Tag Archives: department of homeland security

You Can Measure Quality, But is the Measure Meaningful? (OFIQ)

The purpose of measuring quality should not be for measurement’s own sake. The purpose should be to inform people to make useful decisions.

In Germany, the Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Information Security) has developed the Open Source Face Image Quality (OFIQ) standard.

Experienced biometric professionals can’t help but notice that the acronym OFIQ is similar to the acronym NFIQ (used in NFIQ 2), but the latter refers to the NIST FINGERPRINT image quality standard. NFIQ is also open source, with contributions from NIST and the German BSI, among others.

But NFIQ and OFIQ, while analyzing different biometric modalities, serve a similar purpose: to distinguish between good and bad biometric images.

But do these open source algorithms meaningfully measure quality?

The study of OFIQ

Biometric Update alerted readers to the November 2025 study “On the Utility of the Open Source Facial Image Quality Tool for Facial Biometric Recognition in DHS Operations” (PDF).

Note the words “in DHS Operations,” which are crucial.

  • The DHS doesn’t care about how ALL facial recognition algorithms perform.
  • The DHS only cares about the facial recognition algorithms that may potentially use.
  • DHS doesn’t care about algorithms it would never use, such as Chinese or Russian algorithms.
  • In fact, from the DHS perspective, it probably hopes that the Chinese Cloudwalk algorithm performs very badly. (In NIST tests, it doesn’t.)

So which algorithms did DHS evaluate? We don’t know precisely.

“A total of 16 commercial face recognition systems were used in this evaluation. They are labeled in diagrams as COTS1 through COTS16….Each algorithm in this study was voluntarily submitted to the MdTF as
part of on-going biometric performance evaluations by its commercial entity.”

Usally MdTF rally participants aren’t disclosed, unless a participant discloses itself, like Paravision did after the 2022 Biometric Technology Rally.

“Paravision’s matching system alias in the test was ‘Miami.'”

Welcome to Miami, bienvenidos a Miami. Google Gemini.

So what did DHS find when it used OFIQ to evaluate images submitted to these 16 algorithms?

“We found that the OFIQ unified quality score provides extremely limited utility in the DHS use cases we investigated. At operationally relevant biometric thresholds, biometric matching performance was high and probe samples that were assessed as having very low quality by OFIQ still successfully matched to references using a variety of face recognition algorithms.”

Or in human words:

  • Images that yielded a high quality OFIQ score accurately matched faces using the tested algorithms.
  • Images that yielded a low quality OFIQ score…STILL accurately matched faces using the tested algorithms.
Google Gemini.

So, at least in DHS’ case, it makes no sense to use the OFIQ algorithm.

Your mileage may vary.

If you have questions, consult a biometric product marketing expert.

Or Will Smith. Just don’t make a joke about his wife.

Non-citizen REAL ID Expiration Dates Calculated Incorrectly in California

Remember my post that noted an error in Slashdot and Reason reporting about REAL IDs for non-citizens?

No, you don’t have to be a citizen to get a REAL ID.

But your REAL ID is tied to your authorization to be in the United States, and expires on the same date as your authorization to be here.

Well, that’s how it’s supposed to work.

In California, the date calculations (based upon 2006 legacy code) were screwed up for 300,000 legal residents.

“The error overrode the correct expiration date, which should have matched the end of the cardholder’s authorized stay in the United States. Under federal rules, immigrants with legal status — including permanent residents, green card holders and visa holders — are eligible for REAL IDs, but the cards’ expiration dates must align with the length of their authorized stay.”

Except when they don’t.

And for those who believe that granting REAL IDs to non-citizens is an example of California breaking the law:

  1. The DHS approved California’s REAL IDs in April 2019 under President Trump.
  2. Check reliably red South Dakota’s REAL ID requirements.

“If you’re not a U.S. citizen, you must apply in person at a state driver exam station and provide a U.S. Citizenship and Immigration document proving your lawful status in the U.S.”

Slashdot/Reason, Do You Fact Check Your REAL ID Claims?

Unchecked disinformation runs wild in this Slashdot story, contributed anonymously.

“Only the government could spend 20 years creating a national ID that no one wanted and that apparently doesn’t even work as a national ID. But that’s what the federal government has accomplished with the REAL ID, which the Department of Homeland Security (DHS) now considers unreliable, even though getting one requires providing proof of citizenship or lawful status in the country.”

The anonymous Slashdot contributor is either a liar or a fool. As I noted back in May after Leonardo Garcia Venegas’ first detainment (I didn’t know he was detained a second time), a REAL ID was NEVER intended to prove citizenship.

Here are California’s non-citizen REAL ID requirements, which are federally acceptable:

“This includes all U.S. citizens, permanent residents who are not U.S. citizens (Green Card holders), and those with temporary legal status, such as recipients of Deferred Action for Childhood Arrivals (DACA) or Temporary Protected Status (TPS) and holders of a valid student or employment visa.”

But since the REAL ID expiration date matches the date at which temporary legal status expires, it DOES prove legal presence.

Slashdot, get your facts straight.

Postscript: Slashdot lifted its claims from Reason.

AFOID With an Expanded A: If You Pay the Money, Who Needs REAL ID Anyway?

I’ve vented about this for years. Some people have vented about this for decades. And it’s been discussed for decades.

But before I launch into my rant, let me define the acronym of the day: AFOID. It stands for “acceptable form of identification.”

And for years (decades), we’ve been told that the ONLY acceptable form of identification to board a plane is a REAL ID, U.S. passport, or a similar form of identity. A REAL ID does not prove citizenship, but it does prove that you are who you say you are.

USA.GOV put it best:

“If you do not have a REAL ID-compliant driver’s license or state-issued ID, you will not be able to use it to:

“Access federal government facilities or military installations

“Board federally regulated commercial aircraft

“Enter nuclear power plants”

Pretty straightforward. Get a REAL ID (or other acceptable document such as a passport), or there are some things that YOU WILL NOT BE ABLE TO DO.

So you needed that AFOID by May 2025…

Whoops, I mean May 2027, because TSA is allowing exceptions for a couple of years.

Whoops, I mean probably never.

If you pay some bucks, you can use a MODERNIZED system. Biometric Update alerted me to this new item in the Federal Register.

“The Transportation Security Administration (TSA) is launching a modernized alternative identity verification program for individuals who present at the TSA checkpoint without the required acceptable form of identification (AFOID), such as a REAL ID or passport. This modernized program provides an alternative that may allow these individuals to gain access to the sterile area of an airport if TSA is able to establish their identity. To address the government-incurred costs, individuals who choose to use TSA’s modernized alternative identity verification program will be required to pay an $18 fee. Participation in the modernized alternative identity verification program is optional and does not guarantee an individual will be granted access to the sterile area of an airport.”

I’ve love to see details of what “modernized” means. In today’s corporate environment, that means WE USE AI.

And AI can be embarrassingly inaccurate.

And if you want to know how seedy this all sounds, I asked Google Gemini to create a picture of a man waving money at a TSA agent. Google refused the request.

“I cannot fulfill this request. My purpose is to be helpful and harmless, and that includes refusing to generate images that promote harmful stereotypes, illegal activities, or depict bribery of public officials.”

So I had to tone the request down.

When Fraud Is Too Obvious, the TSA Edition

On Tuesday I will write about a way to combat document signature fraud, but today I will focus on extremely obvious fraudulent activity.

You probably haven’t tried to alter your appearance before going through an airport security checkpoint, but it’s hard to pull off.

Um…no.

The most obvious preventive measure is that airport security uses multi factor authentication. Even if the woman in the video encountered a dumb Transportation Security Administration (TSA) expert who thought she truly was Richard Nixon, the driver’s license “Nixon” presented would fail a security check.

But not all fraud is this easy to detect. Not for job applicants, not for travelers.

Modern Airport Identity Security: mDLs at TSA at ONT

Today’s acronyms are TSA, ONT, and mDL.

I finally found a legitimate use for my California mobile driver’s license (mDL) this afternoon.

Ontario International Airport (ONT) allows people without tickets to reserve a day pass to see departing passengers off. The day pass functions as the equivalent of a real passenger’s boarding pass…with appropriate identification.

Both the day pass and my mDL were in my smartphone wallet, so all went smoothly. I wasn’t paying enough attention to know if the Transportation Security Administration (TSA) compared my live face to my mDL, but they probably did.

And I can confirm that Richard Reid rule is gone: no shoe removal required. Belts are another matter.

No true pictures, just an artistic re-creation.

Icing Translations With Axon

The first paragraph of this Newsweek article is puzzling:

“Immigration and Customs Enforcement (ICE) no longer requires new recruits to take a five-week Spanish-language training program, according to the Department of Homeland Security (DHS).”

Until you get to the fourth:

“Axon, a company with a $5.1 million contract to provide Homeland Security with body-worn cameras, advertises that its latest body camera includes real-time “push-to-talk voice translation” in more than 50 languages.”

You may know Axon by its former name, TASER International. Needless to say, its product line has evolved.

Newsweek: https://www.newsweek.com/ice-immigration-spanish-language-new-recruits-2114110

Axon: https://www.axon.com/products/real-time-translation

(Picture from Axon)

Using Personal Devices at Work: Meta AI Smart Glasses at a CBP Raid?

Although the lines inevitably blur, there is often a line between devices used at home and devices used at work.

  • For example, if you work in an old-fashioned work office, you shouldn’t use the company photocopier to run personal copies of invitations to your wedding.
  • Similarly, if you have a personal generative AI account, you may cause problems if you use that personal account for work-related research…especially if you feed confidential information to the account. (Don’t do this.)
Not work related. Imagen 4.

The line between personal use and work use of devices may have been crossed by a Customs and Border Protection agent on June 30 in Los Angeles, according to 404 Media.

“A Customs and Border Protection (CBP) agent wore Meta’s AI smart glasses to a June 30 immigration raid outside a Home Depot in Cypress Park, Los Angeles, according to photos and videos of the agent verified by 404 Media.”

If you visit the 404 Media story, you can see zoomed in pictures of the agent’s glasses showing the telltale signs that these aren’t your average spectacles.

Now 404 Media doesn’t take this single photo as evidence to indicate that CBP has formally adopted Meta AI glasses for its work. In fact, a likely explanation is that these were the agent’s personal glasses, and he chose to wear them to work that day.

And 404 Media also points out that current Meta AI glasses do NOT have built-in facial recognition capabilities.

But even with these, the mere act of wearing these glasses causes potential problems for the agent, for Customs and Border Protection, and for Meta.

Take Grandma, who uses Meta to find those cute Facebook stories about that hunk Ozzy Osbourne (who appeals to an older demographic). If she finds out that her friend Marky Mark Zuckerberg is letting the Government use Meta technology on those poor hardworking workers who just want a better life, well, Grandma may stop buying those trinkets from Facebook Marketplace.

(Unauthorized) Homeland Security Fashion Show. AI-generated by Imagen 4. And no, I don’t know what a “palienza” is.

So the lesson learned? Don’t use personal devices at work. Especially if they’re controversial.

FBI, DoD, DHS, and Other Biometric Standards

(Imagen 4)

When I started in biometrics 30 years ago, the most important operational biometric standard to me was what was then called the Electronic Fingerprint Transmission Specification or EFTS, published by the Department of Justice’s Federal Bureau of Investigation (FBI). 

Record types from the 1993 ANSI/NIST standard.

Unlike the ANSI/NIST biometric data interchange standard, the EFTS can actually be used out of the box to transmit data. The ANSI/NIST standard doesn’t define any “Type 2” fields, nor does it define any “types of transactions” (TOTs). EFTS did.

Other standards

But the EFTS, now the FBI’s Electronic Biometric Transmission Specification or EBTS (downloadable here), isn’t the only biometric transmission standard derived from ANSI/NIST.

  • State police agencies have their own law enforcement transmission standards. Here’s New York’s version (PDF).
  • Other U.S. federal agencies such as the U.S. Departments of Defense and Homeland Security have transmission standards.
  • Other countries have their own transmission standards.
  • Multinational agencies such as INTERPOL have their own transmission standards.

Luckily all the different standards have some basic similarities, but if you have a mobile biometric device that must submit to DOJ and DoD and DHS, you need to switch to the proper profile for each submission.

Last week I downloaded two different standards so I could understand the TOTs. I would have downloaded a third, but the agency restricts its distribution.

Word up

But I will tell you the biggest frustration I have with the standards.

In the EBTS and some other standards, there is a type of transaction referred to as “Criminal Ten-Print Submission (No Answer Necessary).” The abbreviation for this TOT is CNA.

Microsoft Word in default mode auto-corrects this from CNA to CAN.

Imagen 4.

CMOs, I can help you

But I’ve overcome this frustration over 30 years of immersing myself in all things biometric-translation related. This experience is benefiting a Bredemarket client that communicates with end customers regarding many of these standards.

Can my experience benefit you as your organization produces content, proposal, and analysis materials on a deadline? If Bredemarket can help you catch up or get ahead, let’s talk.

Stop losing prospects! Use Bredemarket content for tech marketers
Tech marketers, are you afraid?