended upon our abilities at one type of facial recognition: recognizing people you know. Sorting through hundreds of thousands of pictures of people we don't know in order to match the two that are of the same person, however is not something we're inherently good at.

Computers can do that in less than a second, then give the two pictures to a human which is very good at making the single comparison — if that person understands their role in the machine-human partnership well.

Training is the key.

Microsoft, privacy and biometrics

Microsoft moves to quell Windows 10 privacy fears (Daily Nation)
According to the company's privacy statement, some of the information collected include "your typed and handwritten words", emails, conversations users have with the digital assistant, Cortana, location data and selections, such as stocks a user follows in a finance app, or the team a user supports in a sports app. Articles detailing privacy concerns have appeared in The Guardian, Newsweek and the Financial Times.

In the statement supplied Monday, the company says Microsoft does not sell the information customers provide it, but makes it available to employees and third-party engineers to improve Microsoft services.

Users can choose the level of information they send to it and selectively remove the information that Cortana, the digital assistant, tracks, while no biometric data from Windows Hello is shared with third parties, the company said.
It looks like the attention Microsoft is getting for privacy concerns surrounding Windows 10 is mostly to do with default settings. It also appears that Microsoft treats biometric information differently by default, not sharing it even with trusted third-party developers.

Two of the issues, surrounding Wifi Sence and how Windows Update Delivery Optimization (WUDO), are covered very well by The Hacker News which provides simple instructions for how to address them by changing default settings.

Reading through both of the Hacker News pieces, a picture of Windows 10 emerges that shows Microsoft giving serious thought to how make connectivity simpler with Wifi Sense while making the Windows ecosystem more resilient to the security threats already out there and those that easier connectivity implies with WUDO.

Friday, July 31, 2015

US: San Jose airport/Alaska Airlines test program for fingerprint boarding

Alaska Airlines: Fingerprints replace boarding passes (Desert Sun)
Those who signed up for the test went through an enrollment process that took about 20 minutes. After that, they were permitted to use their fingerprints to access the TSA screening area through the CLEAR lane. Fingerprint readers at the boarding gates were able to pull up a passenger’s boarding pass for the gate agent to review.

“The feedback was very positive,” said Tolzman. “On a survey scale of ‘dissatisfied’ to ‘delighted’ over 85 percent of the participants were delighted with the system.”
With the Colorado Rockies stadium access, that's news of two innovative CLEAR deployments in two days.

Thursday, July 30, 2015

US: Professional baseball team offering fans fingerprint fast lane

Rockies Fans to Get Biometric Fast Access to Ballpark (Find Biometrics)
There will be a dedicated Fast Access entrance set up, and those who have already registered for CLEAR’s air travel eGates will be able to get in right off the bat, while newcomers can sign up at the event provided they have a driver’s license.

Wednesday, July 29, 2015

Windows 10 is here

Microsoft's big day is here and for biometrics that means Hello, biometric authentication for Windows 10 devices.

The promo is quite snappy.




But even though the promo piece concentrates on face recognition, Hello face logins are limited to the Intel Real Sense 3D camera. With limited options for external face hardware, how about fingerprints? Does Hello support a wider range of fingerprint hardware? It appears that it does.

Foraging around the internet, I found this May, 2015 piece by Richard Hay at WinSuperSite.com that details his experience integrating an off-the-shelf budget fingerprint reader with a beta version of Windows 10 Hello. It seems pretty straightforward. That means that the fingerprint login is probably going to be easier for most people who want to take advantage of Hello, at least on desktops. Carrying a USB connected piece of hardware won't work as well for mobiles running Windows 10, but it makes sense to expect Windows phones with onboard fingerprint readers soon, especially given Microsoft's investment in Hello..

My personal preference on fingerprint hardware is for sensors that capture the whole image of the fingerprint instantly over the swipe readers, but they are more expensive.

All the early Hello press revolves around access to the device, and it's true that Windows and fingerprint hardware manufacturers have supported a lot of this functionality for years, now. It remains to be seen how deeply into the operating system the biometrics go. Still, one fewer password is welcome.

Tuesday, July 28, 2015

India: Biometric verification required for student ID and attendance

Biometric attendance must for jr colleges (Pune Mirror)
"We have made biometric attendance mandatory for all junior colleges. This will also let us compare statistics of students opting for specific colleges and give us data about students admitted to that college under the centralised admission process. While this system will leave no room for bogus admission at any city college, it would also make students serious about attending their lectures. Their casual attitude regarding college will change," said Ramchandra Jadhav, DyDE.
A large potion of that educational institutions must do revolves around identity management.

Banking biometrics taking off in West Africa

A couple of stories out today from West Africa's largest country, Nigeria, and perhaps its most respected, Ghana, tell of adoption of large-scale biometric deployments in finance.

Nigeria Inter Bank Settlement System (NIBSS) has disclosed that over 18 million customers have so far enrolled for the Biometric Verification Number (BVN) exercise (The Sun)

Eight foreign remittance firms join Ghana's e-Zwich (Modern Ghana)

Thursday, July 23, 2015

Biometric sign-on

Biometric SSO - A secret weapon to protect your data (Engadget)
The advantages of using biometric SSO solutions for securing enterprise information are huge. Firstly, utilizing biometric SSO authentication provides stronger authentication and security instead of relying on traditional passwords. It is nearly impossible to steal or duplicate biometric characteristics for authentication purposes. Besides, biometric characteristics are unique for every person in the world; even identical twins have different biometrics. Hence, biometric SSO achieves the highest level of identification accuracy. Secondly, implementing a biometric SSO technology is considered as a cost effective solution to reduce financial losses from being compromised by weak password management policies. Thirdly, the variety of biometric SSO modalities available such as fingerprint, iris, vein, and palm brings a huge flexibility to organizations to achieve better return on investment.
Often overlooked, biometric hardware itself provides an enormous security benefit. From this 2012 post on biometrics in schools...
Biometrics provide for far more secure information because the biometric sensor hardware itself provides a layer of protection that a keyboard never can provide passwords. In the standard Username/Password regime, the hardware used, the keyboard, offers no additional security. With username/password authentication, a hacker needs only a keyboard to fill in the proper fields and she gains access to the network. If that username/password is a superuser or administrator credential, an organization may see some turnover in the CTO function.

Biometric authentication is very different animal because with biometrics, the hardware layer does provide extra security. If the hacker steals a biometric or unencrypted biometric template (a long character string), she can't just type it in even if she finds the place in the programming that handles the template. It has to come from the fingerprint sensor. The template resulting from a verification attempt is like a single use password created during the interaction of a physical object (body part) with certain known sensor.

Security integrators and IT professionals in the IoT era

Role Of Security Integrators In The Internet Of Things Era (Source Security)
Networking IoT devices may seem like an information technology (IT) function, typically handled by a chief information officer (CIO). However, says Martens, CIOs will be preoccupied with complex issues far beyond physical security. Therefore, identifying where IoT sensors are placed, how they are managed and how they interact will fall to facility managers. And they will depend on their security integrators’ expertise more than ever.
Technology is pushing the security and IT functions closer together, most obviously because they are increasingly provided over the same infrastructures. There's a lot of good insight at the link.

Market analysis from IndustryARC

Next Generation Biometrics Market is estimated to be $5.9 billion in 2014 and is growing at a healthy CAGR of 22% (IndustryARC)
The market is characterized by established brands with high revenue; high R&D capital reserves and well instituted distribution channels. But, the market place is also being disrupted by firms with innovative solution that have emerged to solve specific problems. With cost effective solutions offering greater security, companies will be able to position themselves uniquely.



Tuesday, July 21, 2015

Fujitsu: Iris biometrics for mobile devices

Iris Scanner Unlocks Smartphones Using Infrared LEDs (Electronic Design)
The growing number of smartphone thefts, both in the United States and abroad, has prompted manufacturers to incorporate more resilient security methods into their designs. Fujitsu Ltd., for instance, recently unveiled the Arrows NX F-04G smartphone, which uses infrared light-emitting diodes (IREDs) to support iris scanning authentication.
A suitable illumination source had been a major hurdle for iris biometrics on mobile devices. Fujitsu demonstrated a prototype mobile device using iris technology in March, 2015.

Monday, July 20, 2015

Jamaica: Face rec audit for passport issuance

Jamaica uses biometrics to secure passport issuance system (Security Document World)
The Jamaican Government has announced it will attempt to prevent passport application fraud by adding a biometric facial recognition system to its current passport issuance and control system (JPICS).
Every passport issuer should be doing this.

Thursday, July 16, 2015

A Millennial's vision for biometric banking

A Millennial’s Mindset: Money and Biometrics (Finextra)
The best thing for me would be a fast, easy and secure process, designed around me. Why can’t I use my biometric data to have a joined up experience? Without removing body parts, it is hard to steal from you. Biometrics would enable me to identify myself immediately.
We agree; and we're working on it.

If it seems like things are moving slowly, it's only because there's a lot that had to be done on the infrastructure side first. A whole lot.

US: Biometric entry-exit system getting off the ground in Atlanta

Fingerprint scanner tested on foreigners leaving Atlanta (Security Info Watch)
U.S. Customs and Border Protection officers began using the devices last week to scan some foreign passengers on selected flights at Hartsfield-Jackson Atlanta International Airport, agency spokeswoman Jennifer Evanitsky said Tuesday. The test will be expanded in the fall to airports in Chicago, Dallas, Houston, Los Angeles, Miami, Newark, New York, San Francisco and Washington.
The US Congress first required such a system in a law passed in 1996.

Wednesday, July 15, 2015

Assessing the damage related to fingerprints in hacked government database

How Much Damage Can OPM Hackers Do With a Million Fingerprints? (Nextgov)
Though the idea of hacked fingerprints conjures up troubling scenarios gleaned from Hollywood's panoply of espionage capers, not much is currently known about those that OPM said were swiped in the data breach, which began last year and has been privately linked by officials to China. In fact, the agency said it didn't even know yet specifically which personnel have had their prints compromised.
The linked article is really good in that it spends a great deal of analysis of the unknowns, and there are many.

While a collection of images of the fingerprints of US government employees — if that is an accurate description of that was taken — certainly has its uses, not all potential uses are equal or equally likely.

In terms of identity fraud, the 1.1 million government employees who had their fingerprints stolen may not be a whole lot worse off than the 20 million or so other government employees who had their personal information stolen minus the fingerprints, though that is cold comfort indeed to the victims. If the individuals whose information was stolen are given the precise details of the personal information that is now "out there" they will be able to make informed decisions about how they wish to manage their affairs going forward. That includes how they might interact with biometric ID management technologies in the future both in and outside of government applications.

The intelligence value of the fingerprints of government employees is different story. With time, money, and pictures of a million fingerprints, it is possible to build a fingerprint watch-list. Probably, not all of the pictures of fingerprints will be of a high enough quality to be enrolled in an automated system today but more time and more money could help. From there, the new watch-list could be accessed by a new or existing biometric ID technology deployment such as a checkpoint serving whatever purposes its owner has for it.

There is probably a lot the government still doesn't know about what was stolen, and even more that hasn't been shared with the public and more importantly with the individuals whose information has been compromised. It will also take some time for the stolen information to be put to use. The Office of Personnel Management has a lot of work ahead of it.

Monday, July 13, 2015

FBI's Rap Back program will use biometrics to alert government agencies of felony arrests of their employees

D/FW Airport to be among first users of FBI criminal history tracking effort (Dallas Morning News)
D/FW Airport and Boston’s Logan International Airport were the two selected by the Transportation Security Administration to pilot the FBI’s Rap Back program. The program allows the TSA to continuously track employees for felony-level arrests, rather than relying on individuals to self-report their crimes.

Biometrics figure in Accenture "Digital Trust in the IoT Era" consumer research

Security: Moving away from passwords to less penetrable security (PDF - Accenture)
Consumers are feeling less secure about the reliability of usernames and passwords to protect their personal data and are increasingly frustrated with the often tedious and inconvenient process of having to manage and remember multiple passwords and usernames. To address this challenge, innovative biometric authentication methods for connecting to the internet, such as use of human finger and palm prints, irises and voice recognition, are being developed rapidly.


The landing page for Accenture's Digital Trust in the IoT Era report is here.

Friday, July 10, 2015

ID management in the cloud

Biometric Cloud-Based Offers Attractive Deployment (Engadget)
Cloud-based biometric technology offers attractive deployment possibilities, such as smart spaces, ambient intelligence environments, access control applications, mobile application, and alike. While traditional (locally deployed) technology has been around for some time now, cloud-based biometric recognition technology is relatively new. There are, however, a number of existing solutions already on the market...

Thursday, July 9, 2015

Ireland: Biometrics helping reduce welfare fraud

Welfare fraudster caught using facial recognition software (Irish Times)
A father of three who committed €25,000 worth of social welfare fraud until he was caught using facial recognition software has been jailed for 18 months.

Younger consumers lead biometrics demand

How mobile identity can unlock the DNA of trust for the financial sector (Information Age)
More than two-thirds of UK consumers think that using biometrics – such as voice, fingerprint, iris and facial recognition – would be more secure and help reduce the risks of fraud. These findings were consistent with consumers across Australia, Singapore, Indonesia, Malaysia, the United Kingdom and United States.

Wednesday, July 8, 2015

Australia gearing up for huge biometrics tender

CrimTrac to extend national biometric identification database (The Financial Review)
CrimTrac, the federal biometric information repository, wants more freedom to flexibly access other databases, such as national location data, as the national broadband program gradually progresses towards a fully functional, nationally available high-speed data network.

It is looking for a specialist information technology supplier to tool up a more flexible, versatile operating installation which can incorporate a range of new techniques as they become available, and can cope with the ever-spreading list of mobile devices being deployed in the field by policing agencies.

Tuesday, July 7, 2015

You can use biometrics, too

Biometric Technologies Are Competent To Use In Homes Or Any Establishments (World TVPC)
So as you can see using biometric scanners as a means to secure your home or office building is absolutely necessary. It is one of those things that you would be thankful for that human ingenuity worked towards your favor instead of against it.
Much of the discussion of biometrics tends to represent the technology as something foisted upon ordinary people by governments or corporations. That is changing.

Not with a bang, but a whimper

Biometic Security Measures Put Slow Squeeze on Passwords (IT Business Edge)
One of the touchstones for the computer age and, more specifically, its insecurities and dangers, is the password. Very slowly, however, the password may be on its way out, both for stationary and mobile users. In favor are various biometric security measures.
Lots of good links in the article.

Monday, July 6, 2015

FBI face rec leads to fugitive pedophile

FBI using facial recognition despite privacy concerns (Valley News - Fargo, ND)
For 19 years, Lynn Cozart eluded authorities after being convicted of sexually assaulting his three children.

He failed to show up for his sentencing hearing and seemed to drop off the map. So in a desperate bid to track down the Pennsylvania native, an FBI agent submitted Cozart's mug shot to the agency's newly created Next Generation Identification (NGI) system, which among other things uses facial recognition software to identify suspects.
The story continues at the link. With input from privacy advocates and law enforcement officials.

Friday, July 3, 2015

Security insights from Unisys

Unisys Security Insights: U.S.
A Consumer Viewpoint - 2015
(Unisys - Browser-based PDF)

Source: Unisys

The survey, in general is concerned with data security and has interesting survey data reflecting the relative data security concerns of the United States public broken down by industry.

Blink once for "yes"

MasterCard is testing a new way for you to pay with your face (Engadget)
MasterCard announced on Thursday that it's looking to add a layer of biometric security to its credit cards and all user will need to do is simply take a selfie. The system will create a digitized map of your face, convert that map into a hash and compare it to the hash stored on Mastercard's servers.

Here's a quick demo:



Thursday, July 2, 2015

Forecast: Global Smart Security Market 2015-2019

Latest report on the global smart security market that is estimated to grow at a CAGR of 18.59% over the period 2014-2019 (Sandler Research)
Smart security solutions are used to monitor the activities and behavior of people in areas that are more prone to unauthorized access or damage, such as enterprises, educational institutions, commercial buildings, and utility infrastructure. Smart security includes advanced security systems such as IP surveillance cameras, biometric access control systems, integrated perimeter intrusion prevention systems, and wireless alarms. Thus, these solutions can secure an area from miscreants, terrorist activities, and data theft.

Adoption of intelligent security solutions for cities and their infrastructure not only provides security but also peace of mind to the residents.

The analysts forecast global smart security market to grow at a CAGR of 18.59% over the period 2014-2019.

Tuesday, June 30, 2015

Not a bug, but a feature

Massive errors mar Aadhaar enrolment (Times of India)
The enrolment process for Aadhaar in Odisha is dogged by massive rejection of data due to errors. According to the directorate of census operations here, enrolled biometric data of 40 lakh people stand rejected by the Unique Identification Authority of India (UIDAI), the Aadhaar body, as on June 15.
Some facts:
Odisha is a state in eastern India. The wiki has its population at 43.73 million as of 2014.
1 lakh = 100,000
1 crore = 10,000,000
All numbers not quoted from the article are in more familiar units.


The article goes on to say a lot about the numbers. 31,700,000 out of 38,400,000 people (82%) of the eligible population have been registered successfully.

The 4 million rejected applications are divided as follows.

2 million were rejected because they were submitted by operators who have been barred from submitting applications. UID works by outsourcing enrollment to private operators who are then paid by the government for accepted applications. Operators who have submitted too many error-riddled or fraudulent applications have been banned from the market.

1 million have been rejected for being duplicate applications, as is proper.

That leaves 1 million true "errors," or failed enrollments that are potentially valid and are described as those submitted on behalf of "very old people and children (between five to 10 years), whose finger prints and iris scans were not registered properly." Now, it may turn out that some of these failed enrollments are duplicate applications as well and it will probably turn out that many (if not most) of these people can be enrolled on a second pass where extra care is taken during the enrollment process. Nevertheless describing 1 million failed enrollments out of 32.7 million presumably legitimate applications as "massive errors" seems uncharitable.

Also, UID contains a "Biometric Exception Clause" which allows for creating UID numbers for people whose biometrics cannot be enrolled. As of May 2015, across India, around 618,000 (0.07%) of UID numbers have been issued with biometric exceptions.

Israel continues toward biometric ID

Knesset Extends Biometric ID Trial Program (Arutz Sheva)
The law was passed in part to prevent identity theft and the loss, theft and destruction of the blue ID cards issued by the Interior Ministry, which had spiraled out of control in the decade prior to 2007. It was later revealed that more than half of those requesting new documents had a criminal background.

US visa delays: It'll all be over soon

US visa processing back to normal after computer glitch (Dawn)
US visa processing has returned to full strength after hardware problems, the State Department said on Monday, noting that 410,000 visas were issued in a week as officials scrambled to clear a huge backlog.
According to the article, 410,000 visas have been issued in the last week. Compared to the average of 50,000 daily visa requests (350,000 per week), that would clear about 60,000 applications in the backlog if June is an average month for visa applications.

Monday, June 29, 2015

UC Davis develops mobile ultrasound fingerprint reader

Ultrasonic fingerprint sensor may take smartphone security to new level (Science Daily)
The basic concepts behind the researchers' technology are akin to those of medical ultrasound imaging. They created a tiny ultrasound imager, designed to observe only a shallow layer of tissue near the finger's surface. "Ultrasound images are collected in the same way that medical ultrasound is conducted," said Horsley. "Transducers on the chip's surface emit a pulse of ultrasound, and these same transducers receive echoes returning from the ridges and valleys of your fingerprint's surface."

Friday, June 26, 2015

Malaysia: UN Commision recommends biometrics for Burmese refugees

Introduce Biometric ICs To Regulate Refugee Situation In Malaysia, Suggests UNHCR (Malaysian Digest)
In the face of the recent influx of ethnic Rohingyas fleeing from persecution in Myanmar, Malaysia finds itself caught between encountering a humanitarian crisis and having to deal with the security and social problems that are bound to arise when asylum-seekers are allowed to swarm into the nation.
UNHCR is the United Nations High Commission for Refugees.

There's a lot of information on this tragic situation at the link.

Australia: Parliament divided on increasing border biometrics

Government biometrics bill meeting resistance (CSO)
If passed, the Migration Amendment (Strengthening Biometrics Integrity) Bill 2015 would expand the types of biometric identifiers that customs authorities can collect and the circumstances and places in which they can gather them.
 

Philippines: Electoral commission deletes some quantity of valid biometric voter registrations

Biometric data of early registrants lost - Comelec (InterAksyon)
Comelec spokesman James Jimenez did not say how much data had been lost, only acknowledging it was “not a very large number.”

He said they have written and otherwise informed affected voters “to come in and provide biometrics again.”
Biometric registration is mandatory for participation in the general election next year.

Thursday, June 25, 2015

Find Biometrics conclues monthlong focus on healthcare

Healthcare Month: The Remote Care Revolution (Find Biometrics)
Biometric technology, as we outlined in this month’s primer, can be used not only for security in healthcare and patient identification but also as a way of taking the hospital home. While the former two of these technology paradigms is focused on authentication and the latter on monitoring and data analytics, they both serve to address the same larger issue in hospitals and clinics: resource efficiency.
There is a wealth of great information at FindBiometrics.com

The line between Security and IT is getting blurrier

Bridging the gap between physical and logical access (Security Info Watch)
With the push by many end-users to migrate their physical access control systems to the IT network in recent years has also come an increased demand for solutions that can streamline both physical and logical access in a way that is less burdensome on workers.
Read the whole thing.

Wednesday, June 24, 2015

Useful perspective on face recognition technology

Is facial recognition tech really a threat to privacy? (BBC)
Facebook has decided not to offer its photo-sharing app Moments in Europe because of regulator concerns over its facial recognition technology.

And earlier this week, talks between US tech firms and privacy campaigners broke down over fears about how the industry is planning to use the tech.

So why is there so much concern over facial recognition tech, and is it justified? We unpick some of the issues.

ID and the internet of things

The Internet of Everything: Is your company ready for machine intelligence? (VentureBeat)
While most of us are familiar with biometric authentication, machine learning may make authentication effortless. “It’s about convenience,” says Zaki. “Our vision is that authentication should be happening in the background continuously.”

If you’re typing on your phone, your fingerprint can be immediately detected; if you’re looking at your screen, your iris can be scanned. Multifactor authentication can include a number of things...
It's going to be a programmatic challenge, but creating a "smart environment" that takes in bits of information from all available sources in order to identify individuals for logical and physical access control is becoming a possibility.

US: Making progress on visa issuance problems

US begins to fix visa problems, big backlog to clear (India Today)
"The database responsible for handling biometric clearances has been rebuilt and is being tested," Kirby said, adding that 33 U.S. embassies and consulates, representing 66 percent of normal capacity, are now online and issuing visas.
The exact nature of the problems that caused the US visa system to ground to a halt hasn't been made clear to the public. In articles informing this post and the previous one, "hardware" and "database" have been the only technical specifics mentioned. It's hard to say what went wrong without knowing exactly how the State Department's system was built, but it looks like things are returning to normal.

More progress will help clear the backlog of visa applications.

Friday, June 19, 2015

US: Visa systems issues related to hardware failure

Hardware glitch in Washington freezes US visa issuance worldwide (Times of India)
The State Department said the June 9 failure was preventing it from processing and transmitting the mandatory security-related biometric data checks routinely carried out at embassies and consulates worldwide, and it could take up to a week to fix it.
This Wednesday release from the State Department doesn't contain much detail that isn't included in the Times of India article linked above.

US: Face recognition ID check trial concluded at Dulles Airport

First phase of facial recognition trial at Virginia airport ends (Planet Biometrics)
The system captures live facial images of travelers entering the U.S., and compares those images against those stored electronically in travelers' passports.
The most interesting thing is that this hasn't been standard operating procedure for years already, as it's hard to conceive of a simpler facial recognition application. The hardest part would seem to be retrieving the image from the chip embedded in most modern passports.

Thursday, June 18, 2015

Forecast: Next Generation Biometrics Market to 2020

Next Generation Biometrics Market by Application, Technology, Function & Geography - Global Forecast to 2020 (Report Linker) — According to this report, the next generation biometrics market is expected to reach $24.4 billion in 2020, at a CAGR of 17.9% between 2015 and 2020.

Tuesday, June 16, 2015

US: Face recognition code of conduct confab loses privacy advocates

The National Telecommunications and Information Administration (NTIA) has convened a privacy multistakeholder process regarding the commercial use of facial recognition technology. On December 3, 2013, the NTIA announced that the goal of the second multistakeholder process is to develop a voluntary, enforceable code of conduct that specifies how the Consumer Privacy Bill of Rights applies to facial recognition technology in the commercial context.

Privacy Advocates Walk Out in Protest Over U.S. Facial-Recognition Code of Conduct (The Intercept)
“At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard of are tracking their every movement — and identifying them by name – using facial recognition technology,” the privacy advocates wrote in a joint statement.
The quoted article is full of links to NTIA online resources.

An "open letter" of resignation on the part of the named privacy advocates lists their concerns here.
Concluding paragraph:
We hope that our withdrawal signals the need to reevaluate the effectiveness of multistakeholder processes in developing effective rules of the road that protect consumer privacy – and that companies will support and implement.
Ultimately, of course, these are political questions rather than technological ones, but the focus on one type of technology (facial recognition) is a little difficult to understand. If it's wrong for a private corporation to track an unsuspecting individual's every movement, identifying them by name, why single out facial recognition (the means) rather than the tracking (the end)?

The privacy advocates, however, have a point in their favor. The effectiveness of confabs of privacy advocates, sub-cabinet-level administrators, and corporate executives in defining a society's scope for privacy in public should be questioned.

Also mentioned in the article is the fact that the states of Texas and Illinois have passed laws limiting the use of facial recognition technology to identify individuals in public without their affirmative consent.

Amazon envisions another way to unlock a phone: Ear photos

Forget Fingerprint Scanners, Amazon is Interested in Using Your Ears to Unlock the Phone — Here’s Why it’s Better (Technology Personalized)
The world’s largest e-commerce company was granted a patent last week that reveals company’s intention to ease up the unlocking mechanism in a phone when a user receives a call without any security tradeoff.

No need to forget fingerprint scanners just yet, though.

Monday, June 15, 2015

UK: Leicestershire police trial face recognition at music festival

Download Festival: Facial recognition technology used at event could be coming to festivals nationwide (The Independent)
Around 90,000 people attending the five-day rock event in Derby will have their faces scanned by “strategically placed” cameras, which are then compared with a database of custody images across Europe.

The force has trialled the system since April 2014 in “controlled environments”, but this is the first time the portable NeoFace surveillance technology, made by NEC Corporation, is being used outdoors in the UK on this scale.

Leicestershire police said it hoped the system would enable them to find organised criminals who prey on festivalgoers who are often victims of theft.
This sounds a lot like the 'Snooper Bowl' deployment we had a role in back in 2001.

Facial recognition surveillance in an uncontrolled environment with non-participating individuals still presents significant technical challenges. Among them are lighting, pose angle, and perhaps most significantly, training users on how to evaluate the information the facial recognition system generates.

See also: Leicestershire Police defend facial recognition scans (BBC)

Friday, June 12, 2015

Peru: Prepaid mobile sales will require fingerprint verification against national ID database

...with an assist from Microsoft Translator

From now prepaid mobile lines will be sold with fingerprint identification of users (Osiptel)
The operators will be required to verify the identity of users wishing to hire mobile public services in their offices, in the form of prepaid. This identification will be held from today through biometric fingerprint verification systems, which will be connected with the RENIEC database.
Full implementation is to be accomplished by January 1, 2017.

Thursday, June 11, 2015

Biometrics industry overview

Breaking Down Biometric Security (TechZone360)
Biometric security isn’t a new phenomenon, but until recently its real life applications and benefits have been underutilized by companies in most industries. However, recent buzz worthy announcements like Apple using Touch ID for enhanced security as part of Apple Pay and Miami International Airport integrating biometric fingerprint data into their passport control kiosks, are proving that biometric security is finally poised to become the norm.
Read the whole thing. The piece does a really good job of tying together various issues in the overall biometrics landscape.

Wednesday, June 10, 2015

Changing of the Guard at Secure Identity & Biometrics Association

SIBA Names Troy Potter of L-3 National Security Solutions as Chairman; SIBA Selects Commercial Identity Expert to Lead Growing Member Association (SIBA)
SIBA is a non-profit association that was established in February 2014 to steadfastly promote responsible policy, education and implementation of solutions that protect and secure identity across private and public platforms.

Potter was chosen because of his vast experience in both the government and industry. He served as the Identity Services Branch (ISB) Deputy Assistant Director at the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program and was US-VISIT's Biometrics

Systems Program Manager for a number of years, responsible for the management and oversight of one of the largest biometrics systems in the world. Today Potter is the vice president of L-3 NSS' Global Solutions Sector and leads all L-3 NSS Border Security and Biometrics programs.

Forecast: Global biometrics market in the healthcare industry will reach at CAGR of 31.95% by 2018

WhaTech.com
The Global Biometrics market in the Healthcare industry has also been witnessing the rapid technological advancement. However, the strong competition from inexpensive non-biometric technologies could pose a challenge to the growth of this market.

Friday, June 5, 2015

Canada announces biometric requirement for visa holders

Biometric data collection evolves and expands in Canada (CBC)
Citizenship and Immigration Canada told CBC News that digital photos and fingerprints are "the only biometrics data applicants will have to provide" under the government's plan for expanded collection of data. Visitors will have to pay $85 to cover the cost of data collection.
Travelers who don't need a visa to travel to Canada are, apparently, unaffected.

Wednesday, June 3, 2015

Then again, probably not

Brain's reaction to certain words could replace passwords (Binghampton University)
According to Sarah Laszlo, assistant professor of psychology and linguistics at Binghamton University and co-author of "Brainprint," brain biometrics are appealing because they are cancellable and cannot be stolen by malicious means the way a finger or retina can.
"Just 12 more globs and some wiring and you can check
your email!"

Image source: Biosemi.com

When the alternative is the terrifying prospect of a stolen retina*, I guess you can't be too careful.

But, let's not get ahead of ourselves. Though there is little doubt that if any behavioral biometric can be used as a reliable identifier, evidence for that uniqueness could probably be found in the brain, measured, and used for ID purposes. Even so, brain prints as ubiquitous biometrics face every obstacle we discussed in our post, The challenges confronting any new biometric modality, and then some.

The linked article doesn't make any mention of the sensor to be used to collect brain prints, much less offer a vision for how a future identification scenario might work.

This is one of those subjects that is intensely interesting from a Ph.D. candidate's point of view (invention) but not so much from an engineering or business perspective (innovation). Brain prints as a biometric will face significant — I dare say insurmountable — challenges in finding their way into wide use as a commercial ID management application any time soon.

The 94% accuracy is an issue, too.

*See also:

Iris ≠ Retina

Iris (left); Retina (right)


In fairness, the penultimate paragraph in the article quotes Zhanpeng Jin, who brings a more moderate perspective to the piece.

Tuesday, June 2, 2015

The automation revolution will be biometric

Robot check-in: The hotel concierge goes hi-tech (BBC)
It will be staffed by 10 life-like robots, with only two flesh-and-blood staff members on the premises.

The robots will greet guests, carry bags, and even clean rooms once a guest leaves. Complete with an eerily realistic female face, they are designed to speak several languages and respond to guest enquiries in the 72-room hotel.

The aim is to create an all-round hi-tech experience, including facial recognition software to open doors.