Human Ear Biometric
I have no idea how good this biometric actually is.
Entries Tagged "identification"
Page 11 of 27
Tagging People with Invisible Ink
In Montreal, police marked protesters with invisible ink to be able to identify them later. The next step is going to be a spray that marks people surreptitiously, maybe with SmartWater.
EDITED TO ADD (12/14): Official explanation.
Identifying Speakers in Encrypted Voice Communication
I’ve already written how it is possible to detect words and phrases in encrypted VoIP calls. Turns out it’s possible to detect speakers as well:
Abstract: Most of the voice over IP (VoIP) traffic is encrypted prior to its transmission over the Internet. This makes the identity tracing of perpetrators during forensic investigations a challenging task since conventional speaker recognition techniques are limited to unencrypted speech communications. In this paper, we propose techniques for speaker identification and verification from encrypted VoIP conversations. Our experimental results show that the proposed techniques can correctly identify the actual speaker for 70-75% of the time among a group of 10 potential suspects. We also achieve more than 10 fold improvement over random guessing in identifying a perpetrator in a group of 20 potential suspects. An equal error rate of 17% in case of speaker verification on the CSLU speaker recognition corpus is achieved.
Outing a CIA Agent
Interesting article on how difficult it is to keep an identity secret in the information age.
The Effects of Social Media on Undercover Policing
Social networking sites make it very difficult, if not impossible, to have undercover police officers:
“The results found that 90 per cent of female officers were using social media compared with 81 per cent of males.”
The most popular site was Facebook, followed by Twitter. Forty seven per cent of those surveyed used social networking sites daily while another 24 per cent used them weekly. All respondents aged 26 years or younger had uploaded photos of themselves onto the internet.
“The thinking we had with this result means that the 16-year-olds of today who might become officers in the future have already been exposed.
“It’s too late [for them to take it down] because once it’s uploaded, it’s there forever.”
There’s another side to this issue as well. Social networking sites can help undercover officers with their backstory, by building a fictional history. Some of this might require help from the company that owns the social networking site, but that seems like a reasonable request by the police.
I am in the middle of reading Diego Gambetta’s book Codes of the Underworld: How Criminals Communicate. He talks about the lengthy vetting process organized crime uses to vet new members—often relying on people who knew the person since birth, or people who served time with him in jail—to protect against police informants. I agree that social networking sites can make undercover work even harder, but it’s gotten pretty hard even without that.
Identifying People by their Writing Style
The article is in the context of the big Facebook lawsuit, but the part about identifying people by their writing style is interesting:
Recently, a team of computer scientists at Concordia University in Montreal took advantage of an unusual set of data to test another method of determining e-mail authorship. In 2003, the Federal Energy Regulatory Commission, as part of its investigation into Enron, released into the public domain hundreds of thousands of employee e-mails, which have become an important resource for forensic research. (Unlike novels, newspapers or blogs, e-mails are a private form of communication and aren’t usually available as a sizable corpus for analysis.)
Using this data, Benjamin C. M. Fung, who specializes in data mining, and Mourad Debbabi, a cyber-forensics expert, collaborated on a program that can look at an anonymous e-mail message and predict who wrote it out of a pool of known authors, with an accuracy of 80 to 90 percent. (Ms. Chaski claims 95 percent accuracy with her syntactic method.) The team identifies bundles of linguistic features, hundreds in all. They catalog everything from the position of greetings and farewells in e-mails to the preference of a writer for using symbols (say, “$” or “%”) or words (“dollars” or “percent”). Combining all of those features, they contend, allows them to determine what they call a person’s “write-print.”
It seems reasonable that we have a linguistic fingerprint, although 1) there are far fewer of them than finger fingerprints, 2) they’re easier to fake. It’s probably not much of a stretch to take that software that “identifies bundles of linguistic features, hundreds in all” and use the data to automatically modify my writing to look like someone else’s.
EDITED TO ADD (8/3): A good criticism of the science behind author recognition, and a paper on how to evade these systems.
Developments in Facial Recognition
Eventually, it will work. You’ll be able to wear a camera that will automatically recognize someone walking towards you, and a earpiece that will relay who that person is and maybe something about him. None of the technologies required to make this work are hard; it’s just a matter of getting the error rate down low enough for it to be a useful system. And there have been a number of recent research results and news stories that illustrate what this new world might look like.
The police want this sort of system. I already blogged about MORIS, an iris-scanning technology that several police forces in the U.S. are using. The next step is the face-scanning glasses that the Brazilian police claim they will be wearing at the 2014 World Cup.
A small camera fitted to the glasses can capture 400 facial images per second and send them to a central computer database storing up to 13 million faces.
The system can compare biometric data at 46,000 points on a face and will immediately signal any matches to known criminals or people wanted by police.
In the future, this sort of thing won’t be limited to the police. Facebook has recently embarked on a major photo tagging project, and already has the largest collection of identified photographs in the world outside of a government. Researchers at Carnegie Mellon University have combined the public part of that database with a camera and face-recognition software to identify students on campus. (The paper fully describing their work is under review and not online yet, but slides describing the results can be found here.)
Of course, there are false positives—as there are with any system like this. That’s not a big deal if the application is a billboard with face-recognition serving different ads depending on the gender and age—and eventually the identity—of the person looking at it, but is more problematic if the application is a legal one.
In Boston, someone erroneously had his driver’s licence revoked:
It turned out Gass was flagged because he looks like another driver, not because his image was being used to create a fake identity. His driving privileges were returned but, he alleges in a lawsuit, only after 10 days of bureaucratic wrangling to prove he is who he says he is.
And apparently, he has company. Last year, the facial recognition system picked out more than 1,000 cases that resulted in State Police investigations, officials say. And some of those people are guilty of nothing more than looking like someone else. Not all go through the long process that Gass says he endured, but each must visit the Registry with proof of their identity.
[…]
At least 34 states are using such systems. They help authorities verify a person’s claimed identity and track down people who have multiple licenses under different aliases, such as underage people wanting to buy alcohol, people with previous license suspensions, and people with criminal records trying to evade the law.
The problem is less with the system, and more with the guilty-until-proven-innocent way in which the system is used.
Kaprielian said the Registry gives drivers enough time to respond to the suspension letters and that it is the individual’s “burden’” to clear up any confusion. She added that protecting the public far outweighs any inconvenience Gass or anyone else might experience.
“A driver’s license is not a matter of civil rights. It’s not a right. It’s a privilege,” she said. “Yes, it is an inconvenience [to have to clear your name], but lots of people have their identities stolen, and that’s an inconvenience, too.”
IEEE Spectrum and The Economist have published similar articles.
EDITED TO ADD (8/3): Here’s a system embedded in a pair of glasses that automatically analyzes and relays micro-facial expressions. The goal is to help autistic people who have trouble reading emotions, but you could easily imagine this sort of thing becoming common. And what happens when we start relying on these computerized systems and ignoring our own intuition?
EDITED TO ADD: CV Dazzle is camouflage from face detection.
iPhone Iris Scanning Technology
No indication about how well it works:
The smartphone-based scanner, named Mobile Offender Recognition and Information System, or MORIS, is made by BI2 Technologies in Plymouth, Massachusetts, and can be deployed by officers out on the beat or back at the station.
An iris scan, which detects unique patterns in a person’s eyes, can reduce to seconds the time it takes to identify a suspect in custody. This technique also is significantly more accurate than results from other fingerprinting technology long in use by police, BI2 says.
When attached to an iPhone, MORIS can photograph a person’s face and run the image through software that hunts for a match in a BI2-managed database of U.S. criminal records. Each unit costs about $3,000.
[…]
Roughly 40 law enforcement units nationwide will soon be using the MORIS, including Arizona’s Pinal County Sheriff’s Office, as well as officers in Hampton City in Virginia and Calhoun County in Alabama.
Man Flies with Someone Else's Ticket and No Legal ID
Last week, I got a bunch of press calls about Olajide Oluwaseun Noibi, who flew from New York to Los Angeles using an expired ticket in someone else’s name and a university ID. They all wanted to know what this says about airport security.
It says that airport security isn’t perfect, and that people make mistakes. But it’s not something that anyone should worry about. It’s not like Noibi figured out a new hole in the airport security system, one that he was able to exploit repeatedly. He got lucky. He got real lucky. It’s not something a terrorist can build a plot around.
I’m even less concerned because I’ve never thought the photo ID check had any value. Noibi was screened, just like any other passenger. Even the TSA blog makes this point:
In this case, TSA did not properly authenticate the passenger’s documentation. That said, it’s important to note that this individual received the same thorough physical screening as other passengers, including being screened by advanced imaging technology (body scanner).
Seems like the TSA is regularly downplaying the value of the photo ID check. This is from a Q&A about Secure Flight, their new system to match passengers with watch lists:
Q: This particular “layer” isn’t terribly effective. If this “layer” of security can be circumvented by anyone with a printer and a word processor, this doesn’t seem to be a terribly useful “layer” … especially looking at the amount of money being expended on this particular “layer”. It might be that this money could be more effectively spent on other “layers”.
A: TSA uses layers of security to ensure the security of the traveling public and the Nation’s transportation system. Secure Flight’s watchlist name matching constitutes only one security layer of the many in place to protect aviation. Others include intelligence gathering and analysis, airport checkpoints, random canine team searches at airports, federal air marshals, federal flight deck officers and more security measures both visible and invisible to the public.
Each one of these layers alone is capable of stopping a terrorist attack. In combination their security value is multiplied, creating a much stronger, formidable system. A terrorist who has to overcome multiple security layers in order to carry out an attack is more likely to be pre-empted, deterred, or to fail during the attempt.
Yes, the answer says that they need to spend millions to ensure that terrorists with a viable plot also need a computer, but you can tell that their heart wasn’t in the answer. “Checkpoints! Dogs! Air marshals! Ignore the stupid photo ID requirement.”
Noibi is an embarrassment for the TSA and for the airline Virgin America, who are both supposed to catch this kind of thing. But I’m not worried about the security risk, and neither is the TSA.
Fingerprint Scanner that Works at a Distance
Scanning fingerprints from six feet away.
Slightly smaller than a square tissue box, AIRprint houses two 1.3 megapixel cameras and a source of polarized light. One camera receives horizontally polarized light, while the other receives vertically polarized light. When light hits a finger, the ridges of the fingerprint reflect one polarization of light, while the valleys reflect another. “That’s where the real kicker is, because if you look at an image without any polarization, you can kind of see fingerprints, but not really well,” says Burcham. By separating the vertical and the horizontal polarization, the device can overlap those images to produce an accurate fingerprint, which is fed to a computer for verification.
No information on how accurate it is, but it’ll only get better.
Sidebar photo of Bruce Schneier by Joe MacInnis.