fingerprint – Bredemarket

Understand, Adapt, or Create

When Bredemarket begins an engagement with a client, I usually have no idea what processes, templates, or practices the client already has. So I have to handle whatever is or is not there and either understand what is there, adapt it, or create what is needed.

Understand

In some cases clients already have a process.

For example, as I delved into the Sharepoint library for one of Bredemarket’s clients, I found a complete set of branding guidelines that covered logos, colors, and many other aspects of the company’s branding.

In that case, my job is to simply make sure that I align with the client’s branding, and that my content, proposals, and analysis work for the client aligns with the branding guidelines…or with whatever other process the client has.

Adapt

Sometimes the client has a process, but it needs to be adapted in some way.

Here’s an example I can publicly share: not from a Bredemarket client, but from my former employer Motorola (back when Motorola was one company). I was a product manager at the time, and products were developed via a “stage gate” process. At Motorola, of course, it was called M-Gates.

Our “Printrak” group (automated fingerprint identification systems, computer aided dispatch systems, and the like) was the odd group out in our part of Motorola (the part that would later become Motorola Solutions). Most of the people in that part of Motorola sold police radios that were manufactured in bulk. Therefore the stage gate process included a step for a limited production run of police radios before moving to full production.

That didn’t apply for the software we sold to government systems. For example, the entire production run for the Omnitrak 8.1 release was no more than a half dozen systems for customers in Switzerland, Oklahoma, and other places. A limited production run wouldn’t make sense.

So OUR stage gate process eliminated that step and went straight to full production.

Create

And then there are the clients who don’t have anything. In these cases, my invention hat goes on.

For one Bredemarket client, I was asked to develop several pieces of collateral, such as (ironically) one on process maturity, and several random pieces of content tied to a product release.

I decided to approach it more systematically by introducing a simple go-to-market process that defined the external and internal collateral required for a “high” tier product release and a “low” tier product release. Resisting my urge to define something thorough, I simplified the GTM process as much as possible, while still providing guidance on what a product release should contain.

The client rejected the idea: “we don’t need no steenking process.”

Not surprisingly, the process maturity content was never released either.

I’ve had better luck with other Bredemarket clients, defining go-to-market, proposal, and other processes for them as needed.

Be Prepared

Providing product marketing expertise is much more than writing about a product.

Before I write a word of text, I ensure that the content aligns with the client’s strategies…or my own strategies if the client doesn’t have any.

And of course I ask questions.

Europe is Looking At More Than Just Biometric Testing

A little more detail, courtesy EU Brussels, regarding the policy brief published by the EU Innovation Hub for Internal Security, coordinated by eu-LISA together with the European Commission, Europol and Frontex.

As I noted earlier today, one proposal is for Europe to perform its own independent biometric testing, reducing Europe’s dependence on the American National Institute of Standards and Technology (NIST).

“The second is a centralised evaluation and testing platform connected to that repository, allowing standardised, independent and continuous assessment of biometric technologies, including benchmarking across vendors.”

But if there is a second proposal (European testing) in the cited European biometric policy brief, there must also be a first proposal—one I failed to discuss this morning.

“The first is a common EU biometric data repository containing datasets that comply with European rules, reflect the demographics and use-cases relevant to EU authorities and are stored in a secure environment.”

Makes sense. If you are going to test you need test data. And NIST has no obligation to ensure its test data complies with the General Data Protection Regulation (GDPR). The subjects in NIST test databases rarely provided the “explicit consent” mentioned in GDPR, and the “right to erasure” from a NIST database is…laughable.

Yes, it’s extremely challenging to construct a testing database that complies with GDPR.

And NIST certainly ain’t gonna do it.

Will a European entity construct it?

And if the right to erasure is maintained, how will you maintain historical consistency of test results?

Why Would Europe Perform Its Own Biometric Testing?

I’ve seen two articles about a possible move by Europe to set up a Europe-wide biometric testing agency, bypassing the need for National Institute of Standards and Technology (NIST) biometric testing.

One reason is that a European-controlled testing methodology can incorporate European regulations, such as the General Data Protection Regulation (GDPR).

A second related reason for Europe to bypass NIST biometric testing is that U.S. government agencies, including NIST and the Federal Bureau of Investigation (FBI), naturally place prime importance on American interests.

Remember when the U.S. House of Representatives Select Committee on the Chinese Communist Party complained that the FBI Certified Products List contained Chinese biometric vendors (the Certified Communist Products List)?

Wait until they discover all the Chinese companies that participate in NIST testing.
And wait until someone in the legislative or executive branches decides that the FBI or NIST shouldn’t list products from other countries deemed unfriendly to the United States. Denmark? Germany? France?

For these reasons, Europe may be compelled to set up its own biometric testing organization.

And so may China.

By 1980

Last June I created a still for a fictional TV show called “The Amazing Computer.” The show described the real life activities of the FBI in computerizing its fingerprint system.

Now I’m giving it the Lyria treatment.

By 1980.

On Melanin

If you’re examining a person’s fingerprints, palm prints, face, and irises, you need to understand melanin.

The Cleveland Clinic goes into great detail on melanin, but for now I’m going to concentrate on one item.

There are three types of melanin, two of which affect the skin, eyes, and hair.

Eumelanin. There are two types of eumelanin: black and brown. Eumelanin is responsible for dark colors in skin, eyes and hair. People with brown or black hair have varying amounts of brown and black eumelanin. When there’s no black eumelanin and a small amount of brown eumelanin, it results in blonde hair.

Pheomelanin. This type of melanin pigments your lips, nipples and other pinkish parts of your body. People who have equal parts eumelanin and pheomelanin have red hair.

Melanin obviously affects the coloration of your skin, although some parts of your body (such as your fingertips) may have less melanin than other parts (such as your face).

Concentrating on fingertips and faces (and ignoring irises for the moment), let’s look at a situation where we use an optical mechanism (such as an optical fingerprint reader or a camera), along with available illumination, to photograph fingers and faces of people with varying skin tones.

But what if your entire photographic system is based upon reference materials optimized for light melanin levels? As late as the 1970s, Kodak’s reference materials, called “Shirley cards” after the first model, used to exclusively white people.

In the 1970s, photographer Jim Lyon joined Kodak’s first photo tech division and research laboratories. He says the company recognized there was a problem with the all-white Shirley cards.

“I started incorporating black models pretty heavily in our testing, and it caught on very quickly,” he says. “It wasn’t a big deal, it just seemed like this is the right thing to do. I wasn’t attempting to be politically correct. I was just trying to give us a chance of making a better film, one that reproduced everybody’s skin tone in an appropriate way.”

So hopefully today optical devices are properly capturing fingers, faces, and irises of people at all melanin levels.

Or is this wishful thinking?

The Biometric Product Marketing Expert For…Which Biometrics?

My professional experience spans DNA, face, friction ridge, iris, and voice.

But I’ve looked at many other modalities.

Biometric product marketing expert.

See the full list here.

Fingerprint Evidence in Court

For…a long time I’ve been talking about whether fingerprint evidence is accepted in court. But until now I never had access to an easy-to-use database of court cases.

Mike Bowers shared a release from the Wilson Center for Science and Justice at Duke Law, “New Database Documents a Century of Court Decisions on Forensic Expert Evidence Testimony.”

The fingerprint database can be accessed here.

From the Fingerprint Expert Evidence database, https://forensic-case-databases.law.duke.edu/data/fingerprints/,

Here’s an example of the case details for the (current) most recent record:

Case

Commonwealth v. Honsch, 22 N.E.3d 287 (Mass. 2024)

Year

2024

Jurisdiction

Massachusetts

Type of Proceeding

Appellate

Other fields

CourtSupreme Judicial Court of Massachusetts, Hampden

Expert Evidence Ruling Reversing or Affirming on AppealAdmitted

RulingCorrect to admit

Type of EvidenceFingerprint

Defense or Prosecution ExpertProsecution

Summary of Reasons for Ruling

The Commonwealth here presented two latent print analysts as experts. One multiple times that it was his “scientific opinion” that there were three latent prints that were “identified to” the palms of the defendant. The term “scientific” to describe his opinion “arguably verged on suggesting that the ACE-V process is more scientific than warranted,” and there was one instance in which Dolan testified without using the term “opinion.” The court concludes that there was no error because, “viewed as a whole,” his testimony was largely expressed in terms of an “opinion” and his testimony did not claim that the ACE-V process was infallible or absolutely certain.

On the other hand, Pivovar testified that she (i) “identified [a palm print from one of the garbage bags and the print of the defendant’s left palm] as originating from the same source”; (ii) “identif[ied] [another latent print] and the right palm print of [the defendant] as being the same, they originated from the same source”; and (iii) “identif[ied] the [third latent print] as originating from the same source as the right palm of [the defendant] that [she] compared it to.” Pivovar did not frame her testimony in terms of an “opinion” and expressed the identification of the defendant with certainty. This was error. However, the court concluded that Pivovar’s testimony did not likely influence the jury’s conclusion. Defense counsel countered the notion that individualization under the ACE-V methodology is infallible by cross-examining Pivovar on the subjectivity of latent print analysis, the fact that two prints are never identical, and a recent incident in which the Federal Bureau of Investigation erroneously identified a suspect based on an incorrect latent print analysis. The defendant also presented an expert detailing the risks of cognitive bias in latent print analysis. Additionally, the Commonwealth’s other latent print examiner, Dolan, testified as to the same findings as Pivovar. If Pivovar’s testimony had been properly framed as an opinion, there still would have been strong evidence that the prints found at Elizabeth’s crime scene originated from the defendant. Thus, even though we determine that Pivovar’s testimony was erroneously presented as fact, the error did not create a substantial likelihood of a miscarriage of justice.

Admissibility StandardLanigan-Daubert

Lower Court HearingN

Discussion of 2009 NAS ReportY

Discussion of Error Rates or ReliabilityN

Frye RulingN

Limiting Testimony RulingN

Language Imposed by Court to Limit TestimonyN

Ruling Based in Prior PrecedentY

Daubert FactorsN

Ruling on Qualifications of ExpertN

Ruling on 702(a)N

Ruling on 702(b)N

Ruling on 702(c)N

Ruling on 702(d)N

Notes—

Good resource to keep in mind.

Delivering Bad News: How Motorola Overcame the FpVTE 2003 Results Announcement

I just realized that I have never told the FULL story of FpVTE 2003 in the Bredemarket blog. I’ve only told the problem part, but not the solution part. Bad on me.

The problem part

I told parts of this in a 2023 post entitled “The Big 3, or 4, or 5? Through the Years.” One of the pivotal parts of the story was when the “big 4” became the “big 3.”

It happened like this:

These days the U.S. National Institute of Standards and Technology (NIST) is well known for its continuous biometric testing, but one of its first tests was conducted in 2003. At the time, there were four well-recognized fingerprint vendors:

Cogent Systems.
Motorola, which had acquired Printrak.
NEC.
Sagem Morpho, which had acquired Morpho.

There were a bunch of other fingerprint vendors, but they were much smaller, including the independent companies Bioscrypt and Identix.

I was a product manager at Motorola at the time, managing the server portion of the company’s automated fingerprint identification system (AFIS), Omnitrak. This featured a modernization of the architecture that was a vast improvement over the client-server architecture in Series 2000. The older product was still in use at the Royal Canadian Mounted Police (RCMP), but Motorola was in the process of installing Omnitrak in Slovenia and upgrading existing systems in Oklahoma and Switzerland.

Yes, I’ve worked in biometrics for a while.

Yes, I am the biometric product marketing expert.

This is the environment in which NIST released its Fingerprint Vendor Technology Evaluation of 2003 (FpVTE 2003).

“FpVTE 2003 consists of multiple tests performed with combinations of fingers (e.g., single fingers, two index fingers, four to ten fingers) and different types and qualities of operational fingerprints (e.g., flat livescan images from visa applicants, multi-finger slap livescan images from present-day booking or background check systems, or rolled and flat inked fingerprints from legacy criminal databases).”

So the companies listed above, among others, submitted their algorithms to FpVTE 2003. After the testing, NIST issued a summary report that included this sentence.

“Of the systems tested, NEC, SAGEM, and Cogent produced the most accurate results.”

You can see how this affected Motorola…and me. We were suddenly second-tier, via independent confirmation.

We first had to go to the RCMP and admit that we weren’t as accurate as other systems. This came at a particularly bad time, since the RCMP was engaged in a massive system upgrade of its own. While Motorola’s FpVTE performance was not the ultimate deciding factor, we lost the massive RCMP system to Cogent.

But Motorola did something else at the same time.

The solution part

The accuracy of an automated fingerprint identification system falls in the laps of the algorithm developers, whether the vendor develops its own algorithms or buys a third-party algorithm from another AFIS vendor.

Motorola developed its own algorithm…and one of the R&D leaders was Guy Cardwell.

Motorola held a User’s Conference after the FpVTE results announcement, and Cardwell spoke to our customers.

It wasn’t a flashy presentation with smoke and mirrors.
It wasn’t an accusatory presentation calling NIST a bunch of crooks.
It was basically Guy, on stage, saying that we didn’t do well.
And that we would do better.

Now of course that in itself means nothing unless we actually DID better. The R&D team went to work and improved the algorithm, and continued with other advances such as supporting complete 1000 pixel per inch systems as Sweden demanded.

But from a product marketing perspective, Motorola’s initial messaging to its customers was critically important.

Because if Motorola didn’t publicly address its FpVTE 2003 performance, then the only people talking about it would be Cogent, NEC, and Sagem Morpho.

And you don’t want to let your competitors deliver your message and steal your prospects.

Stop losing prospects! Use Bredemarket content for tech marketers

Lyria…and Fingerprint Matching

Google Gemini has a new capability: artificial intelligence music generation.

It’s called Lyria.

“Since launching the Gemini app, we’ve built tools to encourage creative expression through images and video. Today, we’re taking the next step: custom music generation. Lyria 3, Google DeepMind’s latest generative music model, is rolling out today in beta in the Gemini app.”

I used this prompt to generate a Lyria tune:

“Create music for a wildebeest using a laptop to compare a latent fingerprint to a tenprint fingerprint”

Google’s response:

“’I’ve created a unique atmospheric track for you that blends electronic data-processing sounds with the deep, resonant textures of a wildebeest’s world. You can play the music directly here in our chat!”

Or I could download it and share it with you.

Lyria.

Know Your Contactless Fingerprint Scanning History

As I write this, contactless fingerprint scanners cannot submit their prints to the U.S. Federal Bureau of Investigation’s (FBI) Next Generation Identification (NGI) system.

But the FBI does certify such scanners under a special category.

CFS flats from IDloop

Biometric Update recently wrote about one such scanner.

“Hungarian border police are exploring the use of contactless biometric technology made by German startup IDloop in border control and law enforcement….

“The product [CFS flats] was first introduced in 2024 and is the world’s first 3D contactless fingerprint scanner certified by the FBI, according to the firm.”

Note the last four words.

Biometric Update reports news as reported, and I don’t think it’s Biometric Update’s purpose to poke holes in vendor claims. So they just says that THE FIRM SAYS it’s certified, and it’s the first.

Well, IDloop is half right.

Is IDloop’s CFS flats FBI certified?

The way to check certification is to go to the Certified Products List web page at the FBI Biometric Specifications website. You can go there yourself: https://fbibiospecs.fbi.gov/certifications-1/cpl

And if you do, scroll down to the “Firm” area and look for IDloop in the list of firms.

Yes, it’s there, and it has a certification under the Personal Identity Verification (PIV) specification, originally dated 10/30/2024, modified 1/28/2026.

Here’s the description:

“CFS flats contactless, up to 4-finger, capture device at 500 ppi (PIV-071006) (original 10/24; algorithm update 1/26) Note: Device images a 3-dimensional object, but testing was primarily 2-dimensional – Not for use with CJIS systems.”

Again, the FBI isn’t allowing contactless submissions to CJIS systems such as NGI, in part because the Appendix F specifications assume analysis of fingerprint images on a 2-dimensional object. Obviously very, very difficult with contactless devices that capture 3-dimensional objects.

Is IDloop’s CFS flats first?

Again, here’s what IDloop claims.

“Introducing CFS flats—the world’s first FBI-certified 3D contactless fingerprint scanner.“

Um…perhaps I should share a bit of my personal history, for those who don’t know.

From 2009 to 2017 I worked for a company called MorphoTrak. Know where this is going?

But I’m not going to focus on my former employer.

Initial CPL search

Remember that unusual sentence that appears in IDloop’s description of its PIV certification?

“Device images a 3-dimensional object, but testing was primarily 2-dimensional”

I assert that if we can find ANY contactless product in the Certified Products List that uses that same language and was certified before 10/30/2024, then IDloop’s claim of being first is…somewhat inaccurate.

So I checked.

Two products received PIV certification before October 2024, MorphoWave XP (July 2020) and MorphoWave TP (May 2024). The first was originally certified over 4 years BEFORE the IDloop product.

“MorphoWave XP (formerly MorphoWave Compact) contactless, up to 4-finger, livescan device at 500 ppi (PIV-071006) (alternate enrollment processing 6/23; name change 2/22; contrast stretch 9/21; original 7/20) Note: Device images a 3-dimensional object, but testing was primarily 2-dimensional – Not for use with CJIS systems.”

Subsequent CPL search

And what if you search for the word “contactless” instead and just look at the 4-finger PIV certifications?

If you do so, you can find certifications from 2019 and earlier for products from Advanced Optical Systems (October 2015 May 2017), Safran Morpho (November 2015, under the original name “Finger On The Fly”), and Thales (May 2019). All years BEFORE the IDloop product.

IDloop, meet Advanced Optical Systems

While Advanced Optical Systems is no more, let’s look at the description for that original AOS product.

“ANDI OTG

contactless, up to 4-finger, livescan capture system at 500ppi (PIV-071006). Note: Device images a 3-dimensional object, but testing was only 2-dimensional – Not for use with CJIS systems”

Oh, and there was a press release:

“Huntsville, AL, November 30, 2015 (Newswire.com) –Advanced Optical Systems, Inc made the historic announcement today that their revolutionary, zero-contact “On The Go” fingerprint technology, ANDI® OTG, is the first non-contact fingerprint system to be certified by the US Federal Bureau of Investigation (FBI). The FBI added the device to the agency’s Certified Product List (CPL) on November 27th, 2015.”

From https://www.newswire.com/news/andi-otg-zero-contact-fingerprint-system-certified-by-fbi.

So IDloop may be certified, but it’s NOT the first contactless 4-finger scanner to receive certification.

It should have fact checked with the biometric product marketing expert.

Biometric product marketing expert, somewhere an ocean away from Hungary.