legal – Page 4 – Bredemarket

What Are Fingerprint Minutiae?

(Imagen 4)

(Part of the biometric product marketing expert series)

Because many of the subscribers and followers of my Substack page aren’t fingerprint experts (although a few are), my posts on Substack tend to be more introductory. So I wrote this for Substack, but also decided to share it on the Bredemarket blog at some point.

So let’s define what fingerprint minutiae are.

To do this, look at the tip of one of the fingers on your hand…but not too closely. (Or just Level 2, not Level 3.)

If you look sort of closely at your fingertip, you see one commonality between (most) fingers and Ruffles: both have ridges. For purposes of this exercise, take a close look at where the ridges go.

In some cases, the ridges just stop and go no further.
In other cases, a single ridge splits into two or more ridges. Or if you want to follow a different perspective, two or more ridges combine into a single ridge. But that perspective screws up the discussion later.
Ridges do other things which I will ignore for now.

The important things is that you can identify the specific point at which a ridge ending occurs. And you can identify the specific point of a bifurcation, where a ridge splits into two ridges. (If a ridge splits into three, that’s a trifurcation.)

Those ridge ending and bifurcation points? Those are the minutiae.

Human fingerprint examiners can identify these minutiae points.

So can the algorithms on an automated fingerprint identification system (AFIS) or an automated biometric identification system (ABIS).

And if two fingers have minutiae in the same locations, and don’t have minutiae in one finger that are not present on the other finger…then they’re the same finger. (I’m simplifying here, since the quality of the prints and the way the skin bends affect the ability to find minutiae.)

Which means that if the police find a fingerprint on a stolen car that doesn’t belong to the owner…

…and the minutiae on your finger match the minutiae on the print from the car…

…you’d better have a good lawyer.

Oh, and one more thing: you also have ridges, ridge endings, and bifurcations on your palms and toes. So don’t try to steal a car while barefoot.

From the Summer of Privacy to California SB 690

Harry Chambers of OneTrust gave a far-reaching overview of the worldwide state of privacy legislation this morning. Chambers covered a ton of topics, but I’m going to focus on proposed changes to the California Invasion of Privacy Act, or CIPA.

As Fisher Phillips notes, this is not a new act. And that’s the problem.

“CIPA was originally enacted in 1967 to combat traditional wiretapping and eavesdropping, primarily in the context of telephone communications. It was never designed to address the complexities of the digital age or regulate how businesses track user interactions on the internet.”

But that didn’t stop the lawyers. As Chambers noted, a ton of lawsuits tried to apply 1967 law to modern use cases, including (Fisher Phillips) “routine website technologies such as cookies, pixels, search bar/form, chatbots, and session replay tools.”

Heck, back in 1967 cookies made you high. Whoops, that’s brownies.

You can imagine how California technology businesses felt about this. Chatbots as illegal wiretapping? Ouch.

Enter California SB 690 to stop what Fisher Phillips called a “shakedown” (settle or you’ll go to court). It proposed to align CIPA with the “commercial business purposes” definition under CCPA as amended.

Imagen 4. For the story behind this picture, see “AI Still Has Bias.”

On June 3, the California Senate unanimously approved SB 690.

But submission to the California Assembly is delayed:

“On July 2, the author of SB 690, State Senator Anna Caballero (D-14), announced she was pausing SB 690, holding it in the Assembly until at least 2026. Caballero cited ‘outstanding concerns around consumer privacy,’ and acknowledged continued opposition from consumer privacy advocates and attorneys’ groups.”

So the lawsuits can continue until morale improves.

Substitute Public Domain Characters to Avoid AI Copyright Infringement

Franklin, Washington, Jefferson, and Lincoln giving a rock concert in the Mets baseball stadium.

A biometric expert (I’m not the only one) was challenged to find a picture of a particular cartoon character in a particular setting, but was worried about copyright infringement.

I suggested that the expert substitute some other character in place of the copyrighted cartoon character.

I can’t share the particular example above, but the picture in this post illustrates the point. You subconsciously know which characters are being referenced, but the substitute characters (pre-copyright days) take care of the copyright issue.

As long as the rest of the image doesn’t infringe on copyright either. MLB may visit me, even if “the fruit company” doesn’t.

Bar None

(Imagen 3)

Follow-up to my March post “When Remote Bar Exam Technology Failed, You Won’t Believe What Happened Next.”

“The State Bar of California announced Friday that its beleaguered leader, who has faced growing pressure to resign over the botched February roll out of a new bar exam, will step down in July. Leah T. Wilson, the agency’s executive director, informed the Board of Trustees she will not seek another term in the position she has held on and off since 2017. She also apologized for her role in the February bar exam chaos.”

No idea if Wilson was sued personally.

Read the updated story at https://www.mahoningmatters.com/news/nation-world/national/article305606501.html#storylink=cpy

The Courts and Passcode vs. Biometric Access to Your Smartphone: It’s Complicated

(With a special message at the end for facial recognition and cybersecurity marketing leaders)

Years ago, when I was in Mexico City on a business trip, one of my coworkers stated that he never uses biometrics to protect the data on his smartphone.

His rationale?

Government officials can compel you to use your biometrics to unlock your smartphone. They can’t compel you to provide your passcode to government officials.

Ironically, we both worked for a biometric company at the time.

But my former coworker isn’t the only one making this statement. With the recent protests, and with the recent searches of people crossing the U.S. border by plane or otherwise, this same advice is echoed everywhere.

But is it true?

As ZDNET says, it’s complicated.

Passcodes: it’s complicated

ZDNET quotes law firm managing partner Ignacio Alvarez on passcodes:

“But the majority of the courts have found that being required by law enforcement to give your code to your devices violates your Fifth Amendment right against self-incrimination.”

Note what Alvarez said: the MAJORITY of the courts. So if you end up before the “wrong” court, you might have to provide your passcode anyway.

ZDNET also quotes attorney Joseph Rosenbaum:

“Passwords or passcodes, because they represent information contained in a person’s mind, seem to generally be considered the same as requiring someone to testify against themselves in court or in a deposition,” he told ZDNET. “That information is more likely to be legally protected under the Fifth Amendment as potentially self-incriminating.”

Notice his “seem to generally be” and “more likely to be” language. Again, you could still be compelled to give your passcode.

But that’s the easy part.

Biometrics: it’s complicated

But passcodes are the easy part. Biometrics are much more of a gray area.

Anything you say.
By NBC Television – eBayfrontback, Public Domain, https://commons.wikimedia.org/w/index.php?curid=33340402.

The rationale behind not giving up your biometric is similar to the rationale behind the Miranda warning. As Dragnet fans know, “Anything you say can and will be used against you in a court of law.” Regarding passcodes, the courts…well, some of the courts, hold that since a passcode can be “spoken,” it’s covered under Miranda and therefore can’t be given without violating your Fifth Amendment rights.

What about biometrics? (Excluding voice biometrics for the moment.)

“…since a biometric isn’t spoken, production of that biometric may not legally qualify as the act of testifying against yourself and therefore, you can be compelled to unlock a phone or an app without necessarily having your rights violated.”

Again, note the use of the words “may not.” It isn’t clear here either.

And even these wishy-washy definitions may change.

“This area of law is a seriously moving target. Over time, things could favor passcodes being non-testimonial or biometrics being testimonial.”

In other words, a few years from now lawyers may advise you to use biometrics rather than passcodes to protect your private data on your smartphone.

Or maybe they’ll say both methods protect you equally.

Or maybe they’ll say neither method protects you, and your private data is no longer private.

But most likely they’ll say “It depends.” In the same way that our 18,000 law enforcement agencies have 18,000 different definitions of forensic science, they could have 18,000 different definitions of Miranda rights.

And one more thing…

The formal announcement is embargoed until Monday, but Bredemarket has TWO openings to act as your on-demand marketing muscle for facial recognition or cybersecurity:

compelling content creation
winning proposal development
actionable analysis

Book a call: https://bredemarket.com/cpa/

Examples of Biometric Technology Misuse

If I become known for anything in biometrics, I want to be known for my extremely frequent use of the words “investigative lead.”

Whether you are talking about DNA or facial recognition, these types of biometric evidence should not be the sole evidence used to arrest a person.

For an example of why DNA shouldn’t be your only evidence, see my recent post about Amanda Knox.

Facial recognition misuse in law enforcement

Regarding facial recognition, I wrote this in a social media conversation earlier today:

“Facial recognition CAN be used as a crowd checking tool…with proper governance, including strict adherence to a policy of only using FR as an investigative lead, and requiring review of potential criminal matches by a forensic face investigator. Even then, investigative lead ONLY. Same with DNA.”

I received this reply:

“It’s true but in my experience cops rarely follow any rules.”

Now I could have claimed that this view was exaggerated, but there are enough examples of cops who DON’T follow the rules to tarnish all of them.

Revisiting Robert Williams’ Detroit arrest

I’ve already addressed the sad story of Robert Williams, who was “wrongfully arrested based upon faulty facial recognition results.”

At the time, I did not explicitly share the circumstances behind Williams’ arrest:

“The complaint alleges that the surveillance footage is poorly lit, the shoplifter never looks directly into the camera and still a Detroit Police Department detective ran a grainy photo made from the footage through the facial recognition technology.”

There’s so much that isn’t said here, such as whether a forensic face examiner made a definitive conclusion, or if the detective just took the first candidate from the list and ran with it.

But I am willing to bet that there was no independent evidence placing Williams at the shop location.

Why this matters

The thing that concerns me about all this? It just provides ammo to the people who want to ban facial recognition entirely.

Not realizing that the alternative—manual witness (mis)identification—is far more inaccurate and far more racist.

But the controversy would pretty much go away if criminal investigators only used facial recognition and DNA as investigative leads.

A Legal Leg to Stand On: The New Triad of AI Governance

In business, it is best to use a three-legged stool.

A two-legged stool obviously tips over, and you fall to the ground.
A four-legged stool is too robust for these cost-conscious days, where the jettisoning of employees is policy at both the private and public level.

But a three-legged stool is just right, as project managers already know when they strive to balance time, cost, and quality.

Perhaps the three-legged stool was in the back of Yunique Demann’s mind when she wrote a piece for the Information Systems Audit and Control Association (ISACA) entitled “The New Triad of AI Governance: Privacy, Cybersecurity, and Legal.” If you only rely on privacy and cybersecurity, you will fall to the ground like someone precariously balanced on a two-legged stool.

“As AI regulations evolve globally, legal expertise has become a strategic necessity in AI governance. The role of legal professionals now extends beyond compliance into one that is involved in shaping AI strategy and legally addressing ethical considerations…”

When Remote Bar Exam Technology Failed, You Won’t Believe What Happened Next

(Imagen 3)

This is a remote education post, but not an educational identity post.

I have previously discussed online test taking, and I guess the State Bar of California reads the Bredemarket blog because it decided that an online bar exam would be a great idea, since it would reduce the costs of renting large halls for test taking purposes.

But it didn’t work.

“The online testing platforms repeatedly crashed before some applicants even started. Others struggled to finish and save essays, experienced screen lags and error messages and could not copy and paste text from test questions into the exam’s response field — a function officials had stated would be possible.”

No surprise, but the remote bar exam debacle was so bad that students are filing…lawsuits.

“Some students also filed a complaint Thursday in the U.S. District Court for the Northern District of California, accusing Meazure Learning, the company that administered the exam, of “failing spectacularly” and causing an “unmitigated disaster.””

Biometric Product Marketers, BIPA Remains Unaltered

(Part of the biometric product marketing expert series)

You may remember the May hoopla regarding amendments to Illinois’ Biometric Information Privacy Act (BIPA). These amendments do not eliminate the long-standing law, but lessen its damage to offending companies.

Back on May 29, Fox Rothschild explained the timeline:

The General Assembly is expected to send the bill to Illinois Governor JB Pritzker within 30 days. Gov. Pritzker will then have 60 days to sign it into law. It will be immediately effective.

According to the Illinois General Assembly website, the Senate sent the bill to the Governor on June 14.

While the BIPA amendment has passed the Illinois House and Senate and was sent to the Governor, there is no indication that he has signed the bill into law within the 60-day timeframe.

So BIPA 1.0 is still in effect.

As Photomyne found out:

A proposed class action claims Photomyne, the developer of several photo-editing apps, has violated an Illinois privacy law by collecting, storing and using residents’ facial scans without authorization….

The lawsuit contends that the app developer has breached the BIPA’s clear requirements by failing to notify Illinois users of its biometric data collection practices and inform them how long and for what purpose the information will be stored and used.

In addition, the suit claims the company has unlawfully failed to establish public guidelines that detail its data retention and destruction policies.

From https://www.classaction.org/media/planos-v-photomyne-inc_1.pdf.

From https://www.instagram.com/p/C7ZWA9NxUur/.

Investigative Lead, Again

Image from the mid-2010s. “John, how do you use the CrowdCompass app for this Users Conference?” Well, let me tell you…

Because of my former involvement with the biometric user conference managed by IDEMIA, MorphoTrak, Sagem Morpho, Motorola, and older entities, I always like to peek and see what they’re doing these days. And it looks like they’re still prioritizing the educational element of the conference.

Although the 2024 Justice and Public Safety Conference won’t take place until September, the agenda is already online.

Subject to change, presumably.

This Joseph Courtesis session, scheduled for the afternoon of Thursday, September 12 caught my eye. It’s entitled “Ethical Use of Facial Recognition in Law Enforcement: Policy Before Technology.” Here’s an excerpt from the abstract:

This session will focus on post investigative image identification with the assistance of Facial Recognition Technology (FRT). It’s important to point out that FRT, by itself, does not produce Probable Cause to arrest.

Re-read that last sentence, then re-read it one more time. 100% of the wrongful arrest cases would be eliminated if everyone adopted this one practice. FRT is ONLY an investigative lead.

And Courtesis makes one related point:

Any image identification process that includes FRT should put policy before the technology.

Any technology that could deprive a person of their liberty needs a clear policy on its proper use.

September conference attendees will definitely receive a comprehensive education from an authority on the topic.

But now I’m having flashbacks, and visions of Excel session planning workbooks are dancing in my head. Maybe they plan with Asana today.