Stark digital transformations of the last quarter-century have brought about unique challenges for people. At no point in human history have data and technology impacted almost every facet of our daily lives. Navigating the digital age is not always easy — our personal information now lives in online accounts and on our devices — and regulations over individual privacy and security are lacking.
Story by Olivia Miller, Communications Specialist
Photos by J. Paige Nesbit and featured individuals
A large part of that digital transformation has been in the integration of biometric systems into devices we use in our daily life. Biometrics are unique physical characteristics, such as fingerprints, iris, face, and gait that can be used for automated recognition, such as Apple’s fingerprint and face recognition security measures on their devices.
Biometric authentication has made our lives easier in many ways, providing a convenient and fast user experience and an added level of security that adds a significant roadblock for fraudsters and hackers. Conversely, uncertainty around the how the technology is used (and by whom) has grown in recent years. Most consumers don’t fully understand how this technology works, its advantages and disadvantages and how safe or reliable it is.
At the Benjamin M. Statler College of Engineering and Mineral Resources at West Virginia University, our students and researchers are addressing important challenges in biometric technology development and are helping to educate the public about personal privacy and data and new advancements in the latest technology.
Define data and biometrics
- facts or information used usually to calculate, analyze, or plan something
- information that is produced or stored by a computer
\ ˌbī-ō-ˈme-triks \
- the measurement and analysis of unique physical or behavioral characteristics (such as fingerprint or voice patterns) especially as a means of verifying personal identity
Up for the challenge
A biometrics system’s ability to identify a person is only as good as your dataset.
Flashy FBI television shows like NBC’s “The Blacklist” portray an almost instant identification of an alleged criminal’s mugshot or passport photo with a blurry still image from a surveillance camera using facial recognition software. The surveillance camera feed supplying one of the images often captures a side profile of a person wearing a hat and sunglasses from a far distance, yet the software can immediately identify the person.
In reality, though, the current technology isn’t quite up to that level of accuracy. Jeremy Dawson, an associate professor in the Lane Department of Computer Science and Electrical Engineering, works in the creation of large-scale biometrics datasets.
Dawson’s research group has been focusing on biometrics — identifying humans based on unique physical or behavioral traits — since 2007. In the last 10 years, Dawson has collected a large repository of biometric data with roughly 15,000 datasets from approximately 10,000 individuals through Institutional Review Board-approved human subject research.
Through a research project funded by the Department of Defense, Dawson hopes to address a current challenge hindering the progress of the field of biometrics —unconstrained face recognition. According to Dawson, when a system is operating with a low-quality image, performance starts to drop off, leading to inaccurate identifications, unlike what is portrayed in most television cop dramas.
For example, you have an ideal passport style photo — the person is standing in front of a neutral background and is mostly expressionless, and the image quality is high — and you try to match the ideal photo against a still frame from a video captured by a surveillance camera at 100 meters at night. The resulting photo from the surveillance footage shows a person whose face is not well-lit, they are wearing a hat and glasses and the footage is blurry, which create a challenging scenario for the algorithms to work with.
Dawson explained that to teach an algorithm to accurately identify humans in these difficult environments, you need a lot of pictures of the same person under a lot of different scenarios to avoid misidentification.
“We plan to collect face data at a long range, up to a kilometer, with many different types of cameras, even with some unmanned aerial vehicles,” Dawson said. “We’re also going to have people change clothes to provide an additional recognition challenge. So, if the person in the image is too far away, and you can’t get a good image of their face, we can look back at their whole body and analyze how their whole body moves. That is called gait recognition.”
Dawson’s large-scale biometric dataset will be useful in this emerging area of biometrics research to improve the accuracy of the algorithm’s ability to identify a person from low-quality images. His research group’s data has been collected on a volunteer basis and requires the individuals to offer their consent for the data to be used. Without the volunteers, the research datasets wouldn’t exist. The biometric data consists of images of a person’s face, an iris scan, fingerprints and their gait.
“Everything is protected with the utmost care and concern of the privacy of the individuals,” Dawson said. “When a person comes to the lab to do data collection, one of my staff members explains to them all the things that are written in the consent form, and then lets the person read it and ask questions.
“Everything that we collect and use in research is done with the consent of the individual and with their safety and privacy in mind throughout the whole process, and that also includes how we store it and what measures we take to ensure the data is protected,” he continued.
The dataset is kept under high security — none of the computers are connected to the internet, making it nearly impossible for hackers to access the data. The data is stored locally on each individual computer that operates a sensor, and it’s also stored remotely on a private local area network. That room sits behind a locked door, with limited access, and to top it all off, the data servers and the computers themselves are all password protected.
The future of biometrics
Whether we recognize it as biometrics or not, identification technology is now part of daily life, with implementation of face recognition to unlock smart devices and fingerprint scans to unlock various devices, streamlining our ability to log in to accounts and make purchases. Most of us benefit from biometric technology multiples times a day.
It is important for use in disaster scenarios, in providing a higher level of defense against fraud because the data is not easily replicable, and it has the potential to lead to advancements in healthcare, law enforcement and national security.
“It’s really about convenience from an everyday person standpoint,” Dawson said. “You don’t have to worry about typing in your password if you have your face ID activated. So, it provides some higher level of security and ease.”
Nasser Nasrabadi, professor in the Lane Department of Computer Science and Electrical Engineering, said biometrics will continue to have a huge impact on our society in the way of autonomous vehicles, safer and easier travel through different countries and will continue to allow quick access to smart devices and secured buildings by replacing traditional passwords for authentication.
Another widespread use of these systems has been to aid law enforcement in building criminal cases, helping to retrieve faces of bad actors more quickly in public environments. However, despite an early embrace of biometrics by federal agencies, several states and two dozen cities have passed facial recognition bans to regulate government use of the technology.
“Ideally the issues of differential performance and privacy concerns would have been thoroughly addressed from the start, unfortunately, that’s oftentimes not the way science works,” Dawson said. “You have a good idea, and people want to use it. Then, it’s not until it’s more widely used that some of these unintended consequences start to appear, and I think that’s where we are with biometrics now.”
According to Dawson, federal oversight continues to grow and is provided by organizations such as the National Institute for Interdisciplinary Science and Technology and the Federal Bureau of Investigation, who provide extensive training and define best practices.
Nasrabadi added that in the future, there will be more advanced mechanisms developed to protect and make access to your biometrics impossible.
Changing the landscape
The Center for Identification Technology Research (CITeR) at WVU is a National Science Foundation funded multi-university research center whose focus is to address research challenges related to securing individual identity in a global society with a focus on automated biometric recognition and credibility assessment.
WVU developed CITeR in 2000, and now consists of Clarkson University, University at Buffalo and Michigan State University. Within CITeR and the biometrics program in the Statler College at large, important pieces of the mission moving forward are addressing biometric vulnerabilities, making biometric recognition safer and more secure, and education.
According to Matthew Valenti, professor of computer science and electrical engineering and WVU site director of CITeR, the government often looks to the internationally recognized center for guidance regarding implementation of new features to their databases. WVU and CITeR have played a significant role in the advancement of biometric systems at a national stage.
On the consumer side, CITeR has developed consumer facing technology to allow people to access a banking or finance account using biometric features. The eye verification technology developed from the project resulted in a spinoff company started by WVU graduate Rexa Derakhshani called EyeVerify, which, in 2015, was purchased by Ant Financial Services Group for $100 million.
“In the future, CITeR will concentrate more on smart biometrics technology using artificial intelligence and machine learning technology,” Nasrabadi, co-director of CITeR, said.
Nasrabadi added that future biometric algorithms developed in CITeR could potentially be used for entry-exit border control, replacing the passport for ease of travel.
Undergraduate and graduate students working on CITeR-funded projects are tasked with developing better approaches to personal identification. By the time students graduate after working within the Center, they have the skills necessary to work with companies who are creating biometric systems and the components that the systems use.
Another area that researchers in the College are hoping to bring awareness to is the idea of explainable artificial intelligence. Essentially, biometrics are based on features — for example, in face recognition, most people have two eyes a nose and a mouth.
According to Jeremy Dawson, when early facial recognition algorithms were developed, the computer was trained to identify people similarly to how we identify people.
“The computer was trained to look for eyes, a nose and a mouth,” Dawson said. “There are a set of features that a group of humans sat down one day and said they were going to use, but with the advent of artificial intelligence, it gave us the opportunity to allow the computer to determine which features are the best to use.”
Dawson explained that a computer can recognize features that are not normally noticed by people.
“Computers see features that exist either in the actual image, or some mathematical transformations of that image, which are far more unique than what we would actually see.” Dawson said. “So, in the case of AI and biometrics used for criminal cases, it’s hard to get up in front of a jury and explain how the computer made that conclusion.”
In the coming years, CITeR and biometrics researchers at WVU aim to expand on the idea of explainable AI so these processes can be better broken down in a courtroom and to the public at large.
Recently, CITeR worked with a marketing agency to create a series of animated educational YouTube videos to explore biometrics and its practical uses. The video features two women, Mia and Sophia, as they travel on vacation and learn about biometric technology and all of its potential uses. Mia and Sophia talk about two main types of biometric systems, verification and identification, and false identification while en route to their destination. Throughout their travels, they experience how biometrics are used to get through airport security more quickly and easily.
“One of the field’s biggest obstacles is actually not technical, it’s public acceptance,” said Valenti. “Within CITeR we try to educate the general public, who are users of the system, because public acceptance of biometrics is very important, and it’s important that people feel comfortable with the way that their biometrics are being used and that they’re not being used without permission.”
Protecting your data in the digital age
Today, it is estimated that 75 percent of the world’s population are internet users. According to Katerina Goseva-Popstojanova, professor of computer science and electrical engineering, the huge amount of digital content being produced today has led to a vast cyber-attack surface.
Goseva-Popstojanova’s research interests are in software engineering, cybersecurity and data analytics, as well as in higher education focused on these areas.
In addition to complications with increasing numbers of internet users, the shift to remote work has added more challenges to cybersecurity. People are now using their personal computers or other devices to access work computers over unsecure networks, they may not use proper antivirus protection and may be more likely to fall for phishing scams.
Everyday internet users create roughly 2.5 quintillion bytes of data, according to data from DOMO’s Data Never Sleeps 5.0 Report, and that pace is accelerating with increased use of the internet. Most internet-connected devices track, produce and store information about our actions online.
“Even when people are careful, in this digital age, it is inevitable to have one’s data, including personal data, accessible to and stored by third parties,” Goseva-Popstojanova said. “Unfortunately, how these data are used typically is not under control by the user, but it is regulated by the end-user license agreement that we accept when downloading the apps, using browsers or different services.
“These agreements are typically long and use confusing legal terminology,” she continued. “Therefore, they are not read by users carefully, or at all, which allows these third parties to use and misuse the data for different reasons.”
How to stay connected safely online and protect your online presence
Advice from our experts
While no simple measure is foolproof, these tips can help you navigate your digital life safely and securely and decrease your odds of being hacked. Because biometric data is often stored on the internet, it is not immune to hacks either.
Simple steps to protect your personal information online:
- Be considerate of information you share on social media and be aware of privacy settings.
- Be considerate of the type of apps you download and use. Some apps may have access to your devices and will report your information back to app vendors, which may be private, but also have cybersecurity issues.
- Disable unnecessary cookies in your browsers and when visiting websites. This may limit functionality and make web browsing less convenient but will help keep your information secure.
- Only enable GPS on your phone when necessary.
- Do not share your email address or cell phone number if it is not necessary.
How to increase security on your personal and work devices:
- Use anti-virus software and a firewall.
- Keep your software — operating systems and apps — up to date. The latest security software, web browser and operating system help prevent online threats. Don’t ignore these messages on your phone or computer.
- Manage your browser’s security settings. Double-check the privacy and security settings on your devices and personal accounts.
- Do not use public WIFI without authentication and encryption.
- Do your research before downloading a new app. Refrain from downloading apps from untrusted sites. Search for articles about privacy and security features prior to downloading. Pay close attention to the permissions requested by apps, especially if they request access to your location. Exercise caution against apps like FaceApp or other face-aging apps.
- Think twice before you click on anything. Hyperlinks included in email and social media files may lead to downloading malware.
- Make frequent backups of important data.
- Protect all your devices using passwords, fingerprint lock, face recognition, etc.
- Select strong passwords that are long, complex and unique. Use two-step authentication whenever possible. Save your passwords securely by using a password manager such as LastPass, Dashlane, 1Password, Keeper or Bitwarden.
- Never share personal identifiable information like usernames and passwords, bank account numbers, social security numbers, etc.
- Be ready to recognize spam or scam and never engage with spammers or scammers.
More online safety tips
WVU’s Information and Technology Surface has even more tips to Defend Your Data online.
You can find resources for teaching, learning and working remotely, along with tips on how to stay safe online whether you are on campus or at home by visiting it.wvu.edu.