Tag Archives: biometric data

Behavior Mining: your smartphone knows you better

Currently, understanding and assessing the readiness of the warfighter is complex, intrusive, done relatively infrequently, and relies heavily on self-reporting. Readiness is determined through medical intervention with the help of advanced equipment, such as electrocardiographs (EKGs) and otherspecialized medical devices that are too expensive and cumbersome to employ continuously without supervision in non-controlled environments. On the other hand, currently 92% of adults in the United States own a cell phone, which could be used as the basis for continuous, passive health and readiness assessment.  The WASH program will use data collected from cellphone sensors to enable novel algorithms that conduct passive, continuous, real-time assessment of the warfighter.

DARPA’s WASH [Warfighter Analytics using Smartphones for Health] will extract physiological signals, which may be weak and noisy, that are embedded in the data obtained through existing mobile device sensors (e.g., accelerometer, screen, microphone). Such extraction and analysis, done on a continuous basis, will be used to determine current health status and identify latent or developing health disorders. WASH will develop algorithms and techniques for identifying both known indicators of physiological problems (such as disease, illness, and/or injury) and deviations from the warfighter’s micro-behaviors that could indicate such problems.

Excerpt from Warfighter Analytics using Smartphones for Health (WASH)
Solicitation Number: DARPA-SN-17-4, May, 2, 2018

See also Modeling and discovering human behavior from smartphone sensing life-log data for identification purpose

Over-eating…Data

U.S. Marine Corps Sgt. A.C. Wilson uses a retina scanner to positively identify a member of the Baghdaddi city council prior to a meeting with local tribal figureheads, sheiks, community leaders and U.S. service members deployed with Regimental Combat Team-7 in Baghdaddi, Iraq, on Jan. 10, 2007. Photo released by DOD

Despite their huge potential, artificial intelligence and biometrics still very much need human input for accurate identification, according to the director of the Defense Advanced Research Projects Agency.  Speaking at  an Atlantic Council event, Arati Prabhakar said that while the best facial recognition systems out there are statistically better than most humans at image identification, that when they’re wrong, “they are wrong in ways that no human would ever be wrong”….

“You want to embrace the power of these new technologies but be completely clear-eyed about what their limitations are so that they don’t mislead us,” Prabhakar said. That’s a stance humans must take with technology writ large, she said, explaining her hesitance to take for granted what many of her friends in Silicon Valley often assume  — that more data is always a good thing.  More data could just mean that you have so much data that whatever hypothesis you have you can find something that supports it,” Prabhakar said

See also DARPA Brandeis Project; Facebook’s collection of biometric information

DARPA director cautious over AI, biometrics, Planet Biometrics, May 4, 2016

Your Biometric Data in Corporate Hands: the class action against Facebook

facebook icon

Secretly amassed the world’s largest private held database of peoples’ biometric data

A federal judge has dismissed a class action lawsuit against Facebook after the California-based social media site claimed there was a lack of personal jurisdiction in Illinois.The plaintiff in the case, Fredrick William Gullen, filed the complaint alleging violations of the Illinois Biometric Information Privacy Act. Gullen is not a Facebook user, but he alleged that his image was uploaded to the site and that his biometric identifiers and biometric information was collected, stored and used by Facebook without his consent. The Illinois Biometric Information Privacy Act, implemented in 2008, regulates the collection, use, and storage of biometric identifiers and biometric information such as scans of face or hand geometry. The act specifically excludes photographs, demographic information, and physical descriptions….

In the Facebook case, no ruling has been made on whether the information on Facebook counts as biometric identifiers and biometric information under the Illinois Biometric Information Privacy Act. Instead, the judge agreed with Facebook that the case could not be tried in Illinois.

However, the company is currently facing a proposed class action in California relating to some of the same questions….How the California class action will play out remains to be seen. California does not yet have a clear policy on biometric privacy.A bill pending in the state’s legislature would extend the scope of the data security law to include biometric data as well as geophysical location, but it has not yet become law.  The question of privacy in regards to biometric information is one that has garnered increasing attention in recent months. On Feb. 4, 2016 the Biomterics Institute, an independent research and analysis organization, released revised guidelines comprising 16 privacy principles for companies that gather and use biometrics data.

Excerpts from Emma Gallimore, Federal judge boots Illinois biometrics class action against Facebook, Legal Newswire, Feb. 22, 2016, 12:15pm

See also the case (pdf)

Banks of the World: Dahabshiil

Dahabshiil outlet in Columbus, Ohio. Image from wikipedia

Dahabshiil…. is now trying to become something bigger: a bank….

Since most Somalis do not own passports (which are in any case far from secure as proofs of identity), Dahabshiil relies on the strength of the clan network. In a country where men can recite their ancestors’ names back fifteen generations, references are an effective way to prove that new customers are who they say they are. After that, their biometric information and fingerprints are stored in a Dahabshiil database, so that later transactions can be verified. Many financial transactions are filmed, in case records are needed later.

This system has fended off bureaucrats determined to believe the worst about the firm and about Somalia, says Mr Duale. But it has not completely warded off controversy. Barclays closed Dahabshiil’s London account in 2013 largely because of worries about its reputation. The British bank did not want to risk being associated with car bombs and warfare in Somalia. After an outcry, and a court case, the two firms reached a settlement—but Barclays did not reopen the account. Mr Duale is now coy about how the firm banks in the West, refusing to reveal the identity of his partners…Zakaria Hussein Ali, the local chief operations officer, explains in a broad London accent how Dahabshiil is like an 18th-century European family bank—relying on trust and careful management to get by. He says he hopes that by the end of the century, Dahabshiil will be as big as HSBC or Citigroup is now. Such grandiose ambitions show how far it has already come.

Banking in Africa: Transfer Window, Economist,  Oct. 17, at 78

The Transparent Individual

x ray brain

By integrating data you want into the visual field in front of you Google Glass is meant to break down the distinction between looking at the screen and looking at the world. When switched on, its microphones will hear what you hear, allowing Glass to, say, display on its screen the name of any song playing nearby…It could also contribute a lot to the company’s core business. Head-mounted screens would let people spend time online that would previously have been offline. They also fit with the company’s interest in developing “anticipatory search” technology—ways of delivering helpful information before users think to look for it. Glass will allow such services to work without the customer even having to reach for a phone, slipping them ever more seamlessly into the wearer’s life. A service called Google Now already scans a user’s online calendar, e-mail and browsing history as a way of providing information he has not yet thought to look for. How much more it could do if it saw through his eyes or knew whom he was talking to…

People may in time want to live on camera in ways like this, if they see advantages in doing so. But what of living on the cameras of others? “Creep shots”—furtive pictures of breasts and bottoms taken in public places—are a sleazy fact of modern life. The camera phone has joined the Chinese burn in the armamentarium of the school bully, and does far more lasting damage. As cameras connect more commonly, sometimes autonomously, to the internet, hackers have learned how to take control of them remotely, with an eye to mischief, voyeurism or blackmail.  More wearable cameras probably mean more possibilities for such abuse.

Face-recognition technology, which allows software to match portraits to people, could take things further. The technology is improving, and is already used as an unobtrusive, fairly accurate way of knowing who people are. Some schools, for example, use it to monitor attendance. It is also being built into photo-sharing sites: Facebook uses it to suggest the names with which a photo you upload might be tagged. Governments check whether faces are turning up on more than one driver’s licence per jurisdiction; police forces identify people seen near a crime scene. Documents released to the Electronic Frontier Foundation, a campaign group, show that in August 2012 the Federal Bureau of Investigation’s “Next Generation Identification” database contained almost 13m searchable images of about 7m subjects.

Face recognition is a technology, like that of drones, which could be a boon to all sorts of surveillance around the world, and may make mask-free demonstrations in repressive states a thing of the past. The potential for abuse by people other than governments is clear, too…In America, warrants to seize user data from Facebook often also request any stored photos in which the suspect has been tagged by friends (though the firm does not always comply). Warrants as broad as some of those from which the National Security Agency and others have benefited in the past could allow access to all stored photos taken in a particular place and time.

The people’s panopticon, Economist,  Nov. 16, 2013, at 27

Watching your Internet Fingerprint

fingerpint

The current standard method for validating a user’s identity for authentication on an information system requires humans to do something that is inherently difficult: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus, unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.

The Active Authentication program seeks to address this problem by developing novel ways of validating the identity of the person at the console that focus on the unique aspects of the individual through the use of software-based biometrics. Biometrics is defined as the characteristics used to uniquely recognize humans based upon one or more intrinsic physical or behavioral traits. This program focuses on the computational behavioral traits that can be observed through how we interact with the world. Just as when you touch something with our finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a “cognitive fingerprint.”

This BAA addresses the first phase of this program. In the first phase of the program, the focus will be on researching biometrics that does not require the installation of additional hardware sensors. Rather, DARPA will look for research on biometrics that can be captured through the technology already in use in a standard DoD office environment, looking for aspects of the “cognitive fingerprint.” A heavy emphasis will be placed on validating any potential new biometrics with empirical tests to ensure they would be effective in large scale deployments.

The later planned phases of the program that are not addressed in this BAA will focus on developing a solution that integrates any available biometrics using a new authentication platform suitable for deployment on a standard Department of Defense desktop or laptop. The planned combinatorial approach of using multiple modalities for continuous user identification and authentication is expected to deliver a system that is accurate, robust, and transparent to the user’s normal computing experience. The authentication platform is planned to be developed with open Application Programming Interfaces (APIs) to allow the integration of other software or hardware biometrics available in the future from any source.

The combined aspects of the individual that this program is attempting to uncover are the aspects that are the computational behavioral “fingerprint” of the person at the keyboard. This has also been referred to in existing research as the “cognitive fingerprint.” The proposed theory is that how individuals formulate their thoughts and actions are reflected through their behavior, and this behavior in turn can be captured as metrics in how the individual performs tasks using the computer.

Some examples of the computational behavior metrics of the cognitive fingerprint include:

− keystrokes

− eye scans

− how the user searches for information (verbs and predicates used)

− how the user selects information (verbs and predicates used)

− how the user reads the material selected

• eye tracking on the page

• speed with which the individual reads the content

− methods and structure of communication (exchange of email)

These examples are only provided for illustrative purposes and are not intended as a list of potential research topics. The examples above include potential biometrics that would not be supported through this BAA due to a requirement for the deployment of additional hardware based sensors (such as tracking eye scans).

Excerpt from, Broad Agency Announcement, Active Authentication, DARPA-BAA-12-06, January 12, 2012

On Feb. 12, 2013, two groups announced related projects. The first is an industry group calling itself the FIDO (Fast IDentity Online) Alliance. It consists of the computer-maker, Lenovo, the security firm, Nok Nok Labs, the online payment giant, PayPal, the biometrics experts, Agnito, and the authentication specialists, Validity. The second is the Defense Advanced Research Project Agency (DARPA), a research and development arm of the Defense Department.

Excerpt from DARPA, FIDO Alliance Join Race to Replace Passwords, CNET, Feb. 12, 2013

 

How to Criminalize a Whole Nation:the United States Supports Biometrics in Afghanistan

Afghanistan has many dubious distinctions on the international-rankings front: 10th-poorest, third-most corrupt, worst place to be a child, longest at war. To that may soon be added: most heavily fingerprinted.  Since September, Afghanistan has been the only country in the world to fingerprint and photograph all travelers who pass through Kabul International Airport, arriving and departing.

A handful of other countries fingerprint arriving foreigners, but no country has ever sought to gather biometric data on everyone who comes and goes, whatever their nationality. Nor do Afghan authorities plan to stop there: their avowed goal is to fingerprint, photograph and scan the irises of every living AfghanIt is a goal heartily endorsed by the American military, which has already gathered biometric data on two million Afghans who have been encountered by soldiers on the battlefield, or who have just applied for a job with the coalition military or its civilian contractors.

The Kabul airport program is also financed by the United States, with money and training provided by the American Embassy. Americans, like all other travelers, are subject to it.  “Some of the embassies are quite exercised about it,” one Western diplomat said. Such a program would be illegal if carried out in the home countries of most of the occupying coalition. The United States and Japan fingerprint all foreigners on arrival; South Korea plans to start doing so in January. (Brazil retaliated against the American program by fingerprinting arriving Americans only.) Officials at the American Embassy declined to comment specifically on the program; a spokesman for the Department of Homeland Security denied it had anything to do with it.

Biometric data is also being gathered by the American military at all of Afghanistan’s eight major border crossings, in a program that it plans to hand over to the Afghan government at the end of this month. So far, that program gathers only random samples at border crossings, because traffic is so heavy, but since it began in April it has already added 200,000 people to the military’s biometrics database.  The military wants to use biometrics to identify known or suspected insurgents, and to prevent infiltration of military bases and Afghan security forces. “The technology removes the mask of anonymity,” said Capt. Kevin Aandahl of the Navy, a spokesman for the military’s detainee operations, which include the biometrics program.

Gathering the data does not stop at Afghanistan’s borders, however, since the military shares all of the biometrics it collects with the United States Department of Justice and the Department of Homeland Security through interconnected databases.  Even the civilian-run airport program collecting fingerprints and photographs feeds its information into computers at the American Embassy, as well as at the Afghan Ministry of the Interior and its intelligence agency, the National Directorate of Security, according to Mohammad Yaqub Rasuli, the head of the Kabul International Airport.

Mr. Rasuli acknowledges that the airport screening has had a rocky start. “We are happy with the system, but the airlines and the passengers are not that happy,” he said.  Delays of up to two hours have resulted from the screening, which takes at least three minutes per passenger. With six screening stations at most, the process becomes laborious, and so many travelers recently have been missing their flights that the airlines routinely delay takeoffs.  “Someone who is not used to this system, it can take 10 to 15 minutes each,” said Mohammed Fawad, deputy director of immigration at the airport.

Reporters at the airport have on several occasions witnessed immigration officers just waving through some passengers as crowds backed up; others were allowed to skip their thumbprints to speed things along. One man had his hand fingerprinted upside down, with nails facing the scanner.  “It is some sort of cultural deficiency,” Mr. Rasuli said. “After six months, everyone will be happy with it.” The next step will be a national identity card with biometric data on every citizen, he said. “A lot of our problems will be solved with this.”….

The military has done somewhat better with its program, according to Col. Fred Washington, director of the United States Army’s biometrics task force. Since 2007, when biometric collection began in Afghanistan, biometrics have been used to identify 3,000 suspects on either Watch List 1 or Watch List 2, the American military’s two most serious classifications for possible insurgents or terrorists. In many cases, fingerprints found on bomb remains have identified the bomb maker, he said.  “People are accepting it because they know it’s making their country secure,” Colonel Washington said.

Mohammad Musa Mahmoodi, executive director of the Afghan Independent Human Rights Commission, said, “Given the circumstances in Afghanistan, fighting terrorism and insurgency, government can take measures to protect its citizens.” “To be honest, we’ve got more important problems to worry about,” he said.  Civil liberties groups abroad are more concerned. “The situation in Afghanistan is unprecedented, but I worry that we could move into that situation in the United States without even realizing we’re doing it,” said Jennifer Lynch, a staff attorney at the Electronic Frontier Foundation in San Francisco.

There have been some signs of Afghan sensitivities as well. A military-financed program to gather biometric data in the city of Kandahar in 2010, during the push to control insurgency there, was so unpopular that President Hamid Karzai promised local elders to have it canceled, which it was, according to Zalmai Ayoubi, a spokesman for the governor in Kandahar Province.  And the Afghan government has yet to pass legislation providing for the biometric screening of the entire population that it has announced it plans to carry out for the national identity card.

As a result, the military has not conducted wholesale sweeps of communities to gather biometrics, Colonel Washington said, although in just the past year 12,000 soldiers have been trained to use the B.A.T. — the Biometric Automated Toolset. “We can’t go door to door,” he said.  The Commander’s Guide to Biometrics in Afghanistan, however, encourages documenting as many Afghans as possible.  “Every person who lives within an operational area should be identified and fully biometrically enrolled with facial photos, iris scans, and all 10 fingerprints (if present),” the guide says. (That was apparently a reference to Afghanistan’s many amputees.)  While the B.A.T. equipment is portable, it is not always easy to use, and the results can sometimes be unpredictable.

A reporter from The New York Times, an American of Norwegian rather than Afghan extraction, voluntarily submitted to a test screening with the B.A.T. system. After his fingerprints and iris scans were entered into the B.A.T.’s armored laptop, an unexpected “hit” popped up on the screen, along with the photograph of a heavily bearded Afghan.  The “hit” identified the reporter as “Haji Daro Shar Mohammed,” who is on terrorist Watch List 4, with this note: “Deny Access, Do Not Hire, Subject Poses a Threat.”

By ROD NORDLAND, Afghanistan Has Big Plans for Biometric Data, NY Times,Nov. 19, 2011