Tag Archives: behavioral biometrics

The Biometrics Bonanza: Measuring and Identifying Humans

Many African  governments have unwisely bought biometric proprietary systems of private companies, meaning that they are forced to go back to the seller for maintenance, upgrades and new components. That can be expensive. When Nigeria wanted to use its own card-printing machines, the firm that had sold it software tried to insist that Nigeria buy its machines as well… They eventually got help from Pakistan, which had software that worked on any machine.

But there are signs of change coming from within the industry itself, spurred by developments in an entirely different part of the world: India. Like Africa, it is vast, poor and home to more than a billion people. Yet as a single country India has tremendous negotiating power. When India developed its “Aadhaar” identity programme it invited leading firms to bid—but with the caveat that they provide open-source software, or code that can be examined and changed by others. This allowed engineers to knit together different bits of a system such as databases, enrollment software, fingerprint scanners and so on. The suppliers agreed because they did not want to miss out on the biggest identity bonanza the world had ever seen. Moreover, India’s spending led to a big increase in production, which caused prices to fall across the industry.

Even as governments think about the technical problems of recording identity, they also need to grapple with the far more consequential ones around rights, governance and privacy. The starkest warning of the misuse of identity was in the Rwandan genocide, where ID papers listed ethnicity, making it easy to target Tutsis. Since data on religion and ethnicity are not needed to provide services, governments should not be hoovering it up.

States should also be wary of denying people their rights by creating a class of citizens without papers. In Kenya, for example, the government wants everyone to register for ID  cards, but it discriminates against members of the Nubian minority by forcing them to appear before a security panel to prove their nationality. Modern identity systems promise to bring many benefits to Africa. But as they proliferate, so too will the temptation for politicians to misuse them

Excerpts from Identity Documentation in Africa: Papers Please, Economist, Dec. 7, 2019

Who Owns Your Voice? Grabbing Biometric Data

Increasingly sophisticated technology that detects nuances in sound inaudible to humans is capturing clues about people’s likely locations, medical conditions and even physical features.Law-enforcement agencies are turning to those clues from the human voice to help sketch the faces of suspects. Banks are using them to catch scammers trying to imitate their customers on the phone, and doctors are using such data to detect the onset of dementia or depression.  That has… raised fresh privacy concerns, as consumers’ biometric data is harnessed in novel ways.

“People have known that voice carries information for centuries,” said Rita Singh, a voice and machine-learning researcher at Carnegie Mellon University who receives funding from the Department of Homeland Security…Ms. Singh measures dozens of voice-quality features—such as raspiness or tremor—that relate to the inside of a person’s vocal tract and how an individual voice is produced. She detects so-called microvolumes of air that help create the sound waves that make up the human voice. The way they resonate in the vocal tract, along with other voice characteristics, provides clues on a person’s skull structure, height, weight and physical surroundings, she said.

Nuance’s voice-biometric and recognition software is designed to detect the gender, age and linguistic background of callers and whether a voice is synthetic or recorded. It helped one bank determine that a single person was responsible for tens of millions of dollars of theft, or 18% of the fraud the firm encountered in a year, said Brett Beranek, general manager of Nuance’s security and biometrics business.

Audio data from customer-service calls is also combined with information on how consumers typically interact with mobile apps and devices, said Howard Edelstein, chairman of behavioral biometric company Biocatch. The company can detect the cadence and pressure of swipes and taps on a smartphone.  How a person holds a smartphone gives clues about their age, for example, allowing a financial firm to compare the age of the normal account user to the age of the caller…

If such data collected by a company were improperly sold or hacked, some fear recovering from identity theft could be even harder because physical features are innate and irreplaceable.

Sarah Krouse, What Your Voice Reveals About You, WSJ, Aug. 13, 2019

Your Typing Discloses Who You Are: Behavioral Biometrics

Behavioural biometrics make it possible to identify an individual’s “unique motion fingerprint”,… With the right software, data from a phone’s sensors can reveal details as personal as which part of someone’s foot strikes the pavement first, and how hard; the length of a walker’s stride; the number of strides per minute; and the swing and spring in the walker’s hips and step. It can also work out whether the phone in question is in a handbag, a pocket or held in a hand.

Using these variables, Unifyid, a private company, sorts gaits into about 50,000 distinct types. When coupled with information about a user’s finger pressure and speed on the touchscreen, as well as a device’s regular places of use—as revealed by its gps unit—that user’s identity can be pretty well determined, ction….Behavioural biometrics can, moreover, go beyond verifying a user’s identity. It can also detect circumstances in which it is likely that a fraud is being committed. On a device with a keyboard, for instance, a warning sign is when the typing takes on a staccato style, with a longer-than-usual finger “flight time” between keystrokes. This, according to Aleksander Kijek, head of product at Nethone, a firm in Warsaw that works out behavioural biometrics for companies that sell things online, is an indication that the device has been hijacked and is under the remote control of a computer program rather than a human typist…

Used wisely, behavioural biometrics could be a boon…Used unwisely, however, the system could become yet another electronic spy on people’s privacy, permitting complete strangers to monitor your every action, from the moment you reach for your phone in the morning, to when you fling it on the floor at night.

Excerpts from Behavioural biometrics: Online identification is getting more and more intrusive, Economist, May 23, 2019

Biometrics Gone Wrong

Despite their huge potential, artificial intelligence and biometrics still very much need human input for accurate identification, according to the director of the Defense Advanced Research Projects Agency.  Speaking at  an Atlantic Council event, Arati Prabhakar said that while the best facial recognition systems out there are statistically better than most humans at image identification, that when they’re wrong, “they are wrong in ways that no human would ever be wrong”….

“You want to embrace the power of these new technologies but be completely clear-eyed about what their limitations are so that they don’t mislead us,” Prabhakar said. That’s a stance humans must take with technology writ large, she said, explaining her hesitance to take for granted what many of her friends in Silicon Valley often assume  — that more data is always a good thing.  More data could just mean that you have so much data that whatever hypothesis you have you can find something that supports it,” Prabhakar said

DARPA director cautious over AI, biometrics, Planet Biometrics, May 4, 2016

Biometrics: Behavioral and Physical

From DARPA pdf document available at  FedBizOpps. Gov Enhanced Attribution
Solicitation Number: DARPA-BAA-16-34

Malicious actors in cyberspace currently operate with little fear of being caught due to the fact that it is extremely difficult, in some cases perhaps even impossible, to reliably and confidently attribute actions in cyberspace to individuals. The reason cyber attribution is difficult stems at least in part from a lack of end-to-end accountability in the current Internet infrastructure…..The identities of malicious cyber operators are largely obstructed by the use of multiple layers of indirection… The lack of detailed information about the actions and identities of the adversary cyber operators inhibits policymaker considerations and decisions for both cyber and non-cyber response options (e.g., economic sanctions under EO-13694).

The DARPA’s Enhanced Attribution program aims to make currently opaque malicious cyber adversary actions and individual cyber operator attribution transparent by providing high-fidelity visibility into all aspects of malicious cyber operator actions and to increase the Government’s ability to publicly reveal the actions of individual malicious cyber operators without damaging sources and methods….

The program seeks to develop:

–technologies to extract behavioral and physical biometrics from a range of devices and
vantage points to consistently identify virtual personas and individual malicious cyber
operators over time and across different endpoint devices and C2 infrastructures;
–techniques to decompose the software tools and actions of malicious cyber operators into semantically rich and compressed knowledge representations;
–scalable techniques to fuse, manage, and project such ground-truth information over time,toward developing a full historical and current picture of malicious activity;

–algorithms for developing predictive behavioral profiles within the context of cyber campaigns; and
–technologies for validating and perhaps enriching this knowledge base with other sources of data, including public and commercial sources of information.

Excerpts from Enhanced Attribution, Solicitation Number: DARPA-BAA-16-34, April 22, 2016