fingerprint – Page 6

Defeating Synthetic Identity Fraud

I’ve talked about synthetic identity fraud a lot in the Bredemarket blog over the past several years. I’ll summarize a few examples in this post, talk about how to fight synthetic identity fraud, and wrap up by suggesting how to get the word out about your anti-synthetic identity solution.

But first let’s look at a few examples of synthetic identity.

Synthetic identities pop up everywhere

As far back as December 2020, I discussed Kris’ Rides’ encounter with a synthetic employee from a company with a number of synthetic employees (many of who were young females).

More recently, I discussed attempts to create synthetic identities using gummy fingers and fake/fraudulent voices. The topic of deepfakes continues to be hot across all biometric modalities.

From https://www.candynation.com/gummy-fingers

I shared a video I created about synthetic identities and their use to create fraudulent financial identities.

From https://www.youtube.com/watch?v=oDrSBlDJVCk.

I even discussed Kelly Shepherd, the fake vegan mom created by HBO executive Casey Bloys to respond to HBO critics.

From https://twitter.com/KellySh33889356.

And that’s just some of what Bredemarket has written about synthetic identity. You can find the complete list of my synthetic identity posts here.

So what? You must fight!

It isn’t enough to talk about the fact that synthetic identities exist: sometimes for innocent reasons, sometimes for outright fraudulent reasons.

You need to communicate how to fight synthetic identities, especially if your firm offers an anti-fraud solution.

Public Domain, https://commons.wikimedia.org/w/index.php?curid=607428.

Here are four ways to fight synthetic identities:

Checking the purported identity against private databases, such as credit records.
Checking the person’s driver’s license or other government document to ensure it’s real and not a fake.
Checking the purported identity against government databases, such as driver’s license databases. (What if the person presents a real driver’s license, but that license was subsequently revoked?)
Perform a “who you are” biometric test against the purported identity.

If you conduct all four tests, then you have used multiple factors of authentication to confirm that the person is who they say they are. If the identity is synthetic, chances are the purported person will fail at least one of these tests.

Do you fight synthetic identity fraud?

If you fight synthetic identity fraud, you should let people know about your solution.

Perhaps you can use Bredemarket, the identity content marketing expert. I work with you (and I have worked with others) to ensure that your content meets your awareness, consideration, and/or conversion goals.

How can I work with you to communicate your firm’s anti-synthetic identity message? For example, I can apply my identity/biometric blog expert knowledge to create an identity blog post for your firm. Blog posts provide an immediate business impact to your firm, and are easy to reshare and repurpose. For B2B needs, LinkedIn articles provide similar benefits.

If Bredemarket can help your firm convey your message about synthetic identity, let’s talk.

Drive content results with Bredemarket Identity Firm Services.

When Rapid DNA Isn’t

(Part of the biometric product marketing expert series)

Have you heard of rapid DNA?

Fair use, from https://www.racers-behindthehelmet.com/post/first-historic-pole-position-and-podium-for-antonella-bassani-in-porsche-cup-brasil. Photo credits: Porsche Cup Brasil.

Perhaps not as fast as Brazilian race car driver Antonella Bassani, but fast enough.

This post discusses the pros and cons of rapid DNA, specifically in the MV Conception post mortem investigation.

DNA…and fingerprints

I’ve worked with rapid DNA since I was in Proposals at MorphoTrak, when our corporate parent Safran had an agreement with IntegenX (now part of Thermo Fisher Scientific). Rapid DNA, when suitable for use, can process a DNA sample in 90 minutes or less, providing a quick way to process DNA in both criminal and non-criminal cases.

By Zephyris – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=15027555

But as I explain below, sometimes rapid DNA isn’t so rapid. In those cases, investigators have to turn to boring biometric technologies such as fingerprints instead. Fingerprints are a much older identification modality, but they still work.

By Federal Bureau of Investigation – https://washingtonian.com/2016/11/24/the-fbi-opened-its-crime-lab-here-in-dc-back-in-1932, Public Domain, https://commons.wikimedia.org/w/index.php?curid=128508441

DNA, fingerprints…and dental records

From https://doi.org/10.1111/1556-4029.15513.

Bredemarket recently purchased access to a Journal of Forensic Sciences article entitled “Advances in postmortem fingerprinting: Applications in disaster victim identification” (https://doi.org/10.1111/1556-4029.15513) by Bryan T. Johnson MSFS of the Federal Bureau of Investigation Laboratory in Quantico. The abstract (which is NOT behind the paywall) states the following, in part:

In disaster victim identification (DVI), fingerprints, DNA, and dental examinations are the three primary methods of identification….As DNA technology continues to evolve, RAPID DNA may now identify a profile within 90 min if the remains are not degraded or comingled. When there are true unknowns, however, there is usually no DNA, dental, or medical records to retrieve for a comparison without a tentative identity.

In the body of the paper itself (which IS behind the paywall), Johnson cites one example in which use of rapid DNA would have DELAYED the process.

DVI depends upon comparison of a DNA sample from a victim with a previous DNA sample taken from the victim. If this is not available, then the victim’s DNA is compared against the DNA of a family member.

Identifying foreign nationals aboard the MV Conception

MV Conception shortly before it sank. By National Transportation Safety Board – Screen Shot 2020-10-16 at 3.00.40 PM, Public Domain, https://commons.wikimedia.org/w/index.php?curid=95326656

When the MV Conception boat caught fire and sank in September 2019, 34 people lost their lives and had to be positively identified.

While most of the MV Conception victims were California residents, some victims were from Singapore and India. It would take weeks to collect and transport the DNA samples from the victims’ family members back to the United States for comparison against the DNA samples from the victims. Weeks of uncertainty during which family members had no confirmation that their relatives were among the deceased.

However, because the foreign victims were visitors to the United States, they had fingerprints on file with the Department of Homeland Security. Interagency agreements allowed the investigating agencies to access the DHS fingerprints and compare them against the fingerprints of the foreign victims, providing tentative identifications within three days. (Fingerprint identification is a 100+ year old method, but it works!) These tentative identifications were subsequently confirmed when the familial DNA samples arrived.

What does this mean?

The message here is NOT that “fingerprints rule, DNA drools.” In some cases the investigators could not retrieve fingerprints from the bodies and HAD to use rapid DNA.

The message here is that when identifying people, you should use ANY biometric (or non-biometric) modality that is available: fingerprints, DNA, dental records, driver’s licenses, Radio Shack Battery Club card, or anything else that provides an investigative lead or a positive identification.

And ideally, you should use more than one factor of authentication.

And now a word from our sponsor

By the way, if you have a biometric story to tell, Bredemarket can help…um…drive results. Perhaps not as fast as Bassani, but fast enough.

The 21st Century’s Four Revolutionary Biometric Events

I define a revolutionary biometric event as something that COMPLETELY TRANSFORMS the biometric industry.

For me, the four events that have revolutionized biometrics in this century (so far) include:

The September 2001 use of commercial planes in a terrorist attack.
The April 2013 Boston Marathon bombings.
The September 2013 introduction of Touch ID on the Apple iPhone.

From Apple, https://support.apple.com/en-us/HT201371

The 2020 (and beyond) COVID-19 pandemic.

If you want to learn WHY I regard these four events as revolutionary, and why I DON’T regard the introduction of the Apple Vision Pro as revolutionary, see my June 2023 post.

In fingerprint capture, 14 is better than 20

In many instances of fingerprint capture, whether obtaining prints through ink or through livescan, the tenprint person captures 14 images. Not 10, not 20, but 14.

Why?

Quality control.

Because the 14 images contain two impressions of every print, you can compare the top set of prints (the rolled prints) against the bottom set (the slap prints).

Locations of finger 2 (green) and finger 3 (blue) for rolled and slap prints.

In the example above, if the green rolled print is NOT the same as the green slap print, or if the blue rolled print is NOT the same as the blue slap print, then you captured the fingerprints in the wrong order.

I discussed this in more detail in an earlier post.

If you need Bredemarket’s marketing and writing services to explain the benefits of your technology to your prospects and customers, contact me.

Multispectral fingerprint readers, the succinct version

There are various types of dedicated fingerprint reader devices, including multispectral readers that can examine the subdermal layers of your fingers. Even if your surface fingerprints are worn away by bricklaying, time, or other factors, multispectral fingerprint readers can identify you anyway.

From HID Global, “A Guide to MSI Technology: How It Works,” https://blog.hidglobal.com/2022/10/guide-msi-technology-how-it-works

If you’re interested, I wrote more about multispectral readers, and how they relate to liveness detection, back in June 2023.

If you need Bredemarket’s marketing and writing services to explain the benefits of your technology to your prospects and customers, contact me.

Personally Protected: PII vs. PHI

(Part of the biometric product marketing expert series)

Before you can fully understand the difference between personally identifiable information (PII) and protected health information (PHI), you need to understand the difference between biometrics and…biometrics. (You know sometimes words have two meanings.)

The definitions of biometrics

To address the difference between biometrics and biometrics, I’ll refer to something I wrote over two years ago, in late 2021. In that post, I quoted two paragraphs from the International Biometric Society that illustrated the difference.

From https://www.biometricsociety.org/about/what-is-biometry.

Since the IBS has altered these paragraphs in the intervening years, I will quote from the latest version.

The terms “Biometrics” and “Biometry” have been used since early in the 20th century to refer to the field of development of statistical and mathematical methods applicable to data analysis problems in the biological sciences.

Statistical methods for the analysis of data from agricultural field experiments to compare the yields of different varieties of wheat, for the analysis of data from human clinical trials evaluating the relative effectiveness of competing therapies for disease, or for the analysis of data from environmental studies on the effects of air or water pollution on the appearance of human disease in a region or country are all examples of problems that would fall under the umbrella of “Biometrics” as the term has been historically used….

The term “Biometrics” has also been used to refer to the field of technology devoted to the identification of individuals using biological traits, such as those based on retinal or iris scanning, fingerprints, or face recognition. Neither the journal “Biometrics” nor the International Biometric Society is engaged in research, marketing, or reporting related to this technology. Likewise, the editors and staff of the journal are not knowledgeable in this area.
From https://www.biometricsociety.org/about/what-is-biometry.

In brief, what I call “broad biometrics” refers to analyzing biological sciences data, ranging from crop yields to heart rates. Contrast this with what I call “narrow biometrics,” which (usually) refers only to human beings, and only to those characteristics that identify human beings, such as the ridges on a fingerprint.

The definition of “personally identifiable information” (PII)

Now let’s examine an issue related to narrow biometrics (and other things), personally identifiable information, or PII. (It’s also represented as personal identifiable information by some.) I’ll use a definition provided by the U.S. National Institute of Standards and Technology, or NIST.

Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.
From https://csrc.nist.gov/glossary/term/PII.

Note the key words “alone or when combined.” The ten numbers “909 867 5309” are not sufficient to identify an individual alone, but can identify someone when combined with information from another source, such as a telephone book.

Yes, a telephone book. Deal with it.

By © 2010 by Tomasz Sienicki [user: tsca, mail: tomasz.sienicki at gmail.com] – Photograph by Tomasz Sienicki (Own work)Image intentionally scaled down., CC BY 3.0, https://commons.wikimedia.org/w/index.php?curid=10330603

What types of information can be combined to identify a person? The U.S. Department of Defense’s Privacy, Civil Liberties, and Freedom of Information Directorate provides multifarious examples of PII, including:

Social Security Number.
Passport number.
Driver’s license number.
Taxpayer identification number.
Patient identification number.
Financial account number.
Credit card number.
Personal address.
Personal telephone number.
Photographic image of a face.
X-rays.
Fingerprints.
Retina scan.
Voice signature.
Facial geometry.
Date of birth.
Place of birth.
Race.
Religion.
Geographical indicators.
Employment information.
Medical information.
Education information.
Financial information.

Now you may ask yourself, “How can I identify someone by a non-unique birthdate? A lot of people were born on the same day!”

But the combination of information is powerful, as researchers discovered in a 2015 study cited by the New York Times.

In the study, titled “Unique in the Shopping Mall: On the Reidentifiability of Credit Card Metadata,” a group of data scientists analyzed credit card transactions made by 1.1 million people in 10,000 stores over a three-month period. The data set contained details including the date of each transaction, amount charged and name of the store.

Although the information had been “anonymized” by removing personal details like names and account numbers, the uniqueness of people’s behavior made it easy to single them out.

In fact, knowing just four random pieces of information was enough to reidentify 90 percent of the shoppers as unique individuals and to uncover their records, researchers calculated. And that uniqueness of behavior — or “unicity,” as the researchers termed it — combined with publicly available information, like Instagram or Twitter posts, could make it possible to reidentify people’s records by name.
From https://archive.nytimes.com/bits.blogs.nytimes.com/2015/01/29/with-a-few-bits-of-data-researchers-identify-anonymous-people/.

So much for anonymization. And privacy.

Now biometrics only form part of the multifarious list of data cited above, but clearly biometric data can be combined with other data to identify someone. An easy example is taking security camera footage of the face of a person walking into a store, and combining that data with the same face taken from a database of driver’s license holders. In some jurisdictions, some entities are legally permitted to combine this data, while others are legally prohibited from doing so. (A few do it anyway. But I digress.)

Because narrow biometric data used for identification, such as fingerprint ridges, can be combined with other data to personally identify an individual, organizations that process biometric data must undertake strict safeguards to protect that data. If personally identifiable information (PII) is not adequately guarded, people could be subject to fraud and other harms.

The definition of “protected health information” (PHI)

In this case, I’ll refer to information published by the U.S. Department of Health and Human Services.

Protected Health Information. The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”¹²

“Individually identifiable health information” is information, including demographic data, that relates to:

the individual’s past, present or future physical or mental health or condition,

the provision of health care to the individual, or

the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.¹³ Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. §1232g.
From https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

Now there’s obviously an overlap between personally identifiable information (PII) and protected health information (PHI). For example, names, dates of birth, and Social Security Numbers fall into both categories. But I want to highlight two things are are explicitly mentioned as PHI that aren’t usually cited as PII.

Physical or mental health data. This could include information that a medical professional captures from a patient, including biometric (broad biometric) information such as heart rate or blood pressure.
Health care provided to an individual. This not only includes written information such as prescriptions, but oral information (“take two aspirin and call my chatbot in the morning”). Yes, chatbot. Deal with it. Dr. Marcus Welby and his staff retired a long time ago.

Robert Young (“Marcus Welby”) and Jane Wyatt (“Margaret Anderson” on a different show). By ABC TelevisionUploaded by We hope at en.wikipedia – eBay itemphoto informationTransferred from en.wikipedia by SreeBot, Public Domain, https://commons.wikimedia.org/w/index.php?curid=16472486

Because broad biometric data used for analysis, such as heart rates, can be combined with other data to personally identify an individual, organizations that process biometric data must undertake strict safeguards to protect that data. If protected health information (PHI) is not adequately guarded, people could be subject to fraud and other harms.

Simple, isn’t it?

Actually, the parallels between identity/biometrics and healthcare have fascinated me for decades, since the dedicated hardware to capture identity/biometric data is often similar to the dedicated hardware to capture health data. And now that we’re moving away from dedicated hardware to multi-purpose hardware such as smartphones, the parallels are even more fascinating.

The Double Loop Podcast Discusses Research From the Self-Styled “Inventor of Cross-Fingerprint Recognition”

(Part of the biometric product marketing expert series)

Apologies in advance, but if you’re NOT interested in fingerprints, you’ll want to skip over this Bredemarket identity/biometrics post, my THIRD one about fingerprint uniqueness and/or similarity or whatever because the difference between uniqueness and similarity really isn’t important, is it?

Yes, one more post about the study whose principal author was Gabe Guo, the self-styled “inventor of cross-fingerprint recognition.”

From https://www.linkedin.com/in/gabeguo/.

In case you missed it

In case you missed my previous writings on this topic:

My first post, “Claimed AI-detected Similarity in Fingerprints From the Same Person: Are Forensic Examiners Truly “Doing It Wrong”?” was (1) primarily my perspective, and (2) written before I read the actual paper.
The second post, “Did the Columbia Study “Discover” Fingerprint Patterns?” was written after I looked at the paper (“Unveiling intra-person fingerprint similarity via deep contrastive learning“) myself, but again suffers from being primarily my own perspective (albeit augmented by people who knew what they were talking about).
I also wrote something only on Lin k edIn (and Facebook) that cited a CNN article that quoted Christophe Champod and Simon Cole. (Interestingly enough, my last post on Cole concerned how words matter, which is appropriate in this discussion.) Unfortunately, the person who wrote the CNN headline (“Are fingerprints unique? Not really, AI-based study finds”) didn’t pay attention to a word that Champod and Simon Cole said.

But don’t miss this

Well, two other people have weighed in on the paper: Glenn Langenburg and Eric Ray, co-presenters on the Double Loop Podcast. (“Double loop” is a fingerprint thing.)

From https://doublelooppodcast.com/about-us/.

So who are Langenburg and Ray? You can read their full biographies here, but both of them are certified latent print examiners. This certification, administered by the International Association for Identification, is designed to ensure that the certified person is knowledgeable about both latent (crime scene) fingerprints and known fingerprints, and how to determine whether or not two prints come from the same person. If someone is going to testify in court about fingerprint comparison, this certification is recognized as a way to designate someone as an expert on the subject, as opposed to a college undergraduate. (As of today, the list of IAI certified latent print examiners as of December 2023 can be found here in PDF form.)

Podcast episode 264 dives into the Columbia study in detail, including what the study said, what it didn’t say, and what the publicity for the study said that doesn’t match the study.

Eric and Glenn respond to the recent allegations that a computer science undergraduate at Columbia University, using Artificial Intelligence, has “proven that fingerprints aren’t unique” or at least…that’s how the media is mischaracterizing a new published paper by Guo, et al. The guys dissect the actual publication (“Unveiling intra-person fingerprint similarity via deep contrastive learning” in Science Advances, 2024 by Gabe Guo, et al.). They state very clearly what the paper actually does show, which is a far cry from the headlines and even public dissemination originating from Columbia University and the author. The guys talk about some of the important limitations of the study and how limited the application is to real forensic investigations. They then explore some of the media and social media outlets that have clearly misunderstood this paper and seem to have little understanding of forensic science. Finally, Eric and Glenn look at some quotes and comments from knowledgeable sources who also have recognized the flaws in the paper, the authors’ exaggerations, and lack of understanding of the value of their findings.
From https://doublelooppodcast.com/2024/01/fingerprints-proven-by-ai-to-not-be-unique-episode-264/.

Yes, the episode is over an hour long, but if you want to hear a good discussion of the paper that goes beyond the headlines, I strongly recommend that you listen to it.

TL;DR

If you’re in a TL;DR frame of mind, I’ll just offer one tidbit: “uniqueness” and “similarity” are not identical. Frankly, they’re not even similar.

Will Ferrell and Chad Smith, or maybe vice versa. Fair use. From https://www.billboard.com/music/music-news/will-ferrell-chad-smith-red-hot-benefit-chili-peppers-6898348/, originally from NBC.

Did the Columbia Study “Discover” Fingerprint Patterns?

As you may have seen elsewhere, I’ve been wondering whether the widely-publicized Columbia University study on the uniqueness of fingerprints isn’t any more than a simple “discovery” of fingerprint patterns, which we’ve known about for years. But to prove or refute my suspicions, I had to read the study first.

My initial exposure to the Columbia study

I’ve been meaning to delve into the minutiae of the Columbia University fingerprint study ever since I initially wrote about it last Thursday.

(And yes, that’s a joke. The so-called experts say that the word “delve” is a mark of AI-generated content. And “minutiae”…well, you know.)

If you missed my previous post, “Claimed AI-detected Similarity in Fingerprints From the Same Person: Are Forensic Examiners Truly ‘Doing It Wrong’,” I discussed a widely-publicized study by a team led by Columbia University School of Engineering and Applied Science undergraduate senior Gabe Guo. Columbia Engineering itself publicized the study with the attention-grabbing headline “AI Discovers That Not Every Fingerprint Is Unique,” coupled with the sub-head “we’ve been comparing fingerprints the wrong way!”

There are three ways to react to the article:

Gabe Guo, who freely admits that he knows nothing about forensic science, is an idiot. For decades we have known that fingerprints ARE unique, and the original forensic journals were correct in not publishing this drivel.
The brave new world of artificial intelligence is fundamentally disproving previously sacred assumptions, and anyone who resists these assumptions is denying scientific knowledge and should go back to their caves.
Well, let’s see what the study actually SAYS.

Until today, I hadn’t had a chance to read the study. But I wanted to do this, because a paragraph in the article that described the study got me thinking. I needed to see the study itself to confirm my suspicions.

“The AI was not using ‘minutiae,’ which are the branchings and endpoints in fingerprint ridges – the patterns used in traditional fingerprint comparison,” said Guo, who began the study as a first-year student at Columbia Engineering in 2021. “Instead, it was using something else, related to the angles and curvatures of the swirls and loops in the center of the fingerprint.”
From https://www.newswise.com/articles/ai-discovers-that-not-every-fingerprint-is-unique

Hmm. Are you thinking what I am thinking?

What were you thinking?

I’ll preface this by saying that while I have worked with fingerprints for 29 years, I am nowhere near a forensic expert. I know enough to cause trouble.

But I know who the real forensic experts are, so I’m going to refer to a page on onin.com, the site created by Ed German. German, who is talented at explaining fingerprint concepts to lay people, created a page to explain “Level 1, 2 and 3 Details.” (It also explains ACE-V, for people interested in that term.)

Here are German’s quick explanations of Level 1, 2, and 3 detail. These are illustrated at the original page, but I’m just putting the textual definitions here.

“Level 1 includes the general ridge flow and pattern configuration. Level 1 detail is not sufficient for individualization, but can be used for exclusion. Level 1 detail may include information enabling orientation, core and delta location, and distinction of finger versus palm.”
“Level 2 detail includes formations, defined as a ridge ending, bifurcation, dot, or combinations thereof. The relationship of Level 2 detail enables individualization.”
“Level 3 detail includes all dimensional attributes of a ridge, such as ridge path deviation, width, shape, pores, edge contour, incipient ridges, breaks, creases, scars and other permanent details.”

We’re not going to get into Level 3 in this post. But if you look at German’s summary of Level 2, you’ll see that he is discussing the aforementioned MINUTIAE (which, according to German, “enables individualization”). And if you look at German’s summary of Level 1, he’s discussing RIDGE FLOW, or perhaps “the angles and curvatures of the swirls and loops in the center of the fingerprint” (which, according to German, “is not sufficient for individualization”).

Did Gabe Guo simply “discover” fingerprint patterns? On a separate onin.com page, common fingerprint patterns are cited (arch, loop, whorl). Is this the same thing that Guo (who possibly has never heard of loops and whorls in his life) is talking about?

From Antheus Technology page, from NIST’s Appendix B to the FpVTE 2003 test document. I remember that test very well.

I needed to read the original study to see what Guo actually said, and to determine if AI discovered something novel beyond what forensic scientists consider the information “in the center of the fingerprint.”

So let’s look at the study

I finally took the time to read the study, “Unveiling intra-person fingerprint similarity via deep contrastive learning,” as published in Science Advances on January 12. While there is a lot to read here, I’m going to skip to Guo et al’s description of the fingerprint comparison method used by AI. Central to this comparison is the concept of a “feature map.”

Figure 2A shows that all the feature maps exhibit a statistically significant ability to distinguish between pairs of distinct fingerprints from the same person and different people. However, some are clearly better than others. In general, the more fingerprint-like a feature map looks, the more strongly it shows the similarity. We highlight that the binarized images performed almost as well as the original images, meaning that the similarity is due mostly to inherent ridge patterns, rather than spurious characteristics (e.g., image brightness, image background noise, and pressure applied by the user when providing the sample). Furthermore, it is very interesting that ridge orientation maps perform almost as well as the binarized and original images—this suggests that most of the cross-finger similarity can actually be explained by ridge orientation.
From https://www.science.org/doi/10.1126/sciadv.adi0329.

(The implied reversal from the forensic order of things is interesting. Specifically, ridge orientation, which yields a bunch of rich data, is considered more authoritative than mere minutiae points, which are just teeny little dots that don’t look like a fingerprint. Forensic examiners consider the minutiae more authoritative than the ridge detail.)

Based upon the initial findings, Guo et al delved deeper. (Sorry, couldn’t help myself.) Specifically, they interrogated the feature maps.

We observe a trend in the filter visualizations going from the beginning to the end of the network: filters in earlier layers exhibit simpler ridge/minutia patterns, the middle layers show more complex multidirectional patterns, and filters in the last layer display high-level patterns that look much like fingerprints—this increasing complexity is expected of deep neural networks that process images. Furthermore, the ridge patterns in the filter visualizations are all generally the same shade of gray, meaning that we can rule out image brightness as a source of similarity. Overall, each of these visualizations resembles recognizable parts of fingerprint patterns (rather than random noise or background patterns), bolstering our confidence that the similarity learned by our deep models is due to genuine fingerprint patterns, and not spurious similarities.
From https://www.science.org/doi/10.1126/sciadv.adi0329.

So what’s the conclusion?

(W)e show above 99.99% confidence that fingerprints from different fingers of the same person share very strong similarities.
From https://www.science.org/doi/10.1126/sciadv.adi0329.

And what are Guo et al’s derived ramifications? I’ll skip to the most eye-opening one, related to digital authentication.

In addition, our work can be useful in digital authentication scenarios. Using our fingerprint processing pipeline, a person can enroll into their device’s fingerprint scanner with one finger (e.g., left index) and unlock it with any other finger (e.g., right pinky). This increases convenience, and it is also useful in scenarios where the original finger a person enrolled with becomes temporarily or permanently unreadable (e.g., occluded by bandages or dirt, ridge patterns have been rubbed off due to traumatic event), as they can still access their device with their other fingers.
From https://www.science.org/doi/10.1126/sciadv.adi0329.

However, the researchers caution that (as any good researcher would say when angling for funds) more research is needed. Their biggest concern was the small sample size they used in their experiments (60,000 prints), coupled with the fact that the prints were full and not partial fingerprints.

What is unanswered?

So let’s assume that the study shows a strong similarity between the ridges of fingerprints from the same person. Is this enough to show:

that the prints from two fingers on the same person ARE THE SAME, and
that the prints from two fingers on the same person are more alike than a print from ANY OTHER PERSON?

Or to use a specific example, if we have Mike French’s fingers 2 (right index) and 7 (left index), are those demonstrably from the same person, while my own finger 2 is demonstrably NOT from Mike French?

And what happens if my finger 2 has the same ridge pattern as French’s finger 2, yet is different from French’s finger 7? Does that mean that my finger 2 and French’s finger 2 are from the same person?

If this happens, then the digital authentication example above wouldn’t work, because I could use my finger 2 to get access to French’s data.

This could get messy.

More research IS needed, and here’s what it should be

If you have an innovative idea for a way to build an automobile, is it best to never talk to an existing automobile expert at all?

Fair use. From https://interestingengineering.com/transportation/bizarre-concept-cars-you-never-even-knew-existed.

Same with fingerprints. Don’t just leave the study with the AI folks. Bring the forensic people on board.

And the doctors also.

Initiate a conversation between the people who found this new AI technique, the forensic people who have used similar techniques to classify prints as arches, loops, whorls, etc., and the medical people who understand how the ridges are formed in the womb in the first place.

By National Museum of Health and Medicine – http://nmhm.washingtondc.museum/exhibits/single_cell/imgs/14_Fetus_3_months.jpg, Public Domain, https://commons.wikimedia.org/w/index.php?curid=9998241

If you get all the involved parties in one room, then perhaps they can work together to decide whether the technique can truly be used to identify people.

I don’t expect that this discussion will settle once and for all whether every fingerprint is unique. At least not to the satisfaction of scientists.

But bringing the parties together is better than not listening to critical stakeholders at all.

By Lorelei7, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=3164780

Claimed AI-detected Similarity in Fingerprints From the Same Person: Are Forensic Examiners Truly “Doing It Wrong”?

I shared some fingerprint-related information on my LinkedIn feed and other places, and I thought I’d share it here.

Along with an update.

You’re doing it wrong

Forensic examiners, YOU’RE DOING IT WRONG based on this bold claim:

“Columbia engineers have built a new AI that shatters a long-held belief in forensics–that fingerprints from different fingers of the same person are unique. It turns out they are similar, only we’ve been comparing fingerprints the wrong way!” (From Newswise)

Couple that claim with the initial rejection of the paper by multiple forensic journals because “it is well known that every fingerprint is unique” (apparently the reviewer never read the NAS report), and you have the makings of a sexy story.

Or do you?

And what is the paper’s basis for the claim that fingerprints from the same person are NOT unique?

““The AI was not using ‘minutiae,’ which are the branchings and endpoints in fingerprint ridges – the patterns used in traditional fingerprint comparison,” said Guo, who began the study as a first-year student at Columbia Engineering in 2021. “Instead, it was using something else, related to the angles and curvatures of the swirls and loops in the center of the fingerprint.”” (From Newswise)

Perhaps there are similarities in the patterns of the fingers at the center of a print, but that doesn’t negate the uniqueness of the bifurcations and ridge ending locations throughout the print. Guo’s method uses less of the distal fingerprint than traditional minutiae analysis.

But maybe there are forensic applications for this alternate print comparison technique, at least as an investigative lead. (Let me repeat that again: “investigative lead.”) Courtroom use will be limited because there is no AI equivalent to explain to the court how the comparison was made, and if any other expert AI algorithm would yield the same results.

Thoughts?

https://www.newswise.com/articles/ai-discovers-that-not-every-fingerprint-is-unique

The update

As I said, I shared the piece above to several places, including one frequented by forensic experts. One commenter in a private area offered the following observation, in part:

What was the validation process? Did they have a qualified latent print examiner confirm their data?
From a private source.

Before you dismiss the comment as reflecting a stick-in-the-mud forensic old fogey who does not recognize the great wisdom of our AI overlords, remember (as I noted above) that forensic experts are required to testify in court about things like this. If artificial intelligence is claimed to identify relationships between fingers from the same person, you’d better make really sure that this is true before someone is put to death.

I hate to repeat the phrase used by scientific study authors in search of more funding, but…

…more research is needed.

Identification Perfection is Impossible

(Part of the biometric product marketing expert series)

There are many different types of perfection.

Jehan Cauvin (we don’t spell his name like he spelled it). By Titian – Bridgeman Art Library: Object 80411, Public Domain, https://commons.wikimedia.org/w/index.php?curid=6016067

This post concentrates on IDENTIFICATION perfection, or the ability to enjoy zero errors when identifying individuals.

The risk of claiming identification perfection (or any perfection) is that a SINGLE counter-example disproves the claim.

If you assert that your biometric solution offers 100% accuracy, a SINGLE false positive or false negative shatters the assertion.
If you claim that your presentation attack detection solution exposes deepfakes (face, voice, or other), then a SINGLE deepfake that gets past your solution disproves your claim.
And as for the pre-2009 claim that latent fingerprint examiners never make a mistake in an identification…well, ask Brandon Mayfield about that one.

In fact, I go so far as to avoid using the phrase “no two fingerprints are alike.” Many years ago (before 2009) in an International Association for Identification meeting, I heard someone justify the claim by saying, “We haven’t found a counter-example yet.” That doesn’t mean that we’ll NEVER find one.

You’ve probably heard me tell the story before about how I misspelled the word “quality.”

In a process improvement document.

While employed by Motorola (pre-split).

At first glance, it appears that Motorola would be the last place to make a boneheaded mistake like that. After all, Motorola is known for its focus on quality.

But in actuality, Motorola was the perfect place to make such a mistake, since it was one of the champions of the “Six Sigma” philosophy (which targets a maximum of 3.4 defects per million opportunities). Motorola realized that manufacturing perfection is impossible, so manufacturers (and the people in Motorola’s weird Biometric Business Unit) should instead concentrate on reducing the error rate as much as possible.

So one misspelling could be tolerated, but I shudder to think what would have happened if I had misspelled “quality” a second time.