Tag Archives: facial recognition

NIST Implements Color Coding to Visually Identify High False Positive Facial Recognition Values

With the exception of colorblind people, the use of colors in dashboards makes information more accessible, particularly in populations where green means “good” and red means “bad.”

(Even if your name IS Bamber.)

The National Institute of Standards and Technology understands the importance of consistent colors, having worked on traffic light colors since the National Bureau of Standards days (PDF).

For more modern applications such as biometrics, NIST recently incorporated a color coding display change to one of its tabs for the “Face Recognition Technology Evaluation (FRTE) 1:N Identification” results. Specifically, the “Demographics: False Positive Dependence” tab.

The change, announced in an email, is as follows:

“The false positive identification error rate tables now include color-coding to highlight anomalously high values.”

In this context, “anomalously high” is bad, or red. (Actually dark pink, but close enough.)

But let’s explain WHY and HOW NIST made this change.

Why does NIST highlight demographic false positive dependence?

NIST has of course explored the demographic effects of face recognition for years, and the “Demographics: False Positive Dependence” tab provides additional tracking for this.

Why does NIST do this?

“False positives occur when searches return wrong identities. Such outcomes have application-dependent consequences, which can be serious.”

Serious as in arresting and jailing innocent people. I previously mentioned Robert Williams.

How does NIST highlight demographic false positive dependence?

Anyway, NIST created the “Demographics: False Positive Dependence” tab.

“The table shows false positive identification rates (FPIR), the fraction of searches that should not return gallery entries above a threshold, but do. The threshold is set for each algorithm to give a FPIR of 0.002 (1 in 500) or less on searches of women born in Eastern Europe.”

And for algorithms that have “anomalously high values” in other demographic populations, NIST has added the color coding.

“A cell is shaded by how much larger FPIR is than that: yellow if FPIR is 20 times larger; pink if FPIR is 40 times larger; and dark pink if FPIR is 80 times larger.”

What does the highlighting look like?

Let me illustrate this with the results from the three algorithms Omnigarde submitted.

Data captured April 8, 2026. Omnigarde.
  • Omnigarde’s first two algorithms, submitted in 2023 and 2024, exhibited high FPIR values for south Asian females, and the second algorithm also exhibited a high FPIR value for east Asian females. See the color coding.
  • The third algorithm, submitted in 2025, had lower FPIR values for these populations and thus no yellow color coding.

Even the less-stellar algorithms show improvement over time.

Data captured April 8, 2026. Anonymized (but you can figure it out if you’re curious).

Final thoughts

Both vendors and customers/prospects can rightfully question whether this is helpful or hurtful. I lean toward “helpful,” because if the facial recognition algorithm you use provides high false positives for certain popularions, you need to know.

And as always, law enforcement in the United States should NEVER solely rely on facial recognition results as the basis for an arrest…even for Eastern European females. They should ONLY be an investigative lead.

In the meantime, take care of yourself, and each other.

Jerry Springer. By Justin Hoch, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=16673259.

CITeR and Combating Facial Recognition Demographic Bias

The National Institute of Standards and Technology (NIST) isn’t the only entity that is seeking to combat facial recognition demographic bias. The Center for Identification Technology Research (CITeR) is doing its part.

The Problem

NIST and other entities have documented facial recognition accuracy differences related to skin tone. This is separate from the topic of facial analysis: this relates to facial recognition, or the identification of an individual. (As a note, “Gender Shades” had NOTHING to do with facial recognition.)

It’s fair to summarize that the accuracy of an algorithm depends upon the data used to train the algorithm. For example, if an algorithm is trained entirely on Japanese people, you would expect that it would be very accurate in identifying Japanese, but less accurate in identifying Native Americans or Kenyans.

Many of the most-used facial recognition algorithms are authored by North American/European or Asian companies, and while the good ones seek to employ a broad data set for algorithm training, NIST and other results document clear demographic differences in accuracy.

The Research

The Center for Identification Technology Research (CITeR) is a consortium of universities, government agencies, and private entities. The lead entity in CITeR, Clarkson University, has initiated research on “improving equity in face recognition systems.” Clarkson is using the following methods:

  • Establish a continuous skin color metric that retains accuracy across different image acquisition environments.
  • Develop a statistical approach to measure equity, ensuring FR results fall within a precise margin of error.
  • Employ new FR systems in combination with or instead of existing measures to minimize bias of results.

In this work, Clarkson is cooperating with other entities, such as the International Organization for Standardization (ISO) and the FIDO Alliance.

The final goal is to make facial recognition usable for everyone.

Your problem

Is your identity company and its product marketers also working to reduce demographic bias? How are you telling your story? Bredemarket (the biometric product marketing expert) can help with strategic and tactical solutions for your marketing and writing needs.

Bredemarket services, process, and pricing.

If I can help your firm with analysis, content, or even proposals in this area, talk to me.

Europe is Looking At More Than Just Biometric Testing

A little more detail, courtesy EU Brussels, regarding the policy brief published by the EU Innovation Hub for Internal Security, coordinated by eu-LISA together with the European Commission, Europol and Frontex.

As I noted earlier today, one proposal is for Europe to perform its own independent biometric testing, reducing Europe’s dependence on the American National Institute of Standards and Technology (NIST).

“The second is a centralised evaluation and testing platform connected to that repository, allowing standardised, independent and continuous assessment of biometric technologies, including benchmarking across vendors.”

But if there is a second proposal (European testing) in the cited European biometric policy brief, there must also be a first proposal—one I failed to discuss this morning.

“The first is a common EU biometric data repository containing datasets that comply with European rules, reflect the demographics and use-cases relevant to EU authorities and are stored in a secure environment.”

Makes sense. If you are going to test you need test data. And NIST has no obligation to ensure its test data complies with the General Data Protection Regulation (GDPR). The subjects in NIST test databases rarely provided the “explicit consent” mentioned in GDPR, and the “right to erasure” from a NIST database is…laughable.

Yes, it’s extremely challenging to construct a testing database that complies with GDPR.

And NIST certainly ain’t gonna do it.

Will a European entity construct it?

And if the right to erasure is maintained, how will you maintain historical consistency of test results?

Why Would Europe Perform Its Own Biometric Testing?

I’ve seen two articles about a possible move by Europe to set up a Europe-wide biometric testing agency, bypassing the need for National Institute of Standards and Technology (NIST) biometric testing.

One reason is that a European-controlled testing methodology can incorporate European regulations, such as the General Data Protection Regulation (GDPR).

A second related reason for Europe to bypass NIST biometric testing is that U.S. government agencies, including NIST and the Federal Bureau of Investigation (FBI), naturally place prime importance on American interests.

Remember when the U.S. House of Representatives Select Committee on the Chinese Communist Party complained that the FBI Certified Products List contained Chinese biometric vendors (the Certified Communist Products List)?

  • Wait until they discover all the Chinese companies that participate in NIST testing.
  • And wait until someone in the legislative or executive branches decides that the FBI or NIST shouldn’t list products from other countries deemed unfriendly to the United States. Denmark? Germany? France?

For these reasons, Europe may be compelled to set up its own biometric testing organization.

And so may China.

You CAN Modernize…But Should You?

In the past, I have said:

“[T]he technology is easy. The business part is the difficult part.”

But Chris Burt of Biometric Update phrased it more succinctly:

“[P]olicy chases modernization”

As Burt notes, examples of policy chasing modernization include:

  • Digital sovereignty, a topic of discussion with everyone from ID4Africa to an organization called the World Ethical Data Foundation. (As an aside, a Bredemarket client and I were recently discussing the pros and cons of managing digital identities in the cloud vs. peer-to-peer synchronization.)
  • Cybersecurity and digital identity, a topic of discussion in government (the White House, NIST) and industry (Jordan Burris of Socure).
  • Other topics, including police facial recognition policy. (Hmm…I recall that both government and vendor biometric policies were the topic of a Biometric Update guest article last year.)

All of you recall Pandora’s Box. I’ve used the story multiple times, including when discussing my creation of Bredebot and its nearly-instantaneous hallucinations. Yes, I do have “policies” regarding this “modernization,” including full disclosure.

But are policies enough?

What is the NIST Facial Recognition Technology Evaluation (FRTE)? And Why Should You Care?

I’m guilty of acronym overuse. I just wrote a post that mentioned something called “FRTE,” and I belatedly realized that many of the people who read the post…and many of the people who need to read the post…have no idea how to spell FRTE, much less WHY it’s important. So let me explain.

But before I explain FRTE, I should explain NIST. It’s the National Institute of Standards and Technology, part of the U.S. Department of Commerce, and it promotes technology standards throughout the country and throughout the world.

Among the many, many, many things that NIST does, it looks at the use of biometrics for identification and classification of individuals, including face. NIST’s face work is split into face recognition and face analysis. While the latter concerns classification of faces (whether the face is real or a presentation attack, the estimated age of the person), the former focuses on individualization.

FRTE and other stuff, from NIST.

But I’m not going to talk about FATE today. Let’s focus on FRTE.

Why FRTE?

There are hundreds upon hundreds of algorithms out there that purport to compare a face to another face, or to compare a face to many faces, and indicate the likelihood that the compared faces belong to the same person.

And any algorithm provider can claim that its facial recognition algorithm provides 100.00% accuracy or 99.99% accuracy or whatever.

Or that it can search a trillion record database in 0.1 seconds or whatever.

Perhaps the provider even backs up this claim with published data in which the provider tested its algorithm with 1,000 searches against a 100,000 record database and the algorithm did not make a single error.

Are you impressed?

I’m not.

Anyone can score 100% on a self-test.

But what happens when you are given a test by someone else…closed book…with no answer key?

(And yes, I’m aware of the claims that these independent tests are flawed. So design a better one that more than one algorithm provider supports.)

If you’re looking to buy facial recognition technology, the second best way to evaluate the different facial recognition algorithms is to consult the NIST FRTE tests.

  • These tests are continuous, with new algorithms usually added monthly.
  • These tests are complex, measuring umpteen diffferent databases and search types. One or more of these may match your particular use case.
  • These tests are black box. The algorithm providers send their algorithms to NIST, and they are tested against all the other algorithms on identical setups.

Most importantly, the results of these tests are public, and you can view them yourself. The 1:1 testing is here, and the 1:N testing is here.

Oh, and the tests are listed by the algorithm provider, so if Omnigarde says they’ve been tested by NIST, you can look at the test results and find Omnigarde’s algorithm.

And if Vendor X says its algorithm tested well, but you can’t find Vendor X in the algorithm list, then you need to ask Vendor X which algorithm it’s using.

And if Vendor Y says it’s really accurate, but doesn’t state that the algorithm it uses was NIST tested…ask Vendor Y to prove its accuracy claims.

So that’s FRTE. And if your facial recognition vendor isn’t talking about FRTE…ask why.

Why Biometric Marketing Experience Beats Biometric Marketing Immaturity

I know that the experts say that “too much knowledge is actually bad in tech.” But based upon what I just saw from an (unnamed) identity verification company, I assert that too little knowledge is much worse.

As a biometric product marketing expert and biometric product marketing writer, I pay a lot of attention to how identity verification companies and other biometric and identity companies market themselves. Many companies know how to speak to their prospects…and many don’t.

Take a particular company, which I will not name. Here is the “marketing” from this company.

  • We have funding!
Google Gemini.
  • We offer lower pricing than selected competitors!
  • We claim high facial recognition accuracy but don’t publish our NIST FRTE results! (While the company claims to author its technology, the company name does not appear in either the NIST FRTE 1:1 or NIST FRTE 1:N results.)
  • We claim liveness detection (presentation attack detection) but don’t publish any confirmation letters! (Again, I could not find the company name on the confirmation letter lists from BixeLab or iBeta.)
Google Gemini.

So what is the difference between this company and the other 100+ identity verification companies…many of which explicitly state their benefits, trumpet their NIST FRTE performance, and trumpet their third-party liveness detection confirmation letters?

If you claim great accuracy and great liveness detection but can’t support it via independent third-party verification, your claim is “so what?” worthless. Prove your claims.

Now I’m sure I could help this company. Even if they have none of the certifications or confirmations I mentioned, I could at least get the company to focus on meaningful differentiation and meaningful benefits. But there’s no need to even craft a Bredemarket pitch to the company, since the only marketer on staff is an intern who is indifferent to strategy.

Google Gemini.

Because while many companies assert that all they need is a salesperson, an engineer, an African data labeler, and someone to run the generative AI for everything else…there are dozens of competitors doing the exact same thing.

But some aren’t. Some identity/biometric companies are paying attention to their long-term viability, and are creating content, proposals, and analyses that support that viability.

Take a look at your company’s marketing. Does it speak to prospects? Does it prove that you will meet your customers’ needs? Or does it sound like every other company that’s saying “We use AI. Trust us“?

And if YOUR company needs experienced help in conveying customer-focused benefits to your prospects…contact Bredemarket. I’ve delivered meaningful biometric materials to two dozen companies over the years. And yes, I have experience. Let me use it for your advantage.

When Everyone Goes Multimodal: Iris ID and Faces

I’ve previously discussed the difference between the terms “multimodal” and “multifactor.”

Multimodal is often (though not exclusively) used to discuss the use of different biometric modalities. For example, when Motorola’s Biometric Business Unit was acquired, we joined an organization (Sagem Morpho) that specialized in three biometric modalities: finger, face, and iris.

From Sandeep Kumar, A. Sony, Rahul Hooda, Yashpal Singh, in Journal of Advances and Scholarly Researches in Allied Education | Multidisciplinary Academic Research, “Multimodal Biometric Authentication System for Automatic Certificate Generation.”

As you can imagine, the “which biometric is best” wars simply do not apply to the multimodal folks. Unlike someone committed to tongue biometrics because that’s all they do, a multimodal biometric vendor can say “this one’s best here, this other one’s best there.”

So I was a bit surprised to see the recent Biometric Update article, “Iris ID debuts in NIST FRTE 1:1.”

  • Iris ID is known for…well, irises.
  • FRTE is a face test.

I had some catching up to do.

After all, I was aware of the history of Iris ID (yet another New Jersey iris company) and its spinoff from LG, and although I don’t think I’ve ever met Mohammad Murad, I’ve certainly heard of him.

But Iris ID has branched off from just irises. Here’s what it exhibited at Identity Week America in September 2025:

“Highlighted in the Iris ID booth are the latest advances in multi-modal biometric technology, where iris and face recognition are combined in fully contactless solutions. These innovations are designed to deliver fast, frictionless throughput while ensuring accuracy and reliability, even in high-throughput environments.”

For what it’s worth, the Iris ID “001” algorithm tested in NIST FRTE 1:1 wasn’t an overwhelming world-beater, not even cracking the top 100 in any of NIST’s many, many categories (the best performance was in BORDER:BORDER).

But everyone has to start somewhere.

Just don’t get eyes and faces confused.

A biometric product marketing writer can help.

Assume No Mouth

When I first encountered facial recognition companies in the 1990s and early 2000s, the rules were pretty clear.

Their algorithms needed to identify people by their permanent features, not their temporary ones.

Don’t identify someone by a beard or a lipstick shade, but by what is usually always present: eyes, nose, ears…and mouth.

After all, it wasn’t like people were going to lose their mouths or anything.

Until 2020, when everyone started covering up their mouths.

And the algorithms had to adapt.