Identity theft fears grow over Facebook facial recognition

NEWS

Editorial Office: Elsevier Ltd The Boulevard Langford Lane Kidlington Oxford OX5 1GB, UK Fax: +44 (0) 1865 843973 Email: [email protected] Website: www.biometrics-today.com Publisher: Greg Valero Email: [email protected] Editor: Tracey Caldwell Email: [email protected] Production Support Manager: Lin Lucas Email: [email protected] Subscription Information An annual subscription to Biometric Technology Today includes 10 issues and online access for up to 5 users. Prices: 1048 for all European countries & Iran US$1134 for all countries except Europe and Japan ¥139 335 for Japan (Prices valid until 31 December 2011) To subscribe send payment to the address above. Tel: +44 (0)1865 843687/Fax: +44 (0)1865 834971 Email: [email protected], or via www.biometrics-today.com. Subscriptions run for 12 months, from the date payment is received. Periodicals postage is paid at Rahway, NJ 07065, USA. Postmaster send all USA address corrections to: Biometric Technology Today, 365 Blair Road, Avenel, NJ 07001, USA This newsletter and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: +44 1865 843830, fax: +44 1865 853333, email: [email protected]. You may also contact Global Rights directly through Elsevier’s home page (www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: +1 978 750 8400, fax: +1 978 750 4744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: +44 (0)20 7631 5555; fax: +44 (0)20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and email addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/ or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer.

02265 Pre-press/Printed by Mayfield Press (Oxford) Ltd

2

Biometric Technology Today

...Continued from page 1 Weiss did not consider adding fingerprint authentication: “Fingerprint biometrics has some limitations. I think it is fine if you have a biometric fingerprint reader to get you into a building but you need expensive machinery with limited resolution.” He believes fingerprints are too easily spoofed for use in financial transactions via smartphones: “I would love to see a retinal scan. For the transaction associated with smartphones and point of sale, if you don’t have simplicity low cost and speed it is not going to succeed so while I might like fingerprint the reality is a mobile phone is a voice device and a voice is a perfectly good biometric. Then for sending a second biometric to a POS, facial is a perfect one – I wouldn’t want to send back an image of a fingerprint.” Weiss says in future he would consider linking the facial biometric to facial recognition systems for automated recognition in certain circumstances: “The difficulty is that right now the software is extensive and you would have to keep that software on the mobile device but more importantly a face can be spoofed. We will improve on that. The voice biometric is not constant. Voices change and each time the mobile device gives you a different string of characters so even if I had a recorder and recorded what you said I couldn’t use it whereas if I took a picture of you I could hold up a picture to a phone and reasonably fool the phone. It is a balancing act.”

standards

International standards bodies address biometric security

I

SO, the International Standards Organisation, and the International Electrotechnical Commission (IEC) have published a new international standard, ISO/IEC 24745:2011, Information technology – Security techniques – Biometric information protection. Myung Geun Chun, project editor of ISO/ IEC 24745, says, “While the unchanging and distinct association with an individual on the one hand, provides strong assurance of authentication, this binding which links biometrics with personally identifiable information on the other hand, carries some risks, including the unlawful processing and use of data. ISO/IEC 24745 is an invaluable tool for addressing those risks.” The standard specifies the analysis of threats and countermeasures inherent in a biometric

and biometric system application models; the security requirements for binding between a biometric reference and an identity reference; biometric system application models with different scenarios for the storage and comparison of biometric references and guidance on the protection of an individual’s privacy during the processing of biometric information.

social networking

Identity theft fears grow over Facebook facial recognition

G

erman officials have demanded that Facebook stop its facial recognition of German users. Fanning the flames of the debate US researchers have found that Facebook facial recognition may not be harmless when combined with information from a person’s profile leading to identity theft. And following the London riots there were concerns of vigilantism as a Google group independent of law enforcement agencies set out to match images of rioters with Facebook and other social media images. Alessandro Acquisti, associate professor of information technology and public policy at the Heinz College and a Carnegie Mellon CyLab at Carnegie Mellon University, says it is possible for researchers to identify strangers and gain their personal information, perhaps even their social security numbers, by using face recognition software and social media profiles. “A person’s face is the veritable link between her offline and online identities,” Acquisti says. “When we share tagged photos of ourselves online, it becomes possible for others to link our face to our names in situations where we would normally expect anonymity.” The research team combined three technologies to identify individuals online and offline in the physical world. Hamburg data protection official Johannes Caspar has written to Facebook to demand it stops running the facial recognition programme on German users and deletes any related data. German authorities have said they would take action if Facebook did not comply. Carnegie Mellon researchers used an offthe-shelf face recogniser, cloud computing and publicly available information from social network sites. In one experiment, Acquisti’s team identified individuals on an online dating site where members protect their privacy through pseudonyms.

September 2011

NEWS In a second experiment, they identified students walking on campus based on their profile photos on Facebook. Then the team predicted personal interests and, in some cases, even the social security numbers of the students, beginning with only a photo of their faces. CMU researchers also built a smartphone application to demonstrate the ability of making the same sensitive inferences in real-time. In an example of ‘augmented reality’ the application uses offline and online data to overlay personal and private information over the target’s face on the device’s screen. “The seamless merging of online and offline data that face recognition and social media make possible raises the issue of what privacy will mean in an augmented reality world,” Acquisti says. London Police have tried out facial recognition software under consideration for the 2012 Olympics, following the riots that took place in London in August. Chief constable Andy Trotter of the British Transport Police told the Associated Press that the facial recognition software was being used to help find those suspected of being involved but he added that facial recognition makes up only a fraction of the police force’s efforts, saying tips have mostly come from traditional sources, such as still images from closed circuit cameras, pictures gathered by police officers or images snapped by members of the public. At the same time a Google Group, London riots facial recognition, set out to use facial recognition programming interfaces such as Face.api to compare riot images with those on Facebook. Privacy campaigners immediately raised concerns that this could lead to vigilante activity.

BIO-key to work with SIC Biometrics on finger access to Apple mobile devices

F

inger biometric specialist BIO-key International is looking to grab a slice of the booming market for Apple mobile devices. It has signed a letter of intent to acquire Montreal-based SIC Biometrics, manufacturer of biometric plug-in mobile fingerprint scanners, biometric proximity cards and access control solutions and developer of a fingerprint reader for Apple mobile devices. BIO-key expects the acquisition to go ahead in the fourth quarter of 2011. SIC, founded in 1999, designs and manufactures biometrics security products. “Both the iPhone and iPad version of BIO-key’s enterprise application platform including the PIV-certified iFMID SIC Snap-on fingerprint readers are available today and can be easily integrated into any existing application adding strong authentication and identification to replace or augment less secure passwords or pins,” says Mike DePasquale, BIO-key CEO. Later in the year, a consumer version of the SIC device for the iPhone and iPad including a wrap-around case and integrated finger scanner is expected to become available at retailers. “As we considered a potential acquisition it was vital to understand the size and scope of the marketplace moving forward. Upon reviewing the analysts’ reports it became clear that the market for advanced mobile devices, and the Apple iPhone and iPad in particular, are positioned to generate substantial revenue streams. Ultimately, if we can capture even a small segment of the Apple device market, we believe that the impact to BIO-key’s bottom line would be quite significant,” says Cecilia Welch, CFO, BIO-key.

e-borders

UK Home Office tenders for biometrics

T Alessandro Acquisti: privacy issues arise through merging facial recognition and social media.

September 2011

he UK Home Office has tendered for biometric chip reading technology as part of a range of services worth £40m as part of the Employers’ Checking Service (ECS). The ECS is run by the UK Border Agency to enable employers to check the eligibility of individuals to work.

EVENTS CALENDAR 11–14 October 2011 Washington DC, US

International Joint Conference on Biometrics The International Joint Conference on Biometrics (IJCB 11) is a combination of two major biometrics research conference traditions, the International Conference on Biometrics (ICB) and the Biometrics Theory, Application and Systems (BTAS) conference. The blending of these two conferences for this one year is through agreement of the IEEE and IAPR. IJCB 2011 is intended to have a broad scope including advances in fundamental pattern recognition techniques relevant to biometrics, new algorithms and/or technologies for biometrics, analysis of specific applications, and analysis of the social impacts of biometrics technology. More information: www.cse.nd.edu/IJCB_11/

18–20 October 2011 London, UK

Biometrics 2011 The largest biometrics event in Europe and visited by a global audience, this diverse conference and exhibition covers all aspects of biometrics, with a cutting edge programme and large exhibition of all the leading players. More information: www.biometrics2011.com

31 October–2 November 2011 Doha, Qatar

ICAO Regional Seminar on Machine Readable Travel Documents (MRTDs), Biometrics and Border Security This event will address current and emerging ICAO MRTD specifications, identity management best practices and related border security issues with focus on the Middle East region. Workshops will be devoted to the practical aspects of ensuring the security and integrity of the issuance process, as well as travel document procurement and tender issues. A select group of industry partners will complement the Seminar, displaying a broad range of products and services related to MRTDs, biometric identification, travel document security applications and border inspection systems. More information: http://bit.ly/r0CLqY

3–4 November 2011 Milan, Italy

ID World International Congress The ID World International Congress is a showcase of the evolving world of RFID, biometrics and smart card technologies, and looks at the auto ID industry as a whole, rather than focusing on a specific technology or vertical sector. It offers a full-scale and complete vision of social, technological and business aspects related to the deployment of the automatic identification systems. This year’s ID World International Congress will explore the fundamental issues associated with automatic identification in a variety of market segments. More information: www.idworldonline.com

15–17 November 2011 Paris, France Cartes & Identification Bringing together the digital security, payment and contactless community. More information: www.cartes.com/

Continued on page 12...

Biometric Technology Today

3