Article: Helping to Counter the Terrorist Threat using Face Recognition

Forensic Media Analysis Integrated with Live Surveillance Matching

You can download a PDF copy of this article by clicking this link.


Against the backdrop of budget constraints, threats from terrorism, organised crime and public disorder continue to rise. Authorities can remain resilient through the targeted application of technology. Advances in face recognition coupled with the mass availability of digital media and continuously cheaper computing provides unique opportunities to enhance the efficiency of forensic investigations to enhance public safety. Processing of digital media can be automated in a virtualised and elastic computing environment to identify and extract actionable intelligence. Processing is scalable, continuous, consistent and predictable. Analysts can focus on investigating and confirming suggested results rather than watching countless hours of media in the hope of stumbling across intelligence. Such a centralised platform can also be used to search in near real-time faces from any number of remote cameras against centralised watchlists of individuals of interest.

1. A Need for Enhanced Safety and Operational Efficiency

Risks are increasing. Recent events demonstrate that the threat landscape is substantial and becoming more fragmented, consisting of a greater number of smaller and less sophisticated plots. The targeted application of technology can play a key role in improving the efficiency of our police and intelligence agencies and maintaining readiness to both disrupt and respond to major events.

2. A Relentless Increase in Digital Media

The increase in media is relentless. Law enforcement and intelligence agencies have amassed large collections of video and photographic information from multiple sources such as:

  • Digital Forensics (confiscated phones, computers, flash drives etc).
  • Open Source Intelligence (Internet and Dark Web).
  • Crowd- sourced from members of the public (HD cameras on mobile phones are ubiquitous).
  • Police Body Worn Video.

When tragic events or social disorder occur, investigators have a long and arduous task of reviewing countless hours of media, generally with a varying degree of concentration and scrutiny.

A solution that minimises manual effort in the extraction of actionable intelligence from amassed media by automating this process with a consistent and repeatable level of scrutinywill deliver concise and consistent information in a fraction of the time taken by operators undertaking the task manually.

3. An Automated Media Processing and Exploitation Solution

Police, intelligence and other public order agencies can benefit from the application of a powerful media processing solution designed to ingest, analyse and index, in an automated fashion, very large quantities of media from multiple sources to transform them into usable assets. Utilising virtualised and elastic computing environments enables the platform to be rapidly scaled up and down in response to unfolding events.

Once processed, agencies can analyse and make use of the extracted assets and manage them in a centralised repository of information. Data links, associations and metadata inferences can be managed across the whole dataset by multiple users from a single common user interface. Backend processing services are run in a cloud-computing environment, the capacity of which can be configured and incrementally scaled up and down to meet an organisation’s changing demands; peaks arising from specific events can be easily accommodated.

Features include:

  • Automatically find, extract and index faces to enable biometric and biographic searching of media.
  • Create and manage watchlists of people of interest.
  • Find and cross-reference all media instances in which a person of interest has been seen.
  • Identify, locate, and track persons of interest, their associates and their activities across all media.
  • Discover, document and view links between people of interest, their activities and networks.
  • Use of metadata (including geo data) to enhance investigations and association of data.
  • Integration into existing system environments, databases and components.

3.1  Incorporating Other Detection Capabilities

In addition to face recognition, other detection engines can be incorporated, such as:

  • Biographic filtering and Fuzzy Match capability.
  • Automatic Number Plate Recognition. (ANPR)
  • Voice Biometrics.
  • Object / Logo Recognition.

Vendor independence allows the use best-of-breed algorithms. Newer and better algorithms (COTS and GOTS) can be plugged in without having to replace the entire platform.

3.2  Working with Geo-Location Data

An increasing amount of media is captured on devices affixed with location determining technology. Often, this geo-location data is incorporated into the media metadata, thereby providing potential to further enhance the analysis of media. Geo-location can be used to:

  • Compartmentalise and refine analysis by location of media creation.
  • Overlay location of proposed matches onto maps.
  • Chart movements of individuals of interest by location and time of sightings.
  • Link individuals at the same location and time even if they do not appear together in media.

3.3  Architecture and Integration with Existing Systems

In addition to utilising COTS components, open standards and cloud-computing architecture to enable massive scalability, a well delineated scope of functionality and open API enables:

  • Flexibility in customisation and integration with existing systems and workflows.
  • Well-defined mechanisms of loading data and automating ingestion of media.
  • Dynamic alteration and sharing of watchlists, media, system-generated results and operator analysis.

3.4  Hosting, Cloud and Virtualisation Options

Full architectural flexibility enables flexibility of hosting options. Organisations can elect to:

  • Take advantage of IaaS and SaaS options on public sector hosting offerings.
  • Fully self-host the solution on private and secure premises and datacentres.
  • Deploy in a hybrid manner.

Indeed, managed AWS or Azure offerings can be utilised to bulk process media, utilising non-return gateways to propagate identified sensitive data to more secure facilities.

3.5  Working Hand-in-Glove with Trained Forensic Investigators

Humans will always remain the critical and essential part of intelligence analysis; such solutions do not replace the intricate skills and knowledge of trained investigators. Rather, the operator is enabled to intelligently direct and apply their training at suggested results, eliminating the necessity of rote viewing of countless hours of media either in a sequential our random fashion.

Integration of enhanced verification, charting and mapping tools enables operators to conduct detailed analysis of suggested matches and identifications.


4 Potential Use Cases

There are multiple applications of a solution as described herein within military, law enforcement, intelligence and public-site security agencies. These are summarised into four broad categories:

4.1  Time Critical Investigations, Media of Critical Importance

Often, authorities need to quickly process evidence to identify and apprehend individuals. The scale of the investigation can be huge and the amount of media that needs to be processed massive.

The media acquired in these instances can be of such critical importance that the authorities may choose to review it all in its entirety. However, immediate and decisive action is critical. Rather than sifting through the media in a random or sequential fashion, a media analysis solution can quickly direct the investigators to portions of the media that are most likely to deliver immediate results. Full review of the media can be conducted afterwards.

4.2  Bulk Ingestion of Media Arising from Criminal Investigations

During routine operations or investigations, authorities may recover significant quantities of media from multiple sources that need to be processed to further the investigation or to assist in building an evidence base for prosecution. Examples include:

  • Military or counter-terror officers raiding terrorist facilities.
  • Specialist organised crime investigators raiding organised crime offices.
  • Child protection officers raiding premises of individuals or organisations involved in child exploitation.

Automating processing provides investigating officers an overall summary of the contents including focus areas for further investigation.

4.3  Continuous Background Processing of Media Sources

Authorities may as a matter of routine have access to masses of media which may contain actionable intelligence, but typically would never be viewed or processed due to a lack of resource. Intelligence in this media may be missed entirely and never acted upon.

This media can now be bulk ingested and processed in an automated fashion to flag relevant intelligence, using operator controlled criteria, to the authorities as required for follow-up processing.

  • Routine and automated processing of accessible media can flag actionable intelligence that may help disrupt future attacks.

4.4  Near Real-Time Watchlist Checking from Live Surveillance Cameras

By integrating any number of remote surveillance cameras to such a centralised matching platform eliminates the need to install and maintain costly local software and hardware to perform local face matching as well as the need to store potentially secure watchlist data locally at the camera locations. The problems associated with live streaming of HD media over low bandwidth network connections is resolved through the application of local face-detection and cropping; only small image files of cropped faces need be sent to the central data centre over encrypted channels.

4.4.1        Centralised Archive of “Seen Faces”

In addition to submitting search probes to the server for searching against one or more watchlists, search probes can be enrolled in a “seen faces” archive which can be interactively or automatically searched (using face recognition) by investigators or when submitting videos for processing.


5 A Compelling Business Case

The solution can be made available using a compelling SaaS model. The open and standard nature of the solution ensures it can run in existing on-premise datacentres or outsourced to secure hosting partners.

Whilst the human operator is an essential part of intelligence analysis, an entry-level system empowers the analyst to process up to an order-of-magnitude more media on a daily basis. This enables trained operators to apply their expertise in a more focussed manner than manually watching hour upon hour of media.

Efficiency is dramatically boosted by bulk processing media 24×7 at a constant and predictable level of focus and accuracy: operational staff can focus on analysing results.


6 Summary

Security concerns are increasing whilst budgets are limited. The focussed application of technology can improve efficiency and aid law enforcement agencies to rise to this challenge.  The massive increase in the creation of digital media and the availability of cheap computing provides authorities with the ability to bulk ingest and process media in an automated fashion. Results are continuous and predictable. Trained analysts can now focus their skills on investigating suggested results and on intelligence extracted by automated systems. Not only does this provide the ability to process critical media even faster than ever before to respond to time critical investigations, but it also enables authorities to extract intelligence from media sources that in the past may never even have been looked at because of the significant resource this previously would have entailed. The same centralised platform can also be used to search in near real-time faces from any number of remote cameras against centralised watchlists of individuals of interest.

Combatting Crime and Protecting Crowded Places. Face Recognition in the Cloud Demonstrated at UK Security Expo 2016 in London.


newsreleaseAllevate’s Cloud-hosted Face-Searcher face recognition service integrated with Facewatch’s digital crime reporting system to feature in UK Security Expo’s Securing Crowded Places Immersive Demonstrator. Nationally available in Brazil, UK launch imminent.


LONDON, UK 25th November 2016: Allevate and Facewatch today announce that Allevate’s Face-Searcher, a cloud-hosted face recognition service integrated with Facewatch’s online crime reporting system, will feature in the Securing Crowed Places Immersive Demonstrator at the UK Security Expo on the 30th November and 1st December 2016 at Olympia, London. After its successful Brazilian launch, the integrated offering is now due for imminent launch in the UK.

The Immersive Demonstrator at UK Security Expo 2016 will be under the theme of ‘Securing Crowded Places’ and is being run in association with The Home Office JSaRC, the Centre for the Protection of National Infrastructure (CPNI) and other relevant Government Departments.

Allevate’s Face-Searcher service enables organisations to utilise facial recognition as a hosted cloud service. It requires minimal capital outlay, incorporates advanced, world-class face recognition technology and eliminates the need to install or maintain a complicated software infrastructure or related compute platform on clients’ premises.

Facewatch enables organisations to report crimes online and submit moving and still CCTV images as evidence to the police, as well as share this imagery between businesses in related subscribed groups (in compliance with Data Protection guidelines) to reduce crime.

Following an imminent UK launch, UK Facewatch subscribers will be able to instantly and automatically share their images of Subjects of Interest to Face-Searcher’s watchlists, thereby allowing real-time watchlist alerting to any device connected to Facewatch’s integrated alert management system. This integrated offering will help businesses prevent crime by warning them if someone entering their premises is on a watchlist of known offenders.

Face-Searcher is built on the industry-proven enterprise-grade MXSERVERTM platform enabling automated facial detection and recognition, developed by Tygart Technology, Inc.

Additionally, Allevate will be providing a live demonstration of the MXSERVERTM platform in the Technology Workshops and Live Demonstrations in the conference stream of the exhibition, entitled “Beyond Live Surveillance: The Application of Face Recognition to Improve Forensic Analysis of Masses of Digital Media“, Day 2, 1st December, 2016 at 1240pm.

MXSERVERTM is also available on the UK’s Crown Commercial Service Digital Marketplace G-Cloud 8 Framework and is Powered by Sungard Availability Services.

Find out more on stand A41 at the exposition, in collaboration with Sungard Availability Services.

About Allevate Limited

Founded in London in 2007, Allevate works with law enforcement, intelligence and government agencies to enhance public safety by ensuring positive identification through the application of biometric and identification technology.

  • Ensure Positive Identification
  • Enhance Public Safety
  • Reduce Operational Costs

Visit us at, email us at, call us on +44 20 3239 6399 and follow us at @Allevate.

About Facewatch

Founded in London in 2010, Facewatch has worked with UK policing to create the world’s first private sector crime reporting platform that enables business and police to share information securely and instantly.

Visit us at, email us at, call us on +44 20 7930 3225 and follow us at @Facewatch.

About Tygart Technology, Inc.

Tygart Technology, Inc. is a leading provider of enterprise-grade video and photographic analysis and biometric recognition systems. Tygart provides the U.S. Military, Intelligence Community and Law Enforcement markets with innovative software solutions that manage and automate the processing of massive volumes of digital video and photograph collections.

Visit us at or call 1-304-363-6855.

Allevate Now Offering Toshiba’s Face Recognition Integrated with the MXSERVER Cloud-Enabled Media Analysis Platform


Integrated Offering Combines MXSERVER’s Proven Ability to Massively Scale the Processing of Vast Quantities of Video and Photographs with the NIST Demonstrated Accuracy of Toshiba’s Face Recognition Library




London, UK — 15 March 2016Allevate Limited today announced that, working cooperatively with Tygart Technology, it is now offering Toshiba’s Face Recognition Software Library as an integrated component of Tygart’s MXSERVER™ to enable European government, law enforcement and security agencies to further enhance public safety. MXSERVER is an algorithm-agnostic, cloud-enabled system that processes vast quantities of video and photo collections to transform these digital assets into searchable resources by using face recognition.

According to Allevate, one of the key strengths of Tygart’s MXSERVER is the fact that it is agnostic to and can be deployed with multiple commercially available face recognition algorithms (COTS) or government developed face recognition algorithms (GOTS). This enables Allevate to work co-operatively with the end-user and algorithm vendors to determine the most appropriate selection of algorithm to meet each client’s unique needs. Additionally, clients have the flexibility to continually improve performance by using the best available algorithm over the life of the project as requirements change. Traditionally, having purchased an entire turn-key platform from a specific face recognition algorithm vendor, clients would have to sacrifice their entire investment in that vendor’s platform should they wish to change the underlying algorithms for any reason. MXSERVER enables clients to leverage their investment in a scalable Enterprise Grade technology platform by only changing the underlying algorithm components.

Toshiba’s Face Recognition Software Library is a Software Development Kit (SDK) that provides automated face detection and tracking in videos and photos, face recognition matching and photograph quality assessment.  The combination of this SDK with MXSERVER will provide government, law enforcement and security agencies with enhanced surveillance, monitoring and forensic analysis capabilities.

An Allevate spokesman said “Toshiba is one of the leading providers of face recognition technology and continues to be one of the top performers as demonstrated by independent testing by the US National Institute of Standards and Technology (NIST)”. He continued “We are very pleased to offer our clients further flexibility with the provision of Tygart’s MXSERVER with a Toshiba-inside option.”

“We are very proud of the accuracy and price performance ratio of Toshiba’s enterprise-grade software algorithms, based on the result of FRV2013 by NIST,” said Nobuyoshi Enomoto, Deputy Senior Manager of Toshiba. “Integration with the MXSERVER cloud-enabled platform strengthens our offering with a scalable search and index capability to support real-time surveillance and monitoring for public security and post-event forensic analysis.” He continues “We are pleased to be working with Allevate to make this joint offering available to Europe’s law-enforcement, intelligence and security agencies.”



MXSERVER is a cloud-architected face recognition system that processes vast quantities of video and photo collections extracted from police body cameras, online sources, surveillance systems, digital forensics and, increasingly, “crowd-sourced” from the public.

MXSERVER can transform these digital assets into searchable resources. Using face recognition technology it searches media archives to find individuals of interest. It also indexes the media to enable it to be searched using a photograph. Trained investigators are freed to intelligently apply their skills without having to view countless hours of media.

 About Allevate Limited

Visit us at, email us at, call us on +44 20 3239 6399.

About Toshiba Corporation

For more information, visit

Video:Enhancing Public Safety with Automated Media Analysis


Allevate Presents MXSERVER from Tygart Technology

Security concerns are increasing. Incidents of public disorder and organized crime are on the rise.

The challenges for security services grow more complex. The 7/7 and Boston bombings vividly illustrated the impact of smaller, less sophisticated and more fragmented extremist activities.

Simultaneously, Governments are implementing the most severe budget cuts of recent times. In this landscape, technology can play an increasingly vital role in more efficiently enhancing public safety.

Our security services are faced with a relentless increase in digital media – from police body cameras , online sources such as Facebook and YouTube, confiscated phones and computers and, increasingly, “crowd-sourced” from members of the public.

Allevate is offering MXSERVER from Tygart Technology, a solution that can ingest, analyse and index huge quantities of video and photo media – identifying and highlighting useable intelligence. Trained investigators are freed to intelligently apply their skills without having to view countless hours of media.

Working with Allevate, our security services can more efficiently enhance public safety. We help unlock the intelligence within the vast amounts of media available to police faster than ever before, freeing them to focus on what they are trained to do best – solving and preventing crime and terrorism.

Allevate is Pleased to be Presenting at the 2014 Counter Terror Expo Conference

… in the Practical Counter Terrorism Conference, Day 2, 301th April, 2014


Countering the Terrorist Threat via Digital Media Analysis

  • Exploiting digital media to enhance public safety whilst reducing operational budgets
  • Easy and cost-effective routes to access the intelligence in digital media held by law enforcement and intelligence agencies
  • Using face recognition technology to depict individuals of interest


Allevate Seeking UK Policing SME to Join Our Team as an Associate Partner

Our enhanced team fully integrated and functioning well! Now looking to further expand the team with a senior policing subject matter expert, suited to a retired senior UK police officer looking to get involved in an exciting new public safety venture with a strong passion to continue to make a difference and improve the safety of society. 


Biometrics 2013: Privacy at the cross road: A debate on frameworks

Allevate’s Carl Gohringer is pleased to be participating as a panellist at this week’s debate at Biometrics 2013 on privacy within the context of biometrics.

Tuesday 15th October, 1600, Queen Elizabeth II Conference Centre, London, UK


Privacy at the cross road: A debate on frameworks
As biometrics become part of our daily lives, the issue of privacy and the protection of personal identifiable information (PII) such as biometric data is beginning to take centre stage.

There will be an exciting opportunity for anonymous audience participation via mobile devices.

This debate will review the pressing issues with respect to privacy and the role of the biometrics industry in it.

The audience will hear the views of prominent privacy experts that will explain what is at stake and why legal frameworks have been difficult to develop so far, and also from industry experts who will give the market perspective and the industry concern regarding the chilling effect of over-reaching privacy legislation.

Delegates will also be invited to play an active role in what promises to be an exciting dialogue on the future of privacy and the role of the biometrics industry in it.


Find People Fast in Media using Cloud-Based Face Recognition during Forensic Analysis

When tragic events or social disorder occur, forensic investigators have a long and daunting task of reviewing countless hours of CCTV footage. Increasingly, especially at public events attended by large numbers of people carrying mobile phones with HD cameras, authorities rely on  members of the public to turn in photographs and videos they have taken in the hope that they will contain useful intelligence. Much of this media is already uploaded to public sites such as Facebook and YouTube, providing another rich source of information.

Additionally, police have to review countless hours of media obtained from confiscated computer hard drives, mobile phones and portable cameras and flash memory devices.

Face Recognition?

All of this creates a significant resource burden;  this footage must be watched by people. The application of face recognition technology can play a crucial role in identifying potential suspects.

An Automated Media Processing Cloud

A solution to automate the processing of this staggering amount of media to quickly and efficiently unlock actionable intelligence is required to save significant time and human capital. The ability to automate this would allow the more efficient application of resources as well as massively speed up time-critical investigations.

However, the need goes far beyond the simple application of face recognition technology.

What is needed is a server-based system that can process vast amounts of media quickly to transform files from  mobile phones, flash memory devices, online sources, confiscated computers and hardrives and video surveillance systems into searchable resources. This would enable forensic investigators to work more efficiently and effectively by automatically finding, extracting and matching faces from very large collections of media to discover, document and disseminate information in  real-time.

Such a powerful video and photograph processing architecture should automatically ingest, process, analyse and index hundreds of thousands of photographs and videos in a centralised repository to  glean associations in a cloud environment. Instrumental would be the ability to:

  • Automatically find, extract and index faces to enable  the biometric and biographic searching of media.
  • Create and manage watchlists of people of interest via a web-based interface.
  • Find all instances of photos and videos where a person of interest has been seen.
  • Quickly review and process  media to identify, locate, and track persons of interest, their associates and their activities.
  • Discover, document and diagramtically view  associations between people of interest, their activities and networks.
  • Use media meta-data to geotag video footage and watchlist hits and overlay and present on maps.

Public Facing Cloud-Service to Crowd-Source Media

Finally, a public-facing interface to such a system would enable members of the public to upload their media in a self-service manner to enable quick and ready access by the authorities to this raw data for automatic processing.

Enhance Public Safety and Reduce Budgets

Read about how MXSERVER addresses the AMAIS space (Automated Media Analysis for Intelligence Searching)

This solution is now available to UK public sector on the Government Procurement Service CloudStore – G-Cloud iii Framework as a commodity from the catalogue without having to invite tenders from suppliers.


Could Automating Media Processing Aid the Forensic Investigation into the Boston Marathon Bombing?

The horror of the events at the marathon in Boston 2 days ago is still very raw. People are united in their sympathy for the victims and their families, their revulsion of these despicable acts and their solidarity in not succumbing to terror. The FBI vows to “…go to the ends of the Earth to find the bomber” with President Obama openly stating the “…heinous and cowardly…” event to be “…and act of terror”.

The investigation into the bombing is in its nascent phases, with the Boston Police Commissioner Ed Davis admitting that they are dealing with the “…most complex crime scene that we have dealt with in the history of our department.” Still, authorities are already honing in on crucial evidence and beginning to release details; BBC news reports that a source close to the investigation told AP news agency that the bombs consisted of explosives placed in 1.6-gallon pressure cookers, one with shards of metal and ball bearings, the other with nails, and placed in black bags that were left on the ground. Images of what appear to be a trigger mechanism have already been released.

Face Recognition?

Forensic investigators have a long and daunting task ahead of them with countless hours of CCTV footage to  pore over, and some people are already suggesting that the application of face recognition technology can play a crucial role in identifying potential suspects. However CCTV footage, especially from older systems that have not been specifically configured for the task, is notoriously unreliable as a source for face recognition.

Perhaps more useful at an event attended by so many, most of whom will have been carrying and using mobile phones and cameras, is the footage acquired by members of the public. Images and video captured by these high-quality devices will potentially be of much greater use than CCTV and authorities have appealed for people to turn in photographs and videos they have taken in the hope that they will contain useful intelligence. Much of this media will already have been uploaded to public sites such as Facebook and YouTube.

 An Automated Media Processing Cloud

A solution to automate the processing of this staggering amount of media to quickly and efficiently unlock actionable intelligence is required to save significant time and human capital. The ability to automate this would allow the more efficient application of resources as well as massively speed up a time-critical investigation.

However, the need goes far beyond the simple application of face recognition technology.

What is needed is a server-based system that can process vast amounts of media quickly to transform files from  mobile phones, flash memory devices, online sources, confiscated computers and hardrives and video surveillance systems into searchable resources. This would enable forensic investigators to work more efficiently and effectively by automatically finding, extracting and matching faces from very large collections of media to discover, document and disseminate information in  real-time.

Such a powerful video and photograph processing architecture should automatically ingest, process, analyse and index hundreds of thousands of photographs and videos in a centralised repository to  glean associations in a cloud environment. Instrumental would be the ability to:

  • Automatically find, extract and index faces to enable  the biometric and biographic searching of media.
  • Create and manage watchlists of people of interest via a web-based interface.
  • Find all instances of photos and videos where a person of interest has been seen.
  • Quickly review and process  media to identify, locate, and track persons of interest, their associates and their activities.
  • Discover, document and view  associations between people of interest, their activities and networks.

Finally, a public-facing interface to such a system would enable members of the public to upload their media in a self-service manner to enable quick and ready access by the authorities to this raw data for automatic processing.


Unlocking Intelligence from Multi-media

Driven by growing security concerns arising from increasing terrorist attacks, racial and ethnic disturbances, organised civil unrest, random violence, riots, burglary and physical assaults, the global market for the face and voice biometric technologies is projected to reach US$2.9 billion by the year 2018.

Across Europe, governments and law enforcement agencies are increasingly impotent in their ability to combat a deterioration in public safety. The economic crisis that is increasingly fueling public disorder is also paralysing our police and intelligence agencies with draconian budget cuts.

Having previously invested heavily in infrastructure, these agencies have at their disposal huge volumes of data in the form of media, but have no way to unlock the potential intelligence bonanza it contains. Vast sums are being spent allocating experienced and expensive human capital to rote tasks of watching countless of hours of media in the hope of randomly finding useful information.

A solution to automate this processing to quickly and efficiently unlock actionable intelligence from this staggering amount of data is required. The potential to improve public safety whilst simultaneously enabling the more efficient use of our public finances is huge.

Article: Face Recognition: Profit, Ethics and Privacy 2

You can download a PDF copy of this article by clicking this link.

The accuracy of face recognition has increased dramatically. Though biometric technologies have typically been deployed by governments and law enforcement agencies to ensure public, transport and border safety, this improvement in accuracy has not gone unnoticed by retailers and other commercial organisations. Niche biometric companies are being snapped up by internet and social media behemoths to further their commercial interests, and retailers and other enterprises are experimenting with the technology to categorise customers, analyse trends and identify VIPs and repeat spenders. Whilst the benefits to business are clear and seductively tantalising, it has been impossible to ignore the increasing murmurs of discontent amongst the wider population. Concerns over intrusion of privacy and the constant monitoring of our daily lives threaten to tarnish the reputation of an industry which has endeavoured to deliver significant benefit to society through improved public safety. Can the industry be relied upon to self-regulate? Will commercial enterprise go too far in their quest to maximise profits? How far is too far? How can organisations ethically make use of face recognition technology to increase efficiencies and drive revenue, whilst respecting and preserving privacy and maintaining the trust of their clientele and society?

Having previously written on the subject of the application of face recognition in airports as applied by law enforcement and border control, this article looks at the increasing exploitation of the technology for commercial advantage. As well as contrasting the different use-cases defined by commercial exploitation versus public safety applications, this article also touches upon the very different agendas of those using the technology and the privacy issues that arise.

1  Advances in Face Recognition Technology

Face recognition is increasingly transforming our daily lives. A study by the US National Institute of Standards and Technology (NIST) in 2010 demonstrated that the technology has improved by two orders of magnitude in accuracy over 10 years and further tests currently being conducted by NIST are expected to demonstrate its continued relentless advance. Those interested in reading of these astonishing improvements are encouraged to refer to “Advances in Face Recognition Technology and its Application in Airports”, first published in Biometrics Technology Today (BTT) in July 2012, which summarises the 2010 NIST results in detail.

2  Public Safety versus Generating Profit

Most people accept that the reality of the world today necessitates certain inconveniences and intrusions. We tolerate and increasingly expect surveillance technology to be deployed wisely in situations where there is demonstrable benefit to public safety, such as at transport hubs, large gatherings, public events or areas of critical national infrastructure. The key factor behind such tolerance is comprehension; we understand the reasoning behind these uses and the benefits to ourselves, namely our safety. Though we don’t necessarily like it, we generally accept it.

However, it has been difficult to avoid the increasing coverage in the media of the use of face recognition by commercial organisations. The single most common term that is bandied about in reference to these deployments tends to be “creepy”. The technology being deployed is very often similar, if not identical to, the technology deployed for public safety applications. So precisely what is it about this use of technology that people are averse to?

In order to understand this, it is useful to consider in each case who people perceive benefit from the system. In the case of public safety, the people perceived to benefit are us; the citizens. In the case of commercial use, people perceive the commercial organisation deploying the technology as the beneficiaries. In this scenario the term “benefit” generally means profit, either by increasing revenues or decreasing costs. Often there is a general distrust within society of large corporations profiting from the exploitation of the populace, and this is especially true in times of prolonged economic difficulty. This is additionally complicated by the fact that our biometric traits are viewed as being something that are intrinsically ours and that are a constituent part of our definition.

3  Examples: Uses to Reduce Cost and Generate Revenue

It hasn’t taken long for business minded technology companies to devise a whole range of new uses of face recognition, all focussed on delivering bottom line business benefit. An important characteristic of face recognition is that it is only useful if you have something to match a photograph (probe) against, whether it is another photograph, or a database of photographs (reference set). It is the management, control of access to and often the creation of these reference sets that generate the most privacy concerns.

Let us briefly discuss some of the manners in which the technology is currently being deployed.

3.1  Efficiently Identifying Customers and Staff

This perhaps is the most traditional use of biometrics within commercial organisations. The ability to positively identify people, whether they are your staff or increasingly your customers, is absolutely necessary for the day-to-day operation of business and indeed society. Biometrics can be applied to ensure identity in a more cost-effective and positive manner, thereby introducing efficiencies into the business. It is an unfortunate reality that staff are responsible for a significant amount of theft. Adopting biometric technology can eliminate password theft and help mitigate the risks of identity sharing, thereby reducing fraudulent and unauthorised transactions and ensuring relevant personnel are physically present at the time of a transaction. Additionally, customers can be identified positively before conducting transactions. Cashless payments provide numerous efficiency opportunities by allowing elimination of cash and credit cards at point of payment altogether.

3.1.1         Privacy Considerations

These examples are usually only possible with the consent and approval of the individuals in question. Customers typically register for a biometric payment system, for example, in order to realise a benefit offered by the enterprise. The enterprise in turn must satisfy the customer that their biometric reference data will be kept and managed securely and only for the stated purpose.

The advent of face recognition provides new manners in which you can identify your customers, for example from CCTV cameras as they enter shops or as they view public advertising displays. It is when these activities are performed without the individual’s knowledge or consent that concerns arise.

3.2  Identifying Who is Entering Your Premises

These solutions are designed to integrate with existing surveillance systems; faces are extracted in real-time from a CCTV video feed and matched against a database of individuals. When the system identifies an individual of interest it can raise an alert that can be responded to rapidly and effectively, or log where and when the individual was seen for the formation of analytical data.

This can be used to provide valuable real-time or analytical intelligence to organisations, such as:retail

  • Notification of the arrival of undesirables, such as banned individuals or known shoplifters.
  • Notification of the arrival of valued or VIP customers.
  • Collation of behaviour data of known customers, such as how frequently they visit, which stores they visit and integration with loyalty programmes.




3.2.1         Privacy Considerations

There are a number of potential issues with regards to privacy that need to be considered here, most notably:

  • How is the reference set obtained? Who is in it?
  • Do you have the permission of the individuals in the reference set?
  • How are the photographs in the reference set stored and secured?
  • Are the members of the reference set aware of how and when their photos will be searched?
  • Are the people crossing the cameras aware that their photos are being searched against pre-defined reference sets?
  • What action is taken if a probe image matches against the reference set? What are the implications of a match or a false match?
  • What is done with the probe images after searching the reference set? Are they discarded or stored?

The number of possible uses of this functionality and resulting business benefits are too large to enumerate here, but very careful consideration must be made with regards to the proportionality of the solution when measured against the requirement. Additionally, the views and considerations of the individuals whose images you are verifying, both the people within the reference set and the people whose faces you are sampling as probe images, should be well understood and considered; approval should be sought for inclusion into a reference set.

3.3  Analysing How People Moving Through Your Premises

Face recognition can also be used to determine how people move through premises, such as a department store. Understanding peak and quiet times is essential to enable sufficient and efficient staffing and resourcing. Raising alerts to manage unforeseen queues is critical for ensuring customer satisfaction.

Face recognition applied to CCTV can timestamp when individuals are detected at known camera locations, thereby providing highly accurate information on people flows such as:

  • How long on average does it take to move between two or more points?
    (such as from the entrance of a store to a checkout or exit)
  • What are the averages flow times across the day and when are the peaks?
  • How does this vary with the time of day?

This can be used to determine how people typically move through the premises, and how long on average they linger in specific areas. You can also analyse this data across different age and gender demographic categories.

3.3.1         Privacy Considerations

Importantly, no person identifying information is recorded. There is no interest in identifying who the individuals moving through the premises are or in taking any specific action on any specific individual. There is no need to search against any pre-defined reference sets.

However, there are some issues you should consider when deploying such systems:

  • Biometric matching of people crossing the cameras still occurs. The probe photos are matched against other anonymous people that have previously crossed the cameras.
  • You should carefully consider how long this data will be retained for matching, (generally hours) and the nature of the premises being monitored.

Generally the privacy considerations of this application are minimal.

3.4  Building Databases of People Visiting Your Premises

As previously mentioned, face recognition is only useful if you have images to match against. Previous examples have dealt with matching the faces of people crossing the camera against known databases of individuals. A potentially far more valuable practice to enterprise is to dynamically build reference databases consisting of the people who cross the camera. Unfortunately, this is also the practice that riles the populace the most and is rife with potential privacy intrusions.

The increase in the use of CCTV cameras has led to an ever increasing volume of archived video footage. The intelligence in this footage typically remains inaccessible unless appropriately analysed and indexed. Such systems can be used to populate databases of “seen” individuals, thereby enabling searching for specific people of interest to determine if, when and where they have been present. This then allows the collation of data such as how frequently individuals visit your premises, how long they stay and when was the last time the individual visited your premises, as well as which of your locations any individual frequents and which is the most common.

If this functionality is combined with the ability to search and cross- reference against databases of known individuals, for example a subscribed customer database, this can then allow you to build very valuable analytical data on specific individuals thereby enabling you to predict future behaviour and market more specific services and products.

3.4.1         Privacy Considerations

Tread very carefully. Some of the most vocal opposition to the application of face recognition technology results from the capture of biometric data of potentially large numbers of people without their knowledge or consent, especially if the people are then identified and profiled against existing databases. In many jurisdictions around the world, the retention of such data may be in contravention of privacy legislation.

3.5  Analysing Who is Viewing What to Target Your Advertising

There have been many examples in recent months of retail and advertising organisations using technology to determine the approximate age and gender of people entering premises or viewing advertising walls. Though not technically face recognition, it is still worth mentioning here as often the distinction between the two uses is blurred. The premise is simple: such solutions can count the number of people watching an advert at any given time, and even estimate their age, dwell time, sex and race. While providing invaluable information for the advertiser, it can also allow them to dynamically change the adverts in real time to more appropriately target the demographic of the current viewer(s). Such solutions are increasingly being deployed in Japan and it is only a matter of time until they are more widely considered in Europe and North America.

3.5.1         Privacy Considerations

The key consideration here is that this form of technology is not actually identifying anybody or extracting personally identifiable information. There does appear to be some opposition to this, though none of it very vocal or serious. It is difficult to see any infringement of privacy and often may be advantageous to the consumer as advertising may be more specifically tailored to their needs.

3.6  Matching People on Your Premises with Social Media Accounts

Both Google and Facebook have acquired face recognition technology companies over the past year. Facebook’s users, for example, publish over 300 million photos onto the site every day, thereby making Facebook the owner of the largest photographic database in the world.

Facebook is already trialling a new service called Facedeals which enables its users to automatically check in at participating retail sites equipped with specially enabled cameras. In order to entice users to participate, the participating retailer can offer special deals to Facebook users when they arrive. The flow of information can be bi-directional. Such automatic check-in data coupled with the users’ manual checkins can be used by Facebook to hone their profile of individuals allowing them to target users with more relevant advertising. The system is entirely voluntarily, and the reference sets searched by retailers only contain photos of users who have opted into the service.

3.6.1         Privacy Considerations

Making data from social media sites available to other commercial organisations is a potential privacy minefield and should only ever be done with users’ consent. Defining these as opt-in services is exactly the right way forward. Likewise the profiling of users of social media sites based upon automatic tagging of images uploaded to those sites should be strictly controlled and only enabled on an opt-in basis. The privacy concerns over such activities have recently been very aptly illustrated by Facebook’s withdrawal of its controversial auto-tagging feature from use in Europe after pressure from privacy campaigners and regulators.

4  Social Media, Cloud Computing and Face Recognition

Dr. Joseph J. Atick of the International Biometrics and Identification Association has written a thought-provoking paper entitled “Face Recognition in the Era of the Cloud and Social Media: Is it Time to Hit the Panic Button?”. The paper raises several interesting points that merit mention here. In it Dr. Atick argues that the convergence of several trends including the:

  • High levels of accuracy now attainable by face recognition algorithms.
  • Ubiquity of social networking with its inherent large photographic databases.
  • Availability of cheap computer processing and the advent of cloud computing.

…coupled with the fact that “face recognition occupies a special place [within the family of biometrics in that] it can be surreptitiously performed from a distance, without subject cooperation and works from ordinary photographs without the need for special enrolment…” is “ … creating an environment … that threatens privacy on a very large scale…”.

One of the main premises of the paper is that this issue “… will require the active cooperation of social media providers and the IT industry to ensure the continued protection of our reasonable expectations of privacy, without crippling use of this powerful technology”.

5  Can All This be Done Ethically? (What About Privacy?)

Can organisations ethically make use of face recognition technology to increase efficiencies and drive revenue, whilst respecting and preserving privacy and maintaining the trust of their clientele and society?

The premise of “privacy-by-design” should be used to ensure that privacy is considered from the outset of any deployment of face recognition technology. In fact, the European Union’s 22-month Privacy Impact Assessment Framework (PIAF) project advises that “Privacy impact assessments should be mandatory and must engage stakeholders in the process” for all biometric projects.

Reputable organisations such as the Biometrics Institute have gone so far as to publish invaluable privacy charters to act as a “…good executive guide operating over a number of jurisdictions…” which should be reviewed and seriously considered before any deployment of biometric technology.

Some of these fundamental principles are outlined below within context of the subject matter of this article and specifically within the context of commercial use of the technology. These will not necessarily apply when discussing matters of public safety, law enforcement and national security.

5.1  Proportionality

A fundamental principle of privacy concerns the limitation of the collection of data to that which is necessary. Organisations should not collect more personal information than they reasonably need to carry out the stated purpose. Biometric data by its very nature is sensitive and absolute assurance must be provided that it will be managed, secured and used appropriately. However, a key consideration in the use of this technology should be proportionality; is the collection of such sensitive data justified for the benefit realised?

5.2  Educate and Inform

People on the whole generally resent not being informed, especially in matters that involve them. History is littered with IT projects that have failed because key stakeholders were not involved from the outset, were not sufficiently informed and whose buy-in to the process was not obtained. Customers are one of the most important stakeholders and these issues are even more critical when dealing with their personal and biometric data.

There is a very interesting video on YouTube that illustrates this point very nicely. It is filmed by a man with a camera walking around filming random strangers without explanation. The reaction is predictably always negative and sometimes hostile. The message the video is trying to make is obvious: most people do not approve of being videoed, so why do we so readily accept surveillance cameras? The message that comes across is actually clearer: People object when they do not understand intent, purpose or benefit to themselves. The cameraman offered no messages of explanation of his intent, even when challenged. Objection was guaranteed.

5.3  Be Truthful and Accurate when Describing the Business Purpose and Benefit

As part of the process of informing, organisations should also be direct and open in disclosing not only the existence of the systems, but the scope, intent and purpose of the solutions. Why are you utilising an individual’s biometric data? What benefit does it serve? What is the scope of the use of this data?

Importantly stay well clear of “scope creep”. All too often it is tempting to start using data once you have it for other than the stated intended purpose for which it was collected. Such endeavours will inevitably lead to loss of trust.

5.4  Provide Benefit to the Customer

Simply understanding the scope, purpose and intent of a system generally will not be sufficient to garner acceptance of the system. While people are generally astute enough to realise that businesses are in the business of making money, they’ll want to know what is in it for them. What is their benefit?

An example with which most of us will be familiar are grocery store loyalty or “club” cards. Whilst we all understand the objective of the grocery store is to profile and analyse our spending in order to better market to us, a majority of us still subscribe in order to receive the enticements and benefits on offer.

Within the context of face recognition, Facebook’s Facedeals programme demonstrates this principle nicely. Users understand the benefit to Facebook and the retailer, yet they still may choose to opt in to the programme because there is a clear and discernible benefit for them to do so as well, namely targeted discounts and offers at retail outlets.

This is also affirmed by a survey in 2012 by IATA which finds that “… most travellers are receptive to the idea of using biometrics within the border control process.” Why? Because there is clear and discernible benefit to them in the form of a more efficient passenger process and increased levels of security.

5.5  Seek Consent and Operate on an Opt-in Principle Where Appropriate

Biometric enrolment into such systems should not be mandatory. Individuals should be allowed the ability to opt-in, with an opt-out status being the default. Clearly this is not always feasible when considering people in public places the crossing cameras. However, if they are being identified against reference sets, the individuals in the reference sets should be there only with consent. Automatic enrolment into reference sets or biometric databases should involve the consent and approval of those enrolled.

Importantly, people should not be penalised should they choose not to opt-in; they should still be allowed a mechanism of transacting and conducting their business.

The recent decision by the UK Department of Education to prohibit schools from taking pupils’ fingerprints or other biometric data without gaining parents’ permission is a prime example of a potential backlash when such systems are made mandatory without providing any alternative mechanism of transacting. In many cases in UK schools, students were left with no mechanism of buying their school lunch unless they enrolled into a biometric system.

6  Summary

The accuracy of face recognition has increased dramatically. Retailers and other commercial organisations are investigating ways to exploit this technology to increase revenues, improve margins and enhance efficiency. Social media companies own the largest photographic databases in existence and are under pressure from shareholders to find ways to monetise these assets. As these explorations gather pace, so does the discontent of privacy advocates.

This article has outlined a number of ways face recognition can be used by enterprise and highlights potential privacy issues. Is it possible to ethically use face recognition technology and respect privacy? This will only be possible if enterprise maintains the trust and respect of its customers. Open and honest discourse is the best manner in which to achieve this. This should be accompanied by delivering real benefit to all parties involved in a manner that also empowers the customer; nobody should be forced to enrol into biometric systems or be disenfranchised from refusing to do so.

How far is too far? History has shown that there is no absolute answer to such questions. The exact location of the line to be crossed is always a factor of and changes with the times we live in. History has also shown, especially as it pertains to technology, that it is next to impossible to put the genie back into the bottle once released. It is now the collective responsibility of all to ensure the proper and ethical use of this technology in a manner that delivers the maximum benefit. This will require the active cooperation of social media, enterprise, the IT industry and civil liberty groups to ensure the continued protection of our reasonable expectations of privacy without crippling the use of this powerful technology. In the end, the people have the loudest voice. If enterprise crosses the line, customers will pass judgement with their wallets. 

7  About the Author

Carl is the founder of Allevate Limited (, an independent consultancy specialising in market engagement for biometric and identification solutions. With over 20 years’ experience working in the hi-technology and software industry globally, he has significant experience with identification and public safety technologies including databases, PKI and smartcards, and has spent the past 10 years enabling the deployment of biometric technologies to infrastructure projects. Carl started working with biometrics whilst employed by NEC in the UK and has subsequently supported NEC’s global and public safety business internationally.

Residing in the UK, Carl was born and raised in Canada and holds a Bachelor of Science Degree on Computer Science and Mathematics from the University of Toronto.

You can download a PDF copy of this article by clicking this link.


3,976 words


Multiple Biometric Evaluation (2010) Report on Evaluation of 2D Still Image Face Recognition
Patrick J. Grother, George W. Quinn and P. Jonathon Phillips

Advances in Face Recognition Technology and its Application in Airports
Carl Gohringer,  Allevate Limited,
July 2012

Face Recognition in the Era of the Cloud and Social Media: Is it Time to Hit the Panic Button?
Dr. Joseph Atick
International Biometrics and Identification Association


Privacy Charter
Biometrics Institute

The International Air Transport Association (IATA)

“From grainy CCTV to a positive ID: Recognising the benefits of surveillance”

Interesting article in London’s Independent newspaper on CCTV surveillance and face biometrics.

Especially interesting is the view of the combination of biometrics over CCTV with artificial intelligence and behavioral recognition, as this does appear to be the way things are moving.

I agree that biometrics, and especially face recognition, can provide huge benefit to society. I also agree that there is a certain level of concern and distrust by large swathes of the population, some of it well-founded, and some of it based on misperception and incorrect knowledge.

In either case, I think it is dangerous to simply dismiss these concerns and objections simply because we feel “we know best”. I believe society can be much better off with the well placed and controlled use of this technology, but I also believe that we should be working with the civil liberties groups rather than fighting them. Ultimately, these systems need to be accepted if they are to succeed, and in order for this to happen, the public has to better understand the benefit to themselves, and have trust in the people using them.

SITA and NEC announce automated border control partnership

NEC Europe, leaders in biometric technology and SITA, the air transport IT specialist, announced an agreement to jointly provide an automated border control (ABC) gate solution. It incorporates sophisticated biometrics technology for use at immigration control points at airports in the European Union. The agreement comes as EU member states implement recommendations to move to self-service border control using ABC gates.

The speed and accuracy of this SITA/NEC automated border control gate helps speed up passenger flows at border control checkpoints while improving security and resource management. It incorporates face recognition, and optionally fingerprint verification, against e-passport data. Passengers can be processed through the SITA/NEC ABC gate in ten seconds or less

“SITA has significant experience in dealing with the challenges facing border control authorities around the globe and automated border control gates are recognized as a potential solution to the combined goals of improving the passenger journey and increasing border security,” said Dan Ebbinghaus, SITA Vice President, Government Solutions. “Working with NEC, our ABC gates combine SITA’s air transport industry experience and market knowledge with the fastest and most accurate face recognition software in the market. This combination will provide significant benefits to border control and airport authorities.”

ABC gates are less resource intensive as it only requires manual intervention by an immigration officer in rare cases when a match is unsuccessful. This frees up border security staff for other activities. In addition to the improved traveler experience, reduced waiting times can attract more airlines and increased revenue for the airport authority.

A core element in this ABC solution is NEC’s “NeoFace” face recognition algorithm which provides speed, accuracy and performance regardless of the database size and image quality. NEC face recognition technologies were ranked No. 1 in the MBE Still-Face Track in 2010 carried out by the National Institute of Standards and Technology (NIST), commissioned by the Department of Homeland Security.

Chris de Silva, Vice President IT Solutions, NEC, said: “NEC has a long history in innovation and with NeoFace we have extremely fast and accurate face recognition software, ideal for security applications. We have incorporated our software in a variety of security-based applications, but by integrating it into this new ABC gate, we believe it will significantly improve the efficiency of processing people through control checkpoints.”

He further added: “SITA has a wealth of experience as an IT integrator in the air transport industry and we are well-placed with our combined expertise to deliver a market-leading ABC solution across Europe.”

Western Identification Network Selects NEC for Criminal AFIS Across 8 US States

NEC Corporation of America announced that it has been awarded a multiyear contract with the Western Identification Network, Inc. (WIN) to modernize WIN’s multistate criminal identification system across 8 US states.

WIN is a non-profit organisation that provides identification services to law enforcement in: Alaska, Idaho, Montana, Nevada, Oregon, Utah, Washington, Wyoming, and California (as an interface member).

WIN has been a long-standing customer of NEC America, and this contract was re-competed last year.

The re-award of the contract to NEC is a testament to the skill and efforts of their team in Sacramento, and the quality of the NEC AFIS solutions.

Interestingly, NEC is providing this capability to WIN as a service, thereby eliminating the need for any upfront capital expenditure, and has been doing so long before “cloud” became fashionable.  The solution is entirely owned by NEC and hosted in NEC data centers.


Does turning off the Iris system at Manchester and Birmingham represent a failure of biometrics? 2

News that the Iris biometric gates at Manchester and Birmingham airports have been turned off has been widely reported. (BBC: Eye scanners at England airports turned off, Register: Two UK airports scrap IRIS eye-scanners)

The comments that this represents a failure of biometric systems started to fly almost immediately.air travel

  • “Multi-million pound eye scanners, billed as a key tool in securing Britain’s borders, have been scrapped.”
  • “…the technology has been beset by problems,…”

… are typical of the comments and headlines making their rounds.

I admit the gates were not perfect and did require some getting used to in order to navigate your way through quickly.

But I think the systems were far from a failure, and the reality is a little bit more subtle than the headlines may suggest.

Let’s not forget the system was originally introduced in 2004, initially as a pilot.  At this time, such use of Iris technology was fairly innovative.  That the footprint of the pilot was gradually extended and became a permanent system is indicative that the system was fairly well received. The fact that over 380,000 people have voluntarily enrolled (myself included) makes it difficult to argue that the system is derided.

In my opinion, the turning off of the system at these two locations is more in line with a planned phasing out of this particular solution, for some rather more mundane reasons:

  1. The system  no longer fits border-automation strategy in the UK  moving forward. It has largely been replaced by the momentum to accommodate EU e-Passports holders,whose passports hold an electronic copy of their face photographic.
  2. As innovative as the technology was in 2004, it is now woefully out-of-date. Iris technology has moved on leaps-and-bounds in the 8 years since (as demonstrated by the Iris-at-a-distance  e-gate solutions for departing passengers at Gatwick airport). The initial investment undoubtedly has long since been written off, and the technology needs a refresh.
  3. The initial deployment was meant to be limited, and the contract has undoubtedly been extended numerous times. A complete and expensive technology refresh (as is required) without an open and competitive re-tender would undoubtedly not rest on firm legal ground.
  4. The business model was never well thought out. It is completely funded by the UK government and can be used by any nationality completely free of charge.

This Iris system is intended for pre-registered Trusted Travellers, who are pre-vetted before they can use the system. At point of use, it is a 1:n Iris check and no travel documents are required.

Since the system has been deployed, most European Union (EU) nations have deployed e-Passports and an ever-increasing percentage of the EU population is now carrying a chip passport. The Iris gates have been gradually been superseded by a new breed of e-Gates that:

  • are for EU passport holders only.
  • do not require pre-enrolment.
  • perform a 1:1 face check against the JPG on the passport chip.

These gates are now being widely deployed at UK ports of entry and seemingly form the backbone of the government’s strategy for automated passenger clearance. This is only natural, as by far the bulk of passengers entering the UK are EU citizens.

If the remaining Iris gates are end-of-life’d, this will clearly leave a hole in the border automation strategy, mainly those passengers that:

  • are not EU citizens.
  • are EU citizens but do not yet have an e-passport.

Arguably, the second of the two will become less of a problem as time passes, as holders of older passports have their passports renewed.

The former, however, will form a minority of arriving passengers, and the business case for the government to provide a free-to-use Trusted Traveler system remains vague. More likely than not, any replacement system  will take the form of a paid subscription requiring a pre-enrollment with vetting.

Ideally, given the limited space available airports, the best scenario would involve these passengers using the same physical e-gates as EU passport holders.

In my view, allowing these systems to reach their end-of-life is not an argument for the failure of biometrics deployed at the border. The fact that a system that was only ever meant to have a limited deployment lasted this long and was only replaced by a government strategy that is more harmonised across EU nations, is a testament to the value this technology provides.

Thank you project IRIS, but I won’t miss you. I use the new e-Passport e-Gates now.

Biometrics in Banking

[polldaddy poll=5808478]

Man using iris biometrics to authenticate to ATMTurkey, BruneiNigeria and Poland are just some of the countries that have already announced biometric ATMs, for example. The use of biometrics at the till for payment is also on the rise.

Some cite the fact that there has not been a massive up-take in the use of biometrics in consumer facing applications as evidence that the technology does not yet function to an adequate level of performance. Every large biometric deployment deployment I have been involved in has entailed rigorous and exhaustive testing to clearly demonstrate accuracy performance against clearly and aggressively pre-defined test parameters, in real-world environments, using customer data; I don’t expect financial customers would be any less arduous.

I do agree that lab testing / data is insufficient, and solution providers who are unwilling or unable to demonstrate predictable and repeatable accuracy SLAs in real-world environments should be treated with caution.

Is a biometric system fallible? Yes. The question is, is it less fallible then existing precautions already in place, and does the deployment of such a system, in simple financial terms, demonstrate a clear ROI. Again, the answer is: Yes.

Rather, I believe that the thus far reluctance in Western societies to deploy such systems en masse for consumer identification is more due to the banks’ concern of how such systems will be perceived by their clientele; the UK populace, for example, is ever suspicious of Big Brother, their governments and large institutions.

However, these “perception barriers” are already lowering, and there is mounting evidence that public opposition, where clear benefit is realised, is eroding.

Banks are now increasingly becoming aware of the value of biometric identification, of both their internal staff and their external clientele, especially in the area of high net-worth individuals and high-value transactions, and I expect we will see many exciting developments in identification solutions for this market.

On Biometric Suppliers Publishing Accuracy Figures 2

Of late there have been repeated calls on Twitter for biometric suppliers to publicly release statistics pertaining to the performance of their biometric algorithms, specifically False Accept Rates (FAR) and False Reject Rates (FRR).

Whilst not a response to those calls, this post is in part motivated by them.

Those repeatedly calling for the release of these figures know in advance that their calls will not be heeded. As they are already well-versed in the technology, they already understand the reasons why. Yet I believe they persist so they can cite the non-responsiveness of suppliers as “evidence” that the technology does not work.

Let’s examine why suppliers keep this information secret.


I have been involved in negotiating multiple contracts for deployment of biometric technology, ranging from large government infrastructure programmes, through to enterprise access control solutions. I can emphatically state that in every one of these instances, the customer has been absolutely fully aware of the performance metrics of the technology they are deploying, from accuracy through to HW requirements. In fact, before securing any contract, it is very common for the supplier to have to benchmark their technology on customer supplied data, and often the adherence to pre-defined accuracy SLAs is written into contract, with penalties for non-performance.

2. There is no single correct answer

Anybody versed in biometrics knows that the answer is almost always “It depends”. The accuracy is dependent upon multiple factors, many of which will be under the control of the customer, not just the supplier, such as:

      – Quality of the data being matched against
      – Representative population
        – Environmental conditions


          – Performance required
          – Budget

      Again, required levels of accuracy will often be pre-agreed with the client, and it is often down to a matter of how much budget the client has available. Faster and / or more accurate will require more computing power, and the determination is often down to a cost benefit analysis.

      3. It is Competitive Confidential Information

      Accuracy of biometric technology can pose a strong competitive advantage, and suppliers often don’t want this information to be in the public domain (or more specifically, available to their competitors). Though the release of this information is often required, for example to prospective clients, it will almost always be under a non-disclosure agreement.

      4. There is no Commercial Reason to do so

      Suppliers, like anybody, don’t like having their time wasted. They’ll apply their resources to those who wish to engage with them seriously, and as mentioned above, they will have no problem in releasing the information as required. A car salesman will spend his or her resources on the individual who wants to buy a car, and ignore the tire kickers.

      My Point

      To only ever argue the facts on one side of a debate to follow a predefined agenda generally results in a loss of credibility. The irony is that people who do so often have valid concerns or issues that quite rightly should be aired and considered, but end up falling by the wayside.

      These are my own personal opinions, and not necessarily the opinions of any suppliers I may happen to work with.

      UK BA Suspensions

      air travelThe news last week that Brodie Clarke and Graeme Kyle were suspended from the UK Borders Agency following claims that identity checks were relaxed during busy periods at Heathrow raises some interesting questions.

      Without passing any judgement, I understand in part both why there may have been pressure to do so,  and the government’s decision to undertake suspensions.  The latter is easier to address. Whatever concerns may have existed, freedom to exercise authority cannot fly in the face of direct ministerial guidance.


      Having said that, I’m sure the reasons for doing so were well intentioned, and may have resulted from trying to meet conflicting requirements, mainly ensuring:

      • High security and appropriate passenger screening.
      • Passenger throughput and avoidance of queues / delays.

      While I’m not close to the environment in question, at initial glance it appears that the former requirement may have been sacrificed to an extent to ensure the latter during busy periods.

      Delays and queues, in a very real and commercial sense, cost money, and it is easy to quantify exactly how much. So it appears the dilemma faced was the age old one, being : “What is an acceptable cost for increased security?”

      It appears that some at least felt the benefit delivered did not warrant the disruption to existing processes. Unfortunately it also appears that the decision was taken without due process and consultation.

      This situation  highlights the importance of understanding the overall cost of any new security system (which invariably is significantly higher than the cost of procuring it), and the benefits it delivers. Invariably, any system will have an impact on existing workflows, and if carefully designed, should deliver an improvement in workflow in addition to an increase in security.

      Biometric security: More bottom-line benefits, less James Bond 1

      Biometric security: More bottom-line benefits, less James Bond

      Carl Gohringer December 03, 2003

      Bond movies will always be associated with state-of-the-art technology, but few of the products he uses or encounters ever make it into the real world.

      A car that turns into a submarine might be nice to have or an umbrella that transforms into a rope ladder useful on the odd occasion, but their uses in everyday life are limited.

      There is one exception to the James Bond rule – biometrics – the technology that uses unique, physical geometry to identify and authenticate individuals.

      According to market research group Frost & Sullivan, the biometrics market will reach a phenomenal $2.05 billion by 2006 (it was valued at just $93.4 million last year).

      Concrete evidence for the growth in biometrics is starting to proliferate. The Home Office has announced that it is planning to install biometrics in 10 UK airports by the middle of next year to assist immigration control. The Nationwide Building Society is running extensive biometrics tests using iris scans in place of PINs at cash machines. Most recently, the Home Secretary announced that national ID cards – to be phased in over the next five years – will incorporate biometric data access via fingerprint recognition.

      However, for most organisations, there are two understandable questions that need to be answered before biometric identification will reach the boardroom agenda:

      • “When budgets are tight, what is the business case for investing in yet more security technology?”
      • “Aren’t there fundamental drawbacks with biometric technology?”

      The second issue is currently the source of most controversy in the media. For years films such as Minority Report have presented a rather superficial interpretation of biometrics. Eyes have been gouged out to gain access to computer networks and “fake” or severed fingers used to access a building.

      The reality is far less dramatic. As the use of biometrics becomes more common place, people will realise that the risk is no greater than being forced to reveal a password or to hand over an access swipe card. Indeed, the risk is much less, thus representing an improvement over and above the existing solution already in place. In fact, one of the key benefits of biometrics is that even if an ‘identity’ such as an access card or password is stolen, without the correct authenticating biometric, access will be denied. The same applies to the sharing of passwords, helping businesses and organisations control who can and cannot access certain areas.

      In addition to the physical risk, with biometrics comes the perceived threat of ‘Big Brother’, with concerns of data compilation and movement monitoring. While there is no escaping the fact that in the wrong hands this could be the case, in reality the threat is no greater than your bank recording the cash points you have accessed, mobile phones being used to track your whereabouts, a supermarket using loyalty cards to track your spending patterns or in fact, a security company monitoring the comings and goings of staff via CCTV.

      There is no doubting that to dispel the notion of a Big Brother state an education programme is needed to highlight the benefits of biometric security (e.g. the ability to protect a person’s identity, the near elimination of passport fraud and the ability to store important data without the threat of unauthorised access). However, the greatest support will be won once biometric security is fully integrated into daily processes, whether logging on to the network at work or withdrawing cash without the threat of skimming from a cash machine.

      The business case for biometrics, once explained, clearly demonstrates three primary reasons as to why a business should adopt biometrics:

      • To improve an organisation’s security by providing positive identification of individuals accessing your premises and networks
      • To save large sums of money by eliminating user provisioning and password management
      • To increase usability and convenience to staff

      Robust security

      What’s the point of spending a vast amount of money protecting and securing your networks if you still can’t positively identity who is accessing them? Obviously none but this is exactly what most companies are currently doing.

      Standard corporate user IDs and passwords used to govern the physical and virtual access to a company and / or network tend to follow the same format. The most common being the first letter of the user’s first name and the whole of their surname for a username i.e. cgohringer for Carl Gohringer. The bottom line for a business is that IDs can generally be cracked with one or two educated guesses. So assuming there is little or no security around IDs, a company’s security depends solely on the strength of passwords.

      Again, if you know a little about the people whose passwords you are trying to guess, it often does not take much to figure it out. There are plenty of available password cracking utilities easily accessible on the Internet to help you out.

      The question is how big an issue are ID/password breaches? It’s difficult to be precise, but we do know that 60-70% of hacking attacks have an internal source (i.e. are conducted by people who know something about each other and for whom, ID/password theft would be relatively simple). And, to give you an idea of the financial impact, last year 39% of Fortune 500 companies suffered an electronic security breach at an average cost of $50,000.

      Biometrics tackle this problem by providing a truly unique individual identifier. If access to either a building or network is controlled by a smartcard containing biometric templates, you can be sure that only the valid owner of the card will be able to access those resources. Access rights to different buildings and rooms can also be set – via the smartcard – for each individual; and with emails increasingly being used as legally binding documents, biometrics can guarantee identity by requiring the user to supply their fingerprint when digitally signing them.

      Ant Allen, research director at analyst house, Gartner Group, sums up the benefits of biometric human authentication: “It is unique to the individual, not something that somebody else decides will be your password, shared secret or token. Passwords can be learnt by various means and tokens can be stolen, but biometrics cannot.”

      Increased convenience, less money wasted

      The ID/password combination is also inconvenient for staff and financially inefficient for companies to manage.

      Just think about the number of passwords you may have to remember in a given day: the password for your office network; the number to access voicemail on your phone; the ‘unlock’ code for your PDA and so on.

      Inevitably, passwords are forgotten or compromised on a daily basis, which results in the IT department being pestered for a new code. The cost of maintaining passwords is costly and with this in mind, the ROI on biometrics is commonly realised in less than a year. IT staff are then freed up to focus on other, potentially revenue-generating issues.

      In place of this often forgotten, easily hacked, regularly shared password, a biometric smartcard gives employees single-sign-on access to the corporate network, which eliminates the need to remember numerous passwords and PINs and removes the cost of managing them for the IT department.

      The present and future of security

      The benefits of biometrics can potentially run much deeper. For example, many public sector organisations see biometrics as a useful tool for improving customer service. In a hospital environment, facial recognition can identify a patient on arrival and ensure their medical records are ready for when they arrive at reception, enabling them to be instantly directed to the appropriate ward.

      However, the purpose of this piece is to examine the impact on bottom line. In this respect, the case for biometrics is extremely powerful. Not only are they an essential tool to prevent your business losing large sums of money to cyber crime, on a day-to-day basis biometrics can dramatically reduce management and administration costs.

      So next time you see James Bond or Tom Cruise battling biometrics in the movies, consider their potential for saving you money and giving your business robust insurance against the financial risk of hacking.

      Biometric Trends Improving Performance

      Iris Biometrics

      Major improvements have been realised in the capture capability, enabling Iris capture on the move or from a distance. While this is not an improvement in the SDK matching per say, it has a significant influence on the matching and usability of the system.

      Face Biometrics

      There have been significant and drastic improvements in the quality and accuracy of matching performance in a very short period of time in the last few years. This has been demonstrated by recent NIST tests, as well as other independent testing. It is not anticipated this rate of improvement will level out any time soon; expect in the coming years further drastic improvements.

      Fingerprint Biometrics

      Accuracy is still continually improving, though not at the same drastic rate as face recognition, as this is a much older technology. However, areas where there are major improvements are in the automated processing of latent prints (both in automated ridge, minutiae identification, feature extraction, and in automated 10-print to latent matching). This has the potential to enable enhanced functionality at verification points, such as border crossings, by implementing functionality such as real-time watchlist checking against latent watchlists.

      Multi-Biometric Record Level Fusion

      Another area where developments are aiding in accuracy improvements is multi-biometric fusion, occurring at the record level. Rather than merging multiple candidate lists from multiple biometrics post search, fusing biometrics and biographics in-record has the potential to provide multi-biometric record-level scores. However, this has more of an impact in very large scale identification systems, as opposed to verification systems, or small scale databases, such as watchlist checking.

      Biometric Matching as a Service

      Supported by trends such as cloud computing, data center consolidation, shared infrastructure and virtualisation.
      See here for more.