Apple's Faceid -- a facial recognition tool that unlocks mobile devices -- has a countermeasure that is designed to prevent attackers from scanning an sleeping/unconscious (or dead) person's face to unlock their phone, by scanning the face for signs of consciousness. Read the rest

Facebook has lost a procedural appeal related to a 2015 Illinois class-action lawsuit over the company's use of facial recognition data, and now it could be on the hook for billions in damages. Read the rest

Alan Wendt writes, "Detroit commissioners arrested the police commissioner Willie Burton during a public meeting because he wouldn't stop talking about the secret meetings where the commission decided to install facial recognition systems." Read the rest

Privacy advocate Allie Funk was surprised to learn that her Delta flight out of Detroit airport would use facial recognition scans for boarding; Funk knew that these systems were supposed to be "opt in" but no one announced that you could choose not to use them while boarding, so Funk set out to learn how she could choose not to have her face ingested into a leaky, creepy, public-private biometric database. Read the rest

I recently wrote about how much I enjoyed testing the OnePlus 7 Pro. One of the nicer things about it was the fact that its in-display fingerprint reader, unlike the one in the last-gen OnePlus handset, works in a timely manner. Too bad that, no matter how quickly it can read a fingerprint, it still isn't smart enough to stand up to a bit of arts and crafts from a determined security hacker.

Now, before anyone goes and loses their minds over this hack, it's important to note that in order for it to work, a digital interloper would need to get hold of the fingerprint belonging to the handset's owner in order to copy it. The best way to secure your phone against a hack like this, or being forced to unlock your smartphone for the authorities is to lock it down with an alphanumeric code.

While using biometrics to unlock your hardware might be convenient, when push comes to shove, it won't keep your digital life secure from professional snoops for long. Read the rest

Matt Carthy is a Sinn Fein MEP from Eire; he's standing for re-election in the upcoming EU elections and has had fliers prepared with his headshot. Read the rest

An overwhelming vote in the European Parliament last week means that the EU will merge a grab bag of existing biometric databases to create the Common Identity Repository (CIR), with biometric data on 350,000,000 people (both EU- and non-EU persons) that will be available for use by all EU police and border authorities. Read the rest

LipPass is a user verification system for mobile devices that verifies your identity by the unique way that you move your lips. Developed by researchers at Shanghai Jiao Tong University, the system doesn't validate based on the sound of your voice but rather the movement of your mouth. From IEEE Spectrum:

The researchers realized the audio components on smartphones can be exploited to depict the movement of a person’s mouth by analyzing the acoustic signals that bounce off the user’s face. Since each person exhibits unique speaking behaviors—like lip protrusion and closure, tongue stretch and constriction, as well as jaw angle changes—this creates a unique Doppler effect profile that can be detected by the phone. The platform then uses a deep learning algorithm, which extracts distinct features from of the user’s Doppler profile as he or she speaks. Next, a binary tree-based approach is applied to distinguish the new user’s profile from previously registered users, which also helps discriminate between the identity of legal users and spoofers...

In a controlled laboratory environment, LipPass achieved an overall authentication accuracy of 95.3 percent... Across all environments and all kinds of attacks, the overall (spoof) success rate was less than 10 percent, though attacks that used the third method—a recording of the user's Doppler profile—did succeed nearly 20 percent of the time under controlled, laboratory conditions.

"Lip Reading-Based User Authentication Through Acoustic Sensing on Smartphones" (IEEE/ACM Transactions on Networking) Read the rest

American prisoners are being forced -- on pain of losing access to the prison phone system -- to provide training data for a voice-print recognition algorithm that private contractors are building for biometric surveillance system that listens in on prisoners' calls. Read the rest

Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a "universal fingerprint" that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors). Read the rest

A leaked police-training presentation from digital forensics company Elcomsoft (a company that made history due to its early run-in with the DMCA) advises officers not to look at Iphones seized from suspects in order to avoid tripping the phones' facial recognition systems -- if Iphones sense too many unlock attempts with faces other than those registered as trusted, they fall back to requiring additional unlock measures like passcodes or fingerprints. Read the rest

Last week, it was revealed by a sharp-eyed Redditor that the information kiosks at a mall in Calgary, Canada, were full of software designed to track the age and sex of anyone that stopped to use it. Pretty damn greasy. Greasier still, the management company that operates the mall, Cadillac Fairview admitted that the software was in use at a number of its other properties. The greasiest bit out of all of it? They shrugged off privacy concerns raised by a number of news outlets as there’s nothing in Alberta’s laws that keeps them from doing it without permission, or warning mall patrons that it’s being done.

Well, that was last week.

From The CBC:

The privacy commissioners of Alberta and Canada are launching investigations into the use of facial recognition technology, without the public's consent, in at least two malls in Calgary.

A notice posted Friday to the Alberta privacy commissioner website says the investigation will look to determine, "what types of personal information are being collected, whether consent for collection or notice of collection is required or would be recommended, for what purposes personal information is collected, whether the data is being shared with other businesses, law enforcement or third parties, and what safeguards or security measures are in place to protect personal information."

It’s said that Alberta’s privacy commissioner opened the investigation, based on the level of public interest surrounding the issue of whether or not it’s cool for property owners to collect biometric information without a visitor’s knowledge or consent. Read the rest

If you’re from just about anywhere in the world, with the exception of the United States, beginning this week you'll find that visiting Canada will feel a whole lot more invasive. Moving forward, it will be necessary for all foreign nationals to provide Canadian Immigration officials with their fingerprints and photographs, if they're applying for a visitor's visa, work permit, want to attend a Canadian university, or if they wish to apply for a work permit or status as a permanent resident.

From The Daily Hive:

A spokesperson for Immigration, Refugees and Citizenship Canada (IRCC) told Daily Hive that “new regulations will support the expansion of biometric collection to all applicants from Europe, the Middle East and Africa who are applying abroad for a temporary resident visa, work permit, study permit, or permanent residence.”

The spokesperson noted that IRCC currently collects biometrics from “in-Canada refugee claimants, overseas refugee resettlement applicants, individuals ordered removed from Canada, and individuals from 30 foreign nationalities applying for a temporary resident visa, work permit, or study permit.”

Now, here’s the creepy part. Canada will be sharing the data they collect on each person entering the country with the Migration Five/Five Country Conference: The United States, Australia, the United Kingdom and New Zealand. For those keeping track at home, these same nations also comprise the Five Eyes intelligence sharing alliance, which, as Edward Snowden was kind enough to warn us about back in 2013, has been spying on one another’s citizens as a way of circumventing laws that keep Five Eyes member countries from spying on their own people. Read the rest

The Biometric Mirror scans people's faces and uses AI to compare their faces against a database of other faces to produce a personality profile of the scanned person. The reports include ratings for the individual's responsibility, happiness, aggression, attractiveness, weirdness, and emotional stability. The project lead is Dr Niels Wouters at the University of Melbourne's Centre for Social Natural User Interfaces. The project was created for the purpose of examining the ethics of such systems, not to commercialize it.

Facial recognition is already being used by police departments, most notably in China, which has announced plans to build an overarching surveillance network that is "omnipresent, completely connected, always on and fully controllable".

In Australia, legislation to create a national database of faces and other biometric markers is currently before parliament. For the recent Commonwealth Games, Queensland police matched drivers' licence photos with security footage.

City of Perth has deployed facial recognition cameras in the Perth CBD to identity what it calls "troublemakers" on a "Black Watchlist" that it controls. Critics say the local government is trying to be a shadow police force.

Aside from the dystopian scenario of an all-powerful government (Minority Report), there's the dystopian scenario of an all-powerful corporation (Bladerunner)

Facebook, already under scrutiny for data-mining practices, has rolled out facial recognition tools that consumer and privacy groups say violates user consent. The technology can be used to remotely identify people without their knowledge.

Jo Lauder of ABC (Australia) tried out the system and wrote about it. Her report is shown above. Read the rest

When I’m in Calgary, there’s a coffee shop that I like to work at, located in the Chinook Centre Mall. It’s part of a local chain that knows how to make a great iced latte. I’m not in often, but they know me. They know my face.

Apparently, they’re not the only ones.

According to the CBC, the management company that tends to Chinook Center Mall, Cadillac Fairview, has been using facial recognition software to track the sex and age of visitors on the down low.

From The CBC:

A visitor to Chinook Centre in south Calgary spotted a browser window that had seemingly accidentally been left open on one of the mall's directories, exposing facial-recognition software that was running in the background of the digital map. They took a photo and posted it to the social networking site Reddit on Tuesday.

The mall's parent company, Cadillac Fairview, said the software, which they began using in June, counts people who use the directory and predicts their approximate age and gender, but does not record or store any photos or video from the directory cameras.

Cadillac Fairview said the software is also used at Market Mall in northwest Calgary, and other malls nationwide. In Alberta, collecting biometric data, so long as no images are recorded and stored, is allowed, without having to let anyone know that you’re doing it.

That’s frigging greasy.

For their part, Cadillac Fairview says that they aren’t required to let visitors to their property know that they’re being profiled, as the software they use, MappedIn, doesn’t store any photos or biometric information. Read the rest

Fingerprint locks are catastrophically awful, part LXVII: the software security on the crowdfunded Tapplock "is basically nonexistent" -- the lock broadcasts its own unlock code over Bluetooth, and if you send it back to the lock, it pops open. Read the rest