LipPass is a user verification system for mobile devices that verifies your identity by the unique way that you move your lips. Developed by researchers at Shanghai Jiao Tong University, the system doesn't validate based on the sound of your voice but rather the movement of your mouth. From IEEE Spectrum:

The researchers realized the audio components on smartphones can be exploited to depict the movement of a person’s mouth by analyzing the acoustic signals that bounce off the user’s face. Since each person exhibits unique speaking behaviors—like lip protrusion and closure, tongue stretch and constriction, as well as jaw angle changes—this creates a unique Doppler effect profile that can be detected by the phone. The platform then uses a deep learning algorithm, which extracts distinct features from of the user’s Doppler profile as he or she speaks. Next, a binary tree-based approach is applied to distinguish the new user’s profile from previously registered users, which also helps discriminate between the identity of legal users and spoofers...

In a controlled laboratory environment, LipPass achieved an overall authentication accuracy of 95.3 percent... Across all environments and all kinds of attacks, the overall (spoof) success rate was less than 10 percent, though attacks that used the third method—a recording of the user's Doppler profile—did succeed nearly 20 percent of the time under controlled, laboratory conditions.

"Lip Reading-Based User Authentication Through Acoustic Sensing on Smartphones" (IEEE/ACM Transactions on Networking) Read the rest

American prisoners are being forced -- on pain of losing access to the prison phone system -- to provide training data for a voice-print recognition algorithm that private contractors are building for biometric surveillance system that listens in on prisoners' calls. Read the rest

Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a "universal fingerprint" that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors). Read the rest

A leaked police-training presentation from digital forensics company Elcomsoft (a company that made history due to its early run-in with the DMCA) advises officers not to look at Iphones seized from suspects in order to avoid tripping the phones' facial recognition systems -- if Iphones sense too many unlock attempts with faces other than those registered as trusted, they fall back to requiring additional unlock measures like passcodes or fingerprints. Read the rest

Last week, it was revealed by a sharp-eyed Redditor that the information kiosks at a mall in Calgary, Canada, were full of software designed to track the age and sex of anyone that stopped to use it. Pretty damn greasy. Greasier still, the management company that operates the mall, Cadillac Fairview admitted that the software was in use at a number of its other properties. The greasiest bit out of all of it? They shrugged off privacy concerns raised by a number of news outlets as there’s nothing in Alberta’s laws that keeps them from doing it without permission, or warning mall patrons that it’s being done.

Well, that was last week.

From The CBC:

The privacy commissioners of Alberta and Canada are launching investigations into the use of facial recognition technology, without the public's consent, in at least two malls in Calgary.

A notice posted Friday to the Alberta privacy commissioner website says the investigation will look to determine, "what types of personal information are being collected, whether consent for collection or notice of collection is required or would be recommended, for what purposes personal information is collected, whether the data is being shared with other businesses, law enforcement or third parties, and what safeguards or security measures are in place to protect personal information."

It’s said that Alberta’s privacy commissioner opened the investigation, based on the level of public interest surrounding the issue of whether or not it’s cool for property owners to collect biometric information without a visitor’s knowledge or consent. Read the rest

If you’re from just about anywhere in the world, with the exception of the United States, beginning this week you'll find that visiting Canada will feel a whole lot more invasive. Moving forward, it will be necessary for all foreign nationals to provide Canadian Immigration officials with their fingerprints and photographs, if they're applying for a visitor's visa, work permit, want to attend a Canadian university, or if they wish to apply for a work permit or status as a permanent resident.

From The Daily Hive:

A spokesperson for Immigration, Refugees and Citizenship Canada (IRCC) told Daily Hive that “new regulations will support the expansion of biometric collection to all applicants from Europe, the Middle East and Africa who are applying abroad for a temporary resident visa, work permit, study permit, or permanent residence.”

The spokesperson noted that IRCC currently collects biometrics from “in-Canada refugee claimants, overseas refugee resettlement applicants, individuals ordered removed from Canada, and individuals from 30 foreign nationalities applying for a temporary resident visa, work permit, or study permit.”

Now, here’s the creepy part. Canada will be sharing the data they collect on each person entering the country with the Migration Five/Five Country Conference: The United States, Australia, the United Kingdom and New Zealand. For those keeping track at home, these same nations also comprise the Five Eyes intelligence sharing alliance, which, as Edward Snowden was kind enough to warn us about back in 2013, has been spying on one another’s citizens as a way of circumventing laws that keep Five Eyes member countries from spying on their own people. Read the rest

The Biometric Mirror scans people's faces and uses AI to compare their faces against a database of other faces to produce a personality profile of the scanned person. The reports include ratings for the individual's responsibility, happiness, aggression, attractiveness, weirdness, and emotional stability. The project lead is Dr Niels Wouters at the University of Melbourne's Centre for Social Natural User Interfaces. The project was created for the purpose of examining the ethics of such systems, not to commercialize it.

Facial recognition is already being used by police departments, most notably in China, which has announced plans to build an overarching surveillance network that is "omnipresent, completely connected, always on and fully controllable".

In Australia, legislation to create a national database of faces and other biometric markers is currently before parliament. For the recent Commonwealth Games, Queensland police matched drivers' licence photos with security footage.

City of Perth has deployed facial recognition cameras in the Perth CBD to identity what it calls "troublemakers" on a "Black Watchlist" that it controls. Critics say the local government is trying to be a shadow police force.

Aside from the dystopian scenario of an all-powerful government (Minority Report), there's the dystopian scenario of an all-powerful corporation (Bladerunner)

Facebook, already under scrutiny for data-mining practices, has rolled out facial recognition tools that consumer and privacy groups say violates user consent. The technology can be used to remotely identify people without their knowledge.

Jo Lauder of ABC (Australia) tried out the system and wrote about it. Her report is shown above. Read the rest

When I’m in Calgary, there’s a coffee shop that I like to work at, located in the Chinook Centre Mall. It’s part of a local chain that knows how to make a great iced latte. I’m not in often, but they know me. They know my face.

Apparently, they’re not the only ones.

According to the CBC, the management company that tends to Chinook Center Mall, Cadillac Fairview, has been using facial recognition software to track the sex and age of visitors on the down low.

From The CBC:

A visitor to Chinook Centre in south Calgary spotted a browser window that had seemingly accidentally been left open on one of the mall's directories, exposing facial-recognition software that was running in the background of the digital map. They took a photo and posted it to the social networking site Reddit on Tuesday.

The mall's parent company, Cadillac Fairview, said the software, which they began using in June, counts people who use the directory and predicts their approximate age and gender, but does not record or store any photos or video from the directory cameras.

Cadillac Fairview said the software is also used at Market Mall in northwest Calgary, and other malls nationwide. In Alberta, collecting biometric data, so long as no images are recorded and stored, is allowed, without having to let anyone know that you’re doing it.

That’s frigging greasy.

For their part, Cadillac Fairview says that they aren’t required to let visitors to their property know that they’re being profiled, as the software they use, MappedIn, doesn’t store any photos or biometric information. Read the rest

Fingerprint locks are catastrophically awful, part LXVII: the software security on the crowdfunded Tapplock "is basically nonexistent" -- the lock broadcasts its own unlock code over Bluetooth, and if you send it back to the lock, it pops open. Read the rest

In a new ruling, US District Judge James Donato included extraordinary recriminations directly against Facebook and its lawyers, whom he upbraided for deliberately misinterpreting his earlier rulings about who can sue Facebook over privacy violations and what kinds of damages they can seek. Read the rest

Linus F. Phillip was 30 years old when Largo, Florida cops shot him when he drove his car away from a gas-station where he had been stopped by police. Read the rest

More than a dozen major US airports are now covered in facial-recognition cameras, installed by the DHS to scan people departing on international flights without the legally mandated federal review process. Read the rest

The Vietnamese security company Bkav says that a prototype mask costing $150 can reliably defeat Apple's Face ID authentication system. However, the company (which has a good track record for defeating facial recognition systems) has not released technical details for the defeat and says that it was able to accomplish the task "Because... we are the leading cyber security firm ;)." Read the rest

The DHS's old "IDENT" database is full, with 240,000,000 records in a system designed to hold 200,000,000; so they're paying arms-dealers and erstwhile comic-book superheroes Northrop Grumman $93,000,000 to develop a new system called Homeland Advanced Recognition Technology (HART), which will grow to encompass biometrics for 500,000,000 people, including hundreds of millions of Americans. Read the rest

When the touch-sensors on phones capture your fingerprint, they're really only taking a low-resolution, partial snapshot and loosely matching it to a stored image -- which is how a research team from MSU and NYU were able to synthesize their Masterprints ("a fingerprint that serendipitously matches a certain proportion of the fingerprint population"), which drastically reduce the space of possible "guesses" that an attacker has to make to unlock a phone or other device. Read the rest

Isao Echizen, a researcher at Japan's National Institute of Informatics, told a reporter from the Sankei Shimbun that he had successfully captured fingerprints from photos taken at 3m distance at sufficient resolution to recreate them and use them to fool biometric identification systems (such as fingerprint sensors that unlock mobile phones). Read the rest

“One in two American adults is in a law enforcement face recognition network.”

“The Perpetual Lineup” report out today from a Georgetown University thinktank makes a compelling case for greater oversight of police facial-recognition software that “makes the images of more than 117 million Americans — a disproportionate number of whom are black — searchable by law enforcement agencies across the nation,” as the New York Times account reads. Read the rest