When the National Institute of Standards and Technology (NIST) performs biometric testing, it generally uses government data from law enforcement, homeland security, and similar sources.
Plus some specialized data that government databases can’t match.
On January 10, 2000, Noah Kalina took a selfie. The next day, he took another. And he kept on doing it every day, with some exceptions, for many years. (Here he is on June 1, 2026.) By centering his nose in the center of the frame, the pictures provide a consistent chronicle of Kalina’s appearance, along with the exact day on which the pictures were taken. NIST purchased rights to some of these photos to use in its age estimation testing. Since NIST knew Kalina’s true age on any given day, it could measure an age estimation algorithm’s accuracy.
But that’s not why I’m writing about Noah Kalina.
Let’s move to irises
Consider the irises of the face, how they are captured. They are usually captured with expensive cameras that take a picture from a short distance away.
But what if a normal camera captured a person, and their irises? Could the camera images yield useful information?
[The Kalina images] “provide us with interesting opportunities to explore the effects of time lapse on iris recognition employed on images that were not originally intended for iris recognition. NIST obtained a license from Kalina to use a subset (7 half years from 2009-2015) of original, high resolution, digital images in biometric studies.”
So were they useful?
“…even though the majority of the images in this dataset did not provide solid matches, there are instances where mated iris image pairs from visible light images that were not obtained for the purpose of iris recognition match with match scores corresponding to a false match rate of 0:1% at a true accept rate of 1% . Though such performance is not useful in applications such as access control, there are cases where it may be useful.”
No, your irises can’t be easily captured in 2026, but what about later?
In August 2023, I talked about what I called a “great renaming” in which the National Institute of Standards and Technology (NIST) differentiated between its face recognition tests and its face analysis tests: a very important distinction and a critical update.
FRVT becomes FRTE and FATE. From NIST.
The ramifications of that renaming persist. Just last week I reminded a biometric firm that its references to “FRVT” were dated.
But what if references to biometrics are dated?
Find…what?
Over twenty years ago a publication called FindBiometrics was established that discussed you-know-what. Fingerprints, faces, irises, and all sorts of stuff.
You would think that a name that incorporated “biometrics” would be all inclusive. It certainly was twenty years ago. But as the industry evolved, the name became a little dated. While biometrics remain critically important, I have to say (with apologies to my former Motorola colleague Edward Chen) that biometrics is not “4” ALL. (You see what I did there.)
“TORONTO, ONTARIO, CANADA, November 21, 2024 /EINPresswire.com/ — FindBiometrics, a leading news media platform for the biometrics and digital identity industry, is now ID Tech—a refreshed brand identity that reflects the beginning of a new era in the identity technology space.”
Why?
“…the scope of identity tech has expanded to integrate new developments in areas like artificial intelligence, blockchain, and digital ID.”
One example being mobile driver’s licenses, which can utilize biometrics but goes far beyond it. After all, biometrics (something you are) is just one of the six factors of identity verification and authentication. See below.
So now the former FindBiometrics platform is called “ID Tech,” and its URL is now https://idtechwire.com/. And biometrics now shares the stage with other factors.
Biometrics shares the stage. “Revealed” from Google Lyria; Public Domain.
But ID Tech isn’t the only place to learn about identity beyond biometrics. There’s also my book.
ROC (previously known as Rank One Computing) posted this about its latest resukts in the NIST Friction Ridge Image and Features Technology Evaluation Exemplar One-to-Many (FRIF TE E1N) evaluation.
“ROC’s performance in the NIST FRIF TE E1N evaluation, including #1 global ranking in Class B slap fingerprints, a critical capture format for high-scale civil and government identity programs, proves that American technology can now lead at the highest levels of global biometric performance….
“The NIST Friction Ridge Image and Features Technology Evaluation Exemplar One-to-Many evaluation, known as NIST FRIF TE E1N, evaluates one-to-many fingerprint identification at massive scale, testing how accurately algorithms can identify a subject from large enrollment repositories. Across the evaluation, ROC delivered top-tier performance in every category tested, including Class A, Class B, and Class C. “
As with every NIST biometric test, FRIF yields a massive amount of data. Just looking at the Class B slap data alone, here is what you can find, showing the top 7 entries out of 12 for the Class B Left Slap FNIR (another acronym: false negativce identification rate) at rank less than or equal to 10. Even this view excludes all other slap data and all other ranking data (1, 2, and 5).
(Data captured Friday, May 29, 2026 and may become outdated when new algorithms are tested.)
National Institute of Standards and Technology.
With this massive wealth of data, just about every vendor probably performed well in something, which is why ROC took the time to point out why Class B slap results are important.
“ROC’s most significant milestone came in Class B slap fingerprints. This performance is especially important for high-scale ABIS environments, including national ID programs, border management, civil enrollment, and high-stakes criminal justice workflows, where handling immense scale without sacrificing accuracy is mandatory.”
Although ROC may be the only entity trumpeting May results, other vendors have promotede earlier NIST FRIF TE E1N achievements, including IDEMIA, Identy.IO, Innovatrics, and Neurotechnology.
But they’re foreign. (As is Thales Group, for those keeping score.)
There are a variety of hungry people (target audiences) who look at your product marketing content. And they all have different needs.
When talking about an elegant water fountain, some readers only care that the fountain works.
Other readers want to know HOW it works. Issues such as support and maintenance are critically important to these folks, but matter little to the first group who simply wants a working fountain.
If you are forced to speak to both target audiences in a single piece of content, how do you do it?
Very carefully.
My preference is to discuss the high-level benefits at the beginning of the content, and save the more technical uptime details and/or feature lists for later in the narrative.
Unless you are ONLY speaking to technical folks, leading with the “plumbing” kills your content. Someone who wants their police agency to solve more burglaries will fall asleep at a mention of 1000 pixels per inch fingerprint resolution or NIST-compliant lower palm print image dimensions.
Stay light, and only go deep to buttress your lightness.
One of Bredemarket’s clients is microscopically close to achieving an important milestone with a major customer. As project manager I’m performing the issue tracking and am happy. It is premature to announce this customer milestone, but hopefully the day will come.
The only drawback was that a last-minute Bredemarket / client / customer call prevented me from attending Tuesday’s live iProov / Ingenium webinar on independent testing to standards such as NIST SP 800-63-4 and CEN/TS 18099. But that’s why webinars have replays.
The Bredemarket post below is not directly related to the webinar, but is tangentially related since it discusses independent testing.
I hope you’re sitting down for this…but vendors make assertions that favor themselves. Or in this case “favour,” because the vendor in question is iProov.
And some have claimed that independent testing is flawed because it doesn’t test properly. (One semi-related example: because FBI EBTS Appendix F assumes that the fingerprints contact the capture surface, it is useless for contactless solutions. The powers that be are working on an alternative.)
But if your solution doesn’t have independent test or conformance results, you’d better have a good reason.
“I think too much knowledge is actually bad in tech: you’re biased.”
Why does this quote affect me so deeply? Because with my 30-plus years of identity/biometric experience, I obviously have too much knowledge of the industry, which is obviously bad. After all, all a biometric company needs is a salesperson, an engineer, an African data labeler, and someone to run the generative AI for everything else. The company doesn’t need someone who knows that Printrak isn’t spelled with a C.
Google Gemini.
In this post I will share three of the “biases” I have developed in my 30-plus years in identity and biometrics, and how to correct these biases by stripping away that 20th century experience and applying novel thinking.
And if that last paragraph made you throw up in your mouth…read to the end of the post.
But first, let’s briefly explore these three biases that I shamefully hold due to my status as a biometric product marketing expert:
Independent algorithmic confirmation is valuable.
Process is valuable.
Artificial intelligence is merely a tool.
Biometric product marketing expert.
Bias 1: Independent Algorithmic Confirmation is Valuable
But how do prospects know that these algorithms work? How accurate are they? How fast are they? How secure are they?
My bias
My brain, embedded with over 30 years of bias, gravitates to the idea that vendors should submit their algorithms for independent testing and confirmation.
From a NIST facial recognition demographic bias text.
This could be an accuracy test such as the ones NIST and DHS administer, or confirmation of presentation attack detection capabilities (as BixeLab, iBeta, and other organizations perform), or confirmation of injection attack detection capabilities.
Novel thinking
But you’re smarter than that and refuse to support the testing-industrial complex. They have their explicit or implicit agendas and want to force the biometric vendors to do well on the tests. For example, the U.S. Federal Bureau of Investigation’s “Appendix F” fingerprint capture quality standard specifically EXCLUDES contactless solutions, forcing everyone down the same contact path.
But you and your novel thinking reject these unnecessary impediments. You’re not going to constrain yourself by the assertions of others. You are going to assert your own benefits. Develop and administer your own tests. Share with your prospects how wonderful you are without going through an intermediary. That will prove your superiority…right?
Bias 2: Process is Valuable
A biometric company has to perform a variety of tasks. Raise funding. Hire people. Develop, market, propose, sell, and implement products. Throw parties.
How will the company do all these things?
My bias
My brain, encumbered by my experience (including a decade at Motorola), persists in a belief that process is the answer. The process can be as simple as scribblings on a cocktail napkin, but you need some process if you want to cash out in a glorious exit—I mean, deliver superior products to your customers.
Perhaps you need a development processs that defines, among other things, how long a sprint should be. A capture and proposal process (Shipley or simpler) that defines, among other things, who has the authority to approve a $10 million proposal A go-to-market process that defines the deliverables for different tiers, and who is responsible, accountable, consulted, and informed. Or maybe just an onboarding process when starting a new project, dictating the questions you need to ask at the beginning.
Bredemarket’s seven questions. I ask, then I act.
Novel thinking
Sure all that process is fine…if you don’t want to do anything. Do you really want to force your people to wait two weeks for the latest product iteration? Impose a multinational bureauracy on your sales process? Go through an onerous checklist before marketing a product?
Google Gemini.
Just code it.
Just sell it.
Just write it.
Bias 3: Artificial Intelligence is Merely a Tool
The problem with experienced people is that they think that there is nothing new under the sun.
You talk about cloud computing, and they yawn, “Sounds like time sharing.” You talk about quantum computing, and they yawn, “Sounds like the Pentium.” You talk about blockchain, and they yawn, “Sounds like a notary public.”
My bias
As I sip my Pepperidge Farm, I can barely conceal my revulsion at those who think “we use AI” is a world-dominating marketing message. Artificial intelligence is not a way of life. It is a tool. A tool that in and of itself does not merit much of a mention.
Google Gemini.
How many automobile manufacturers proclaim “we use tires” as part of their marketing messaging? Tires are essential to an automobile’s performance, but since everyone has them, they’re not a differentiator and not worthy of mention.
In the same way, everyone has AI…so why talk about its mere presence? Talk about the benefits your implementation provides and how these benefits differentiate you from your competitors.
Novel thinking
Yep, the grandpas that declare “AI is only a tool” are missing the significance entirely. AI is not like a Pentium chip. It is a transformational technology that is already changing the way we create, sell, and market.
Therefore it is critically important to highlight your product’s AI use. AI isn’t a “so what” feature, but an indication of revolutionary transformative technology. You suppress mention of AI at your own peril.
How do I overcome my biases of experience?
OK, so I’ve identified the outmoded thinking that results from too much experience. But how do I overcome it?
I don’t.
Because if you haven’t already detected it, I believe that experience IS valuable, and that all three items above are essential and shouldn’t be jettisoned for the new, novel, and kewl.
Are you a identity/biometric marketing leader who needs to tell your prospects that your algorithms are validated by reputable independent bodies?
Or that you have a process (simple or not) that governs how your customers receive your products?
Or that your AI actually does unique things that your competitors don’t, providing true benefits to your customers?
Bredemarket can help with strategy, analysis, content, and/or proposals for your identity/biometric firm. Talk to me (for free).
By the way, here’s MY process (and my services and pricing).
With the exception of colorblind people, the use of colors in dashboards makes information more accessible, particularly in populations where green means “good” and red means “bad.”
The National Institute of Standards and Technology understands the importance of consistent colors, having worked on traffic light colors since the National Bureau of Standards days (PDF).
For more modern applications such as biometrics, NIST recently incorporated a color coding display change to one of its tabs for the “Face Recognition Technology Evaluation (FRTE) 1:N Identification” results. Specifically, the “Demographics: False Positive Dependence” tab.
The change, announced in an email, is as follows:
“The false positive identification error rate tables now include color-coding to highlight anomalously high values.”
In this context, “anomalously high” is bad, or red. (Actually dark pink, but close enough.)
But let’s explain WHY and HOW NIST made this change.
Why does NIST highlight demographic false positive dependence?
NIST has of course explored the demographic effects of face recognition for years, and the “Demographics: False Positive Dependence” tab provides additional tracking for this.
Why does NIST do this?
“False positives occur when searches return wrong identities. Such outcomes have application-dependent consequences, which can be serious.”
How does NIST highlight demographic false positive dependence?
Anyway, NIST created the “Demographics: False Positive Dependence” tab.
“The table shows false positive identification rates (FPIR), the fraction of searches that should not return gallery entries above a threshold, but do. The threshold is set for each algorithm to give a FPIR of 0.002 (1 in 500) or less on searches of women born in Eastern Europe.”
And for algorithms that have “anomalously high values” in other demographic populations, NIST has added the color coding.
“A cell is shaded by how much larger FPIR is than that: yellow if FPIR is 20 times larger; pink if FPIR is 40 times larger; and dark pink if FPIR is 80 times larger.”
What does the highlighting look like?
Let me illustrate this with the results from the three algorithms Omnigarde submitted.
Data captured April 8, 2026. Omnigarde.
Omnigarde’s first two algorithms, submitted in 2023 and 2024, exhibited high FPIR values for south Asian females, and the second algorithm also exhibited a high FPIR value for east Asian females. See the color coding.
The third algorithm, submitted in 2025, had lower FPIR values for these populations and thus no yellow color coding.
Even the less-stellar algorithms show improvement over time.
Data captured April 8, 2026. Anonymized (but you can figure it out if you’re curious).
Final thoughts
Both vendors and customers/prospects can rightfully question whether this is helpful or hurtful. I lean toward “helpful,” because if the facial recognition algorithm you use provides high false positives for certain popularions, you need to know.
And as always, law enforcement in the United States should NEVER solely rely on facial recognition results as the basis for an arrest…even for Eastern European females. They should ONLY be an investigative lead.
In the meantime, take care of yourself, and each other.
The National Institute of Standards and Technology (NIST) isn’t the only entity that is seeking to combat facial recognition demographic bias. The Center for Identification Technology Research (CITeR) is doing its part.
The Problem
NIST and other entities have documented facial recognition accuracy differences related to skin tone. This is separate from the topic of facial analysis: this relates to facial recognition, or the identification of an individual. (As a note, “Gender Shades” had NOTHING to do with facial recognition.)
It’s fair to summarize that the accuracy of an algorithm depends upon the data used to train the algorithm. For example, if an algorithm is trained entirely on Japanese people, you would expect that it would be very accurate in identifying Japanese, but less accurate in identifying Native Americans or Kenyans.
Many of the most-used facial recognition algorithms are authored by North American/European or Asian companies, and while the good ones seek to employ a broad data set for algorithm training, NIST and other results document clear demographic differences in accuracy.
The Research
The Center for Identification Technology Research (CITeR) is a consortium of universities, government agencies, and private entities. The lead entity in CITeR, Clarkson University, has initiated research on “improving equity in face recognition systems.” Clarkson is using the following methods:
Establish a continuous skin color metric that retains accuracy across different image acquisition environments.
Develop a statistical approach to measure equity, ensuring FR results fall within a precise margin of error.
Employ new FR systems in combination with or instead of existing measures to minimize bias of results.
In this work, Clarkson is cooperating with other entities, such as the International Organization for Standardization (ISO) and the FIDO Alliance.
The final goal is to make facial recognition usable for everyone.
Your problem
Is your identity company and its product marketers also working to reduce demographic bias? How are you telling your story? Bredemarket (the biometric product marketing expert) can help with strategic and tactical solutions for your marketing and writing needs.
Bredemarket services, process, and pricing.
If I can help your firm with analysis, content, or even proposals in this area, talk to me.
Note the “deprecated” and “legacy” data types. In 1993, Type 4 was the gold standard for fingerprint images; now it’s just “legacy.” And forget about binary representations or anything less than 500 ppi.
Time marches on.
But some people have been around for much of the ride. I scanned the lists of working group members and found Kenneth Blue, Tom Buss, Roland Fournier, Patrick Grother, Mike McCabe, John Splain, Mark Walch, and many others who remember Type 4 and 250 ppi binary images.
And the canvassees included government and industry representatives from within and outside of the United States, including Canada, Germany, Japan, Latvia, Slovakia, Switzerland, other countries I probably mnissed, and INTERPOL.
If Europe or other countries do break away from NIST standards, it will be a rupturing break.