Tag Archives: dna

Today’s Acronym is PIA (Privacy Impact Assessment)

(Imagen 4)

(Part of the biometric product marketing expert series)

Do U.S. government agencies simply run roughshod over your privacy rights?

Not exactly.

Government agencies are required to issue Privacy Impact Assessments (PIAs) for their projects.

The Federal Bureau of Investigation alone has issued over 60 PIAs.

For example, here is the PIA for CODIS, the Combined National Deoxyribonucleic Acid (DNA) Index System (CODIS).

And if anything needs a PIA, it’s CODIS, since it potentially contains your personally identifiable information…and the personally identifiable information of your relatives.

The PIAs themselves are detailed. The CODIS PIA includes 8 sections with 19 pages of questions and responses. For example, here is the response in section 8 regarding privacy:

The type, quantity, and sources of information collected by FBI CODIS are necessary to identify crime scene offenders, missing persons, or unidentified human remains, or to link multiple crime scenes. Such information is only further disseminated for these purposes. Moreover, NDIS does not store State Identification Number/Universal Control Number or otherwise collect, handle, disseminate, or store contributors’ names. Therefore, CODIS DNA profiles and pedigrees can only be matched to a named individual by the submitting Criminal Justice Agency forensic laboratory, independent of NDIS.

  • The privacy risks associated with the collection and maintenance of FBI CODIS information are inaccurate information, unauthorized access, and unauthorized disclosures.
  • The privacy risks associated with the access and use of FBI CODIS information are unauthorized access, unauthorized (or overly broad) disclosures, and loss of data.
  • The privacy risks associated with the dissemination of FBI CODIS information are the risks of unauthorized disclosures and loss of data.

The risks of unauthorized access, unauthorized disclosures, loss of data and inaccurate information are mitigated by the quality assurance standards promulgated by the FBI pursuant to the Federal DNA Identification Act. These risks are further mitigated by the system, physical access, network-infrastructure, auditing and quality assurance controls, as described more specifically in Sections 6.1 and 6.2, which are in compliance with FIPS Publication 199, as applicable.

The risk of inaccurate information is also specifically mitigated through the identity verification process performed by participating Criminal Justice Agency forensic laboratories to confirm a potential match. The identity must be confirmed prior to the disclosure of any personally identifiable information to the law enforcement entity who submitted the DNA sample.

Lastly, notice is provided as described in Section 5.1.

Frictionless Friction Ridges and Other Biometric Modalities

I wanted to write a list of the biometric modalities for which I provide experience.

So I started my usual list from memory: fingerprint, face, iris, voice, and DNA.

Then I stopped myself.

My experience with skin goes way beyond fingerprints, since I’ve spent over two decades working with palm prints.

(Can you say “Cambridgeshire method”? I knew you could. It was a 1990s method to use the 10 standard rolled fingerprint boxes to input palm prints into an automated fingerprint identification system. Because Cambridgeshire had a bias to action and didn’t want to wait for the standards folks to figure out how to enter palm prints. But I digress.)

So instead of saying fingerprints, I thought about saying friction ridges.

But there are two problems with this.

First, many people don’t know what “friction ridges” are. They’re the ridges that form on a person’s fingers, palms, toes, and feet, all of which can conceivably identify individuals.

But there’s a second problem. The word “friction” has two meanings: the one mentioned above, and a meaning that describes how biometric data is captured.

No, there is not a friction method to capture faces.
From https://www.youtube.com/watch?v=4XhWFHKWCSE.

No, there is not a friction method to capture faces. Squishing 

  • If you have to do something to provide your biometric data, such as press your fingers against a platen, that’s friction.
  • If you don’t have to do anything other than wave your fingers, hold your fingers in the air, or show your face as you stand near or walk by a camera, that’s frictionless.

More and more people capture friction ridges with frictionless methods. I did this years ago using MorphoWAVE at MorphoTrak facilities, and I did it today at Whole Foods Market.

So I could list my biometric modalities as friction ridge (fingerprint and palm print via both friction and frictionless capture methods), face, iris, voice, and DNA.

But I won’t.

Anyway, if you need content, proposal, or analysis assistance with any of these modalities, Bredemarket can help you. Book a meeting at https://bredemarket.com/cpa/

MFB = Multi Factor Biasification?

There’s a paper from Itiel Dror that I need to read. Its title is “Biased and Biasing: The Hidden Bias Cascade and Bias Snowball Effects.”

Here is a portion of the abstract:

“Cognitive bias…impacts each and every aspect of the justice and legal systems, from the initial engagement of police officers attending the crime scene, through the forensic examination, and all the way to the final outcome of the jurors’ verdict and the judges’ sentencing. It impacts not only the subjective elements in the justice and legal systems but also the more objective scientific elements, such as forensic fingerprinting and DNA….[S]uch errors in the final outcome rarely occur because they require that the shortcomings in each element be coordinated and aligned with the other elements. However, in the justice and legal systems, the different elements are not independent; they are coordinated and mutually support and bias each other, creating and enabling hidden bias cascade and bias snowball effects.”

Examples of Biometric Technology Misuse

If I become known for anything in biometrics, I want to be known for my extremely frequent use of the words “investigative lead.” 

Whether you are talking about DNA or facial recognition, these types of biometric evidence should not be the sole evidence used to arrest a person.

For an example of why DNA shouldn’t be your only evidence, see my recent post about Amanda Knox.

Facial recognition misuse in law enforcement

Regarding facial recognition, I wrote this in a social media conversation earlier today:

“Facial recognition CAN be used as a crowd checking tool…with proper governance, including strict adherence to a policy of only using FR as an investigative lead, and requiring review of potential criminal matches by a forensic face investigator. Even then, investigative lead ONLY. Same with DNA.”

I received this reply:

“It’s true but in my experience cops rarely follow any rules.”

Now I could have claimed that this view was exaggerated, but there are enough examples of cops who DON’T follow the rules to tarnish all of them. 

Revisiting Robert Williams’ Detroit arrest

I’ve already addressed the sad story of Robert Williams, who was “wrongfully arrested based upon faulty facial recognition results.”

At the time, I did not explicitly share the circumstances behind Williams’ arrest:

“The complaint alleges that the surveillance footage is poorly lit, the shoplifter never looks directly into the camera and still a Detroit Police Department detective ran a grainy photo made from the footage through the facial recognition technology.”

There’s so much that isn’t said here, such as whether a forensic face examiner made a definitive conclusion, or if the detective just took the first candidate from the list and ran with it.

But I am willing to bet that there was no independent evidence placing Williams at the shop location.

Why this matters

The thing that concerns me about all this? It just provides ammo to the people who want to ban facial recognition entirely.

Not realizing that the alternative—manual witness (mis)identification—is far more inaccurate and far more racist.

But the controversy would pretty much go away if criminal investigators only used facial recognition and DNA as investigative leads.

DNA Contamination Has Consequences. Ask Amanda Knox.

(Part of the biometric product marketing expert series)

When Thermo Fisher Scientific announced Amanda Knox as one of its speakers at the HIDS 2025 conference (image from the HIDS 2025 conference page), I wondered why. All of knew of Knox was that she was imprisoned for a murder in Italy that she didn’t commit.

I then found the details.

Prosecution Exhibit #36 was a knife discovered in the kitchen drawer of Raffaele Sollecito’s apartment on November 6, 2007. The police claimed this knife, 31 m long with a 17.5 cm blade, to be the murder weapon. It was the only physical evidence linking Amanda Knox to the murder. The Scientific Police claimed to have found Knox’s DNA on the handle and [murder victim Meredith] Kercher’s DNA on the blade and called the knife the “double DNA knife.”

Because DNA proves all, Knox was sent off to prison.

Only there was one problem.

Later re-evaluation of the knife left little doubt that the DNA found on the knife was the result of contamination.

You see, DNA evidence is examined in a lab. So if someone takes DNA from a knife blade and compares it to DNA taken from Amanda Knox, and if the samples have a high probability of a match, then you can make a determination.

But what if there were a mixture of the DNA, and Knox’s sample was mixed with the knife sample at some point, or misidentified? Then Knox’s DNA would match to Knox’s DNA, but that may have nothing to do with the DNA that was originally on the knife.

And you know nothing.

Clean Fast Contactless Biometrics

(Image from DW)

The COVID-19 pandemic may be a fading memory, but contactless biometrics remains popular.

Back in the 1980s, you had to touch something to get the then-new “livescan” machines to capture your fingerprints. While you no longer had messy ink-stained fingers, you still had to put your fingers on a surface that a bunch of other people had touched. What if they had the flu? Or AIDS (the health scare of that decade)?

As we began to see facial recognition in the 1990s and early 2000s, one advantage of that biometric modality was that it was CONTACTLESS. Unlike fingerprints, you didn’t have to press your face against a surface.

From https://www.youtube.com/watch?v=4XhWFHKWCSE.

But then fingerprints also became contactless after someone asked an unusual question in 2004.

“Actually this effort launched before that, as there were efforts in 2004 and following years to capture a complete set of fingerprints within 15 seconds…”

This WAS an unusual question, considering that it took a minute or more to capture inked prints or livescan prints. And the government expected this to happen in 15 seconds?

A decade later several companies were pursuing this in conjunction with NIST. There were two solutions: dedicated kiosks such as MorphoWave from my then-employer MorphoTrak, and solutions that used a standard smartphone camera such as SlapShot from Sciometrics and Integrated Biometrics.

Slide 10 from the NIST presentation posted at https://www.nist.gov/system/files/documents/2016/12/14/iai_2016-nist_contactless_fingerprints-distro-20160811.pdf.

The, um, upshot is that now contactless fingerprint and face capture are both a thing. Contactless capture provides speed, and even the impossible 15 second capture target was blown away. 

Fingers and faces can be captured “on the move” in airports, border crossings, stadiums, and university lunchrooms and other educational facilities.

Perhaps Iris and voice can be considered contactless and fast. 

But even “rapid” DNA isn’t that rapid.

DNA Chain of Custody

(Part of the biometric product marketing expert series)

Gloves can play a big part in a variety of criminal investigations…including the ones that DON’T result in live coverage and international headlines.

The phrase of the day is “chain of custody,” because DNA evidence can be incredibly accurate…until it isn’t.

H/T CSIDDS for this story.

Sydney Criminal Lawyers shared the story of a police officer sent to prison for falsifying evidence.

“A property in Cairnlea, Melbourne, was identified as a safe house for…drugs, with police finding pieces of evidence — including a pair of gloves that had a man’s DNA on them. Despite only having the one source of DNA on the gloves, (former police detective Jye) Symes falsely reported that he found a woman’s DNA on the gloves.”

For the misconduct, Symes received “a full term of 3 years imprisonment with an 18-month non-parole period.”

Don’t mess with the evidence.

Don’t Miss the Boat

Bredemarket helps identity/biometric firms.

  • Finger, face, iris, voice, DNA, ID documents, geolocation, and even knowledge.
  • Content-Proposal-Analysis. (Bredemarket’s “CPA.”)

Don’t miss the boat.

Augment your team with Bredemarket.

Find out more.

Don’t miss the boat.

In Case You Missed My Incessant “Biometric Product Marketing Expert” Promotion

Biometric product marketing expert.

Modalities: Finger, face, iris, voice, DNA.

Plus other factors: IDs, data.

John E. Bredehoft has worked for Incode, IDEMIA, MorphoTrak, Motorola, Printrak, and a host of Bredemarket clients.

(Some images AI-generated by Google Gemini.)

Biometric product marketing expert.

When Rapid DNA Isn’t

(Part of the biometric product marketing expert series)

Have you heard of rapid DNA?

Fair use, from https://www.racers-behindthehelmet.com/post/first-historic-pole-position-and-podium-for-antonella-bassani-in-porsche-cup-brasil. Photo credits: Porsche Cup Brasil.

Perhaps not as fast as Brazilian race car driver Antonella Bassani, but fast enough.

This post discusses the pros and cons of rapid DNA, specifically in the MV Conception post mortem investigation.

DNA…and fingerprints

I’ve worked with rapid DNA since I was in Proposals at MorphoTrak, when our corporate parent Safran had an agreement with IntegenX (now part of Thermo Fisher Scientific). Rapid DNA, when suitable for use, can process a DNA sample in 90 minutes or less, providing a quick way to process DNA in both criminal and non-criminal cases.

By Zephyris – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=15027555

But as I explain below, sometimes rapid DNA isn’t so rapid. In those cases, investigators have to turn to boring biometric technologies such as fingerprints instead. Fingerprints are a much older identification modality, but they still work.

By Federal Bureau of Investigation – https://washingtonian.com/2016/11/24/the-fbi-opened-its-crime-lab-here-in-dc-back-in-1932, Public Domain, https://commons.wikimedia.org/w/index.php?curid=128508441

DNA, fingerprints…and dental records

From https://doi.org/10.1111/1556-4029.15513.

Bredemarket recently purchased access to a Journal of Forensic Sciences article entitled “Advances in postmortem fingerprinting: Applications in disaster victim identification” (https://doi.org/10.1111/1556-4029.15513) by Bryan T. Johnson MSFS of the Federal Bureau of Investigation Laboratory in Quantico. The abstract (which is NOT behind the paywall) states the following, in part:

In disaster victim identification (DVI), fingerprints, DNA, and dental examinations are the three primary methods of identification….As DNA technology continues to evolve, RAPID DNA may now identify a profile within 90 min if the remains are not degraded or comingled. When there are true unknowns, however, there is usually no DNA, dental, or medical records to retrieve for a comparison without a tentative identity.

In the body of the paper itself (which IS behind the paywall), Johnson cites one example in which use of rapid DNA would have DELAYED the process.

DVI depends upon comparison of a DNA sample from a victim with a previous DNA sample taken from the victim. If this is not available, then the victim’s DNA is compared against the DNA of a family member.

Identifying foreign nationals aboard the MV Conception

MV Conception shortly before it sank. By National Transportation Safety Board – Screen Shot 2020-10-16 at 3.00.40 PM, Public Domain, https://commons.wikimedia.org/w/index.php?curid=95326656

When the MV Conception boat caught fire and sank in September 2019, 34 people lost their lives and had to be positively identified.

While most of the MV Conception victims were California residents, some victims were from Singapore and India. It would take weeks to collect and transport the DNA samples from the victims’ family members back to the United States for comparison against the DNA samples from the victims. Weeks of uncertainty during which family members had no confirmation that their relatives were among the deceased.

However, because the foreign victims were visitors to the United States, they had fingerprints on file with the Department of Homeland Security. Interagency agreements allowed the investigating agencies to access the DHS fingerprints and compare them against the fingerprints of the foreign victims, providing tentative identifications within three days. (Fingerprint identification is a 100+ year old method, but it works!) These tentative identifications were subsequently confirmed when the familial DNA samples arrived.

What does this mean?

The message here is NOT that “fingerprints rule, DNA drools.” In some cases the investigators could not retrieve fingerprints from the bodies and HAD to use rapid DNA.

The message here is that when identifying people, you should use ANY biometric (or non-biometric) modality that is available: fingerprints, DNA, dental records, driver’s licenses, Radio Shack Battery Club card, or anything else that provides an investigative lead or a positive identification.

And ideally, you should use more than one factor of authentication.

And now a word from our sponsor

By the way, if you have a biometric story to tell, Bredemarket can help…um…drive results. Perhaps not as fast as Bassani, but fast enough.

Drive content results with Bredemarket Identity Firm Services.