Lifting a Fingerprint from a Photo

Police in the UK were able to read a fingerprint from a photo of a hand:

Staff from the unit's specialist imaging team were able to enhance a picture of a hand holding a number of tablets, which was taken from a mobile phone, before fingerprint experts were able to positively identify that the hand was that of Elliott Morris.

[...]

Speaking about the pioneering techniques used in the case, Dave Thomas, forensic operations manager at the Scientific Support Unit, added: "Specialist staff within the JSIU fully utilised their expert image-enhancing skills which enabled them to provide something that the unit's fingerprint identification experts could work. Despite being provided with only a very small section of the fingerprint which was visible in the photograph, the team were able to successfully identify the individual."

Posted on April 19, 2018 at 6:51 AM • 46 Comments

Comments

.April 19, 2018 7:29 AM

More junk science. They'll achieve this a few times then prosecutors will persuade juries it's routine and error-free. Like junk arson investigations.

echoApril 19, 2018 7:33 AM

I have no comment on this topic as I don't know enough to add anything. I did read a comment which suggested the criminal was caught via other information and this evidence was merely a confirmation but I have no proof of the veracity of this.

One item I have attemped to discuss in he past with authorities is the potential use of MRI scanners to prove pyshcological trauma where no other direct evidence exists. I understand some work has been done on this (including reactions to noise pollution) and wonder if more studies along these lines might be able to prove fuzzier issues like workplace bullying.

My sense is the public policy arena in the UK can sometimes be driven by a "militarisation" attitude and issues like wellbeing and sociology tend to be ignored. There are reports and conferences which discuss around this issue (such as a "silverback gorilla culture" and the lack of understanding "intersectionality". In a lot of ways this inadequacy can feed into knife crime and drug dealing so to some degree the UK police are culpable in wider systemnic failure.

SlagApril 19, 2018 8:42 AM

There was a series of science fiction books about a thief named Slippery Jim DiGriz that featured among other things gloves with custom fingerprints. Of all the books I've read, I didn't really expect the Stainless Steel Rat to be the most prophetic.

CraigApril 19, 2018 10:10 AM

The thing I find most interesting about fingerprint identification in general is that there is not, as far as I know, any actual proof that fingerprints are unique.

HoldthedoorApril 19, 2018 10:27 AM

@Craig

That's right. Fingerprint identification is junk science. Whether this makes it junk law is a different question since the legal standards of evidence are different from the scientific standards of evidence. No one anymore believe that it is possible to positively identify a person from a fingerprint alone or to be more precise no one any longer believes that it is possible to use a fingerprint to positively exclude all other possible members of the human species. This is both a function of the limited set in a database and definitional properties of fingerprints themselves. Fingerprints should be seen like DNA. We can talk about probabilities (and probabilities that are far more common than DNA) but probabilities are all we have.

VApril 19, 2018 10:37 AM

@Slag:
> Of all the books I've read, I didn't really expect the
> Stainless Steel Rat to be the most prophetic.

You never know if it's science fiction until it becomes true.

neillApril 19, 2018 11:59 AM

this technique, like most others, can also be used to frame innocent people - just submit a pic of someone's hand you dislike

'biometrics' are not the holy grail the sec industry wants consumers (and politics) to believe - and buy

anyone remembers the movie "gattaca" and their portable DNA test devices? or a CSI miami (?) episode with 'triplets'?

SApril 19, 2018 12:17 PM

Anybody remember when they did that with Lead? As in the lead in the bullets in your gun is the same as the lead in the bullet the victim was shot with. A lot of folks got convicted before it was disproven as junk science.

Denton ScratchApril 19, 2018 12:20 PM

I am not at all comfortable about the idea of using 'image enhancement' in the processing of legal evidence. Isn't that tantamount to tampering with evidence?

Nickie HalflingerApril 19, 2018 1:06 PM

"Of all the books I've read, I didn't really expect the Stainless Steel Rat to be the most prophetic. "

Try Shockwave Rider by John Brunner.

We just need to get to a society described by the finale in the book.

Jarrod FratesApril 19, 2018 1:15 PM

@Denton Scratch:

Not necessarily. There are times when law enforcement makes changes to a crime scene in order to gather more evidence, such as dusting for prints or spraying luminol to identify the location of bodily fluids. These add substances to the crime scene (thus altering the scene) while making visible something that would be difficult or impossible to see otherwise.

It all comes down to the process. Can others replicate the process on the same source data? Can they achieve comparable results on different data? What qualities do the data require to achieve a useful result?

The image in the BBC link showed a clear plastic with patterns from which they apparently recovered enough of the tip fingerprint to match to a suspect. While impressive if true, I don't think it's that much of a leap from when Canadian law enforcement, with help from a German university, was able to unswirl an obscured image to reveal the face of a suspected pedophile. It's a matter of properly reconstructing the underlying image with known information about the distortions.

wumpusApril 19, 2018 2:01 PM

@.

I recently got a jury duty summons. Maybe I'll find just how badly CSI-type shows have spoiled juries into expecting "magical junk science" to prove a defendant guilty vs. standard police work.

Then again, considering just how unquestionable eyewitnesses and confessions are in the eyes of the law, "junk science" could well be an improvement.

Clive RobinsonApril 19, 2018 3:11 PM

@ Craig,

The thing I find most interesting about fingerprint identification in general is that there is not, as far as I know, any actual proof that fingerprints are unique.

There does not need to be proof, just probability of difference. The actual fingerprint is rarely used for identification or evidence. Because it would be at best extreamly difficult to do an "overly match" made by the same finger just moments appart.

If you think about it skin is quite pliable and can in the fingers and toes change shape under certain conditions such as immersing (which is now thought to be done by the body via a closed loop nervous response, to increase gripping surface and also reduce heat loss). Thus the impression A finger would leave is very dependent on small changes in angle, preasure and the texture, shape, temp etc of the surface etc.

Thus direct comparison of those two overlays have a high probability of not directly matching. This generally does not worry the human eye/brain as we recognise more by ratios of features that direct matching.

Over something like two centuries agreed standard patterns such as whorls, arches, etc have been agreed. Thus a finger print is described by what pattern features it does and does not have. Thus a so called accaptable match might be the number of features. Without going into the minutiae of it this system alows the matching of partial prints where say only a sixth of a finger print is recoverable for a large number of reasons.

Thus the actuall number of recorded prints that have to be "matched by eye" is a very very small subset of those in the card index / database.

The next stage falls to being "a matter of opinion" in the legal sense given as "expert testimony". I can not recall of any case which I've had even fairly distant contact with where such expert opinion has been called into question by the defence. Why I don't know because there have been quite a few cases recorded where when challanged and the actuall full original images have been produced infront of a jury, the jury have not been impressed with the supposed expert opinion.

Worse tests have been carried out where when fingerprints have been brought in for testing it's been let slip as to weather they are being tested for match or elimination and supprise supprise there is a high correlation in which direction the expert opinion varies... Thus it would appear the expert opinion can be biased fairly easily.

It's the sort of thing which screams out for "Blackbox AI" where "the computer says yes" but no testable explanation as to why thus the computer can be used as a "magical shield" which is the sort of thing many senior LEO's are despetate for to "make their teams more efficient" and "increase the clearup rate" all for less resources... The fact that the false positives go up matters not a lot when it comes to the US justice system as a prosecuter will use the bargening process to get a conviction through fear rather than ever have evidence that is nothing of the sort presented and challenged in court. To say this gives prosecutors a massive advantage in balance of arms is like saying it's a fair fight between plankton and the whale that feeds off of it.

I've had a passing interest in fingerprint systems getting on for half a century when I discovered as a child you could make a good mould of a human fingerprint of a human finger by using the red wax from the outside of edam cheese. All you have to do is roll a ball of it around in your hand till your body heat softens it such that simply pressing a finger in firmly then gently pulling it out leaving a beautiful inverse mould of the fingers features. Puting it in a freezer hardens it fairly quickly to the point you can give the surface a light film of the likes of WD40 to use as a release agent, then paint the inside of the mould lightly with "rubber solution glue. When set gently peal it out to get what looks like dead skin with the fingerprint on. You can then put on a pair of "rubber gloves" paint their surface with glue and then gently place what looks like the dead finger skin onto the right fingers and places on the glove. When the glue is dry your false finger prints are ready to use, what you now need is fake finger grease. This is comprised of animal oils and protiens and you need both to cover the two basic test. However a cooked chicken will give you suitable oils and fresh uncooked chicken blood which you need to prepare such that it will suspend in the oils. Just lightly dab this on your fake finger prints and press onto a nice clean surface the either dust or squirt the print to see how well you've succeeded...

Over the years I've worked out many ways to fool the majority of forensic tests. The reasons these are oh so easily done is,

1, The processes have overly large amounts of "noise" or "entropy" with a low "true signal" content.

2, The processes are the antithesis of science, in that they try to do the impossible of going back from effect to cause.

Both of these if you give it a moments thought alow "opinion" quite a big leaway...

But worse these opinions get treated as pet theories thus arr cognitively biased, but they also either do not get tested or tested in a way many would consider science. They then become established doctrine rather quickly as there is money to be made on these pet theories. Now as many know it's considered rude to break another mans rice bowl or gut his wifes golden egg laying goose. Thus these pet theories rarely get tested to see if they are wrong. When they do many are to the amazement of other forensic experts found to be false theories. This is then fought by various prosecuters to stop those found guilty by the false theories from getting released from prison any time soon if at all then even harder fought to stop them claiming restitution for their wrongfull conclusions...

So you can perhaps understand why I have a degree of skepticism over forensic opinion.

supersaurusApril 19, 2018 3:26 PM

@Denton Scratch
"...I am not at all comfortable about the idea of using 'image enhancement' in the processing of legal evidence."

define "image enhancement".

it is highly unlikely that you have ever seen an image produced from raw image data without modification, even if you stipulate that demosaicing isn't "enhancement". afaik *all* digital image data from consumer grade devices, e.g. cell phone cameras, non-pro cameras, scanners, etc, is at least enhanced by sharpening and probably by color correction (related to the kind of light the device thinks is present when the data are collected) and non-linear manipulation of brightness levels. (with a pro camera you may have the option of turning off sharpening for example, and possibly other things)

is it "image manipulation" when the camera preprocesses the already processed data before (more manipulation) turning it into a compressed jpeg? sharpening before jpeg can make part or all of a final image something the human visual system can further process before declaring "that's aunt marge!".

once you have processed bytes out of the device then your computer display system further manipulates them so your visual system can acquire and manipulate them.

note this isn't unique to modern digital photographic data either, back in film days what chemicals were used, for how long they were applied and so forth to the film (and if printed, also to the paper) had large effects upon what was discernible in a photograph, how accurate the color was, etc.

in short the idea that image data are magically transferred with no manipulation from the acquiring device into your brain is completely without basis in fact, rather the questions are "how much and what kinds of manipulation were done".

65535April 19, 2018 4:09 PM

@ neill and others

“this technique…can also be used to frame innocent people - just submit a pic of someone's hand you dislike…”

Exactly.

Also this is how the deadly game of swatting occured.

Technically Interesting story but a bit concerning to privacy advocates who dislike NSA style of spy devices used on petty vice crime. The LE enforcement are using nation state style of hardware/software to finger print vice “ecstasy pill” takers or providers, minor auto accident injure cases and of not too distant use on political lawyers, doctors, political activists, subsistence buses centers and physiological professionals and so on.

The story states: “...image” of a man holding "ecstasy" tablets in his palm was found on the mobile of someone...” -BBC

Were the pills fake? Were they real? What image photo shopped? Was had the correct person? What level of controlled substance was supposed included those images [Schedule 1 - CD Lic, Schedule 2 – CD, Schedule 3 - CD No Reg and so on].

How were the “images obtained” i.e., proper legal cause including the privacy rights? Will a conviction occur. Will the police pester or intimidate people into and low level plead barging to climb the police rank ladder. The article doesn’t give much detail.

I Don’t like the trend and possible permutations of parallel construction and the type of warrant used – if any. Quasi nation state tool used by civilian police is not good. The use of nation state style of spy equipment by local police will lead to a race to the bottom on many levels. Tools like this spy equipment can be used for a bad purpose as a hammer aginst a person skull. Not good.

MailmanApril 19, 2018 4:55 PM

I tried to unlock my iPhone by showing my thumb to the front-facing camera, but it doesn't work, no matter how many times I try.

neillApril 19, 2018 5:02 PM

@Clive Robinson

" ... Over the years I've worked out many ways to fool the majority of forensic tests ... "

good work! proves that really nothing is 100%, DNA, facial, fingers, ...

but has anyone ever looked into the math of probabilities?

e.g. lab tech has a 10e3 chance of putting the wrong label on a test-tube, another one double checks - does that make the result 10e6, 10e5, 10e4 probable?

the claim that e.g. DNA proof is 10e9 'unique' always made me laugh - if you look at the whole chain the evidence goes thru, and add up the failings of all people and devices involved you'll end up with a much lower number ...

same applies to evidence from CCD chips, AD converters were just 'in the news' (again) about the inaccurate readouts in telescopes' discoveries

kosApril 19, 2018 6:10 PM

We found a high rez(2+ meg) photo of a cannabis bud with some chap's thumb held up next to it for size comparison.
We sent the photo to fingerprints, and they came back with a name. A friend of the guy who's place we had seized the computer from.
Enough for a conviction on it's own? No.
Enough for a search warrant? Absolutely.
Did the search warrant find said plump buds? Yep.
I don't know about junk science, but I will take the result. As to whether cannabis should result in law enforcement in the first place? Show me the taxes.

PeaceHead (again)April 19, 2018 8:36 PM

Thanks for such an interesting and somewhat cheerful bit of forensic depth.
I remember back when fingerprinting was losing it's luster because of digital database corruption and/or manipulation concerns. But this recent bit is much less dismal, and nice.

I like the idea reaffirmed that REALITY has a thankfully fussy way of reasserting itself, regardless of the subjective windows (or FFT windows) of various tunnelvisions of resolution.

Law enforcement techniques still have a future. And thus, so does law enforcement.

All Lives Matter
Blue Lives Matter
Black Lives Matter

May Peace Prevail Within All Realms of Existence (--from the The Honorable Masahisa Goi)

PeaceHead (again)April 19, 2018 8:39 PM

One quick addition...

If you redefine "photography" in terms of the electromagnetic spectrum, you can get away with all kinds of of technical "wizardy". I'd love to see a time-lapse MRI scan of a sculpture or painting to know what the artist was thinking or doing while creating the piece.

!!survive!!

Security SamApril 19, 2018 11:34 PM

In the times of Horance and Jasper
Sherlock would know where to look
And would use just pencil and paper
To unveil a print in a blank notebook.

65535April 20, 2018 12:53 AM


From the police perspective I have a few questions

“The 28-year-old was among nine people who were sentenced today for more than 20 years at Cardiff Crown Court for their involvement in a conspiracy to supply cannabis. Two others, who were found not guilty of being involved in the conspiracy, were sentenced for separate drugs offences.”-south Wales police [SWP]

Two others were found not guilty…sentenced for a separate drug offense… That is very handy almost to handy. A little parallel construction going on with this case.

“to forensically link Elliot Morris, from the West Midlands, back to a gang who were supplying large amounts of cannabis in Bridgend.” SWP

Is this forensic work spying on all phone conversations via the GCHQ or NSA? Possibly an informant who was disgruntled with diluted amphetamines or cake sugar?

I also don’t see an exact definition MDA or MDMA

“MDMA Ecstasy (abbreviated E, X, or XTC) not specifically named but covered by the ban of alkylenedioxy-substituted phenethylamines [a wide range of ethical treatments and test only substances]"

“MDA [No street name] not specifically named but covered by the ban of alkylenedioxy-substituted phenethylamines [a wide range of ethical and test only substances] ”- Wikipedia

https://en.wikipedia.org/wiki/Drugs_controlled_by_the_UK_Misuse_of_Drugs_Act

“The following were sentenced at Cardiff Crown Court for conspiracy to supply cannabis:
• Joe Rees Thomas, 25, of Laing Street, Kenfig Hill – who was also convicted of producing cannabis and possessing cocaine – was jailed for 27 months;
• Aaron McKay, 22, of Pyle Inn Way, Pyle, was jailed for 27 months;
• Danial Jenkins, 26, of Caer Wetral, Kenfig Hill, was jailed for eight months;
• Nathan Burgess, 26, of Pyle Inn Way, Pyle – also convicted of possessing a Class B drug – was jailed for nine months;
• Michael Rouse, 31, or Tairfelin, Wildill, was jailed for nine months;
• Jonathan Scanlon, 27, of Willow Close, North Cornelly – who also admitted possessing cocaine with the intent to supply – was jailed for 30 months; [How old was this trail and case? -Ed]
• Elliott Morris, 28, of Redditch, Worcestershire – who was also convicted of possessing MDMA with intent to supply and possessing cocaine – was jailed for eight-and-a-half years; [How old was this trail and case? -Ed]
• Darren Morris, 51, from Redditch, Worcestershire, was jailed for 27 months;
• Dominique Morris, 44, from Redditch, Worcestershire, was jailed for 12 months.
[and]
“The following were found not guilty of being part of the conspiracy, but were sentenced for the following offences:
• Chazino Suban, 28, of Birmingham, was fined £700 for possessing cannabis and cocaine.
• Rosaleen Abdel-Salam, 25, of Tutnall, Worcestershire, was fined £350 for possessing ecstasy. “ –SWP

Those 8 years went by a bit fast as did the 30 months. No appeals to a higher court?

“...analysis of Mckay’s phone uncovered Whatsapp messages dating back months,..”-SWP

https://www.south-wales.police.uk/en/newsroom/pioneering-fingerprint-technique-helps-south-wales-police-secure-drugs-convictions-11-people/

Was this before a proper warrant was issued?

Why not throw in a bit of Heroin and some dead bodies?

I am not getting a true accounting of the facts from either the BBC or SWP. I smell a bad odor in this pot and “ecstasy” case so to speak.

TordrApril 20, 2018 2:48 AM

For me the most interesting thing is that we now have one more proff of consept for reverse engineering fingerprint from photo.
For an attacker we now have the following scenario:
* Find rich/fameous person with fingerprinting lock.
* Take close up picture of his/her hand as he/she waives at an event.
* Reverse engineer fingerprint.
* Unlock door and install spyware in house/on computer. (Stealing is the easiest, but I think there are more lucrative options now).

Clive RobinsonApril 20, 2018 3:25 AM

@ 65535,

I am not getting a true accounting of the facts from either the BBC or SWP. I smell a bad odor in this pot and “ecstasy” case so to speak.

You noticed the difference in sentencing from just 30 months to 102months for "possessing with intent to supply"?

Most likely that is the UK version of plea barganing going on in the background.

In the UK you can get reduction in sentencing for admitting your involvment but no way that much. But often more for "helping the police with their enquiries". The chances are that 30month sentance was due to having "grassed up" his co-conspiritor, and made him look the "Mr Big" of the conspiracy who then got 102months...

Which if that is what has happened leaves the question of where 30months got the information he used to grass 102months up with...

In the past it's been shown that such a level of knowledge to get that much of a discount on a sentence means that the person getting the discount was the one with real brains in the organisation. As they had planned their "get out of jail" plan long before the conspiracy realy got going. Which would have ment they were also behind the whole opperation in the first place and the "real leader out of the limelight" or "the power behind the throne" as it were.

These days it might mean they were carefull with the way they communicated, that is "old school OpSec" not "new school tec" thus there was little electronic evidence against them.

Or the even more modern way, they are the ones who are being used to do a little coveringup for "information from other sources".

Which ever way we are not likely to find out, but that disparity in sentencing will have a cause behind it somewhere.

But one thing to remember, a phone is an "electronic ball and chain" around your ankle if you don't take the "proper" precautions.

Why do I say "proper" because the police have --been-- woken up to the fact that the phone talks about the users habits and that any change in usage means the user was doing something out of their normall habits.

For instance a group of girls plan their friday night out more or less the same way and then do the morning after routine the same way in a very predictable way week after week. You can see any changes --Alice got lucky / Betty had to stay at Clairs /etc-- in changes in the patterns and most often which girl is being talked about the most as her communications will be initially less than normal whilst the others slightly more than normal (dishing the dirty behind her back etc). How things change over the next few days tells you more. That is just whith a list of calls made from person to person their time and duration. No location or other meta data and certainly no content data.

If you are going to appear normal in that you would have to be quite thoughtfull and have planned well. Thus better to have planned an explainable exception that the group is aware of thus has an appropriate behaviour pattern for. Suddenly stopping communications is not going to look good even if it is innocent.

Thus you realy need to treat your phone as "a lawyer" and only let it know what it needs to know and always rember it remembers all and can not keep secrets even when it should.

WinterApril 20, 2018 3:36 AM

Why do fingerprints work in forensics?
Because criminals tend to be stupid and good OPSEC is hard.

But all this lamenting on "bad forensics" here seems to gloss over the fact that "good forensics" does not cure bad laws (everything in recreational drugs) and does even less in a broken judicial system (USA, and UK?).

The USA criminal system is broken. No amount of science and good forensics can mend that.

WinterApril 20, 2018 3:50 AM

@Clive
"But one thing to remember, a phone is an "electronic ball and chain" around your ankle if you don't take the "proper" precautions."

Just yesterday, the Dutch courts have sentenced a criminal based on decrypted PGP phone messages. No English reports. Here is the Dutch report:
https://www.nrc.nl/nieuws/2018/04/19/veroordeling-noffel-van-groot-belang-voor-justitie-en-politie-a1600105

These criminals were convinced the phones were unbreakable so they spoke their minds openly and wrote down everything they were planning to do in these messages. Nothing is left to the imagination. The crucial point is that the messages allowed the police to back up a 100% the crown witness that had spilled the beans on the organization.

This was all based on this heist (in English) where Dutch forensics were able to crack PGP phones:
https://blog.cyberwar.nl/2017/05/new-arrests-in-the-netherlands-for-providing-crypto-phones-to-the-underworld/

Lesson: Never ever speak out your criminal plans in the clear over any non-ephemeric communication channel.

Jon (fD)April 20, 2018 4:08 AM

One does wonder if plea bargains can be retracted on the grounds that they were extracted under duress. J.

echoApril 20, 2018 7:22 AM

@Clive

Medical and beaurocratic systems suffer from the same issues you describe (and Bruce describes in his new topic on voting systems). The same patterns are there as is in some cases outright medical fraud and passing the blame to low level box tickers, or in beaurocratic systems apssing the blame to low level officials instead of decision makers where the originating discriminatory lack of governance actually began.

I am aware of one medical "expert" who has been cited as an authority who based his "expertise" on what was at the time a known iffy study. This was used as the basis for protocol and funding policy to be rigged in a way which was both inadequate and cheap to the point where pateitns were essentially beaten into submission and silence. A study two years ago was published which unequivicably proved the original "expert" wrong and that indeed patients had had inadequate healthcare forced upon them for over a decade.

There is a little more to this story and it does involve one of the most senior doctors in the country misleading a parliamentary select committee and thousands of patients being intimated and defrauded of healthcare.

Coincidentally, the same cohort of "experts" have done very well out of their own private practice which, funnily enough, pays no attention to the "expert" opinion they advocated elsewhere.

albertApril 20, 2018 8:50 AM

@Jon fD,
"...One does wonder if plea bargains can be retracted on the grounds that they were extracted under duress. J...."
Not if your attorney allows you to. Plea bargains are a sick joke; a way to boost conviction rates on weak cases.
..
@Anyone,
Clive is spot on re: fingerprints. Worse, fingerprints are now 'checked' by -computers-, not human experts. And -probabilities- are the final arbiter in deciding a match, just as with DNA. The final straw is the amount of time and money spent on prosecuting people for selling marijuana. And don't even get me started on the prison systems.

The unfettered privatization (and consequent monetization) of our countries will be their undoing.

. .. . .. --- ....

albertApril 20, 2018 8:51 AM

@Jon fD,
"...One does wonder if plea bargains can be retracted on the grounds that they were extracted under duress. J...."
Not if your attorney allows you to. Plea bargains are a sick joke; a way to boost conviction rates on weak cases.
..
@Anyone,
Clive is spot on re: fingerprints. Worse, fingerprints are now 'checked' by -computers-, not human experts. And -probabilities- are the final arbiter in deciding a match, just as with DNA. The final straw is the amount of time and money spent on prosecuting people for selling marijuana. And don't even get me started on the prison systems.

The unfettered privatization (and consequent monetization) of our countries will be their undoing.

. .. . .. --- ....

echoApril 20, 2018 9:50 AM

My sense is a lot of the issues are because of "protecting the fortress". Careers and the organisation chart becomes a higher priority than the citizen.

As far as "rights" in the UK are concerned I was told verbally (i.e. avoiding leaving a potentially career destroying paper trail) by a senior doctor that if "rights" were mentioned that every door will slam.

When the issue of the constititional dividing line between the state and a citizen came up I was personally bulldozed by a lawyer who, in theory, has professional standards to uphold and was supposed to be representing me, the client, who forced a change of subject. Coincidentally, this very same lawyer was receiving a six figure grant from the local authority.

While the UK doesn't have a culture of bribary or dependency on the private sector I have experienced pressures which whiff of a financial demand akin in a "if we had a larger budget we wouldn't be so horrible" kind of way.

I am aware of at least one large public sector contract which was awarded to a private sector company who later had to withdraw or go bankrupt where a politician who was an influencer of discussion admitted privately they had pressed for the contract to make it impossible for the private sector who break even let alone make a profit, and therehave been numerous reports stating very clearly that many of the problems with private sector delivery can be found in appallingly bad and sometimes mind boggilingly onerous contracts. I was also told by one private sector specialist who had in the past carried out state sector funded work (and whose business was indirectly threatened by a large specialist within the state healthcare system and inadequate management) that they believed taking on a statesector contract was "not worth the bother". This was extremely annoying as they provided a very well regarded service and were much cheaper than the state sector equivalent which suffers from longstanding and known job protection and sometimes harmful beaurocratic processes, all of which are documented in one form or another by the state organisation itself including at a policy level.

These kinds of broad issues don't exist in France or Germany where there is much less snobbery and dogmatic hatred between the private sector and public sector as in the UK.

65535April 20, 2018 3:01 PM

@ Clive Robinson

“Most likely that is the UK version of plea barganing going on in the background.”- Clive R.

Yes, this plea bargaining game comes in very handy in the states for the reason that no actual evidence is presented. The police make and allegation of wrong doing and hope that the person will cave-in to the charge. This avoids the actual facts in front of a jury which may get the case tossed out of court.

“one thing to remember, a phone is an "electronic ball and chain" around your ankle if you don't take the "proper" precautions.”- Clive R.

Yes it is.

“…you realy need to treat your phone as "a lawyer" and only let it know what it needs to know and always rember it remembers all and can not keep secrets even when it should.”-Clive R.

I agree.

With the huge Utah spy facility it may be possible to store a year’s worth of the world’s communications – remember the discussion about the 1.5 million square feet of space and how many micro-SD chips or thumb drive chips that could potentially be housed – the GCHQ/NSA could be monitoring all cell phone calls. It may not be exactly legal but it could be enough for the parallel construction game and a Plea bargain case.

I am very dubious as to exactly what happened in this "Pot – Ecstasy" case. In the States such casual spices as Pot and designer drugs doesn't make headlines and in some parts Pot is legal in certian amounts. I would actually like to see more than a picture of someone’s hand. It may be possible to enlarge a mega pixel photo to the point of seeing some finger prints but that is not the whole story.

Clive RobinsonApril 20, 2018 3:33 PM

@ Neil,

e.g. lab tech has a 10e3 chance of putting the wrong label on a test-tube, another one double checks - does that make the result 10e6, 10e5, 10e4 probable?

The problem for many trying to get their heads around it, is deciding "what is a dependent and what is an independent trial" (balls in the jar etc) but also how you take more than one probability and get the rrsults to come up right without getty Monty's Goat.

Engineers tend to look at things in ways that make it clearer. They talk of "failure modes" and "their probabilities". That is initially they entirely ignore the probabilities and work out a list of all the possible states. They then order and reduce the states by commonalities (single points of failure etc). Frequently this step is done before or as part of the outline design stage (so there are no probabilities just gestimates based on experience).

Take for instance a 747 aircraft with four engines, you first find the "failure modes". Thus if you decide that the engine modes are in a "working or failed" state it's a binary option therefore four engines that can be in one of two states gives you 4^2 or 2^4 which ever way you are counting it --engines / states--. You then examine each mode to find out it's individual probability[1]. From this you can then work out the "probability profile". It's a profile because at some point each engine is independent of the others but at other points dependent on common items, thus there can not be a single probability.

To take your technician case of a one in a thousand error rate at each step. Usually tests are designed so that the steps are,

1, Independent of each other.
2, Performed in sequence.

So from point 1 the number of steps would give you your failure modes, which with four binarry results as above would give you 16 failure modes to consider. We will ignore for now the hidden "fifth step" from point 2 of getting and keeping the steps in sequence.

So if the probabillity of error at each step is 1/1000 and you walk through the steps, there is only one of the sixteen modes that is a pass. It has four independent steps in that mode each with the same 1/1000 probability, therefore a one in 1/250 chance of not having failed at some point (ie 1/1000 + 1/1000 + 1/1000 + 1/1000).

The point is we know from the Space Shuttle disaster, nobody actually works these things out. They are actually all "informed opinion" or as with some managment types "numbers that feal right".

That's right folks, "if the number does not feel right, then it does not fly"...

Can I say "software scrum" meeting at this point without having to invoke the "Duck and Cover" rule against certain software types?

[1] This is an over simplification for a couple of reasons. Firstly the enginees all have certain things they share thus have things in common so you would have more modes. Secondly engines can have partial failures that can be worked with for a time or at lower output etc. Thirdly the same engine will have slightly different probabilities depending on which of the four positions it is in, as a consequence of having spinning parts and a number of other factors.

echoApril 20, 2018 4:37 PM

After I commented the Guardian reported a few hours later that Allied Healthcare had gone bust. This story was a complete coincidence. As this issue is too far off topic I won't comment more.

echoApril 20, 2018 4:41 PM

@65535

From what I can tell following GCHQ comments after the Cyril Smith scandal GCHQ will not release information to a prosecuting authority unless it is within its remit of "national security". I do not know what the current official (or unofficial) policy of GCHQ is, nor how this may or may not relate to the US-UK agreement with respect to none "national security" prosecutions.

RogerApril 21, 2018 12:54 AM

There is nothing enormously surprising in this: obvious if a photograph is of good enough quality then it can be used to form an image of a fingerprint; and once you have that image, the way it was captured has little bearing on the ability to identify it.

However, this part is worrying:

Despite being provided with only a very small section of the fingerprint which was visible in the photograph, the team were able to successfully identify the individual.

Fingerprint matching is not done by sliding digital transparencies over one another, a la CSI. It is rarely the case that a print is clear enough to do that, and in any case it wouldn't help with the most important step: finding the best match in the database.

Rather, print matching is done by coding the "minutiae" of the print in a systematic way so that the database can be searched for a corresponding set of such minutiae. The system for doing this was the key idea that turned fingerprinting into a valuable forensic tool. However it is a "lossy compression" method, and even from the earliest days there was concern about the possibility of coincidental false matches.

To avoid such a false match, the official Home Office standards long stipulated a minimum number of points of agreement (and of course none in disagreement) such that the likelihood of a false positive (should be) negligible. For a long time the standard in the UK was 16 points -- same as France and Italy, but slightly more than many other countries. It is sometimes claimed that the number 16 is arbitrary, but it is not. It was based on the highest number of coincidental agreements found in actual records: 10 agreements, and no discrepancies likely to appear on a typical partial print. Applying some statistical calculations to estimate a safe margin of error, they arrived at 16 as a reasonable minimum.

However from the late 1980s there was agitation to lower this standard, which was claimed to be too strict and to be preventing fingerprint officers from making successful identifications. This campaign was so successful that since 2001, there has no longer been any number of points of agreement required to match a fingerprint in the UK. It has instead been replaced by a "Quality Management System" which in practice allows a fingerprint officer to state his opinion on an identification based on any facts that he considers relevant.

It is generally unlikely that a single, blurrily enhanced partial print would have a sufficient number of points of agreement to provide a positive identification. Hence one must suspect that Morris was actually identified based on some unstipulated degree of similarity to the partial print plus the fact that he was already a suspect. This is a dangerous road to go down and could easily lead to miscarriages of justice.

But fortunately, this wasn't the only evidence on which Elliott Morris was sentenced to eight and half years:

... had almost £20,000 hidden in bitcoin accounts – the majority of which, Elliott admitted, was gained from his illegal drug sales.

Ah. One of those.

RatioApril 21, 2018 6:30 AM

I did a double take scrolling past this bit:

So if the probabillity of error at each step is 1/1000 and you walk through the steps, there is only one of the sixteen modes that is a pass. It has four independent steps in that mode each with the same 1/1000 probability, therefore a one in 1/250 chance of not having failed at some point (ie 1/1000 + 1/1000 + 1/1000 + 1/1000).

That’s nonsense. P(success) = (1 - (1 / 1000))4.

Bauke Jan DoumaApril 21, 2018 7:28 AM

They never seem to be able to catch white collar criminals this way. Odd.

echoApril 21, 2018 7:31 AM

@Roger

There is European court case law where the UK government was done over the issue of "tests" and scientific validity which caused things to be reframed as a "heuristic". Nothing actually changed. No "experts" suddenly became more expert. No documentation suddenly appeared out of nowhere. No extra auditable information was produced. History and context, and previous abuses of power mysteriously evaporated which neatly headed off public inquiries and court action for compensation. I cannot help wondering if the issues are connected.

Around this time there were a lot of abuses of power and discrimination. The worst excesses no longer happen routinely. Abuse still happens and core lessons arestill not being learned. In some cases the "lessons learned" are not used to improve issues but create backdoors for getting state officials "off" the next time this happens.

This past week I read of two severe incidents in my local newspaper which strongly suggest authorities are not getting a clue. Why does it take a death or a violent incident, and media exposure for them to comprehend?

echoApril 21, 2018 7:41 AM

@Bauke Jan Douma

In the UK the large discrepancy between white collar and other crime prosecutions was a big media issue at one point for a very brief time before the pressure of news events caused this to be buried and forgotten.

Another issues is disparity in access to state services. Even where access is equal between rich and poor areas studies have been done in the UK which prove an annual drift of 5% (to the best of my memory) away from poor areas towards rich areas within areas under local government control. Of course, this adds up over time and compounds discrepencies as poor areas fall further and further behind and burdens accumulate.

65535April 21, 2018 8:31 AM

@ Roger
“fortunately, this wasn't the only evidence on which Elliott Morris was sentenced to eight and half years:” ... had almost £20,000 hidden in bitcoin accounts – the majority of which, Elliott admitted, was gained from his illegal drug sales.”’

On the finger print side I agree with some of your points. Long ago the points of match in the States was as low as 7 ~ not very accurate.

On other points I will have to differ :

The 8 years in jail thing.

According to SWP Elliot Morris was convicted and did 8.5 years in jail. SWP said in their cached statement:

Elliott Morris, 28, of Redditch, Worcestershire – was jailed for eight-and-a-half years; [How old was this trail and case? -Ed]

See my post above.

“estimated value of the retail market for cocaine in the EU is at least EUR 5.7 billion (range EUR 4.5–7 billion).” – emcdda europa

http://www.emcdda.europa.eu/publications/eu-drug-markets/2016/online/cocaine/consumer-market-for-cocaine-in-europe_en

20K is not exactly huge.

And

BTC – GBP 6,251.79 or 20000 GBP/6252 = 3.19 bitcoins.

http://markets.businessinsider.com/currencies/btc-gbp

3.2 Bitcoins doesn’t sound that much. I am sure mUch larger deals exist.

I wonder how much the SWP spent on the case in man hours to GBPs?

MeherApril 21, 2018 11:17 PM

Clive Robinson writes:

> I can not recall of any case which I've had even >fairly distant contact with where such expert > opinion has been called into question by the >defence. Why I don't know because there have been >quite a few cases recorded where when challenged >and the actual full original images have been >produced in front of a jury, the jury have not been >impressed with the supposed expert opinion.


Dear Clive, thankyou for this.
In my job I occasionally had to work alongside the police. One Detective, or possibly a Search and Rescue copper, mentioned conversationally :

'if someone you know ever finds themselves in court, and the prosecution claim they found a finger print, forensics matched it blahblah blah - never accept that the experts said something so it must be true. always insist the original print be demonstrated to the court. More often than not you'll find theres no justifiable correlation'

He included as part of the same theme, that CSI tv shows are a form of brainwashing that have people believing that fingerprints can be picked up from anywhere. In fact, many surfaces don't hold a legible print - at least not in a way that can be recovered

It's all about points of proof to secure a prosecution. Identification [x person + x activity] is several primary points of proof - fingerprints go a long way towards establishing this


For ratio...April 22, 2018 3:16 AM

Quote,

That’s nonsense. P(success) = (1 - (1 / 1000))4.

However it was not success we were talking about but change in odds of failure from one in one thousand for a single step to that of for steps.

So we were actually looking for the probability it would be at fault / fail not success. But anyway we can work fail out from success easily enough,

So to work it out your way for "success",

1, 1 / 1000 = .0010
2, 1 - 0.0010 = 0.9990
3, 0.9990^4 = 0.9960

Then convert to "fail",

4, 1 - 0.9960 = 0.0040
5, 1 / 0.0040 = 250

Which is the one in two fifty or 1/250 mentioned. Which is four times worse than the four individual steps at one in a thousand.

There are usually faster ways to get to the same approximate argument often called engineering rules of thumb, used to "sanity check" long hand calculations. The paragraph above will give you a clue as to what it is but to rub it in a little lets say there were 10 steps... My rule of thumb says in less than a blink of an eye it should come out around one in a hundred.

Your maths "for success" says,

1, 1 / 1000 = .0010
2, 1 - 0.0010 = 0.9990
3, 0.9990^10 = 0.990

So "for fail",

4, 1 - 0.990 = 0.01
5, 1 / 0.01 = 100

Funny they agree again... I'm sure others can see what the rule is by now and thus why it's a lot quicker.

We see similar rules of thumb in most engineering subjects and even crypto has some with the "half the bits" guestimate for the Birthday Paradox.

Anyway I'm very tired through being rushed in to hospital (sepsis and sceptic shock) and have been for several days. Therefore I'm not going to enter into one of your endless protracted and pointless arguments you appear to get some wierd self pleasure out of that even @Moderator has cautioned you about in the past. So unless you want to waste large amounts of blog space and upset other users I suggest you stop now, but your history suggests you will probably not.

RatioApril 23, 2018 6:00 AM

@Clive Robinson, a.k.a. @For ratio...,

Obviously this paragraph is talking about the probability of failure, not success:

So if the probabillity of error at each step is 1/1000 and you walk through the steps, there is only one of the sixteen modes that is a pass. It has four independent steps in that mode each with the same 1/1000 probability, therefore a one in 1/250 chance of not having failed at some point (ie 1/1000 + 1/1000 + 1/1000 + 1/1000).

And saying there’s “a one in 1/250” chance of “success”, which clearly means “failure”, makes perfect sense.

Finally, of course, the probability of not failing at some point —that is, failing at some point— equals 4 × (1 / 1000), which also happens to be the probability of failure at a single point. Since the final sentence of the paragraph quoted above has been flawless so far, it is laughable to even suggest this was yet another error. QED.

Update: the exact answer was actually an approximation but regrettably there was no room for the word “about”, much less for an explanation of why —in these examples— it is that n / p ≈ (1 - (1 / p))n. Besides, accuracy and knowing when and why you can take which shortcuts is for losers and their newfangled calculators.

By the way, I do appreciate the transparency of saying that the aim of part of your latest comment was “to rub it in a little” before going on to make accusations and proclaim victimhood.

I’ll now return to my habit of scrolling past your commentary.

RatioApril 23, 2018 6:22 AM

n / p ≈ (1 - (1 / p))n

That should read, n / p ≈ 1 - (1 - (1 / p))n. (But, hey, it’s all the same anyway, right?)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.