Tag Archive for Biometrics

| November 14, 2022
Comments Off on 6 Things to Never Save on Your Mobile Phone

6 Things to Never Save on Your Mobile Phone

6 Things to Never Save on Your Mobile PhoneTwo out of every three people are addicted to their mobile phone. The average user touches their smart phone 2,617 times a day. It is no wonder that most people view their cell phone as detailed summary of their personal life. This convenience comes at a price. A recent from report from Kensington found that 70 million smartphones are lost each year, with only 7 percent recovered.

dangerous to your privacy and your walletThere are things you should never store in your cell phone. Readers Digest says that keeping valuable info on your mobile is dangerous to your privacy and your wallet. You open yourself up to an invasion of privacy, identity theft and straight-up theft. Here are some things you should not keep on your phone.

Your passwords

If you keep your passwords on your mobile, you are putting you privacy at risk. Even if you keep them in a note, a document or even in auto-fill on your mobile, you’re putting your data at risk. The article says if you lose your phone, someone might easily see your “cheat sheet.”  Because everyone snoops through mobile phones. Even if you store your passwords on your mobile phone they can end up stored in the cloud, still putting your accounts at risk. Instead consider a password manager such as Keeper, or LastPass. That way all of your passwords can be accessed by you using one strong master password.

Your face and fingerprints

don’t use biometrics to open your phoneIf you really want to keep your cell phone secure, don’t use biometrics to open your phone (or any of its apps or accounts). There are many reasons why biometrics like fingerprints don’t make you more secure. Facial recognition apps are more dangerous that using a password. The author says the simple fact is that a phone that requires a password to unlock it requires more steps to unlock. That makes the mobile phone more secure.

Your private photos and videos

You may have cleaned up your Facebook account, but what about your phone? What photos and videos do you store on your phone? If you have photos you wouldn’t want your spouse, children, or boss to see, then you shouldn’t store those photos on your smartphone according to the article. Media stored on your phone is saved in the cloud outside of your control.

Your naughty photos are one problem. Another is any photos containing private information. While photos of credit cards and ID can help you keep track of “what’s in your wallet,” they can also leave your information vulnerable to hacking. Again the photos are stored on the cloud. As with your naughty photos, Readers Digest suggests you store your pictures ID on a PC that only you have access to in a password-protected album.

Anything on your work phone

Do not save anything personal on an employer-provided mobileDo not save anything personal on an employer-provided mobile. There’s no such thing as a free lunch. The phone you were issued by your employer comes at a steep price: your privacy. You should have no expectation of privacy for anything you do on that phone. For your personal life the article recommends using a separate phone and phone number. One budget-minded option is a burner phone.

Your online bank account

Digital banking in the US is expected to grow from 197 million users in March 2021 to 217 million by 2025. But the convenience online banking affords—the ability to bank anywhere, anytime— comes at a cost: your privacy. Carrying your bank account with you on your phone means that you’re risking losing control of it in the event you lose your phone…or even lose track of an old phone that you no longer use they warn.

To manage the risk, you might consider avoiding doing your online banking on your phone. Instead, do it on a computer that never leaves your home. If you find that you simply must take your online banking with you wherever you go, just be sure to use a strong, unique password to unlock your banking app.

Your home address

Storing your home address in navigation app like Waze or Google Maps makes getting home from anywhere super-easy. But it can also leave you vulnerable. If a thief ends up with your phone, they can simply click on “home,” or “work,” and see what you’ve stored, and pay you a visit.

If you lose your mobile phone that are some steps you need to take according to Consumer Reports. As soon as you get your new mobile phone.

Use strong password protection on your mobile phone

Use strong password protectionThis is your first and strongest line of defense. You need a strong password, because one that’s easy to guess could unlock your phone and allow someone to override the biometric safeguards.

Skip the simple 4-digit PIN and instead create a strong password that contains a string of at least eight characters that include some combination of letters, numbers, and special characters that don’t form recognizable words or phrases, especially those that could be associated with you.

Password protection comes with another safeguard according to Consumer Reports. After several unsuccessful tries to enter a passcode, some phones will lock your device for a short period of time. This slows down attempts to access your phone. There’s also a setting on the latest Android phones that automatically erases all of your personal data after 10 unsuccessful log in attempts. Here’s how to activate it. Go to:

  • Settings | Lock Screen | Secure Lock Settings | and toggle the Auto Factory Reset option to switch it on. (The labels may vary slightly on other Android models.)

Enable location tracking

You must turn on the global positioning settings (GPS) in order to find a missing phone on a map. To enable this setting on an Android phone go to:

  • Settings | Security | Find My Device and toggle Find My Device.

Back up your photos and videos

Consider using a carrier-neutral service to back up your mobileConsider using a carrier-neutral service to back up your mobile. Apple’s iCloud or Android’s Google Drive may make it easier to retrieve your memories should your next phone be from a different carrier. Phone carriers, phone makers, and operating systems also offer free over-the-air backup for photos, settings, and more. These options can limit you if you select a new carrier for your next mobile phone.

Write down your phone’s unique ID number

Smartphones have a unique serial number known as an IMEI (International Mobile Equipment Identity) or MEID (Mobile Equipment Identifier). Unlike other information stored on the phone’s removable SIM card, these numbers are etched into its circuits and are difficult to alter. Your carrier already has this number and can use it to put the phone on a missing phone list. Some police departments ask for either of these numbers when you report a stolen phone. With the numbers they’ll be able to return a phone to you if it’s recovered. To find your phone’s unique IMEI or MEID number, use any of the following steps:

  • Dial *#06# from your phone. The number may pop up on your screen.
  • On an Android phone go to: Settings | About Phone. The number should be on that screen.

After the phone is gone, the sooner you act, the better your chances of retrieving your phone and securing your data. Here are key actions to take according to CR.

Seek and (possibly) destroy your mobile phone

erase the data on yourphoneIt is important that the minute you learn your phone is missing, you send it commands you think are appropriate. Time is of the essence because these next steps requires your phone to be on and have some battery life left.

As soon as possible, call or text your phone from another device. That might be all it takes if your phone is just misplaced nearby.

Then log on to your Find My Phone service from a secure device. For an Android phone, go to Google’s Find My Device in a browser. Use the service to make your phone play a sound. You can also lock the screen and display a message for someone who finds your phone. An honest person may come across your device and notify you via the contact info on the screen. If you think the bad guys have your phone, you can erase the data on it using Find My Device.

Report the Loss to Your Service Provider

Inform your mobile carrier that your phone has been lost or stolen. It can suspend service to prevent anyone from using the device on its network. They may also mark the phone as unusable even on a new carrier or with a different SIM card. Note that your device will still be usable over WiFi. You can notify your provider by going to one of its stores, calling, or logging on to its website.

  • AT&T: Call 800-331-0500 or go to AT&T’s Suspend page.
  • T-Mobile: Call 800-937-8997 or go to My T-Mobile, and in the My Line section click on your device name to find the Report Lost or Stolen option.
  • Verizon: Call 800-922-0204 or go to the Suspend or Reconnect Service page in My Verizon and follow the prompts.

Change Your Important Passwords

Once you realize your phone is in danger, go to a secure PC,  log in to every account you had on your phone (banking, shopping, email, etc.) and change your passwords. Start with your email account. Then change the financial and shopping accounts that have your credit card on file, such as Amazon or your bank. Next move on to social networks. If you’ve set up a password manager, this task will be easy.

Report the Loss to the Police and File an Insurance Claim

Notify the police. This not only launches an official recovery attempt but also helps speed up the process of making an insurance claim (if your covered). You might also need a police report to dispute fraudulent credit card charges, and some credit card issuers will reimburse you for a stolen phone.

Wipe your mobile phone anyway

malicious app or spywareIf you recover your phone You never know what malicious app or spyware someone may have installed while the phone was out of your hands. To be on the safe side, reset the phone to factory settings. If you see an option to erase everything, make sure you select it. Before you nuke the phone, check your backups to make sure that you have copies of all the photos and videos that were on your phone.  On an Android phone, go to:

  • Settings | System | Advanced | Reset Options | Erase All Data (factory reset).

 

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

 

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| July 7, 2020
Comments Off on Facial Recognition False Arrest

Facial Recognition False Arrest

Facial Recognition False ArrestBack in January 2020, the Detroit Police Department arrested Robert Williams in his driveway in Farmington Hills according to The New York Times. He had his mug shot, fingerprints and DNA taken and was held overnight. Based on facial recognition software DPD decided that in October 2018 decided he had shoplifted 5 watches worth $3,800, from Shinola. Shinola is an upscale boutique that sells watches, bicycles, and leather goods in the trendy Midtown neighborhood of Detroit.

Detroit Police Department

Mr. Williams knew that he had not committed the crime in question. What he could not have known, as he sat under arrest, is that his case may be the first known account of an American being wrongfully arrested based on a flawed match from a facial recognition algorithm, according to experts on technology and the law. This is part of the systemic racial bias in law enforcement that millions are protesting. They are protesting not just the actions of individual officers, but bias in the systems used to monitor communities and identify people for prosecution.

Facial recognition systems have been used by police forces for more than two decades. Recent studies by MIT. and NIST (PDF), have found that while facial recognition technology works relatively well on white men, the results are less accurate for other demographics, in part because of a lack of diversity in the images used to develop the underlying databases.

Michigan State Police

As part of this debate, IBM, Amazon, and Microsoft paused new sales of facial recognition systems to  law enforcement. The gestures were largely symbolic, given that the companies are not big players in the industry. The technology police departments use, according to the NYT, is supplied by companies that aren’t household names, such as Vigilant Solutions, Cognitec, NEC, Rank One Computing, and Clearview AI.

Clare Garvie, a lawyer at Georgetown University’s Center on Privacy and Technology, has written about problems with the government’s use of facial recognition told the NYT she suspects Mr. Williams’ case is not the first case to misidentify someone to arrest them for a crime they didn’t commit. “This is just the first time we know about it.

facial recognitionMr. Williams’ case combines flawed technology with poor police work, illustrating how facial recognition can go awry according to the New York Times. The original still unsolved Shinola shoplifting case occurred in October 2018. Katherine Johnston, a loss prevention contractor for Shinola reviewed the store’s surveillance video and sent a copy to the Detroit police, according to the DPD report. Where it sat until the Michigan State Police got involved – in a shoplifting case.

In March 2019, Jennifer Coulson, a digital image examiner for the Michigan State Police, uploaded a “probe image” — a still from the Shinola video, showing a man in a red Cardinals cap — to the state’s facial recognition database. The DataWorks Plus system mapped the man’s face and searched for similar ones in a collection of 49 million photos.

Facail recognition is less accurate with people of color

Since 2005 Michigan’s facial recognition technology has been supplied by a South Carolina company called DataWorks Plus under a contract worth $5.5 million. The NYT says DataWorks Plus does not formally measure the systems’ accuracy or bias. Todd Pastorini, a DataWorks Plus general manager told the NYT, We’ve become a pseudo-expert in the technology.

In Michigan, the DataWorks facial recognition software used by the state police incorporates components developed by the Japanese tech giant NEC and by Rank One Computing, based in Colorado, according to Mr. Pastorini and a state police spokeswoman. In 2019, algorithms from both companies were included in a federal study of over 100 facial recognition systems that found they were biased, falsely identifying African-American and Asian faces 10 times to 100 times more than Caucasian faces.

I guess the computer got it wrong

After MSP’s Coulson, ran her search of the probe image, the system would have provided a row of results generated by NEC and a row from Rank One, along with confidence scores. Mr. Williams’s driver’s license photo was among the matches. Ms. Coulson sent it to the Detroit police as an “Investigative Lead Report.” 

Investigative Lead Report

This is what technology providers and law enforcement always emphasize when defending facial recognition, says the article:  It is only supposed to be a clue in the case, not a smoking gun. DPD Chief James Craig describes himself as a “strong believer”  in facial recognition software.

Collect evidenceBefore arresting Mr. Williams, investigators could have sought other evidence that he committed the theft, such as eyewitness testimony, location data from his phone, or proof that he owned the clothing that the suspect was wearing. In this case, however, according to the Detroit police report, investigators simply included Mr. Williams’s picture in a “6-pack photo lineup” they created and showed it to Shinola’s loss-prevention contractor, and she identified him. Shinola’s contractor. Johnston declined to comment.

Rank One’s chief executive, Brendan Klare, found fault with Ms. Johnston’s role in the process. “I am not sure if this qualifies them as an eyewitness, or gives their experience any more weight than other persons who may have viewed that same video after the fact.”  John Wise, a spokesman for NEC, told the author: A match using facial recognition alone is not a means for positive identification.

In Mr. Williams’s recollection, after he held the surveillance video still next to his face, the two detectives leaned back in their chairs and looked at one another. One detective, seeming chagrined, said to his partner: “I guess the computer got it wrong.” They turned over a third piece of paper, which was another photo of the man from the Shinola store next to Mr. Williams’s driver’s license. Mr. Williams again pointed out that they were not the same person.

Mr. Williams asked if he was free to go. “Unfortunately not,” one detective said. Mr. Williams was kept in custody for 30 hours, and released on a $1,000 personal bond. The Williams family contacted defense attorneys, most of whom, they said, assumed Mr. Williams was guilty of the crime and quoted prices of around $7,000 to represent him. They, also tweeted at the American Civil Liberties Union of Michigan, which took an immediate interest. said Phil Mayor, an attorney with the organization told the NYT:

American Civil Liberties Union of Michigan

We’ve been active in trying to sound the alarm bells around facial recognition, both as a threat to privacy when it works and a racist threat to everyone when it doesn’t,”  “We know these stories are out there, but they’re hard to hear about because people don’t usually realize they’ve been the victim of a bad facial recognition search.

Two weeks later, Mr. Williams appeared in a Wayne County court for an arraignment. When the case was called, the prosecutor moved to dismiss, but “without prejudice,” meaning Mr. Williams could later be charged again. Maria Miller, a spokeswoman for the prosecutor, said a second witness had been at the store in 2018 when the shoplifting occurred but had not been asked to look at a photo lineup. If the individual makes an identification in the future, she said, the office will decide whether to issue charges.

dismiss, but “without prejudice,” meaning he could later be charged againA DPD spokeswoman, Nicole Kirkwood, said that for now, the department “accepted the prosecutor’s decision to dismiss the case.” In a second statement to the NYT DPD doubled down saying it, “does not make arrests based solely on facial recognition. The investigator reviewed the video, interviewed witnesses, conducted a photo lineup.

The ACLU of Michigan filed a complaint with the city (PDF),  asking for an absolute dismissal of the case, an apology, and the removal of Mr. Williams’s information from Detroit’s criminal databases.

Mr. Williams’s lawyer, Victoria Burton-Harris, said that her client is “lucky,” despite what he went through. Ms. Burton-Harris said to the NYT

He is alive … He is a very large man. My experience has been, as a defense attorney, when officers interact with very large men, very large black men, they immediately act out of fear. They don’t know how to de-escalate a situation.

Mr. Williams had an alibi, had the Detroit police checked for one.

rb-

MSP database has over 6 picture per adult in MichiganJust to celebrate Independence day – the Georgetown Law’s Center on Privacy and Technology says, at least a quarter of the nation’s law enforcement agencies have access to face recognition tools. The MSP database has almost 50 million pictures in it for about 8 million adults in Michigan. That is over 6 pictures per adult Michigander – many come from the Secretary of State when you get a driver’s license but undoubtedly many are scrapped from social media sites. Michigan is one of at least 16 states that allow the FBI to search its database of driver’s license photos.

While the MSP didn’t start using facial recognition technology until 2001, the Secretary of State’s Office has been giving State Police all its digital photos — without notice to motorists — since 1998.

DataWorks provides facial recognition systems to DPDDataWorks provides facial recognition systems to both DPD and MSP. The DPD two-year $1 million contract for the DataWorks Plus software is set to expire in July 2020. Detroit City Council President Brenda Jones told the Detroit News that the police department agreed to pull back its most recent request for a contract extension and conduct community outreach before seeking approval to extend the contract through Sept. 30, 2022.

Dan Korobkin, deputy legal director for the ACLU of Michigan points out that Civil rights icon Martin Luther King Jr. “was the target of massive FBI surveillance, under what was then the latest state-of-the-art technology.” In response, Robert Stevenson, executive director of the Michigan Association of Chiefs of Police and retired chief of the Livonia Police Department, told GovTech he believes most Michiganders trust the police, “We’ve evolved in the last 50 years, as a country, and as police agencies.” Well just ask George Floyd.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Artificial ntelligence | Tags: , , , , , ,
| April 26, 2020
Comments Off on Artificial Intelligence on the Throne

Artificial Intelligence on the Throne

Artificial Intelligence on the ThroneThe Internet of Things (IoT) is covering the world with all kinds of devices for the home and industry. Tech prognosticator IDC estimates that by 2025 there will be 41.6 billion IoT devices. The market research firm predicts the IoT devices will dump 79.4 zettabytes (ZB) of data. One class of IoT device for the home has gotten a major upgrade from California’s Stanford. Stanford University medical researchers have created a smart toilet by adding artificial intelligence to the throne. Before Stanford, the smart toilet was often the butt of jokes. The “smart toilet” offered ambient colored lighting, wireless Bluetooth music sync, heated seats, foot warmers, and automatic opening and closing lids. All nice but not really smart. The Stanford Precision Health Toilet (advanced Smart Toilet for healthcare) is really smart it can diagnose diseases. 

Artificial intelligence on the toilet

The Stanford Precision Health Toilet project led by Lead author, Seung-min Park, Ph.D., published A mountable toilet system for personalized health monitoring via the analysis of excreta.” In the journal Nature Biomedical Engineering, they describe a toilet designed to detect early warning signs of cancer and other diseases. The Stanford team believes it will be useful for people at an increased risk of developing certain health issues. Dr. Gambhir – a Ph.D., Stanford professor, chair of radiology, and the senior author of the research paper says that currently, the toilet can measure 10 different biomarkers. The device is fitted inside a regular toilet bowl and is connected to an app for evaluation. Dr. Gambhir envisions it as part of an average home bathroom. The sensors would be an add-on that’s easily integrated into “any old porcelain bowl.” Stanford Precision Health Toilet The extra-smart toilet uses cameras and test strips to collect number one and number two samples. It then analyzes both your pee and poo with artificial intelligence to generate diagnosesa trend in the medical industry. Stanford News says the smart toilet’s algorithms “can distinguish normal ‘urodynamics.’ Urodynamics is the flow rate, stream time, and total volume, among other parameters of urine. The Smart toilet can also check “stool consistencies from those that are unhealthy.analyze white blood cell countChanges in urine can reveal multiple disorders. The dipsticks can be used to analyze white blood cell count, consistent blood contamination. Certain levels of proteins, that can signify bad things. Including a spectrum of diseases, including infection, irritable bowel syndrome, kidney failure, bladder cancer, and prostate cancer.

A very unique biometric factor

The toilet’s built-in identification system uses fingerprints and analprints to identify users in order to match users to their data. Apparently, analprints turn out to be unique biometric factor like fingerprints or iris prints. Professor Gambhir said, “We know it seems weird, but as it turns out, your anal print is unique.” Stanford says no human will see you analprint biometric data. If the artificial intelligence detects something questionable the smart toilets’ app would alert the user’s healthcare team to conduct a full diagnosis and further tests. researchers are planning upgradesThe researchers are planning upgrades to the Precision Health Toilet. Mr. Park told The Verge the upcoming number two version of the toilet will help detect tumor DNA and viral RNA to help them track the spread of diseases like COVID-19. Dr. Gambhir told NakedSecurity his team is working to customize the toilet’s tests to fit a user’s individual needs. For example, a diabetic’s smart toilet could monitor glucose in the urine. Or if a person with a family history of bladder or kidney cancer could benefit by having a smart toilet that monitors for blood. The Stanford researchers tested the toilet and more than half of their pilot test subjects were comfortable using the extra-smart toilet. 37% were “somewhat comfortable.” 15% were “very comfortable” with the idea of “baring it all in the name of precision health.rb- Salvador DaliUsing analprints to match your poo with you is based on “work” by 20th-century surrealist painter Salvador Dali. Stanford’s Gambhir pointed out in an interview with Bioengineering that Dali studied anal creases for his unconventional erotic art (NSFW). Dr. Gambhir’s assurances that the health data would be stored with “privacy protections” in “secure, cloud-based systems.” Followers of the Bach Seat know that cloud-based systems is also known as “somebody else’s computer.” That sounds like a bad idea. We know cloud-based storage can be very leaky. And healthcare systems have come under increased attack during the COVID pandemic. The Feds could track people around coming and goingAnother problem with the ultra-smart toilet. When the FBI gets hold of this data, they could literally be up in everybody’s business. The Feds could track people around the world coming and going by adding analprints to their massive facial recognition surveillance database. Dr. Gambhir is quoted by NakedSecurity, 

We have taken rigorous steps to ensure that all the information is de-identified when it’s sent to the cloud and that the information – when sent to health care providers – is protected under [HIPAA],… 

NakedSecurity points out that time and time again Big Data can be dissected, compared, and contrasted to draw inferences about individuals. In other words, it’s not hard to re-identify people from anonymized records, be they records pertaining to location tracking, faceprints, or now-anuses. Dr. Gambhir reminds us all that while the Stanford Precision Health ultra-smart Toile has clear benefits as a diagnostic tool, it should not be a replacement for a doctor.

Stay safe out there!

Related article   Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized | Tags: , , , , , , , , , , , ,
| October 30, 2017
Comments Off on Are You a Human

Are You a Human

Are You a HumanDetroit-based Are You a Human was recently purchased by Virginia-based Distil Networks. The purchase is part of Distil’s efforts to expand its bot-detection capabilities. As part of the acquisition, the Human Tag will be re-branded as Distil Bot Discovery. Distil will open an office in Detroit and increase its presence in Motown. All 10 of Are You A Human’s employees are staying on, according to reports.

The firm’s website describes the Are You Human technology;

[Are You Human] collects hundreds of fingerprinting metrics and analyzes user’s device, software, and natural behavior to develop robust behavioral metrics on each page view in real-time … Only through an expert understanding of natural human characteristics and behavior is it possible to identify the 99% of non-human traffic caused by new and unique bots that fraud detection and verification systems can’t find

suite of bot-detection productsDistill Networks will add A You a Human’s real-time analysis technology and biometric information to its own suite of bot-detection products and use it to launch a free bot-discovery plugin for Google Analytics. Detecting bots is important because they can inflate website traffic numbers or present a security risk by searching for sensitive information.

The firm cited the Motor City as being:

… incredibly helpful and supportive to us, and we can’t imagine doing this anywhere else. Being able to build this company in Detroit has been hugely meaningful to all of us, and we’ll still be part of that awesome community going forward.

Detroit skyline

 

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| October 25, 2017
Comments Off on Biometrics Hype

Biometrics Hype

Biometrics HypeFollowers of the Bach Seat know biometrics have a limited value in replacing passwords. Despite the technical flaws another round of biometric hype is rolling across the Intertubes. The latest round of biometric hype is coming from Samsung (005930). In the hope to revive their brand, Samsung has released the Galaxy S8. The Samsung Galaxy S8 includes the ability to use facial recognition software to unlock your brand new phone. CNet says that this idea “sounds awesome.”

However, this awesome idea appears to lower the bar for your security. CNet reports that the video blogger MarcianoTech demonstrated a pre-release version of the Galaxy S8 being unlocked using just a photo (at the 1:09 mark). To their credit, Samsung has acknowledged that the Face Unlock feature is more for convenience than for security. The biometric feature cannot be used for mobile payments. While weak facial recognition software may be a convenience for the user, it could also be very convent for others, too.

The troubles with Face Unlock date back to 2011.  In 2011 SlashGear reported that Google (GOOG) admitted the security system could be fooled by a picture of you and not the real thing. CNet reports that the technology was developed by PittPatt, a startup originating from Carnegie Mellon University, which was later acquired by Google.

FBI’s facial recognition database

Next Generation Identification databaseThe Guardian reports during testimony before congress the FBI admitted that about half of adult Americans’ photographs are stored in facial recognition databases that can be accessed by the FBI. About 80% of photos in the FBI’s network are non-criminal entries, including pictures from driver’s licenses and passports from 18 states including Michigan.

The FBI first launched its advanced biometric database, Next Generation Identification (NGI), in 2010. NGI augmented the old fingerprint database with further capabilities including facial recognition. The bureau did not tell the public about its newfound capabilities nor did it publish a privacy impact assessment, required by law, for five years.

Unlike with the gathering of fingerprints and DNA, which is done following an arrest, photos of innocent civilians are being collected proactively. The FBI made arrangements with 18 different states to gain access to their databases of driver’s license photos.

 

“I’m frankly appalled,” said Paul Mitchell, a congressman for Michigan. “I wasn’t informed when my driver’s license was renewed my photograph was going to be in a repository that could be searched by law enforcement across the country.

rb-

So anyone with a photo of you, or maybe even just access to your Facebook (FB) photos, could potentially access your phone. There are two important reasons why biometrics won’t work, and why the old-fashioned password is still a better option: a person’s biometrics can’t be kept secret and they can’t be revoked.

 

no real way to hide biometric data from the worldPeople expose their biometrics everywhere – they leave fingerprints behind at bars and restaurants, their faces and eyes are captured in photos and film, etc. There’s no real way to hide this data from the world. As far back as 2002, research led by Japanese cryptographer Tsutomu Matsumoto. Matsumoto and his team gummy bears to make artificial fingers that they then used to fool fingerprint scanners. The gelatin-based finger was successful in fooling all 11 devices tested. I wrote about spoofing fingerprints in 2016.

However, it’s the second problem with biometrics that is the really big one: once a person’s biometrics have been compromised, they will always be compromised. Since a person can’t change their fingerprint or whatever biometric is being relied upon, it’s ‘once owned, forever owned.’ That is biometrics’ major failing and the one that will be hardest to overcome.

Part of the reason is that it’s silly to only have 10 possible passwords your whole life (20, if you count toes) but unlike a password, once a biometric is compromised, it is permanent. Today, if your Twitter account gets hacked, you just change the password – but if you are using a biometric, you will be stuck with that hacked password for the rest of your life.

With the release of Windows 10, Microsoft stepped up its biometrics game. CNet reports that with the recent improvements in Windows 10 biometric security includes facial recognition software. Besides facial recognition, Windows Hello also supports other biometric factors to secure your PC. Some of the factors are fingerprints and iris recognition. For facial recognition though, Microsoft (MSFT) has partnered with chipmaker Intel (INTC) for its RealSense 3D camera tech to get the job done. RealSense uses depth-sensing infrared cameras to track the location and positions of objects. Microsoft uses RealSense to scan a person’s face or iris before unlocking the device in question.

To further push the biometrics agenda, more than 200 companies including Microsoft, Lenovo, Alibaba, and MasterCard have already come together to form a partnership known as the FIDO (Fast Identity Online) Alliance. FIDO was founded in 2013 to address issues such as a worldwide adoption of standards for authentication processes over the Web to help reduce reliance on passwords.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
« Older Entries