Tag Archives: FBI

The FBI’s facial recognition system comes online

Privacy and security come up a lot with technology, and if you’re the suspicious type, something may seem awfully suspicious about this. The FBI has announced “Full Operational Capability” of it’s Next Generation Identification (NGI) system, which has been in development for three years and serves as an umbrella biometric identification system that will incorporate facial recognition and fingerprint identification capabilities along with things like voice prints sand other abilities.

For the fingerprint aspect of the system, NGI will be replacing the bureau’s current Integrated Automated Fingerprint identification System (IAFIS), which no one seems to mind. It’s the new facial recognition capabilities that have people riled up.

This new facial recognition component, the Interstate Photo System, is intended to treat faces like fingerprints; using automated software to scan photos of people and match the face in a photograph to a face already in the database. In other words, just like with fingerprints, if law enforcement has a photo of someone, they can compare it to the images in their database of faces, and the system will return 50 likely candidates. The database is expected to have over 50 million faces by next year.

Many states are already participating in the program, as can be seen in the map below. MOU, in the legend, means ‘Memorandum of Understanding,’ which is simply an agreement on an ideal between two parties, it indicates they are on the same page about something.

States participating in NGI

States participating in NGI

It has been decried, of course, by many groups including the main anti-monitoring group the Electronic Frontier Foundation, which is often at odds with government at all levels for their surveillance and monitoring practices. The big issue is the possibility of false positives, or accuracy in general, which is the main issue the EFF takes. From reports, of the 50 faces returned, there is an 80 percent probability that the actual matching face will be returned in the results. However, the system has already had success and I suspect will continue to expand rapidly in practice.

This is a sensitive subject, so let me make a couple of comments: First, as we have already said on this site, privacy and security are mutually exclusive. If you want one, you give up some of the other. You can’t have complete privacy and complete security. In this day and age, with what is happening in the world, the balance of one versus the other is a seemingly impossible judgement.

Also, Facebook and Apple have been using facial recognition for years and no one seemed to mind. In fact, here in Las Vegas s have been using it for YEARS for essentially – but not quite – the same purpose the FBI now claims and we’ve been ok with it. Priorities, I suppose.

You can see an unclassified PowerPoint presentation about the system that has a few additional details at this link.

Did Russian hackers almost bring down the nasdaq?

It has just been revealed that in 2010, Russian hackers, likely associated with the Russian government, and using using custom-designed malware to exploit zero-day vulnerabilities (something that should absolutely not be present in systems of this sort) were able to infiltrate the NASDAQs systems for the purposes of snooping around. However, it appears it also had the capabilities of delivering what is known as a ‘Logic Bomb;’ a destructive program that waits until a specific date occurs before it does its damage.

A destructive program destroying the internals of the NASDAQ’s servers would have wreaked havoc across the U.S. financial infrastructure, and the world’s as well. And it turns out that once the malware was discovered it appeared it could have wiped out the NASDAQ’s internals completely. So serious was it, that although no less than five separate federal security agencies had discovered the infiltration, they felt it had to be brought to the attention of the President.

cyber-security-defenseThe investigation discovered that not only did these Russian hackers have access to the NASDAQ’s servers, but Chinese hackers did as well along with other unidentified intruders, and that the servers were very vulnerable to attack with one person referring to it as a swamp. Although the potential impacts were catastrophic, the NASDAQ never reported the attacks nor indicated their severity. Expanding on the investigation, it turns out most banks and large financial institutions were possessed of the same vulnerabilities.

The scary part is that no conclusion was ever reached. Even the ultimate purpose of the intrusion is unclear; some say it was to do damage, some say it was just so the Russians could build an equivalent system. It also shows that we are not as far ahead as we often think in terms of security or technology; we still can’t definitively say it was actually the Russians. Great advances have been made since this event happened, but it’s a global race and it seems we’re still in no position to prevent it.

 

Going Up