Tag Archives: facial recognition

What “Gender Shades” Was Not

Mr. Owl, how many licks does it take to get to the Tootsie Roll center of a Tootsie Pop?

A good question. Let’s find out. One, two, three…(bites) three.

From YouTube.

If you think Mr. Owl’s conclusion was flawed, let’s look at Google.

One, two, three…three

I was researching the Monk Skin Tone Scale for a future Bredemarket blog post, but before I share that post I have to respond to an inaccurate statement from Google.

Google began its page “Developing the Monk Skin Tone Scale” with the following statement:

In 2018, the pioneering Gender Shades study demonstrated that commercial, facial-analysis APIs perform substantially worse on images of people of color and women.

Um…no it didn’t.

I will give Google props for using the phrase “facial-analysis,” which clarifies that Gender Shades was an exercise in categorization, not individualization.

But to say that Gender Shades “demonstrated that commercial, facial-analysis APIs perform substantially worse” in certain situations is an ever-so-slight exaggeration.

Kind of like saying that a bad experience at a Mexican restaurant in Lusk, Wyoming demonstrates that all Mexican restaurants are bad.

How? I’ve said this before:

The Gender Shades study evaluated only three algorithms: one from IBM, one from Microsoft, and one from Face++. It did not evaluate the hundreds of other facial recognition algorithms that existed in 2018 when the study was released.

So to conclude that all facial classification algorithms perform substantially worse cannot be supported…because in 2018 the other algorithms weren’t tested.

One, two, three…one hundred and eighty nine

In 2019, NIST tested 189 software algorithms from 99 developers for demographic bias, and has continued to test for demographic bias since.

In these tests, vendors volunteer to have NIST test their algorithms for demographic bias.

Guess which three vendors have NOT submitted their algorithms to NIST for testing?

You guessed it: IBM, Microsoft, and Face++.

Anyway, more on the Monk Skin Tone Scale here, but I had to share this.

The Best Deepfake Defense is NOT Technological

I think about deepfakes a lot. As the identity/biometric product marketing consultant at Bredemarket, it comes with the territory.

When I’m not researching how fraudsters perpetrate deepfake faces, deepfake voices, and other deepfake modalities via presentation attack detection (liveness detection) and injection attack detection

…I’m researching and describing how Bredemarket’s clients and prospects develop innovative technologies to expose these deepfake fraudsters.

You can spend good money on deepfake-fighting industry solutions, and you can often realize a positive return on investment when purchasing these technologies.

But the best defense against these deepfakes isn’t some whiz bang technology.

It’s common sense.

  • Would your CEO really call you at midnight to expedite an urgent financial transaction?
  • Would that Amazon recruiter want to schedule a Zoom call right now?

If you receive an out-of-the-ordinary request, the first and most important thing to do is to take a deep breath.

A real CEO or recruiter would understand.

And…

…if your company offers a fraud-fighting solution to detect and defeat deepfakes, Bredemarket can help you market your solution. My content, proposal, and analysis offerings are at your service. Let’s talk: https://bredemarket.com/cpa/

CPA

(Imagen 4)

Video Analytics is Nothing New or Special

There is nothing new under the sun, despite the MIT Technology Review’s trumpeting of the “new way” to track people. 

The underlying article is gated, but here is what the public summary says:

“Police and federal agencies have found a controversial new way to skirt the growing patchwork of laws that curb how they use facial recognition: an AI model that can track people based on attributes like body size, gender, hair color and style, clothing, and accessories.

“The tool, called Track and built by the video analytics company Veritone, is used by 400 customers….”

Video analytics is nothing new. Viewing a picture of a particular backpack was a critical investigative lead after the Boston Marathon bombing. Two years later, I was adapting Morpho’s video analytics tool (now IDEMIA’s Augmented Vision) to U.S. use.

And it’s important to note that this is not strictly an IDENTIFICATION tool. Just because a tool finds someone with a particular body size, gender, hair color and style, clothing, and accessories means nothing. Hundreds of people may share those same attributes.

But when you combine them with an INDIVIDUALIZATION tool such as facial recognition…only then can you uniquely identify someone. (Augmented Vision can do this.)

And if facial recognition itself is only useful as an investigative lead…then video analytics without facial recognition is also only useful as an investigative lead.

Yawn.

(Imagen 3)

Revisiting Amazon Rekognition, May 2025

(Part of the biometric product marketing expert series)

A recent story about Meta face licensing changes caused me to get reflective.

“This openness to facial recognition could signal a turning point that could affect the biometric industry. 

“The so-called “big” biometric players such as IDEMIA, NEC, and Thales are teeny tiny compared to companies like Meta, Alphabet, and Amazon. If the big tech players ever consented to enter the law enforcement and surveillance market in a big way, they could put IDEMIA, NEC, and Thales out of business. 

“However, wholesale entry into law enforcement/surveillance could damage their consumer business, so the big tech companies have intentionally refused to get involved – or if they have gotten involved, they have kept their involvement a deep dark secret.”

Then I thought about the “Really Big Bunch” product that offered the greatest threat to the “Big 3” (IDEMIA, NEC, and Thales)—Amazon Rekognition, which directly competed in Washington County, Oregon until Amazon imposed a one-year moratorium on police use of facial recognition in June 2020. The moratorium was subsequently extended until further notice.

I last looked at Rekognition in June 2024, when Amazon teamed up with HID Global and may have teamed up with the FBI.

So what’s going on now?

Hard to say. I have been unable to find any newly announced Amazon Rekognition law enforcement customers.

That doesn’t mean that nothing is happening. Perhaps the government buyers are keeping their mouths shut.

Plus, there is this page, “Use cases that involve public safety.”

Nothing controversial on the page itself:

  • “Have appropriately trained humans review all decisions to take action that might impact a person’s civil liberties or equivalent human rights.”
  • “Train personnel on responsible use of facial recognition systems.”
  • “Provide public disclosures of your use of facial recognition systems.”
  • “In all cases, facial comparison matches should be viewed in the context of other compelling evidence, and shouldn’t be used as the sole determinant for taking action.” (In other words, INVESTIGATIVE LEAD only.)

Nothing controversial at all, and I am…um…99% certain (geddit?) that IDEMIA, NEC, and Thales would endorse all these points.

But why does Amazon even need such a page, if Rekognition is only used to find missing children?

Maybe this is a pre-June 2020 page that Amazon forgot to take down.

Or maybe not.

Couple this with the news about Meta, and there’s the possibility that the Really Big Bunch may enter the markets currently dominated by the Big Three.

Imagine if the DHS HART system, delayed for years, were resurrected…with Alphabet or Amazon or Meta technology.

We are still in the time of uncertainty…and may never go back.

(Large and small wildebeests via Imagen 3)

Frictionless Friction Ridges and Other Biometric Modalities

I wanted to write a list of the biometric modalities for which I provide experience.

So I started my usual list from memory: fingerprint, face, iris, voice, and DNA.

Then I stopped myself.

My experience with skin goes way beyond fingerprints, since I’ve spent over two decades working with palm prints.

(Can you say “Cambridgeshire method”? I knew you could. It was a 1990s method to use the 10 standard rolled fingerprint boxes to input palm prints into an automated fingerprint identification system. Because Cambridgeshire had a bias to action and didn’t want to wait for the standards folks to figure out how to enter palm prints. But I digress.)

So instead of saying fingerprints, I thought about saying friction ridges.

But there are two problems with this.

First, many people don’t know what “friction ridges” are. They’re the ridges that form on a person’s fingers, palms, toes, and feet, all of which can conceivably identify individuals.

But there’s a second problem. The word “friction” has two meanings: the one mentioned above, and a meaning that describes how biometric data is captured.

No, there is not a friction method to capture faces.
From https://www.youtube.com/watch?v=4XhWFHKWCSE.

No, there is not a friction method to capture faces. Squishing 

  • If you have to do something to provide your biometric data, such as press your fingers against a platen, that’s friction.
  • If you don’t have to do anything other than wave your fingers, hold your fingers in the air, or show your face as you stand near or walk by a camera, that’s frictionless.

More and more people capture friction ridges with frictionless methods. I did this years ago using MorphoWAVE at MorphoTrak facilities, and I did it today at Whole Foods Market.

So I could list my biometric modalities as friction ridge (fingerprint and palm print via both friction and frictionless capture methods), face, iris, voice, and DNA.

But I won’t.

Anyway, if you need content, proposal, or analysis assistance with any of these modalities, Bredemarket can help you. Book a meeting at https://bredemarket.com/cpa/

Are You Responding to the CBP RFI, “RFI Land Vehicle Primary Zone Traveler Photo Capture Device”?

Facial recognition firms, let’s talk about Requests for Information from the Department of Homeland Security. I wrote about one in 2021, so I figured I’d write about another one that was just published today.

But before I do, let me just say that…um…I’m experienced in responding to Requests for Information (RFIs) from the Department of Homeland Security…and that’s all I can say.

And this new RFI is intriguing.

The RFI with Notice ID RFI-LVPZTPCD was issued by U.S Customs and Border Protection today (April 30) and is due in one month (May 30). The description includes the following:

“CBP is seeking a solution for capturing facial images of vehicle occupants in an officer-manned primary zone at an inbound vehicle point of entry (POE).”

Today’s CBP RFI-LVPZTPCD envisions the use case in which people are entering the U.S. in a car…and are NOT getting out of the car. But you still have to capture their faces at a sufficient quality level, which is easier said than done. Heck, in May 2022 it took me several tries to capture a passport facial image at CVS when I WASN’T in a car. Now add distance, odd camera angles, and possibly an intervening car windshield, and you’re in for big challenges.

I wonder how many facial recognition vendors are planning to respond to this RFI…and how many need the experienced proposal help that Bredemarket can provide.

  • I know one biometric firm that often responds to Department of Homeland Security RFIs, but this firm does not have a “Land Vehicle Primary Zone Traveler Photo Capture Device.” So while this firm has used Bredemarket’s proposal services in the past, it won’t respond to this particular RFI.
  • I know another biometric firm with a keen interest in land vehicle primary zone traveler photo capture devices, and perhaps this firm may respond to this RFI. But this is the firm that didn’t renew my consulting contract in the fall of 2024, and I haven’t heard from them since.

Of course, there are other facial recognition firms out there, some of which may have outstanding solutions to the CBP’s problem.

And in case you haven’t heard, Bredemarket has an opening for a facial recognition client, and can provide winning proposal development services.

So if I can help your facial recognition firm respond to this RFI, book a call: https://bredemarket.com/cpa/

Putting the P in CPA.

(San Ysidro Port of Entry picture by Philkon (Phil Konstantin) – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=15343509.)

TSA Photo Requests: “The Current U.S. Government” Can Already Obtain Your Facial Image

There have been many recent stories about Transportation Security Administration (TSA) capture of the facial images of travelers, an outgrowth of the same post-9/11 concerns that resulted in REAL IDs in 2008…I mean 2025. (Maybe.)

One story from HuffPost clearly states its view on the matter. The title of the story? “Why You Can (And Should) Opt Out Of TSA Facial Recognition Right Now.”

I guess we know where HuffPost stands.

As to the “why” of its stance, here’s a succinct statement:

“Do you really want to be submitting a face scan to the current U.S. government?”

And perhaps there are good reasons to distrust the Trump Administration, or any administration. 

After all, the TSA says it only retains the picture for a limited time: “Photos are not stored or saved after a positive ID match has been made, except in a limited testing environment for evaluation of the effectiveness of the technology,”

But maybe…something happens. Someone accidentally forgot to delete the files. Oops.

And if something happens, the federal government has just captured an image of your face!

Guess what? The federal government can probably already get an image of your face, even if you don’t allow TSA to take your photo.

After all, you had to show some sort of identification when you arrived at that TSA checkpoint. Maybe you showed a passport, with a picture that the U.S. State Department received at one point. No, they don’t retain them either. But maybe…something happens.

But who does retain an image of your face?

Your state driver’s license agency. And as of 2019:

“Twenty-one states currently allow federal agencies such as the FBI to run searches of driver’s license and identification photo databases.”

So if a federal agency wants your facial image, it can probably obtain it even if you decline the TSA photo request.

Unless you strictly follow Amish practices. But in that case you probably wouldn’t be going through a TSA checkpoint anyway.

But if you are with a facial recognition company, and you want your prospects and their prospects to understand how your solution protects their privacy…

Bredemarket can help:

  • compelling content creation
  • winning proposal development
  • actionable analysis

Book a call: https://bredemarket.com/cpa/ 

(Security checkpoint picture generated by Imagen 3)

Is Milwaukee Selling PII for Free Facial Recognition Software Access?

(Part of the biometric product marketing expert series)

Perhaps facial recognition product marketers have heard of stories like this. Or perhaps they haven’t.

Tight budgets. Demands that government agencies save money. Is this the solution?

“Milwaukee police are mulling a trade: 2.5 million mugshots for free use of facial recognition technology.

“Officials from the Milwaukee Police Department say swapping the photos with the software firm Biometrica will lead to quicker arrests and solving of crimes.”

Read the article at https://www.jsonline.com/story/news/crime/2025/04/25/milwaukee-police-considering-trading-mugshots-for-facial-recognition-tech/83084223007/

As expected, activists raised all sorts of other concerns about facial recognition in general. But there’s an outstanding question:

What will Biometrica do with the 2.5 million images?

  • Use them for algorithmic training? 
  • Allow other agencies to search them?
  • Something else?
  • And what happens to the images if another company acquires Biometrica and/or its data? (See 23andMe.)

Biometrica didn’t respond to a request for comment.

And other facial recognition vendors operate differently.

How does your company treat customer data?

And how do you tell your story?

Do you have the resources to market your product, or are your resources already stretched thin?

If you need help with your facial recognition product marketing, Bredemarket has an opening for a facial recognition client. I can offer

  • compelling content creation
  • winning proposal development
  • actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

(Wheelbarrows from Imagen 3)

Why Does TPRM Fail? Not Because of the TPRM Software Providers.

For years I have maintained that the difficulties in technology are not because of the technology itself.

Technology can do wonderful things.

The difficulties lie with the need for people to agree to use the technology.

And not beg ignorance by saying “I know nothing.”

(Image of actor John Banner as Sgt. Schultz on Hogan’s Heroes is public domain.)

Case in point

I just saw an article with the title “TPRM weaknesses emerge as relationship owners fail to report red flags.

Unlike some clickbait-like article titles, this one from Communications Today succinctly encapsulates the problem up front.

It’s not that the TPRM software is failing to find the red flags. Oh, it finds them!

But the folks at Gartner discovered something:

“A Gartner survey of approximately 900 third-party relationship owners…revealed that while 95% saw a third-party red flag in the past 12 months, only around half of them escalate it to compliance teams.”

Among other things, the relationship owners worry about “the perceived return on investment (ROI) of sharing information.”

And that’s not a software issue. It’s a process issue.

wildebeests on a stairway, young to old, with the oldest wildebeest possessing a trophy
Wildebeest maturity model via Imagen 3.

No amount of coding or AI can fix that.

And this is not unique to the cybersecurity world. Let’s look at facial recognition.

Another case in point

I’ve said this over and over, but for U.S. criminal purposes, facial recognition results should ONLY be used as investigative leads.

It doesn’t matter whether they’re automated results, or if they have been reviewed by a trained forensic face examiner. 

Facial recognition results should only be used as investigative leads.

Sorry for the repetition, but some people aren’t listening.

But it’s not the facial recognition vendors. Bredemarket has worked with numerous facial recognition vendors over the years, and of those who work with law enforcement, ALL of them have emphatically insisted that their software results should only be used as investigative leads.

All of them. Including…that one.

But the vendors have no way to control the actions of customers who feed poor-quality data into their systems, get a result…and immediately run out and get an arrest warrant without collecting corroborating evidence.

And that’s not a software issue. It’s a process issue.

No amount of coding or AI can fix that.

I hope the TPRM folks don’t mind my detour into biometrics, but there’s a good reason for it.

Product marketing for TPRM and facial recognition

Some product marketers, including myself, believe that it’s not enough to educate prospects and customers about your product. You also need to educate them about proper use of the product, including legal and ethical concerns.

If you don’t, your customers will do dumb things in Europe, Illinois, or elsewhere—and blame you when they are caught.

Illinois, land of BIPA. I mean Lincoln.

Be a leader in your industry by doing or saying the right thing.

And now here’s a word from our sponsor.

Not the “CPA” guy again…

Bredemarket has openings

There’s a reason why this post specifically focused on cybersecurity and facial recognition.

If you need product marketing assistance with your product, Bredemarket has two openings. One for a cybersecurity client, and one for a facial recognition client. 

I can offer

  • compelling content creation
  • winning proposal development
  • actionable analysis

If Bredemarket can help your stretched staff, book a free meeting with me: https://bredemarket.com/cpa/

Bredemarket has openings. Imagen 3 again.