Biometric ID Cybersurveillance

The implementation of a universal digitalized biometric ID system risks normalizing and integrating mass cybersurveillance into the daily lives of ordinary citizens. ID documents such as driver’s licenses in some states and all U.S. passports are now implanted with radio frequency identification (RFID) technology. In recent proposals, Congress has considered implementing a digitalized biometric identification card—such as a biometric-based, “high-tech” Social Security Card—which may eventually lead to the development of a universal multimodal biometric database (e.g., the collection of the digital photos, fingerprints, iris scans, and/or DNA of all citizens and noncitizens). Such “hightech” IDs, once merged with GPS-RFID tracking technology, would facilitate exponentially a convergence of cybersurveillance-body tracking and data surveillance, or dataveillance-biographical tracking. Yet, the existing Fourth Amendment jurisprudence is tethered to a “reasonable expectation of privacy” test that does not appear to restrain the comprehensive, suspicionless amassing of databases that concern the biometric data, movements, activities, and other personally identifiable information of individuals. In this Article, I initiate a project to explore the constitutional and other legal consequences of big data cybersurveillance generally and mass biometric dataveillance in particular. This Article focuses on how biometric data is increasingly incorporated into identity management systems through bureaucratized cybersurveillance or the normalization of cybersurveillance through the daily course of business and integrated forms of governance

The Application of the Human-Biometric Sensor Interaction Method to Automated Border Control Systems

Biometrics components are used in many different systems and technologies to verify that the user is whom they say they are. In Automated Border Control systems, biometrics components used in conjunction with a traveller's documents to make sure the user is whom they say they are so that they can cross into a countries borders. The systems are expected to verify the identity with a higher degree than officers who manually check travellers. Each year the number of travellers crossing through a country borders increases and so systems are expected to handle bigger demands; through improving the user experience to ensuring accuracy and performance standards increase. While the system does bring its benefits through increased speed and higher security, there are drawbacks. One of the main issues with the systems is a lack of standardisation across implementations. Passing through an automated process at Heathrow may be different to Hong Kong. The infrastructure, information, environment and guidance given during the transaction will all greatly differ for the user. Furthermore, the individual components and subsequent processing will be evaluated using a different methodology too. This thesis reports on the contrasts between implementations, looking at solutions which utilise different biometric modalities and travel documents. Several models are devised to establish a process map which can be applied to all systems. Investigating further, a framework is described for a novel assessment method to evaluate the performance of a system. An RGB-D sensor is implemented, to track and locate the user within an interactive environment. By doing so, the user's interaction is assessed in real-time. Studies then report on the effectiveness of the solution within a replicated border control scenario. Several relationships are studied to improve the technologies used within the scenario. Successful implementation of the automated assessment method may improve the user's experience with systems, improving information and guidance, increasing the likelihood of successful interaction while maintaining a high level of security and quicker processing times

Security analysis of a fingerprint-secured USB drive

In response to user demands for mobile data security and maximum ease of use, fingerprint-secured mobile storage devices have been increasingly available for purchase. A fingerprint-secured Universal Serial Bus (USB) drive looks like a regular USB drive, except that it has an integrated optical scanner. When a fingerprint-secured USB drive is plugged into a computer running Windows, a program on this drive will run automatically to ask for fingerprint authentication. (When the program runs the very first time, it will ask for fingerprint enrollment). After a successful fingerprint authentication, a new private drive (for example, drive G:) will appear and data stored on the private drive can be accessed. This private drive will not appear if the fingerprint authentication fails. This thesis studies the security of a representative fingerprint-secured USB drive referred to by the pseudonym AliceDrive. Our results are two fold. First, through black-box reverse engineering and manipulation of binary code in a DLL, we bypassed AliceDrive’s fingerprint authentication and accessed the private drive without actually presenting a valid fingerprint. Our attack is a class attack in that the modified DLL can be distributed to any naive user to bypass AliceDevice’s fingerprint authentication. Second, in our security analysis of AliceDrive, we recovered fingerprint reference templates from memory, which may make AliceDrive worse than a regular USB drive: when Alice loses her fingerprint-secured USB drive, she does not only lose her data, she also loses her fingerprints, which are difficult to recover as Alice’s fingerprints do not change much over a long period of time. In this thesis, we also explore details in integrating fuzzy vault schemes to enhance the security of AliceDrive

Eye Detection and Face Recognition Across the Electromagnetic Spectrum

Biometrics, or the science of identifying individuals based on their physiological or behavioral traits, has increasingly been used to replace typical identifying markers such as passwords, PIN numbers, passports, etc. Different modalities, such as face, fingerprint, iris, gait, etc. can be used for this purpose. One of the most studied forms of biometrics is face recognition (FR). Due to a number of advantages over typical visible to visible FR, recent trends have been pushing the FR community to perform cross-spectral matching of visible images to face images from higher spectra in the electromagnetic spectrum.;In this work, the SWIR band of the EM spectrum is the primary focus. Four main contributions relating to automatic eye detection and cross-spectral FR are discussed. First, a novel eye localization algorithm for the purpose of geometrically normalizing a face across multiple SWIR bands for FR algorithms is introduced. Using a template based scheme and a novel summation range filter, an extensive experimental analysis show that this algorithm is fast, robust, and highly accurate when compared to other available eye detection methods. Also, the eye locations produced by this algorithm provides higher FR results than all other tested approaches. This algorithm is then augmented and updated to quickly and accurately detect eyes in more challenging unconstrained datasets, spanning the EM spectrum. Additionally, a novel cross-spectral matching algorithm is introduced that attempts to bridge the gap between the visible and SWIR spectra. By fusing multiple photometric normalization combinations, the proposed algorithm is not only more efficient than other visible-SWIR matching algorithms, but more accurate in multiple challenging datasets. Finally, a novel pre-processing algorithm is discussed that bridges the gap between document (passport) and live face images. It is shown that the pre-processing scheme proposed, using inpainting and denoising techniques, significantly increases the cross-document face recognition performance

The Brave New World of Big Data

Note from the editor The Brave New World of Big Data by Akos Rona-Tas Aadhaar: Uniquely Indian Dystopia? by Reetika Khera Biometric IDs and the remaking of the Indian (welfare) state by Ursula Rao Multiple social credit systems in China by Chuncheng Liu Credit Scoring in the United States by Barbara Kiviat Bringing Context back into privacy regulation and beyond. About limitation on purpose as an (old) response to (new) data challenges by Karoline Krenn OpEd by Jenny Andersson Book review