- Email: [email protected]
US border staff will capture scar and tattoo biometrics
NEWS
Editorial Office: Elsevier Ltd The Boulevard Langford Lane Kidlington Oxford OX5 1GB, UK Tel: +44 1865 843239 Email: [email protected] Website: www.biometricstoday.com Publishing Director: Sarah Jenkins Editor: Tim Ring Email: [email protected] Production Support Manager: Lin Lucas Email: [email protected] Subscription Information An annual subscription to Biometric Technology Today includes 10 issues and online access for up to 5 users. Subscriptions run for 12 months, from the date payment is received. More information: www.elsevier.com/journals/institutional/biometric-technology-today/0969-4765 This newsletter and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: +44 1865 843830, fax: +44 1865 853333, email: [email protected]. You may also contact Global Rights directly through Elsevier’s home page (www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: +1 978 750 8400, fax: +1 978 750 4744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: +44 (0)20 7631 5555; fax: +44 (0)20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this publication, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and email addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made.Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer.
12985 Digitally Produced by Mayfield Press (Oxford) Ltd
2
Biometric Technology Today
...Continued from front page Meantime, the Information Technology & Innovation Foundation (ITIF) industry group has weighed in on Amazon’s behalf. ITIF vice president Daniel Castro said: “The ACLU is once again trying to make facial recognition appear dangerous and inaccurate. This is the second time it has released misleading findings. It generated false matches by setting an artificially low confidence threshold of 80% instead of 99%. “Amazon has repeatedly stated that any sensitive application of facial recognition, such as for law enforcement purposes, should only be using high confidence thresholds. So for the ACLU to repeat this kind of test, while apparently not changing its methods – and still refusing to share its data – is disingenuous and misleading. Claims that are not observable, testable, repeatable and falsifiable are not science. It’s agenda-driven public relations, and policymakers should ignore it.” Amazon also highlighted the fact that the ACLU has refused to release the details of its sports star test. BTT asked the ACLU’s press spokesperson why it had not, but they declined to answer. We also asked Amazon why it didn’t simply release a ‘law enforcement’ version of Rekognition with a 99% default threshold. Amazon too declined to comment. Meanwhile, ACLU of Massachusetts is continuing its “Press Pause on Face Surveillance” campaign, which calls for a time-limited ban on government agencies in Massachusetts using FR products. Amazon in turn is continuing its campaign for national governments to introduce regulations to control the use of face ID software – to avoid an outright ban.
fingerprinting
Fingerprint bug hits Samsung smartphones
S
amsung is urging users of its latest flagship Galaxy smartphones to scrap and reload all their fingerprint data, after it emerged the phones can be hijacked through a simple flaw in the biometric system. The glitch was revealed in October by the UK’s Sun newspaper, when a reader found that after she fitted a third-party screen protector to her phone, the device could be opened by anyone’s fingerprints. The problem affects Samsung’s new Galaxy Note10/10+ and S10/S10+/S10 5G smartphones. It happens because the phones’ ultrasonic fingerprint sensors mistakenly recognise 3D patterns that appear on some screen-protecting cases as the user’s fingerprints. Samsung announced a software fix for the
Samsung Galaxy S10: some protective covers opened the phone to hackers.
problem on 18 October. It also advised users who have third-party covers to remove them and to “delete all previous fingerprints and newly register their fingerprints”. Samsung added: “If you currently use front screen protective covers, to ensure optimum fingerprint scanning, please refrain from using this cover until your device has been updated with the new software patch. Once updated, please be sure to scan your fingerprint in its entirety, so that all portions of your fingerprint, including the centre and corners have been fully scanned.” “Samsung Electronics takes the security of products very seriously and will make sure to strengthen security through continuing improvement and updates to enhance biometric authentication functions,” it said. According to the company, the glitch only affects recently released phones which have its latest ultrasonic sensors. In the meantime, some banks suspended payments from certain Samsung devices and others advised Galaxy Note 10 and S10 phone users to switch off the fingerprint sign-in on their mobile banking apps. The Sun reader who exposed the problem, Lisa Neilson, discovered it after she fitted a £2.70 screen protector bought on eBay to her Galaxy S10 phone.
border control
US border staff will capture scar and tattoo biometrics
T
he US Government’s Department of Homeland Security (DHS) has shared details of its planned Amazon cloudbased HART biometric database, which will hold information on over 250 million people crossing in and out of the US. The HART (Homeland Advanced Recognition Technology) system will enable DHS agents to identify people through a ‘fusion’ of multiple new biometrics including scars and tattoos, voice and palm prints – rather than just the face, iris and fingerprint recognition offered by the current IDENT system. That’s according to an interview with Patrick Nemeth, director of identity operations in the DHS’ Office of Biometric Identity Management, published by Nextgov. Nemeth said IDENT can
November/December 2019
NEWS only handle one biometric modality at a time, while HART will allow border staff to include multiple data points in a single query, making it easier to analyse potential matches and overcome individual data quality issues. DNA-matching is another potential but not confirmed application of HART, Nextgov reports. The DHS is still working through the legal implications of storing and sharing such sensitive data. HART, which is being built by Northrop Grumman in an initial $95 million contract, will be used to check the ID of people entering and leaving the US at airports, sea and land borders.
advertising
FR spots if consumers are happy or ‘hangry’
Y
oghurt manufacturer Yoplait has found a light-hearted way to apply facial recognition technology: it’s using FR in a new advertising campaign in Australia to detect whether consumers are happy or ‘hangry’. The ad campaign centres around a specially built display panel, located on Sydney’s George Street, that invites passers-by to “Smile or frown for a free smoothie”. The panel has a built-in camera that captures the person’s facial image, then uses a machine-learning algorithm to estimate their emotion. If the screen detects they are ‘hangry’, it directs them to a nearby vending machine where they can claim a free voucher for a Yoplait yoghurt smoothie from a local store. “It’s a fantastic way to engage with busy consumers,” said Ashley Taylor, head of creative solutions at Yoplait manufacturer JCDecaux. The company has collaborated with Lion Dairy & Drinks and advertising agencies AJF Partnership and Starcom to develop the ‘Fix your Hanger’ launch campaign. Starcom client service director, Anna Camuglia, said: “We were looking for a way to launch Yoplait Yoghurt Smoothie to ensure it’s a memorable experience. This Out-of-Home idea will literally stop people in the street. The interactions so far have evoked a few giggles.”
Yoplait’s facial recognition-driven adverts are attracting consumers.
November/December 2019
security
Deepfake videos easily fool face systems, researchers warn
A
study from Switzerland’s Idiap Research Institute has highlighted how vulnerable facial recognition systems are to the growing scourge of ‘deepfake’ videos – with up to 95% of deepfakes remaining undetected by advanced FR systems. Deepfakes are videos or images where the original person’s face is switched to someone else, for a malicious purpose. In a paper published in October, Idiap researchers Pavel Korshunov and Sebastien Marcel warned there has been a surge of deepfakes, saying: “Such content has already led to the appearance of deliberate misinformation, coined ‘fake news’, which is impacting the political landscapes of several countries.” In response, the two researchers set out to find out how big a challenge these videos – which are essentially a deep morph of two original faces – pose to face recognition systems. In their study, titled Vulnerability of Face Recognition to Deep Morphing, they tested how well state-of-the-art biometric face recognition systems based on VGG and Facenet neural networks could detect publicly available Deepfake videos with faces morphed using a GAN (generative adversarial network)-based algorithm. Korshunov and Marcel found that the VGG and Facenet systems were highly vulnerable to the deep morph videos, recording 85.62% and 95% false acceptance rates respectively. As a result, they said: “This means methods for detecting these videos are necessary.” The researchers considered several baseline approaches for detecting deep morphs and found that an approach based on visual quality metrics (often used in presentation attack detection) led to the best performance, with 8.97% equal error rate. But they warn: “Our experiments demonstrate that GAN-generated deep morph videos are challenging for both face recognition systems and existing detection methods – and the further development of deep morphing technologies will make it even more so.” Their paper was presented at the International Conference on Biometrics for Borders. Idiap is an independent, non-profit research foundation based in Martigny, Switzerland. Continued on page 11...
EVENTS CALENDAR 26–27 November Verify 2019
Sydney, Australia This event will cover key subjects in identity and access management (IAM), including multi-factor authentication and biometrics, privileged access management, identity governance, automating IAM processes, consumer data rights compliance, blockchain and decentralised identity, and IAM privacy. More information: https://verify.coriniumintelligence.com/
3–4 December International Security Expo
Olympia, London, UK The International Security Expo (ISE) brings together government, industry, academia and end users in charge of regulation and procurement to debate current challenges and to source new security technologies and services. The event promises to feature over 300 exhibitors and suppliers, and over 1,000 products and services. New focus areas include international forensics and serious & organised crime. Speakers for 2019 include the FBI and the UK Cabinet Office and National Cyber Security Centre (NCSC). Access to ISE 2019 is by application, all registrations are vetted and photo ID is required on arrival. More information: https://www.internationalsecurityexpo.com/
31 March–3 April 2020 World Border Security Congress
Athens, Greece The World Border Security Congress is a high-level event where border management and security industry professionals will discuss the challenges faced in protecting borders, and the new technologies that contribute to this. The 2019 event attracted over 250 delegates from 52 countries. Provisional topics for 2020 include: the latest threats and challenges at the border; capacity building and training in border and migration management; understanding threats and challenges for maritime borders; pre-travel risk assessment and trusted travellers; and the developing role of biometrics in identity management and document fraud prevention. This will include examining the role of biometrics in managing identity and borders, and tackling widespread ‘under-documentation’ in the developing world. More information: http://world-border-congress.com/
5–8 April 2020 KNOW Identity
Las Vegas, USA This is a leading industry event focused on digital identity and trust in the data economy. The organisers are expecting over 2,000 attendees, 200-plus speakers and around 100 exhibitors. Key topics will include biometrics & multi-factor authentication; privileged access management; customer identity & access management (CIAM); identity resolution; data privacy & GDPR; and identity verification, KYC and customer onboarding. Speakers will include Roger Dingledine, cofounder of the Tor Project; researcher Ashkan Soltani, who is former chief technologist for the Federal Trade Commission; and Frank Lawrence, chief compliance officer at Facebook Payments. More information: https://www.knowidentity.com/
Biometric Technology Today
3
Editorial Office: Elsevier Ltd The Boulevard Langford Lane Kidlington Oxford OX5 1GB, UK Tel: +44 1865 843239 Email: [email protected] Website: www.biometricstoday.com Publishing Director: Sarah Jenkins Editor: Tim Ring Email: [email protected] Production Support Manager: Lin Lucas Email: [email protected] Subscription Information An annual subscription to Biometric Technology Today includes 10 issues and online access for up to 5 users. Subscriptions run for 12 months, from the date payment is received. More information: www.elsevier.com/journals/institutional/biometric-technology-today/0969-4765 This newsletter and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: +44 1865 843830, fax: +44 1865 853333, email: [email protected]. You may also contact Global Rights directly through Elsevier’s home page (www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: +1 978 750 8400, fax: +1 978 750 4744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: +44 (0)20 7631 5555; fax: +44 (0)20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this publication, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and email addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made.Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer.
12985 Digitally Produced by Mayfield Press (Oxford) Ltd
2
Biometric Technology Today
...Continued from front page Meantime, the Information Technology & Innovation Foundation (ITIF) industry group has weighed in on Amazon’s behalf. ITIF vice president Daniel Castro said: “The ACLU is once again trying to make facial recognition appear dangerous and inaccurate. This is the second time it has released misleading findings. It generated false matches by setting an artificially low confidence threshold of 80% instead of 99%. “Amazon has repeatedly stated that any sensitive application of facial recognition, such as for law enforcement purposes, should only be using high confidence thresholds. So for the ACLU to repeat this kind of test, while apparently not changing its methods – and still refusing to share its data – is disingenuous and misleading. Claims that are not observable, testable, repeatable and falsifiable are not science. It’s agenda-driven public relations, and policymakers should ignore it.” Amazon also highlighted the fact that the ACLU has refused to release the details of its sports star test. BTT asked the ACLU’s press spokesperson why it had not, but they declined to answer. We also asked Amazon why it didn’t simply release a ‘law enforcement’ version of Rekognition with a 99% default threshold. Amazon too declined to comment. Meanwhile, ACLU of Massachusetts is continuing its “Press Pause on Face Surveillance” campaign, which calls for a time-limited ban on government agencies in Massachusetts using FR products. Amazon in turn is continuing its campaign for national governments to introduce regulations to control the use of face ID software – to avoid an outright ban.
fingerprinting
Fingerprint bug hits Samsung smartphones
S
amsung is urging users of its latest flagship Galaxy smartphones to scrap and reload all their fingerprint data, after it emerged the phones can be hijacked through a simple flaw in the biometric system. The glitch was revealed in October by the UK’s Sun newspaper, when a reader found that after she fitted a third-party screen protector to her phone, the device could be opened by anyone’s fingerprints. The problem affects Samsung’s new Galaxy Note10/10+ and S10/S10+/S10 5G smartphones. It happens because the phones’ ultrasonic fingerprint sensors mistakenly recognise 3D patterns that appear on some screen-protecting cases as the user’s fingerprints. Samsung announced a software fix for the
Samsung Galaxy S10: some protective covers opened the phone to hackers.
problem on 18 October. It also advised users who have third-party covers to remove them and to “delete all previous fingerprints and newly register their fingerprints”. Samsung added: “If you currently use front screen protective covers, to ensure optimum fingerprint scanning, please refrain from using this cover until your device has been updated with the new software patch. Once updated, please be sure to scan your fingerprint in its entirety, so that all portions of your fingerprint, including the centre and corners have been fully scanned.” “Samsung Electronics takes the security of products very seriously and will make sure to strengthen security through continuing improvement and updates to enhance biometric authentication functions,” it said. According to the company, the glitch only affects recently released phones which have its latest ultrasonic sensors. In the meantime, some banks suspended payments from certain Samsung devices and others advised Galaxy Note 10 and S10 phone users to switch off the fingerprint sign-in on their mobile banking apps. The Sun reader who exposed the problem, Lisa Neilson, discovered it after she fitted a £2.70 screen protector bought on eBay to her Galaxy S10 phone.
border control
US border staff will capture scar and tattoo biometrics
T
he US Government’s Department of Homeland Security (DHS) has shared details of its planned Amazon cloudbased HART biometric database, which will hold information on over 250 million people crossing in and out of the US. The HART (Homeland Advanced Recognition Technology) system will enable DHS agents to identify people through a ‘fusion’ of multiple new biometrics including scars and tattoos, voice and palm prints – rather than just the face, iris and fingerprint recognition offered by the current IDENT system. That’s according to an interview with Patrick Nemeth, director of identity operations in the DHS’ Office of Biometric Identity Management, published by Nextgov. Nemeth said IDENT can
November/December 2019
NEWS only handle one biometric modality at a time, while HART will allow border staff to include multiple data points in a single query, making it easier to analyse potential matches and overcome individual data quality issues. DNA-matching is another potential but not confirmed application of HART, Nextgov reports. The DHS is still working through the legal implications of storing and sharing such sensitive data. HART, which is being built by Northrop Grumman in an initial $95 million contract, will be used to check the ID of people entering and leaving the US at airports, sea and land borders.
advertising
FR spots if consumers are happy or ‘hangry’
Y
oghurt manufacturer Yoplait has found a light-hearted way to apply facial recognition technology: it’s using FR in a new advertising campaign in Australia to detect whether consumers are happy or ‘hangry’. The ad campaign centres around a specially built display panel, located on Sydney’s George Street, that invites passers-by to “Smile or frown for a free smoothie”. The panel has a built-in camera that captures the person’s facial image, then uses a machine-learning algorithm to estimate their emotion. If the screen detects they are ‘hangry’, it directs them to a nearby vending machine where they can claim a free voucher for a Yoplait yoghurt smoothie from a local store. “It’s a fantastic way to engage with busy consumers,” said Ashley Taylor, head of creative solutions at Yoplait manufacturer JCDecaux. The company has collaborated with Lion Dairy & Drinks and advertising agencies AJF Partnership and Starcom to develop the ‘Fix your Hanger’ launch campaign. Starcom client service director, Anna Camuglia, said: “We were looking for a way to launch Yoplait Yoghurt Smoothie to ensure it’s a memorable experience. This Out-of-Home idea will literally stop people in the street. The interactions so far have evoked a few giggles.”
Yoplait’s facial recognition-driven adverts are attracting consumers.
November/December 2019
security
Deepfake videos easily fool face systems, researchers warn
A
study from Switzerland’s Idiap Research Institute has highlighted how vulnerable facial recognition systems are to the growing scourge of ‘deepfake’ videos – with up to 95% of deepfakes remaining undetected by advanced FR systems. Deepfakes are videos or images where the original person’s face is switched to someone else, for a malicious purpose. In a paper published in October, Idiap researchers Pavel Korshunov and Sebastien Marcel warned there has been a surge of deepfakes, saying: “Such content has already led to the appearance of deliberate misinformation, coined ‘fake news’, which is impacting the political landscapes of several countries.” In response, the two researchers set out to find out how big a challenge these videos – which are essentially a deep morph of two original faces – pose to face recognition systems. In their study, titled Vulnerability of Face Recognition to Deep Morphing, they tested how well state-of-the-art biometric face recognition systems based on VGG and Facenet neural networks could detect publicly available Deepfake videos with faces morphed using a GAN (generative adversarial network)-based algorithm. Korshunov and Marcel found that the VGG and Facenet systems were highly vulnerable to the deep morph videos, recording 85.62% and 95% false acceptance rates respectively. As a result, they said: “This means methods for detecting these videos are necessary.” The researchers considered several baseline approaches for detecting deep morphs and found that an approach based on visual quality metrics (often used in presentation attack detection) led to the best performance, with 8.97% equal error rate. But they warn: “Our experiments demonstrate that GAN-generated deep morph videos are challenging for both face recognition systems and existing detection methods – and the further development of deep morphing technologies will make it even more so.” Their paper was presented at the International Conference on Biometrics for Borders. Idiap is an independent, non-profit research foundation based in Martigny, Switzerland. Continued on page 11...
EVENTS CALENDAR 26–27 November Verify 2019
Sydney, Australia This event will cover key subjects in identity and access management (IAM), including multi-factor authentication and biometrics, privileged access management, identity governance, automating IAM processes, consumer data rights compliance, blockchain and decentralised identity, and IAM privacy. More information: https://verify.coriniumintelligence.com/
3–4 December International Security Expo
Olympia, London, UK The International Security Expo (ISE) brings together government, industry, academia and end users in charge of regulation and procurement to debate current challenges and to source new security technologies and services. The event promises to feature over 300 exhibitors and suppliers, and over 1,000 products and services. New focus areas include international forensics and serious & organised crime. Speakers for 2019 include the FBI and the UK Cabinet Office and National Cyber Security Centre (NCSC). Access to ISE 2019 is by application, all registrations are vetted and photo ID is required on arrival. More information: https://www.internationalsecurityexpo.com/
31 March–3 April 2020 World Border Security Congress
Athens, Greece The World Border Security Congress is a high-level event where border management and security industry professionals will discuss the challenges faced in protecting borders, and the new technologies that contribute to this. The 2019 event attracted over 250 delegates from 52 countries. Provisional topics for 2020 include: the latest threats and challenges at the border; capacity building and training in border and migration management; understanding threats and challenges for maritime borders; pre-travel risk assessment and trusted travellers; and the developing role of biometrics in identity management and document fraud prevention. This will include examining the role of biometrics in managing identity and borders, and tackling widespread ‘under-documentation’ in the developing world. More information: http://world-border-congress.com/
5–8 April 2020 KNOW Identity
Las Vegas, USA This is a leading industry event focused on digital identity and trust in the data economy. The organisers are expecting over 2,000 attendees, 200-plus speakers and around 100 exhibitors. Key topics will include biometrics & multi-factor authentication; privileged access management; customer identity & access management (CIAM); identity resolution; data privacy & GDPR; and identity verification, KYC and customer onboarding. Speakers will include Roger Dingledine, cofounder of the Tor Project; researcher Ashkan Soltani, who is former chief technologist for the Federal Trade Commission; and Frank Lawrence, chief compliance officer at Facebook Payments. More information: https://www.knowidentity.com/
Biometric Technology Today
3