Biometric Security and Privacy Using Smart Identity Management and Interoperability - Validation and Vulnerabilities of Various Techniques

RPR Review of Policy Research
63
Biometric Security and Privacy Using Smart Identity

Management and Interoperability: Validation and
Vulnerabilities of Various Techniques ropr_538 63..89
Harry Wechsler
George Mason University
Abstract
The central position of this article is that validation and interoperability are paramount for the effective
and ethical use of biometrics. Illuminating the relevance for policymakers of the science underlying the
security and privacy aspects of biometrics, this article calls for adequate and enforceable performance
metrics that can be independently corroborated. Accordingly, the article considers biometrics and forensics
for the dual challenges of addressing security and privacy using smart identity management. The
discussion revolves around the concepts of “personally identifiable information” (PII) and interoperability
with emphasis on quantitative performance analysis and validation for uncontrolled operational settings,
variable demographics, and distributed and federated operations. Validation metrics includes expected
rates of identification/misidentification, precision, and recall. The complementary concepts of identity and
anonymity are addressed in terms of expected performance, functionality, law and ethics, forensics, and
statistical learning. Biometrics encompasses appearance, behavior, and cognitive state or intent. Modes of
deployment and performance evaluation for biometrics are detailed, with operational and adversarial
challenges for both security and privacy described in terms of trustworthiness, vulnerabilities, functional
creep, and feasibility of safeguards. The article underscores how lack of interoperability is mostly due to
overfitting and tuning to well-controlled settings, so that validation merely confirms “teaching to the test”
rather than preparation for real-world deployment. Most important for validation is reproducibility of
results including full information on the experimental design used, that forensic exclusion is allowed, and
that scientific methods for performance evaluation are followed. The article concludes with expected
developments regarding technology use and advancements that bear on security and privacy, including
data streams and video, de-anonymization and reidentification, social media analytics and cyber security,
and smart camera networks and surveillance.
KEY WORDS: anonymity, authentication, biometrics, biometrics literacy, data aggregation, data
mining, de-anonymization, discriminative methods, forensics, identity, identity management, likelihood
ratio (LR), metrics, performance, personally identifiable information (PII), privacy, reidentification,
security, statistical learning, surveillance, trustworthiness, validation
Introduction
This article discusses biometrics and forensics for the dual challenges of addressing
security and privacy using smart (personal) identity management (SIM). Security
and privacy are addressed vis-à-vis benefits, vulnerabilities, and safeguards. In
particular, we emphasize that both security and privacy are determined by protocols
(“best practices”), on one side, and performance and validation on the other side.
Protocols are used to enforce regulations and track the use and misuse of biometric
systems, e.g., functional creep, where data collected for one purpose are used for a
different one. Performance and validation, which should be metered using uncon-
trolled settings and interoperability, determine the robustness and reliability of the
authentication decisions made. Robustness is about high sensitivity and high speci-
ficity when coping with adversarial information, e.g., biometric variability during
image formation, and incomplete (“occlusion”) and corrupt (“disguise”) biometric
Review of Policy Research, Volume 29, Number 1 (2012)
© 2012 by The Policy Studies Organization. All rights reserved.
64 Harry Wechsler
footprints. Reliability is about consistency and stability of the predictions made on

authentication.
Uncontrolled settings are characteristics of real-life scenarios, which go beyond
mass screening to include surveillance using smart camera networks, tagging driven
by social networks and/or Internet, and biometric management of crowds. Perfor-
mance for uncontrolled settings is hard to come by, usually anecdotal, and signifi-
cantly less accurate than the performance claimed for large scale but tightly
controlled biometric evaluations, where ground truth is unavailable. As an example,
Computer Wise/IEEE Spectrum reports on July 27, 2011 that “Facial Recognition
System Gives Mass. (MA) Drivers Permanent Red Light” when “a facial recognition
system compares pictures of violators with driver’s license photos on file. False
positives have led to a few MA residents having their driving privileges mistakenly
revoked” (Charette, 2011).
The scope and reach for both security and privacy has increased recently by
leaps and bounds with the proliferation of social networks applications. Due to the
wide and possibly covert use of face biometrics, many of the examples given in
this article make reference to face recognition. At the same time, we also note an
emerging trend where the combined contribution and use of a multitude of sensors
and biometrics, e.g., face, fingerprints, and iris, has become practical and effective
for targeted applications.
The central position of this article is that validation and interoperability are
paramount for the effective and ethical use of biometrics. Toward that end, poli-
cymakers should insist on adequate and enforceable performance metrics that can
be independently corroborated. The outline is as follows. The next two sections
discuss the concepts of identity and SIM, respectively. The intertwined topics of
biometrics and forensics, respectively, are covered in the next two chapters, fol-
lowed by two chapters considering the related domains of enrollment and authen-
tication using statistical learning, and performance evaluation and validation,
respectively. Next are chapters covering vulnerabilities and safeguards vis-à-vis
security and privacy, in general, and template security, in particular. The last three
chapters are about the key concept of interoperability, different perspectives on
privacy, and a conclusion of the article.
Identity
We address here the complementary concepts of identity and anonymity in terms of
functionality, law, and ethics, using linkages between biometrics and forensics. The
scope of biometrics is all-encompassing and includes appearance, behavior, and
cognitive state or intent for current and forthcoming applications, while the scope
for forensics covers data collection and decision making for the purpose of adjudi-
cation. Gates (2011) frames the problem of identification in historical perspective,
bearing not only on criminology, but also on civil identification. In particular, she
refers to Arendt (1973), who argued in Origins of Totalitarianism that “the claim to
authority for determining who belongs and who does not is a central component
of sovereignty.” This has been “a particular preoccupation of modern states” and
is even more so today. Identity, loaded with personal information about subjects, is
therefore used for authentication and/or granting or denying specific rights. It is
Biometric Security and Privacy Using Smart Identity Management and Interoperability 65
worth pointing out that different perspectives on data privacy can hold. European
countries are required to apply Directive 95/46/EC, where biometric data are owned
by the data subject, while in non-European countries, e.g., United States, biometric
data are owned by the organization that processed the data (Busch, 2010).
According to the Wall Street Journal of July 13, 2011, “Dozens of law-enforcement
agencies from Massachusetts to Arizona are preparing to outfit their forces with
controversial hand-held face recognition devices as soon as September, raising
questions about privacy and civil liberties” (Steel & Angwin, 2011). The rollout of
such portable recognition devices has raised concerns among some privacy advo-
cates about the potential for misuse, e.g., functional creep. “A fundamental question
is whether or not using the device (‘scanning’) would constitute a ‘search’ that
requires a warrant.” Other questions raised concern the possible invasion of privacy
notwithstanding claims that honest people have nothing to hide, that there is no
privacy in public spaces, and that there are no legal restrictions in taking photos of
people freely passing through public spaces, even that “some courts have limited
surveillance of political protests, saying it violates demonstrators’ First Amend-
ment rights.” It is fair to say that currently the law lags technology and its use, e.g.,
tagging as done by social networks.
Identity, for all practical purposes, is about information rather than data. Raw
biometric data, i.e., unprocessed identity data, refer to a mere collection of images.
Information, however, expands on data to include implicit or explicit associations.
The etymology and semiotics of the word “information” are clear on this aspect.
They involve communication and meaning, and their hallmarks are those of
entropy and uncertainty. Last but not the least, “information” has value and estab-
lishes context to inform and instruct, and ultimately to control behavior.
Smart Identity Management

Identity is mostly about biometric information and their meaningful (forensic)
associations. Identity management (IM) stands for the application of management
principles to the acquisition, organization, control, dissemination, and strategic use
of biometric information for the purpose of security and privacy. Finally, SIM deals
with the biometric asset value, quality, ownership, and use in the context of orga-
nizational performance (Wechsler, 2010). The life cycle of biometric information
includes (i) creation and acquisition; (ii) management, e.g., development of (biometric
and forensic) databases, storage, retrieval, sharing and dissemination, maintenance,
and updates; and (iii) purposeful and legal use.
Biometric information, which refers first and foremost to physical characteristics,
e.g., appearance, is used to verify and/or authenticate individual subjects. Physical
appearance includes both internal characteristics, e.g., DNA and iris, and external
ones, e.g., face and fingerprints. Behavior, e.g., face expression and gait, and
cognitive state, e.g., intent, further expand the scope of biometrics. Some biomet-
rics, e.g., facial expression, such as smiling, can characterize appearance, inner
cognitive state, and/or medical condition. IM is involved with authentication, e.g.,
automated teller machine (ATM) verification, identification, and large-scale screen-
ing and surveillance. IM is also involved with change detection, destruction, reten-
tion, and/or revision of biometric information, e.g., as people age and/or experience
66 Harry Wechsler
illness. A dedicated biometric infrastructure needs to be designed and implemented

to enforce and guarantee robust, reliable, and efficient enterprise-wide policies and
audits. Biometric information needs to be safeguarded to ensure regulatory com-
pliance with privacy best (lawful) practices.
The smart aspect of IM is about robust inference and prediction, e.g., authen-
tication for the purpose of classification and discrimination, using incremental and
progressive evidence accumulation and disambiguation, learning and adaptation,
and closed-loop control. This can be achieved using discriminative methods (for
practical intelligence) linking the Bayesian framework and forensics, on one side,
and likelihood ratio tests (“odds”), statistical learning, information theory, random-
ness, and complexity, on the other side. The challenges that have to be met include
coping with incomplete (“occlusion”) and corrupt (“disguise”) information, image
variability, e.g., pose, illumination, and expression (PIE), and temporal change.
Management also comprises planning, organizing, directing, and controlling activi-
ties associated with data collection for the purpose of better authentication. SIM is
further facilitated by evidence-based management (EBM), which is about the value
added to raw biometric data in order to transform it into information and knowledge
using directed action (DKA) (Wechsler & Ho, 2011).
One can approach EBM and DKA in terms of evidence accumulation from
time-varying data streams for the purpose of data collection, reasoning (“infer-
ence”) and prediction, and adaptation. This approach, referred to as active learn-
ing, is built around iterative control cycles of data exploration and exploitation.
Active learning is all-encompassing, including autonomic computing (Ganek &
Corbi, 2003) and W5+ (what, when, where, why, who + how). Autonomic computing,
also referred to as self-management, is about closed-loop control. It provides basic
functionalities, e.g., self-configuration (for planning and organization), self-
optimization (for efficacy), self-protection (for security purposes), and self-healing
(to repair malfunctions). W5+ answers questions related to what data to consider,
when to capture the data and from where, and how to best process the data. The
obvious who question refers to identity and becomes most relevant to SIM. Consider
now intelligence analysis where directed evidence accumulation also considers and
documents the explanation why dimension, which associates observations and
hypotheses (models). The associations are possibly abducted using analogy reason-
ing, Bayesian (belief) networks (Darwiche, 2009), and/or causality (Pearl, 2009).
The dimensions and taxonomy for the resources and processes addressed by
active learning to support SIM are as follows: data, information, knowledge, and
meta-knowledge form one dimension. Searching, categorization, modeling, and
prediction define another dimension. Hedging/punting, risk, and decision making
make up yet another dimension. The interplay between active learning and data
collection is all encompassing and includes data aggregation, data categorization
(detection, discrimination, and classification), data cleaning, data imputation, data
revision, data partitioning, and data selection.
Biometrics
Biometrics are all-encompassing with face recognition playing the major role.
Subjects are mostly passive during data capture, e.g., mass screening, which
makes identification relatively simple to handle. Covert operations including

human identification from distance are yet another possibility. There has been,
however, much realization that current face recognition is still lacking in both
scope and reach. The recent call for papers for a Special Issue on Real-World
Face Recognition issued in March 2010 by IEEE Transactions on Pattern Analysis and
Machine Intelligence includes as a matter-of-fact the statement “Face recognition
in well-controlled environments is relatively mature and has been heavily
studied, but face recognition in uncontrolled or moderately controlled environ-
ments is still in its early stages.” Two significant efforts have been undertaken
over the last several years to alleviate the concerns expressed above and to
advance the state of the art for biometric authentication. They involve multi-
modal biometrics, and data fusion, the latter performed at different levels of
granularity and layers of functionality. Data fusion makes associations that ulti-
mately facilitate functional creep, which bears on both security and privacy.
This happens when a single modality, limited in scope and intended use, is com-
bined with other modalities, overreaching the original purpose of individual data
collections.
The face processing space can be conceptualized as a multidimensional
space with its axes indexing variability along dimensions related to data acquisi-
tion conditions. The axes describe the geometry used during image acqui-
sition, e.g., PIE, motion and/or temporal change, and last but not least the impact
of uncooperative subjects, e.g., impostors. Characteristic of uncooperative subjects
are occlusion and disguise or equivalently denial and deception. Disguise can be
deliberate and used by impostors for nefarious purposes. Deception is most
effective in cluttered environments when it becomes easier to hide, thanks to
many distracters. Occlusion and disguise, however, are not always deliberate.
Examples for accidental occlusion occur for the crowded environments processed
by CCTV, when only parts of faces are visible from time to time and not
necessarily in the correct sequence. Normal phenomena with deceptive impact
include bags under the eyes, which affect eye location and thus face detection and
normalization, wrinkles from aging, medical conditions (allergies, injuries,
and moles), fatigue, and facial hair. Correspondence using precise alignment
required for matching during authentication remains a major challenge for face
recognition.
Biometrics cannot continue to assume that the personal signatures used
for face authentication are complete, constant, and time invariant. Most
clients are indeed legitimate and honest. They have nothing to hide and have
all the incentives to cooperate. The very purpose of biometrics, however,
is to provide security from impostors seeking to breach security and/or from
uncooperative subjects. The scope for biometrics also needs to include uncon-
trolled settings, which bear on interoperability. Mass screening requires that
enrollment and authentication take place at multiple locations, physically
and temporally separated. This involves different operators whose perfor-
mance varies due to training and fatigue. The capture devices used vary too in
terms of their working condition. Proper validation of protocols and results,
including the cumulative effect of such varying conditions, is thus hard to esti-
mate and predict.
68 Harry Wechsler
Forensics
Forensics is intertwined with biometrics. Discriminative methods for categorization,

in general, and identification, in particular, built around practical intelligence
using the Bayesian framework, support forensics. This involves biometric inference
and prediction, in general, and progressive processing, evidence accumulation,
and fast decision making, in particular. Additional philosophical and linguistic
arguments that support the discriminative approach have to do with practical
reasoning and epistemology, when recalling from Hume, that “all kinds of reason-
ing consist in nothing but a comparison and a discovery of those relations, either
constant or inconstant, which two or more objects bear to each other,” similar to
nonaccidental coincidences and sparse but discriminative codes for association
(see Barlow, 1989). Formally, “the goal of pattern classification can be approached
from two points of view: informative [generative]—where the classifier learns the
class densities, [e.g., Hidden Markov Models (HMM)] or discriminative—where
the focus is on learning the class boundaries without regard to the underlying
class densities, [e.g., logistic regression and neural networks]” (Rubinstein &
Hastie, 1997). Discriminative methods avoid estimating how the data have been
generated and instead focus on estimating the posteriors similar to the use of
likelihood ratios (LRs) and odds. The discriminative approach models directly
the conditional log-likelihood or posteriors Pq(y | x). The optimal parameters
are estimated using maximum likelihood leading to the discriminative function
lk(x) = log [P(y = k | x)/P(y = K | x)].
This is similar to the use of the Universal Background Model for score normal-
ization and LR definition. The above comparison takes place between some specific
class membership k and a generic distribution (over K) that describes everything
known about the subjects. The discriminative approach was found (Rubinstein &
Hastie, 1997) to be more flexible and robust compared with informative/generative
methods because fewer assumptions are made.
Gonzalez-Rodriguez, Rose, Ramos, Toledano, and Ortega-Garcia (2007) provide
strong motivation from forensic sciences for the evidential and discriminative use of
the LR. Classical forensic reporting provides only “identification” or “exclusion/
elimination” decisions and requires the use of subjective thresholds. If the forensic
scientist is the one choosing the thresholds, he will be ignoring the prior probabili-
ties related to the case, disregarding the evidence under analysis, and usurping the
role of the Court in taking the decision. The use of biometrics for identification
purposes requires context and forensic expertise for making choices, with “. . . the
use of thresholds in essence a qualification of the acceptable level of reasonable doubt adopted
by the expert” (Champod & Meuwly, 2000).
The roles of the forensic scientist and the judge/jury are clearly separated using
the LR driven by the Bayesian approach. What the Court wants to know are the
posterior odds in favor of the prosecution proposition (P) over the defense (D)
[posterior odds = LR ¥ prior odds]. The prior odds concern the Court (background
information relative to the case), while the LR, which indicates the strength of
support from the evidence, is provided by the forensic scientist. The forensic
scientist cannot infer the identity of the probe (“subject”) from the analysis of the
forensic evidence but gives the Court the LR for the two competing hypotheses
(P and D). The LR serves as an indicator of discriminating power (similar to Tippett

plots) and can be used to comparatively assess recognition performance.
The use of the LR has been recently motivated by similar inferences made
between biometrics and forensics (Dessimoz & Champod, 2008) with evidence
evaluated using a probabilistic framework. Forensic inferences correspond to
authentication, exclusion, or inconclusive outcomes and are based on the strength
of biometric (filtering) evidence accrued by prosecution and defense competing
against each other. The use of the LR draws further support from the U.S.
Supreme Court Daubert ruling on the admissibility of scientific evidence (Black,
Ayala, & Saffran-Brinks, 1994). The Daubert ruling called for a common frame-
work that is both transparent and testable and can be the subject of further
calibration (“normalization”).
Enrollment and Authentication

The thread that interfaces between biometrics and forensics for the purpose of
enrollment and authentication is that of statistical learning, which handles best
both training for enrollment and prediction for authentication. It further allows for
open set authentication when queries on unknown subjects can be answered with
“unknown or none of the above,” rather than propose the best answer as is the case
with closed set recognition (Li & Wechsler, 2005). Toward that end, information
distances measure the similarity between enrolled subjects and test probes
for the purpose of authentication. Such distances include first and foremost the
strangeness/typicality and p-values. They are related to cohort similarity and rela-
tive ranking, quantify either randomness or regularity among biometric signatures,
and are driven by Kolmogorov complexity. As an example, transduction chooses
from all possible labeling (“identities”) for (unlabeled) query data the one that yields
the largest randomness deficiency, i.e., the most probable labeling.
Strangeness (Li & Wechsler, 2005) measures the lack of typicality for a given
biometric footprint with respect to its true or putative (presumed) identity (label) y
over the identities (labels) of other biometric exemplars. The strangeness is the
(likelihood) ratio of the sum of the k nearest neighbor similarity (Euclidean) dis-
tances d for sample j from the same class y divided by the sum of the k nearest
neighbor similarity distances for sample j from all the other classes (¬y). In effect,
typicality for a presumed identity class y indicates to what extent biometric foot-
prints from the same identity class y are similar to each other but distinct enough
from biometric footprints that belong to other identity classes. The greater typical-
ity, the smaller the strangeness and the more probable its assigned identity (label) y.
One finds empirically that the strangeness, separation (margin between different
identity classes), and statistical odds are all related with a small strangeness amount-
ing to a large margin, which is necessary for confident and reliable discrimination.
p-values compare strangeness values to determine the credibility and confidence
in various competing classifications (“labeling”) y generated. The p-values are some-
what different from their counterparts in statistics (Ho & Wechsler, 2008). p-values,
determined according to the relative rankings of different authentications using
the identity classes known, assess the extent to which biometric data support or
discredit the null hypothesis H0 for some specific classification. When the null
70 Harry Wechsler
hypothesis is rejected for each of the classes known, the biometric query returns as
result “unfamiliar” as it fails to “mate” against all the known identity classes. The
biometric query is then answered with “none of the above,” which corresponds with
forensic exclusion in proper investigations. This approach is a characteristic of open
set recognition, which is quite different from closed set (biometric) recognition,
where the best choice, i.e., the identity class most similar in appearance to the
biometric query, becomes the default answer. Policymakers should require that
forensic exclusion become mandatory for all biometric applications.
It has recently become apparent that biometric inference for the purpose
of reliable and robust authentication should take advantage of multilevel and
multilayer fusion including multisensory data integration, e.g., face, fingerprints,
and iris. Multilevel fusion involves feature/parts representation, score (“match”),
and detection (“decision”) stages, while multilayer fusion involves modality, quality,
and method (algorithm) design choices. Data fusion can be driven by transduction
using strangeness and p-value, with aggregation achieved using boosting methods
(Freund & Schapire, 1996). The strangeness links in a straightforward way repre-
sentation and prediction using boosting to determine the significance of biometric
traits (Li & Wechsler, 2009). The same validation protocols, which are derived using
transduction and boosting, are used for both data fusion and performance evalu-
ation. This enables effective and efficient validation, which is instrumental to assess
biometric performance as discussed in the next session.
Performance Evaluation and Validation

According to a study recently conducted by the National Research Council (Pato &
Millet, 2008):
A systems engineering view is especially important when the systems are to be used on
a large scale, such as for border control or social service entitlement, when all the best
practices associated with system design and management are called for. While the evo-
lution of sensor devices, matching technologies, and human factors can dominate the
attention of system designers, the ultimate success of the overall system generally relies
on attention to conventional system development issues and interoperability. These
include
• A clear understanding of the system’s functional objectives, including the user popula-
tion and environmental constraints of the system’s deployment context.
• A model for accommodating the evolution of technology overtime.
• An understanding of the effectiveness of the system through frequent or continuous
operational testing.
• A strong understanding of the human interactions with the system and how they change
with time.
• A holistic security model that addresses the application security context and provides a
cogent analysis of the potential for fraudulent presentation of biometric samples.
The same process schedules revalidation at periodic intervals. At each stage of testing and
data collection, the information obtained may send the development process back to an
earlier stage to correct any observed deficiencies and improve robustness of the sensor to
varying conditions.
Adversaries may attempt to force the biometric system into failure modes to
evade recognition, requiring that secondary screening procedures should be just as
robustly designed as the main access procedures.
Best practices and protocols ensure that performance evaluation and validation
are meaningful. One needs first to ensure that enrollment and authentication
are distinct processes that acquire and match biometric signatures using preestab-
lished features (“traits”) and a priori settings for parameters and thresholds
for decision making (Wechsler, 2007). As an example, the Good, Bad & Ugly (GBU)
face recognition challenge, which underscores the role image quality plays in
performance (Phillips et al., 2011) enforces protocols where sequestered face
images are used exclusively for the eigenface decomposition (Wechsler, 2007).
Without due rigor in proper delineation between the processes mentioned above,
any validation study would be biased and artificially inflate performance expecta-
tions in real-life deployment. There is a large list of indexes (“figures of merit”)
available to characterize biometric performance, which suggests the level of security
and privacy one can expect. The list includes confusion matrices possibly enhanced
using costs and losses, receiver operating characteristic (ROC) (trades false positive
for false negative) and area under the ROC curve, Tippet (traces the LR for two
competing hypotheses) and detection error trade-off (trades type I and II errors),
confidence intervals on expected accuracy, and sensitivity and specificity, to name
just a few.
Additional figures of merit can further assess how recognition performance is
context dependent. As an example, a face recognition engine with constant sensi-
tivity of 99.9% and specificity of 99.9% appears to provide excellent performance.
Sensitivity (“recall”) is the percentage of “targets” found by the biometric engine,
specificity is the percentage of “non-targets” identified as such, and precision is the
percentage of correct target identification. Say that the face recognition engine
screens for negative identification a population of one million subjects at some point
of entry (POE) where just 1% or 10,000 out of 1,000,000 of subjects are impostors.
Since the face recognition engine is 99.9% sensitive, it will detect 9,990 impostors
and miss 10 impostors. To continue the analysis, recall that out of one million
subjects, 990,000 are not impostors. If the specificity is also 99.9%, one can see that
989,010 legitimate customers are let through, while 990 legitimate customers, or
approximately 0.1% of the original population, are labeled as impostors and denied
entry. What is still needed to complete a meaningful analysis is the prevalence of
impostors in the general population, which is referred to as the prior odds. Assume
now that the prevalence for impostors is 0.1% rather than 1%, i.e., there are 1,000
rather than 10,000 impostors. At 99.9% sensitivity, the face recognition engine will
pick up 999, leaving only one impostor to slip through. Of the 999,000 genuine
subjects, the recognition engine lets through 998,001 of them and falsely labels 999
of them as impostors. Performance evaluation yields now the same number of false
positive as true positive, and the positive predictive value (PPV) for impostors is
now only 50%. Each other subject labeled as an impostor is a mistake. When the
prevalence goes up to 1%, the POE decision is worth much more because the PPV
went up to 90%, i.e., only one-tenth rather than half of genuine subjects are denied
entry by mistake. When the prevalence rate for intrusion is very low, one can thus
afford to miss all intrusions and still achieve excellent accuracy rates.
72 Harry Wechsler
The above type of analysis has been suggested by diagnosis of infections

and epidemiologist studies (Kraemer, 1992). Similar arguments apply to intrusion
detection. Effectiveness is now defined as the extent to which biometric detectors
can correctly classify intrusions and avoid false alarms. Axelsson (1999) has claimed
that “for a reasonable set of assumptions, the false alarm rate is the limiting factor
for the performance of an intrusion detection system. This is due to the base rate
fallacy phenomenon, which says that, in order to achieve substantial values for the
Bayesian detection rate P (intrusion|alarm), one has to achieve—a perhaps unat-
tainably low—false alarm rate.” Prevalence considerations coupled to precision and
recall (see above) should thus be made available instead of mere accuracy and
shown how they scale up with size. This is particularly important for real-world
biometrics where populations are not balanced and the prevalence for unwanted
subjects is very low. The best results on face verification using View 2 of Learning
from the Wild (LFW) facial data set are reported for small size and balanced
populations where the number of matched and nonmatched image pairs is the
same (Wolf, Hassner, & Taigman, 2011). Real-world face verification would rather
ascertain how performance scales with decreasing prevalence rates of nonmatched
image pairs and report on precision and recall rather than overall accuracy.
Identification is basically an N class verification task, where N is the number of
distinct subjects enrolled. As N becomes arbitrarily large, the probability of correctly
identifying the subject becomes arbitrarily small. Note, however, that “in most cases,
the speaker identification task appears to be more of a scientific game than an
operationally useful capability. Thus, although the speaker identification task may
garner considerable scientific interest, it is the speaker verification task that has
the greatest application potential” (Doddington, Przybocki, Martin, & Reynolds,
2000). The same reasoning carries over to face recognition. Some easy number
crunching makes the point that identification is, at least for the time being, imprac-
tical for large databases (Daugman, 2000). Assume that P1 is the probability of False
Accept for each 1:1 verification trial and that N is the size of the database that has
to be exhaustively searched for identification. The false accept probability for a
database of size N using repeated verification and closed world assumptions is
PN = 1 − (1 − P1 )N.
Consider now a biometric verifier that achieves 99.9% correct rejection, i.e., its
false accept rate (FAR) is as low as 0.001. The PN values for relatively small databases
given by N = 200, N = 2,000, and N = 10,000 are 18%, 86%, and 99.995%, respec-
tively. Once the enrolled database size “reaches only about 7,000 persons, the above
biometric actually becomes more likely (99.91%) to produce a false accept in iden-
tification trials than it is to produce a correct reject (99.9%) in verification trials. A
false accept rate of merely 10-4 on verification trials yields a false acceptance rate of
92% for identification against a data base that consists of 50,000 people. Merely very
good verifiers are of no use as identifiers. Observing the approximation PN ª N · P1
for small P1 << 1/N << 1, when searching a data base of size N, an identifier
needs to be roughly N times better than a verifier to achieve comparable odds
against a false accept” (Daugman, 2000). As an example, the best face verification
(“pair-matching”) system on LFW face data set cannot achieve better than 58%
identification for 50 subjects (Wolf et al., 2011).
The ultimate goal for any operational biometric system is reliable and robust
decision making.
Yet, the actual decision making process, specifically the setting of decision thresholds, has
often been neglected in speaker recognition research. Making these decisions has often
been dismissed as an unchallenging problem to be addressed during application devel-
opment. Yet for those who actually have had to deploy real operational systems, the
problem has been found to be quite challenging, indeed. The important point here is that
actual decision process must be considered to be part of any comprehensive speaker
recognition research program and that the ability of a system to make good decisions
should be an integral part of the evaluation. (Doddington et al., 2000)
Decisions must be made without the artificial luxury of having access to ground
truth, and they should bear on both security and privacy.
Another factor affecting validation is that of score normalization during postpro-
cessing (Wechsler, 2007). Score normalization (used for National Institute of Stan-
dards and Technology [NIST] face recognition vendor test [FRVT] evaluations
FRVT 2002 but not for earlier evaluations, e.g., FRVT 2000) (NIST, 2011) changes
the mode of operation for verification from 1:1 to 1:MANY because additional
enrolled biometric data and matching scores are required before one settles on the
final verification score for the original 1:1 verification task. Verification, however, is
basically hypothesis testing, and each hypothesis should be independently judged as
“true” or “false.” Empirical postprocessing score normalization enhances and
spreads the differences between a given probe image, whose verification one seeks
against a “pre selected” but actual gallery of images that it has access to. Perfor-
mance has been shown by FRVT 2002 to increase, using postprocessing empirical
score normalization, by about 6% on average. Postprocessing empirical score nor-
malization skews the results and is not a viable option for real-life deployment
where access to additional enrolled data is not readily available. The recent GBU
challenge disallows score normalization as a postprocessing option. In particular,
“any approach that redefines similarity s(t, q; T) [between enrolled subject ‘t’ and
query ‘q’] such that it depends upon [an enlarged enrolled subject] image set T is
NOT allowed” (Phillips et al., 2011).
The working hypothesis for the (large) face recognition evaluations carried
out so far has not been particularly concerned with the very possibility that subjects
seek to deny and/or foil recognition of their true biometric signatures. The sub-
jects wanted and/or under surveillance, however, are well motivated to hinder the
capture of their biometrics. Deception is most effective in cluttered environments
when it becomes easier to hide, thanks to many distracters and the heavy cognitive
load they place on the roving surveillance “eye.” Additional challenges related to
changes in facial appearance due to plastic surgery have become apparent recently.
To cope with such challenges, we exploit the fact that plastic surgery bears on
appearance in a nonuniform fashion using a recognition approach that integrates
information derived from local region analysis (De Marsico, Nappi, Riccio, &
Wechsler, 2011). We implemented and evaluated the performance of two new
integrative methods, face recognition against occlusions and expression variations
(FARO) and face analysis for commercial entities (FACE), which are based on
fractals and a localized version of a correlation index, respectively. They confirm the
expectation that face recognition is indeed challenged by the effects of plastic
74 Harry Wechsler
surgery. The same experimental results show that both FARO and FACE compare
favorably against standard face recognition methods such as Principal Component
Analysis (PCA) and Linear Discriminant Analysis (LDA) but are still limited by a
recognition accuracy rate of 70% and equal error rate of 20%.
Recent large-scale face recognition evaluations, e.g., FRVT 2002, Face Recogni-
tion Grand Challenge (FRGC), and FRVT 2006, still do not consider occlusion (to
avoid detection) and disguise (masquerading) for testing purposes. Singh, Vatsa,
and Noore (2009) have recently showed the deleterious effects of disguise on
biometric performance. The data used come from the facial AR database (with some
disguise accessories) or was synthetically generated. The best performance is usually
achieved on face images with variation in expression, followed by occlusion with
scarf, and images with glasses. The explanation for this finding is “there is only a
small region in a face [which varies due to expression] and the rest of the face
contributes to correct recognition.” The localization of most relevant discriminant
facial information suggests recognition by parts for biometric architectures and
matching through local estimation using transduction for learning and prediction
(Li & Wechsler, 2009). Our own evaluation studies have shown that the perfor-
mance displayed by well-known face recognition benchmark methods, e.g., eigen-
faces (PCA) and PCA + LDA (“Fisherfaces”), deteriorates significantly as a result of
disguise (Lai, Ramanathan, & Wechsler, 2008).
Additional evaluations of face recognition techniques for applications related to
Facebook (Becker & Ortiz, 2008) cast further doubt that the face recognition
problem is about to be solved anytime soon. The best performance reported by
the above study for 60,000 faces representing merely 500 users is only 65% using
support vector machines. This is quite different from the high 99% performance
accuracy (at FAR = 0.001) usually reported for very large evaluations such as FRGC.
The standard explanation provided for such discrepancies is the lack of interoper-
ability vis-à-vis uncontrolled settings and image variability, and as a consequence,
different underlying distributions the biometric data are drawn from. Similar res-
ervations are expressed by Pinto, DiCarlo, and Cox (2008), who further recom-
mend establishing good benchmarks and baselines for face recognition.
Most recently, two novel methods for face verification were proposed (Kumar,
Berg, Belhumeur, & Nayar, 2011). The first method—“attribute” classifiers—uses
binary classifiers trained to recognize the presence or absence of describable aspects
of visual appearance (e.g., gender, race, and age). The second method—“simile”
classifiers—records as features the similarity of faces or their regions across a
prespecified set of specific face references. Neither method requires costly, often
brittle, alignment between image pairs; yet, both methods produce compact
visual descriptions and work on real-world images. While both the attribute and
simile classifiers improve on the current state of the art for the LFW data set, the
performance is only around 85% on relatively limited size (in terms of subjects
enrolled) biometric data sets. Hand (2006) dovetails on such observations to report
on classifier technology and argues that “comparisons often fail to take into account
important aspects of real problems, so the apparent superiority of more sophisti-
cated methods may be something of an illusion [of progress].”
It should be apparent by now that both security and privacy depend on image
quality and content, the scale of operation and the extent of uncontrolled settings.
As an example, the GBU challenge (Phillips et al., 2011) encouraged the develop-
ment of algorithms that are robust to different levels of image quality and content
for frontal faces. The GBU challenge consists of three data partitions vis-à-vis quality
and content. The Good partition contains pairs of images that are considered easy to
recognize. On the Good partition, the base verification rate (VR) is 0.98 at a FAR of
0.001. The Bad partition contains pairs of images of average difficulty to recognize.
For the Bad partition, the VR is 0.80 at a FAR of 0.001. The Ugly partition contains
pairs of images considered difficult to recognize, with a VR of 0.15 at a FAR of
0.001. The base performance is from fusing the output of three of the top perform-
ers in the FRVT 2006.
Uncontrolled settings are not the only challenge to face recognition. There is also
an intrinsic component that makes some subjects contribute more than their fair
share to errors. This is referred to as the biometric zoo. “It is commonly accepted
that users of a biometric system may have differing degrees of accuracy within
the system. Some people may have trouble authenticating, while others may
be particularly vulnerable to impersonation. Goats, wolves, and lambs are labels
commonly applied to these problem users. The ‘animals’ are defined in terms
of verification performance when they are matched against themselves (goats) or
when matched against others (lambs and wolves)” (Doddington, Liggett, Martin,
Przybocki, & Reynolds, 1998). A new framework for the evaluation of biometric
systems based on the biometric menagerie, as opposed to collective statistics, has
been duly proposed (Yager & Dunstone, 2010).
Cross-matching is yet another hurdle that has to be overcome. Beveridge et al.
(2011) argue that:
. . . it is much more common to find relationships in which two images that are hard to
match to each other can be easily matched with other images of the same person. In other
words, these images are simultaneously both high and low quality. The existence of such
“contrary” images represents a fundamental challenge for approaches to biometric quality
that cast quality as an intrinsic property of a single image. Instead it indicates that quality
should be associated with pairs of images. In exploring these contrary images, we find a
surprising dependence on whether elements of an image pair are acquired at the same
location, even in circumstances where one would be tempted to think of the locations as
interchangeable.
All the challenges and drawbacks enumerated in this section amount to a sheer
lack of interoperability, which is critical to effective biometric recognition. By over-
fitting and tuning to specific settings, current practices undermine both security
and privacy. What takes place during validation is nothing more than “teaching to
the test” rather than preparing for real-world deployment and operations.
Security and Privacy

Both biometrics and forensics are inherently adversarial in nature. Adversarial
biometrics are characterized in terms of degradation of image quality, inherent
variability of biometric contents, denial (occlusion), and deception (camouflage), the
latter two conditions being the trademark of impostors. While the reliability aspect
is confined to authentication performance, it is the robustness aspect that addresses
security and privacy concerns with respect to the storage, distribution, and use of
76 Harry Wechsler
Figure 1. Threats to Biometric Systems. (Adapted from Bolle et al., 2004.)
biometric information. Robustness is concerned here with potential attacks, threats,

and vulnerabilities, and the means to thwart them. Security ensures correct authen-
tication, nonrepudiation, confidentiality, authorization and delegation, and data
integrity. The biometric process can be attacked at the client site, during commu-
nication, or at the host (server). Privacy safeguards the biometric details from
unauthorized entities and/or fraudulent use, e.g., phishing and identity theft.
Justice Louis Brandeis described privacy as “the right to be left alone.” According
to Crews (2002), “the challenge of the biometric future is to prevent mandatory
national IDs [and unwelcome surveillance possibly using CCTV and/or RFID],
ensure Fourth Amendment protections with respect to public surveillance, and
avoid the blurring of public and private data bases [that] will undercut a presump-
tive right to maintain anonymity.” Anonymity, complementary to privacy, seeks to
make the client unknown and thus avoid her identification. Looser matches under-
cut privacy too because they lead to an increase in the false positive error rate and
place undue suspicion on innocent bystanders. Privacy and anonymity, which are
mostly related to template (“biometric signature”) protection, are usually dealt
using cryptosystems.
The security and privacy threats affecting a biometric system are linked to its
basic architecture and define specific points of attack and vulnerabilities. The
threats are visualized around a pattern recognition system further augmented
by proper means for sensing (networked and compressed) communication and
storage (Bolle, Connell, Pankanti, Ratha, & Senior, 2004). The biometric subtasks
vulnerable to such threats include enrollment, feature extraction, template con-
struction, matching, and decision making. The transmission of information pro-
vides further opportunities for attackers to insert and/or intercept communication
traffic and/or highjack the connection from legitimate users. The threats and the
corresponding vulnerability points (see Figure 1) are the result of collusion, fraud,
and circumvention, e.g., Trojan horses that generate false results using disguise.
They comprise injecting fake biometrics (see Tom Cruise in Minority Report for
futuristic eye transplants to conceal his identity) including impersonation or coer-
cive submission of biometrics (“1A”), lack of cooperation during enrollment (“1B”),
covert acquisition and biometric replays or brute force attacks using hill climbing
search to regenerate raw face images (“2”), capturing or subverting information
(“3A”), e.g., capturing the eigenspace transformation (that provides a system of
coordinates optimal for face decorrelation and discrimination where faces are
represented as multidimensional points and metrics become available to measure

similarity) or inserting Trojan horses that consist of preselected features (“3B”),
snooping/eavesdropping and/or replacing the biometric signatures before they
reach a physically separated matcher (“4”), corrupting the matcher (“5”),
improper access and use of stored templates (“6A”) or tampering with stored
templates (“6B”) and their distribution to matching stations (“7”), and overriding
biometric decisions (“8”), possibly by inserting a Trojan horse (Ratha, Connell, &
Bolle, 2001). The wide availability of face recognition technology (FERET) (Phil-
lips, Wechsler, Huang, & Rauss, 1998) from NIST and its use by many vendors to
derive almost similar eigenfaces introduce additional vulnerabilities for privacy
(image regeneration at attack point “2” using hill climbing methods), and hacking
geared to subvert the base representations and feature extraction (“3A”) and
(“3B”), respectively.
Replay attacks, another threat shared by both physical possession of tokens and
biometrics, bypass the data capture device using previously acquired passwords or
templates and are usually handled using challenge/response pairs to validate the
integrity of the signal captured. The response to guided challenges depends on both
the challenge string and the signal acquired after the challenge was issued. This
ensures freshness and authenticity against mere substitution and/or replay by the
attacker. Interactive proofs implement such challenge/response schemes and are the
foundation for designing digital signature protocols. Replay attacks against biomet-
rics can also be challenged and/or fought against using techniques similar to those
used to enforce copyrights. Hidden data placed as digital watermarks in either Joint
Photographic Experts Group (JPEG) compressed or uncompressed images can
check for authenticity at the source, e.g., steganography. Spoofing or masquerading
using fake biometrics, a variation on replay attacks, is a threat specific to biometrics,
e.g., checking on aliveness to counter spoofing. Last but not least, while physical
possession, once compromised can be easily cancelled and replaced, it is not that easy
to handle and/or replace compromised biometrics. One of the solutions proposed to
prevent templates from being compromised and to safeguard confidentiality distorts
(after proper alignment) in a unique and noninvertible fashion the raw biometric
signal and/or the features extracted during both enrollment and authentication. This
yields multiple and different biometric versions for the same client and prevents
access to the original raw data and/or her biometrics. Cancellation then simply
requires the specification of a new distortion transform.
A functional terminology for the threats enumerated so far would include denial
of service when the biometric system becomes corrupted and is out of service,
circumvention for attacks aimed at gaining access to unauthorized data, repudiation of
ownership for specific biometrics using theft and/or improper match as ruses,
contamination or covert acquisition of biometric imprints, and collusion or coercion for
illegal acquisition of personal biometrics to gain unauthorized access and privileges
to the authorization system (Maltoni, Maio, Jain, & Prabhakar, 2009). “Biometrics
work well only if the verifier can verify two things: one, that the biometric came
from the person [owning them] at the time of verification, and two, that the
biometric matches the master biometric on file” (Schneier, 1999).
Specifications on expected performance using validation, in general, and secu-
rity and privacy, in particular, require proper assumptions about the diversity of
78 Harry Wechsler
the population for whom the biometrics are collected. According to Dobzhansky
(1951), “experience shows that every person whom one meets differs from all
met before. Every human individual is unique, different from all others who
live or lived.” What is diversity after all? Again, according to Dobzhansky, diver-
sity is “the discontinuity of the variation among organisms. The observed varia-
tion does not form any kind of continuous distribution. Instead, a multitude of
separate, discrete distributions are found.” One conjecture under consideration is
that of biometric uniqueness, diversity notwithstanding. The conjecture
claims that no two individuals share the same extracted biometric characteristics.
Note that the conjecture on uniqueness is concerned with extracted and/or pro-
cessed biometrics rather than the original client data, which is unique by default.
There has been scrutiny of and challenge to this conjecture, in particular con-
cerning the biometric signatures extracted and used for authentication. The U.S.
Supreme Court heard in 1993 the case of Daubert versus Merrell Dow Pharma-
ceuticals, Inc. One of the concerns raised was about the reliability of fingerprint
evidence. The Supreme Court did list several criteria for qualifying expert
testimony:
• whether the particular technique or methodology in question has been subject
to a statistical hypothesis testing,
• whether its error rate has been established,
• whether the standards controlling the technique’s operation exist and have
been maintained,
• whether it has been peer reviewed and published, and
• whether it has a general widespread acceptance.
There are studies on the individuality of iris codes (Daugman, 2003) and
fingerprints (Pankanti, Prabhakar, & Jain, 2002) but none yet for human faces.
Daugman (2000) has investigated the role of statistical decision theory, in general,
and combinatorial complexity, in particular, to analyze decision landscapes, e.g.,
ROC curve, and to measure the uniqueness of biometric signatures. For biometrics
that do not compare lists of distinct features but rather use a simple analogue
measure such as correlation, using more (features) is not better. The basic but
obvious observation made by Daugman is “how likely it is that some proportion of
the features will be matched by chance by different people, and some proportion
will fail to be matched even by the same person, that really determines the shape
of the decision landscape. The goal of biometric feature encoding is to maximize
the number of degree-of-freedom that will belong to the score distribution [arising
from comparing different people], while minimizing the number [of degrees-of-
freedom] that will belong to the authentic [‘sameness’] distribution.” One metric
suggested by Daugman (2000) to gauge uniqueness is data size divided by its mean
correlation. It corresponds to Hartley’s classic definition of the number of
degrees-of-freedom or the number of resolvable cells in the information (space/
time ¥ frequency) diagram proposed by Gabor (similar to Heisenberg uncertainty
principle but applied to the uncertainty in localization [in space and/or time] vs.
spectral content).
The key to iris recognition proposed by Daugman (2004) is “the failure of a test
of statistical independence, which involves so many degrees of freedom such that
this test is virtually guaranteed to pass whenever the [binary] phase codes for two
different eyes are compared, but it uniquely fails when any eye’s phase code is
compared with another version of itself.” The test of statistical independence is
simply implemented using exclusive OR (XOR) applied to the 2048-bit vectors
that encode any two iris patterns, masked (ANDed) using their corresponding
mask bit vectors to prevent noniris artifacts from influencing iris comparisons.
The XOR test counts the number of different bit settings (0 and 1). The fractional
Hamming distance, which implements the above test, measures the dissimilarity
between any two iris patterns as the number of different bit settings. Diversity and
uniqueness, in general, and flexibility and privacy, in particular, are further
enhanced using different biometrics and fusing them. Woodward (1997) claims
that “biometric balkanization, or the use of multiple biometric technologies
deployed for multiple applications, provides greater privacy protections than does
biometric centralization, or the use of one dominant biometric technology for
multiple applications.” This observation should be, however, qualified to the
extent that it supports interoperability and is properly validated in terms of accu-
rate performance.
Template Security
While the preceding section deals with the larger security and privacy issues of
full-fledged systems, here, special attention is paid to the biometric templates
themselves. A critical component of any biometric system, templates encode bio-
metric signatures that store information about personal identity suitable for authen-
tication. Template security is about the integrity and proper use of such personal
identities. Any template protection scheme should have the following four proper-
ties (Jain, Nandakumar, & Nagar, 2008): (i) Diversity, such that cross-matching of
secured templates does not infringe on the privacy of the true owner, and functional
creep is avoided; (ii) Revocability, such that compromised biometrics can be deleted
(“cancellable biometrics”) and new ones reissued; (iii) Security, such that it should be
extremely difficult to generate the original biometrics; and (iv) Performance, such
that the protection scheme should not degrade the matching performance. Jain
and Kumar (2010) argue that the current template protection schemes “cannot
yet simultaneously meet all the four requirements listed above. Therefore, hybrid
schemes, which can avail the advantages of different template protection schemes,
should be pursued.”
Protecting the template is challenging first and foremost due to intra-user vari-
ability in the acquired biometric traits. Encryption is not a smooth function, and a
small difference in biometric traits can derail the encrypted features. Adversarial
attacks target first the integrity of the templates using help from insider threats,
e.g., enrollment fraud. Security breaches in both acquisition (“enrollment”) and
communication further endanger the integrity of templates, e.g., nonsecure infra-
structure. Last but not least, characteristic of biometric overtness, an adversary can
circumvent the biometric system by presenting spoofed traits. To meet challenges as
those listed above, Jain et al. (2008) review the solutions proposed so far and classify
80 Harry Wechsler
them into two broad classes, namely, feature transformation and biometric cryptosystems.
Under the first scheme, only the transformed template, using a random key for
transformation, is stored in the database. The same transformations are equally
applied during both enrollment and testing (“authentication”) and can be either
invertible (“salting”) or noninvertible (“hashing”), with the latter difficult to invert
even if the key is known. “Biometric cryptosystems (‘helper [public] data methods’)
were originally developed for the purpose of either securing a cryptographic key
using biometric features, [e.g., key binding using fuzzy vault and/or fuzzy commit-
ment], or directly generating a cryptographic key from biometric features, [e.g.,
fuzzy extractor]” (Jain et al., 2008). Matching is performed indirectly by “verifying
the validity of the extracted key with error correction coding techniques typically
used to handle intra-user variation.” Dodis, Reyzin, and Smith (2004) combine
randomness and error correction to expand on the fuzzy and helper data schemes.
They describe how to generate keys from noisy data, e.g., biometrics B, and the
means to reliably and securely authenticate them.
A basic criticism of biometrics is that “we, as individuals, lose our anonymity
whenever biometric scanning systems are deployed. Controlling information about
ourselves includes our ability to keep other parties from knowing who we are.
Biometrics can establish our identity almost instantaneously in unexpected, unwel-
come, or unforeseen future circumstances and in combination with related tech-
nologies would enable the state to monitor the actions and behavior of its citizenry”
Woodward (1997). To what extent can anonymity be nevertheless preserved while
using biometrics? Pfitzmann and Hansen (2005) define anonymity as “the state of
being not identifiable within a set of objects, the k-anonymity set” and argue that
“anonymity is the stronger, the larger the respective [cardinality of the k] anonymity
set is.” Serjantov and Danezis (2002) observe that “the potentially different prob-
abilities of different members of the anonymity set actually having sent or received
the message are unwisely ignored. Yet they can give a lot of extra information to the
attacker [and increase apparent vulnerability].” This carries over to biometrics
where the users engage differently in authentication, e.g., time, roles, protocols,
and routing.
Newton, Sweeney, and Malin (2005) deidentify facial images in the context of
sharing video surveillance data for the purpose of “limiting automatic persistent
recognition of populations whose images are captured on video but who have
done nothing suspicious.” Effective deidentification, similar to denial and decep-
tion, alleviates security and privacy concerns. Deidentification undermines specific
processing steps, e.g., foil accurate eye detection for normalization purposes and
increases at the same time the entropy (“uncertainty”) at the expense of authen-
tication. Some of the countermeasures used were concealment behind an opaque
object, or overloading the camera’s sensory apparatus with a bright light source.
The degree to which those two broad classes of methods appear to work can be
summed up in a single word: contrast, i.e., large color difference between adjacent
pixels. The explanation for such findings is simply that proper contrast usually
leads to discriminating features and thus to recognition. Playing with contrast is
similar to deploying camouflage and/or distracters. Alexander and Smith (2004)
point out that anonymity and template protection could be modeled using the
noisy channel concept from information theory where a noncooperative subject
would be involved with both transmission (of biometric data) and jamming. The
most effective means for anonymity would require targeted rather than random
noise.
Interoperability
Privacy is first and foremost about identity and its use. It is identity driven by
appearance and behavior or it is prediction of behavior driven by biometrics and
forensics. Interoperability is the thread that links biometrics and forensics with
distributed data collection and associated federated IM systems. Interoperability is
most important as it informs operational performance and validation, on one side,
and trustworthiness to reduce vulnerabilities, on the other side.
Vaidhyanathan (2011) points out that “privacy is about the fact that you have a
choice in what you reveal and that you exercise the choice knowingly.” Infringe-
ment of privacy is not universal but rather context and subject dependent. Com-
puter literacy affects the ability to control privacy settings, and those savvy to protect
themselves are usually younger. Interoperability, which bears on both security and
privacy, involves SIM, which “should support seamless interworking to facilitate
moving personally identifiable information between systems built along different
paradigms” (Vaidhyanathan, 2011). Chadwick and Inman (2009) advocate the
development and deployment of advanced federated IM protocols and correspond-
ing services to “let users securely link their various identity provider (IdP) accounts,
enabling the system to aggregate attributes from multiple authoritative sources
automatically without requiring users to authenticate separately to each IdP.”
Interoperability depends on image quality (Beveridge et al., 2010), diversity of
population, and protocols employed. Toward that end, protocols should ensure
that similarity does not depend upon the enrolled gallery and/or the query set.
This disallows score normalization, with images used for validation purposes
“excluded from model selection, training, or tuning of an algorithm” (Phillips
et al., 2011). Expectations on operational performance for the purpose of authen-
tication and security, on one side, and privacy, on the other side, are hard to make
due to uncontrolled settings, real-world operations, and data diversity. The cova-
riates that affect performance are many, and their complex relationships are dif-
ficult to model. The diversity of faces in the real world means that face recognition
algorithms must operate over a backdrop of appearance variability that is not
related to an individual’s unique identity. Face recognition algorithms intended
for real-world applications must perform predictably over changes in the demo-
graphic composition of the intended application populations. One should thus be
aware that “the demographic composition of non-match populations [e.g., differ-
ences in gender, race/ethnicity, and age] affects estimates of algorithm accuracy”
and that “thresholds may have to be reassessed periodically and adjusted as
needed” (Phillips et al., 2011).
Beveridge and colleagues (2011) comment on quality when they state that
“quality is typically thought of as a property of individual images, not image pairs”
and further question if “most face recognition failures are caused by low-quality
images or by pair-wise inconsistencies between target and query images.” Toward
82 Harry Wechsler
that end, they define “contrary images” as “images that have a contrary nature with
respect to quality in so much as their quality is simultaneously high and low as
defined by how they match to other images of the same person” and report that
“low-quality images are less common than contrary images, and this in turn sug-
gests that two high-quality face images may, when compared to each other, match
poorly.” What factors might be responsible for such a finding? The answer pro-
posed involves physical location rather than the usual culprits of differences in light,
pose, and expression, with the claim made that “same/different location is such a
strong predictor of whether two images will match well.”
Interoperability covers both performance (including misidentification and
reidentification) and functional creep (when federated repositories of personal
data collaborate to disambiguate identity for novel uses). The latter involves
random tagging of passersby and unearthing of their personal details, possibly
using data mining for inferring and predicting personal and sensitive information
about a person. This takes advantage of the potent but toxic mix of converg-
ing technologies for pervasive/ubiquitous computing and mobile devices. This
includes face recognition, e.g., PittPatt facial recognizer recently acquired by
Google, cloud computing, and social media. It leads to “augmented reality” when
“seamless merging of offline and online data can now overlay personal and private
information over the target’s face displayed on mobile devices” (Acquisti, Gross, &
Stutzman, 2011). Link analysis, social media analytics, and peer-based accretion of
data blend information and knowledge to create the augmented reality. Further-
more, Acquisti and others at Carnegie Mellon University have shown that by
mining public sources, including Facebook profiles and government databases,
one could identify personal interests and, in a few cases, the first five digits
of a social security number. To address this, the Social Security agency launched
in June 2011 a new “randomized” numbering system to make such predictions
less likely. Such outcomes go much beyond the expected lack of privacy in public
spaces vis-à-vis external appearance and personal behavior. They defy expected
anonymity of “personal” identity, grossly infringe on privacy, and “foreshadow a
future when we all may be recognizable on the street—not just by friends or
government agencies using sophisticated devices, but by anyone with a smart
phone and internet connection” (Acquisti et al., 2011). Such informed tagging
leads to increased “democratized” surveillance, in general, and de-anonymization,
reidentification, in particular. This enables facial visual searches similar to text
searching, and de facto creates an unregulated “Real-ID” infrastructure.
Discussion: Moving Forward on Security and Privacy

A common view expressed by many is that there should be little expectation, if any,
for privacy in public spaces. We adhere to the view expressed by Gordon Crovitz
(2011) that “the modern expectation of privacy is not that the people will always
want to remain anonymous. Instead, they expect to have a choice about how they
both control and share information about themselves. Privacy should be about
individual choice, not based on a predetermined definition of either confidentiality
or transparency.” (See Mordini & Rebera [2012] for more discussion of
this issue.) One needs to be aware of the way biometrics are stored and used and
to assuage legitimate concerns regarding functional creep. Ann Cavoukian sup-

ports similar views to those espoused by Gordon Crovitz, to further emphasize
that “privacy means control and individual choice, not secrecy” (Crovitz, 2011).
Furthermore, privacy should be “user-centric, allow for information self-
determination” leading eventually to privacy by design, where one should “start
proactively with privacy as the default, adding clear notice and control mechanisms,
and empowering user-friendly options.”
Best practices and protocols for validation include prohibition on score normal-
ization during postprocessing, clear distinction between the data used for learning
the biometric space for representation and the data used during training (for
enrollment) and authentication (for testing), allowance for diversity (“demograph-
ics”) (O’Toole, Phillips, An, & Dunlop, 2011), and uncontrolled settings. Interop-
erability is all encompassing as it refers to suites of sensors, personnel (“operators”),
subjects’ condition, and algorithms. Security and privacy, complementary to each
other, have to address both intrinsic failures and adversarial attacks to support
enhanced overall system integrity.
Both security and privacy have to contend with advances in science and tech-
nology, including the holy grail of “non-cooperative personal identification at-a-
distance and on-the-move using multimodal sensors that can simultaneously
acquire 2D and 3D images.” Novel biometric traits, e.g., scars, moles, and tattoos
(for face) and pores (for fingerprints) and novel anatomical, physiological, and
behavioral characteristics, e.g., periocular and ear, are expected as well. Stratifica-
tion, filtering, and soft biometrics using context and ancillary information, e.g., age
and gender, are biometric added value. Data mining, social media analytics, link
analysis, and social intelligence are expected to facilitate covert identification
together with probing of large biometric databases and data streams in order to
track, identify subjects of interest, and characterize their (medical) condition and
intent. This expands the reach of biometric use for surveillance and raises addi-
tional concerns related to privacy.
Venues for novel operational aspects and technological opportunities that bear
on the future of biometrics regarding security and privacy are likely to include data
streams and video, link analysis and reidentification, social media analytics and
cyber security, and smart camera networks and surveillance. This requires advances
in evidence-based biometric IM including data collection, aggregation, and effective
template protection. Second, representational aspects need to be addressed using
recognition by parts, multi-instance and multimodal biometric templates (“biomet-
ric signatures”), flexible matching, and change detection (Li & Wechsler, 2009).
Third, novel science and engineering adaptation methods need to be developed
around statistical learning, multisensory integration, and data fusion. Fourth, suit-
able metrics for the purpose of costs and risk assessment, estimates (“predictions”)
on performance, and sensitivity vis-à-vis reliability and robustness have yet to be
designed and deployed.
The concerns regarding privacy and anonymity have grown significantly with
the rapid spread of social networks. Randi Zuckerberg, Facebook’s then marketing
director, offered a fix for cyber bullying: stop people from doing anything online
without their names attached. Zuckerberg (2011) advocates “Anonymity online has
to go away” Facebook requires all members to use their real names and email
84 Harry Wechsler
addresses when joining the social network—a policy that has been difficult at times
to enforce, as the prevalence of spam accounts suggest. Former Google CEO, Eric
Schmidt (2010b, August 10) has also made this suggestion, calling online anonymity
“dangerous” and predicting that governments will eventually “demand” that
people use their names for all online activity. In particular, Google knows what you
watch, what you search, and even with whom you are friends. Schmidt (2010a,
August 4) has previously said, “If you have something that you don’t want anyone
to know, maybe you shouldn’t be doing it in the first place.” He goes on to say “The
only way to manage this is true transparency and no anonymity.” The proposal to
tie real-world identities to online actions is a controversial one, with privacy and free
speech advocates countering that anonymity is necessary to protect dissidents and
other individuals, such as sexual abuse victims. Gigaom’s Matthew Ingram (2011)
wrote recently, “Many people believe that requiring real names will solve the
problems of trolls and bad behavior, but they don’t—and that policy can have
negative consequences in terms of suppressing dialogue about important topics.”
The right to privacy and anonymity go beyond using real names. Both Facebook
and Google+ have now the ability to tag users’ faces and to associate them with real
users’ name, locations, and behaviors. This opens the door to covert surveillance
when users are not personally engaged online but rather are monitored by others
on purpose or not. Last but not least, interoperability is key for uncontrolled
settings. Toward that end, validation studies should use full-fledged biometric (face)
engines with parameters and settings a priori. Validation should then be carried out
on the mix of (legacy) large scale but different (enrolled) databases.
Conclusions
This article captures various security and privacy issues revolving around the use of
biometrics and forensics drawing on the intertwined concepts of “personally iden-
tifiable information” (PII) (Narayanan & Shmatikov, 2010) and interoperability
(Pacyna, Rutkowski, Sarma, & Takahashi, 2009). The emphasis throughout is on
quantitative performance and proper validation for uncontrolled settings, variable
demographics, and distributed biometric recognition operations, e.g., expected
rates of correct identification and/or rates of misidentification. Most important for
validation is reproducibility of results including full information on the experimen-
tal design used, that forensic exclusion is allowed, and that scientific methods for
performance evaluation are followed. As an example, Huang, Ramesh, Berg, and
Learned-Miller (2008) warn users of the LFW facial database that “The second view
[‘partition’] of the [LFW] data should be used sparingly and only for performance
reporting. Ideally, it should only be used once, as choosing the best performer from
multiple algorithms, or multiple parameter settings, will bias results toward artifi-
cially high accuracy.” Related comments on the merit of new and purportedly better
methods, warn that
. . . there also comes a time when performance on a benchmark reaches ceiling perfor-
mance or methods become overengineered for nuances of a data set, and modest perfor-
mance gains may be indicative of overfitting. Alternatively, some new works or operational
scenarios may push the envelope in directions that are not well represented with exist-
ing benchmarks; in such cases, authors may need to develop alternative
benchmarks and justify this need in subsequent publications. Interestingly, real world face
recognition methods that achieve state-of-the-art performance on data sets like LFW may
actually perform worse on constrained, frontal data sets like FERET. (Hua, Yang, Turk,
Kriegman, & Huang, 2011)
A proven and reliable approach has not yet materialized despite claims to the
contrary. A simple explanation for such inconsistent results is that each new method
is tuned to “teach to the test.” The need for a novel validation framework for
biometric recognition, in general, and security and privacy, in particular, is well
aligned to a recent Weiser (2011) report to the effect that there has been a sweeping
shift on witness Identification, with the NJ Supreme Court acknowledging a “trou-
bling lack of reliability in eyewitness ID,” and issuing sweeping new rules making it
easier for defendants to challenge such evidence in criminal cases. Similar warran-
ties should be available and enforced in the digital world as well. Dwork (2011)
defines loss of privacy as “usually associated with failure to control access to infor-
mation, to control the flow of information, or to control the purposes for which
information is employed.” Dwork emphasizes the importance of taking “auxiliary
information into account in privacy-preserving data release,” e.g., assessing the use
of complex join operations characteristic of relational databases to undermine
semantic security. Dwork further proposes a firm foundation for private data
analysis using differential privacy when one separates the utility of the database, e.g.,
to estimate gender rates, from the risk of harm due to joining the database. An
informal and intuitive explanation of differential privacy states that “given the
output of some computation, one cannot tell if any specific data item was used as
part of the input because the probability of producing this output would have been
the same even without this item” (Machanavajjhala, Gehrke, & Kifer, 2006). This
can be achieved using k-anonymity and l-diversity leading to anonymization, and
deidentification and randomized responses “so as to effectively hide the presence or
absence of the data of any individual.” k-anonymity prevents data linkages (using
quasi-identifiers) when attributes are suppressed or generalized until each row is
identical with at least k-1 other rows. As k-anonymity is vulnerable to privacy breach
using homogeneity attacks (to extract shared sensitive data) and background attacks
(using prior knowledge to prime possible linkages), one should use l-diversity
where the sensitive attribute assumes at least l different values.
Domingo-Ferrer and Torra (2008) argue that (database) privacy “largely depends
on the context where this concept is being used.” They propose three privacy
dimensions (respondent, owner, and user) not necessarily orthogonal to each other.
k-anonymity, one approach to trade-off between information loss and disclosure risk,
is not short of shortcomings. It addresses data mining and privacy, in general, and
anonymization and reidentification, in particular, as it trades between data protec-
tion and data utility subject to constraints on data leakage. As microdata are sparse,
the “fat [long] tail” phenomenon, when unexpected events are not that rare after all,
makes k-anonymity fail on high-dimensional data sets. Although the supports of
“unpopular” items are small, these items are so numerous that they make up the bulk
of the non-null entries in the database. “As the data contains a large number of
attributes which may be considered quasi-identifiers, it becomes difficult to anony-
mize the data without an unacceptably high amount of information loss. This is
because an exponential number of combinations of dimensions can be used to make
86 Harry Wechsler
precise inference attacks, even when individual attributes are partially specified
within a range” (Aggarwal, 2005). A discussion on privacy is not complete without
considering its relation to liberty and right. Toward that end, it is instructive to make
reference to Isaiah Berlin and his concepts of positive and negative liberties. Positive
liberty is about the autonomy of the individual and value pluralism, while negative
liberty involves an answer to the question: “What is the area within which the
subject—a person or group of persons—is or should be left to do or be what he is able
to do or be, without interference by other persons” (Berlin, 2004).
The search for privacy needs to anticipate and to contend with new technologies
that shape the web and make it smarter. First and foremost, a mobile web of
communication with video poised to inundate it, with everyday objects joining our
social networks, with ever increasing amounts of web data that enable data mining to
make unanticipated linkages for the purpose of “augmented reality” (Acquisti et al.,
2011) and (private) functional creep, and with voice and gestures changing human–
computer interaction (Ackerman & Guizzo, 2011), Narayanan and Shmatikov (2008,
2009) have recently shown that reidentification targeting anonymized social net-
works is relatively easy, using network topology, even when the overlap between the
target network and the adversary’s auxiliary information is small, e.g., on Twitter and
Flickr. Strong control access mechanisms, proper legislation and informed consent,
computing education, and literacy are thus recommended for enhanced privacy.
Acknowledgment
The author expresses his deep gratitude to the editor, Christopher Gore, for his insightful
and thought-provoking comments that helped illuminate the relevance for policymakers of
the science underlying the security and privacy aspects of biometrics.
About the Author

Harry Wechsler is Professor of Computer Science, George Mason University (GMU). Dr.
Wechsler’s research covers image analysis, machine learning, data mining, and pattern
recognition, with applications to biometrics and security, smart identity management and
interoperability, intelligent systems and data fusion, and performance evaluation and error
analysis. An important focus of his research is robust processing and interpretation of
incomplete or degraded information, including adversarial biometric authentication and
pattern recognition subject to denial (occlusion) and deception (disguise). Dr. Wechsler
received his Ph.D. in Computer and Information Sciences from University of California,
Irvine. He has consulted for government and industry, and is IEEE Fellow and IAPR Fellow.
He holds five U.S. patents on topics related to biometrics and data analysis. His monograph
on “Reliable Face Recognition Methods” was published by Springer in 2007. Major recent
publications appear in journals such as IEEE Transactions on Pattern Analysis and Machine
Intelligence, International Journal of Artificial Intelligence and Pattern Recognition, and Intelligent
Information Management.
References
Ackerman, E., & Guizzo, E. (2011). 5 technologies that will shape the web. IEEE Spectrum, 48(6), 40–45.
Acquisti, A., Gross, R., & Stutzman, F. (2011). Faces of Facebook: Privacy in the age of augmented reality. Retrieved
from http://www.heinz.cmu.ed/~acquisti/face-recognition-study-FAQ/acquisti-faces-BLACKHAT-draft.pdf
(accessed September 24, 2011), Black Hat Conf., Las Vegas, NV.
Aggarwal, C. (2005). On k-anonymity and the curse of dimensionality. Proceedings of the 31st International
Conference on Very Large Databases, Trondheim, Norway, 901–909.
Alexander, J., & Smith, J. M. (2004). Engineering privacy in public: Confounding face recognition. 3rd Int’l
Workshop on Privacy Enhancing Technologies, Dresden, Germany, 88–106.
Arendt, H. (1973). The origins of totalitarianism. San Diego, CA: Harcourt Brace Jonanovich.
Axelsson, S. (1999). The base-rate fallacy and the difficulty of intrusion detection. 6th ACM Conf. on Computer and
Comm. Security, 1–7, Singapore.
Barlow, H. B. (1989). Unsupervised learning. Neural Computation, 1(3), 295–311.
Becker, B. C., & Ortiz, E. G. (2008). Evaluation of face recognition techniques for application to Facebook. 8th
IEEE International Conference on Automatic Face & Gesture Recognition, 1–6, Amsterdam, Holland.
Berlin, I. (2004). Liberty. New York: Oxford University Press.
Beveridge, J. R., Givens, G. H., Phillips, P. J., Draper, B. A., Bolme, D. S., & Lui, Y. M. (2010). FRVT 2006: Quo
vadis face quality. Image and Vision Computing, 28(5), 732–743.
Beveridge, J. R., Phillips, P. J., Givens, G. H., Draper, B. A., Teli, M. N., & Bolme, D. S. (2011). When
high-quality face images match poorly. Proc. 9th Int’l Conf. Automatic Face & Gesture Recognition, 572–578,
Santa Barbara, CA.
Black, B., Ayala, F. J., & Saffran-Brinks, C. (1994). Science and the law in the wake of Daubert: A new search
for scientific knowledge. Texas Law Review, 72(4), 715–761.
Bolle, R. M., Connell, J. H., Pankanti, S., Ratha, N. K., & Senior, A. W. (2004). Guide to biometrics. New York:
Springer Verlag.
Busch, C. (2010). Template protection projects in Europe, Hochschule Darmstadt/Fraunhofer IGD/Gjøvik
University College, BCC Tampa 2010-09-21.
Chadwick, D. W., & Inman, G. (2009). Attribute aggregation in federated identity management. Computer, 42(5),
33–40.
Champod, C., & Meuwly, D. (2000). The inference of identity in forensic speaker recognition. Speech Commu-
nication, 31(2–3), 193–203.
Charette, R. (2011). Here’s looking at you, and you, and you. IEEE Spectrum. Retrieved from http://spectrum.
ieee.org/riskfactor/computing/it/heres-looking-at-you-and-you-and-you (accessed September 24, 2011).
Crews, C. W., Jr. (2002). Human biometric technologies in a free society. Policy Analysis, 452, 1–20.
Crovitz, G. (2011). The right to privacy from Brandeis to Flickr. The Wall Street Journal. Retrieved from
http://online.wsj.com/article/SB10001424053111903554904576461990729880756.html (accessed Sep-
tember 25, 2011).
Darwiche, A. (2009). Modeling and reasoning with Bayesian Networks, Chap. 4. Cambridge: Cambridge University
Press.
Daugman, J. (2000). Biometric decision landscapes. TR 482, Cambridge University, Cambridge, UK.
Daugman, J. (2003). The importance of being random: Statistical principles of iris recognition. Pattern Recog-
nition, 36(2), 279–291.
Daugman, J. (2004). How iris recognition works. IEEE Transactions on Circuits and Systems for Video Technology,
14(1), 21–30.
De Marsico, M., Nappi, M., Riccio, D., & Wechsler, H. (2011). Robust face recognition after plastic surgery using
local region analysis. ICIAR, 2, 191–200.
Dessimoz, D., & Champod, C. (2008). Linkages between biometrics and forensic science. In A. K. Jain, P. Flynn,
A. A. Ross (Eds.), Handbook of biometrics (pp. 425–459). New York: Springer.
Dobzhansky, T. (1951). Genetics and the origin of species. New York: Columbia University Press.
Doddington, G. R., Liggett, W., Martin, A. F., Przybocki, M. A., & Reynolds, D. A. (1998). Sheep, goats, lambs, and
wolves: A statistical analysis of speaker performance. 5th Int. Conf. on Spoken Language Processing, 1351–1354.
Doddington, G. R., Przybocki, M. A., Martin, A. F., & Reynolds, D. A. (2000). The speaker recognition
evaluation. Speech Communication, 31, 225–254.
Dodis, Y., Reyzin, L., & Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and
other noisy data. Proc. of Int’l Conf. on the Theory and Applications of Cryptographic Techniques (EUROCRYPT
’04), Interlaken, Switzerland, 523–540.
Domingo-Ferrer, J., & Torra, V. (2008). A critique of k-anonymity and some of its enhancements. 3rd Int’l Conf.
on Availability, Reliability and Security (ARES), Barcelona, Spain, 990–993.
Dwork, C. (2011). A firm foundation for private data analysis. Communications of the ACM, 54(1), 86–95.
Freund, Y., & Schapire, R. E. (1996). Experiments with a new boosting algorithm. Proc. of 13th Int. Conf. on
Machine Learning (ICML), Bari, Italy, 148–156.
Ganek, A. G., & Corbi, T. A. (2003). The dawning of the autonomic computing era. IBM Systems Journal, 42(1),
5–18.
Gates, K. A. (2011). Our biometric future: Facial recognition technology and the culture of surveillance. New York: New
York University Press.
88 Harry Wechsler
Gonzalez-Rodriguez, J., Rose, P., Ramos, D., Toledano, D. T., & Ortega-Garcia, J. (2007). Emulating DNA:
Rigorous quantification of evidential weight in transparent and testable forensic speaker recognition.
IEEE Transactions on Audio, Speech, and Language Processing, 15(7), 2104–2115.
Hand, D. J. (2008). Classifier technology and the illusion of progress. Statistical Sciences, 21(1), 1–15.
Ho, S. S., & Wechsler, H. (2008). Query by transduction. The IEEE Transactions on Pattern Analysis and Machine
Intelligence, 30(9), 1557–1571.
Hua, G., Yang, M. H., Turk, M., Kriegman, D. J., & Huang, T. S. (2011). Introduction to the special section on
real-world face recognition. The IEEE Transactions on Pattern Analysis and Machine Intelligence, 33(10),
1921–1924.
Huang, G. B., Ramesh, M., Berg, T., & Learned-Miller, E. (2008). Labeled faces in the wild: A database for
studying face recognition in unconstrained environments. In The Workshop on Faces in Real-Life Images at
European Conference on Computer Vision, 2008.
Ingram, M. (2011). Google+ and the loss of online anonymity. GIGAOM. Retrieved from http://gigaom.com/
2011/07/25/google-and-the-loss-of-online-anonymity/ (accessed September 26, 2011).
Jain, A. K., & Kumar, A. (2010). Biometrics of next generation: An overview. In E. Mordini & D. Tzovaras
(Eds.), Second generation biometrics. Heidelberg, Germany: Springer.
Jain, A. K., Nandakumar, K., & Nagar, A. (2008). Biometric template security. EURASIP Journal on Advances in
Signal Processing, 2008, 1–17.
Kraemer, H. C. (1992). Evaluating medical tests: Objective and quantitative guidelines. Newbury Park, CA: Sage
Publications.
Kumar, N., Berg, A., Belhumeur, P., & Nayar, S. (2011). Describable visual attributes for face verification and
image search. The IEEE Transactions on Pattern Analysis and Machine Intelligence, 33(10), 1962–1997.
Lai, H., Ramanathan, V., & Wechsler, H. (2008). Reliable face recognition using adaptive and robust correlation
filters. Computer Vision and Image Understanding, 111(3), 329–350.
Li, F., & Wechsler, H. (2005). Open set face recognition using transduction. The IEEE Transactions on Pattern
Analysis and Machine Intelligence, 27(11), 1686–1697.
Li, F., & Wechsler, H. (2009). Face authentication using recognition-by-parts, boosting and transduction.
International Journal of Pattern Recognition and Artificial Intelligence (IJPRAI), 23(3), 545–573.
Machanavajjhala, A., Gehrke, J., & Kifer, D. (2006). l-diversity: Privacy beyond k-anonymity. Proc. of the Int’l
Conf. on Data Engineering (ICDE’06), Atlanta, GA.
Maltoni, D., Maio, D., Jain, A. K., & Prabhakar, S. (2009). Handbook of fingerprint recognition (2nd ed.). New York:
Springer-Verlag.
Mordini, E., & Rebera, A. P. (2012). No identification without representation: Constraints on the use of
biometric identification systems. Review of Policy Research, 29(1), 5–19.
Narayanan, A., & Shmatikov, V. (2008). Robust de-anonymization of large sparse datasets. Proc. of 29th IEEE
Symposium on Security and Privacy, Oakland, CA, 111–125.
Narayanan, A., & Shmatikov, V. (2009). De-anonymizing social networks. 30th IEEE Symposium on Security and
Privacy, Oakland, CA, 173–187.
Narayanan, A., & Shmatikov, V. (2010). Myths and fallacies of “personally identifiable information.” Communi-
cations of the ACM, 53(6), 24–26.
Newton, E. M., Sweeney, L., & Malin, B. (2005). Preserving privacy by de-identifying face images. IEEE
Transactions on Knowledge and Data Engineering, 17(2), 232–243.
NIST (National Institute of Standards and Technology). (2011). Face recognition vendor test (FRVT) home page.
Retrieved from http://www.nist.gov/itl/iad/ig/frvt-home.cfm (accessed September 24, 2011).
O’Toole, A. J., Phillips, P. J., An, X., & Dunlop, J. (2011). Demographic effects on estimates of automatic face
recognition performance. Proc. 9th Int’l Conf. Automatic Face and Gesture Recognition, 83–90, Santa Barbara,
CA.
Pacyna, P., Rutkowski, A., Sarma, A., & Takahashi, K. (2009). Trusted identity for all: Toward interoperable
trusted identity management systems. Computer, 42(5), 30–32.
Pankanti, S., Prabhakar, S., & Jain, A. K. (2002). On the individuality of fingerprints. The IEEE Transactions on
Pattern Analysis and Machine Intelligence, 24(8), 1010–1025.
Pato, J. N., & Millet, L. I. (Eds.). (2008). Biometric recognition: Challenges and opportunities. Washington, DC:
National Research Council.
Pearl, J. (2009). Causality (2nd ed.), Chap. 2. Cambridge: Cambridge University Press.
Pfitzmann, A., & Hansen, M. (2005). Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and
identity management—a consolidated proposal for terminology. Retrieved from http://dud.inf.tu-dresden.de/
Literatur_V1.shtml (accessed September 24, 2011).
Phillips, P. J., Beveridge, J. R., Draper, B. A., Givens, G. H., O’Toole, A. J., Bolme, D. S., Dunlop, J. P., Lui, Y.
M., Sahibzada, H., & Weimer, S. (2011). An introduction to the good, the bad, & the ugly face recognition
challenge problem. Proc. 9th Int’l Conf. Automatic Face and Gesture Recognition, 346–353, Santa Barbara, CA.
Phillips, P. J., Wechsler, H., Huang, J., & Rauss, P. J. (1998). The FERET database and evaluation procedure for
face-recognition algorithms. Image and Vision Computing, 16(5), 295–306.
Pinto, N., DiCarlo, J. J., & Cox, D. D. (2008). Establishing good benchmarks and baselines for face recognition.
Workshop on Faces in “Real-Life” Images (ECCV 2008), Marseille, France.
Ratha, N. K., Connell, J. H., & Bolle, R. M. (2001). Enhancing security and privacy in biometrics-based
authentication systems. IBM Systems Journal, 40(3), 614–634.
Rubinstein, Y. D., & Hastie, T. (1997). Discriminative vs informative learning. Proc. Third Int. Conf. on Knowledge
Discovery and Data Mining, 49–53.
Schmidt, E. (2010a). Google, privacy and the new explosion of data. Techonomy. Retrieved from http://
techonomy.typepad.com/blog/2010/08/google-privacy-and-the-new-explosion-of-data.html (accessed Sep-
tember 26, 2011).
Schmidt, E. (2010b). Eric Schmidt on privacy (VIDEO): Google CEO says anonymity online is “dangerous.”
Huffington Post. Retrieved from http://www.huffingtonpost.com/2010/08/10/eric-schmidt-privacy-stan_n_
677224.html (accessed September 26, 2011).
Schneier, B. (1999). The uses and abuses of biometrics. Communications of the ACM, 42(8), 136.
Serjantov, A., & Danezis, G. (2002). Towards an information theoretic metric for anonymity. Privacy Enhancing
Technologies, 259–263.
Singh, R., Vatsa, M., & Noore, A. (2009). Face recognition with disguise and single gallery images. Image and
Vision Computing, 27(3), 245–257.
Steel, E., & Angwin, J. (2011). Device raises the fear of facial profiling. The Wall Street Journal. Retrieved
from http://online.wsj.com/article/SB10001424052702303678704576440253307985070.html (accessed
September 24, 2011).
Vaidhyanathan, S. (2011). Welcome to the surveillance society. IEEE Spectrum, 48(6), 48–51.
Wechsler, H. (2007). Reliable face recognition methods: System design, implementation and evaluation. New York:
Springer-Verlag.
Wechsler, H. (2010). Intelligent biometric information management. Journal of Intelligent Information Manage-
ment, 2(9), 499–511.
Wechsler, H., & Ho, S. S. (2011). Evidence-based management of data collection and decision-making using
algorithmic randomness and active learning. Journal of Intelligent Information Management, 3(4), 142–159.
Weiser, B. (2011). In New Jersey, rules are changed on witness IDs. The New York Times. Retrieved from
http://www.nytimes.com/2011/08/25/nyregion/in-new-jersey-rules-changed-on-witness-ids.html (accessed
September 27, 2011).
Wolf, L., Hassner, T., & Taigman, Y. (2011). Effective unconstrained face recognition by combining multiple
descriptors and learned background statistics. The IEEE Transactions on Pattern Analysis and Machine
Intelligence, 33(10), 1978–1990.
Woodward, J. D. (1997). Biometrics: Privacy’s foe or privacy’s friend? Proceedings of the IEEE, 85(9), 1480–1492.
Yager, N., & Dunstone, T. (2010). The biometric menagerie. The IEEE Transactions on Pattern Analysis and
Machine Intelligence, 32(2), 220–230.
Zuckerberg, R. (2011). Facebook’s Randi Zuckerberg: Anonymity online “has to go away.” Huffington
Post. Retrieved from http://www.huffingtonpost.com/2011/07/27/randi-zuckerberg-anonymity-online_n_
910892.html (accessed September 26, 2011).
Copyright of Review of Policy Research is the property of Wiley-Blackwell and its content may not be copied
or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission.
However, users may print, download, or email articles for individual use.

Biometric Security and Privacy Using Smart Identity Management and Interoperability - Validation and Vulnerabilities of Various Techniques

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Biometric Security and Privacy Using Smart Identity Management and Interoperability - Validation and Vulnerabilities of Various Techniques

Uploaded by

Copyright:

Available Formats

RPR Review of Policy Research

Biometric Security and Privacy Using Smart Identity

footprints. Reliability is about consistency and stability of the predictions made on

Smart Identity Management

illness. A dedicated biometric infrastructure needs to be designed and implemented

makes identification relatively simple to handle. Covert operations including

Forensics is intertwined with biometrics. Discriminative methods for categorization,

(P and D). The LR serves as an indicator of discriminating power (similar to Tippett

Enrollment and Authentication

Performance Evaluation and Validation

The above type of analysis has been suggested by diagnosis of infections

Security and Privacy

Figure 1. Threats to Biometric Systems. (Adapted from Bolle et al., 2004.)

biometric information. Robustness is concerned here with potential attacks, threats,

represented as multidimensional points and metrics become available to measure

Discussion: Moving Forward on Security and Privacy

to assuage legitimate concerns regarding functional creep. Ann Cavoukian sup-

About the Author

You might also like