Biometrics and Human-Centered Machine Learning: Toward Greater Security and Convenience

Text will be added shortly

The Challenge:

Modern societies must manage identity, on the one hand for government functions such as border control, law enforcement or safeguarding democratic processes, and on the other hand for the everyday verification of identity in digital services and payment transactions. Traditional methods such as passwords, PINs and tokens (ID cards, cards) are, however, prone to error: they can be forgotten, fall into the wrong hands or be forged. Many security incidents are linked to weak credentials.

At the same time, there are large groups of people worldwide without formal identification documents who are denied access to key areas of society such as the financial system or elections. Against this backdrop, biometric methods are presented as a technical solution, as they rely on physical or behavioural characteristics and are intended to enable identity to be recognised automatically and reliably. However, biometric methods are not in themselves the solution to these problems. In fact, several challenges arise: performance, security, deployability, privacy, equality and inclusion, transparency, legal awareness and social adoption.

From the lecture:

As a first step, biometrics is introduced according to the ISO definition as the automated recognition of individuals based on biological or behavioural characteristics. Examples include the face, fingerprint or iris, but also dynamic characteristics such as gait or voice. These methods are caught between the conflicting demands of security needs, convenience and the rights of those affected.

Performance:

The performance of biometric systems is discussed with regard to several aspects. On the one hand, new fields of application are constantly emerging, such as automated border control or mobile facial recognition. On the other hand, systems must cope with intra-personal variations: ageing, illness, lighting conditions, masks or accessories alter the appearance of the same person. Research in this area pursues both empirical studies and model-based approaches that explicitly adapt learning methods to the varying levels of variation among different users.

Security:

In the security context, the focus is on attacks that attempt to deceive biometric systems. The talk addresses the need to detect attacks and also to be able to anticipate new types of attack. These include presentation attacks (such as masks or ‘spoof faces’), morphing attacks in which facial images of multiple people are merged, as well as more advanced strategies such as adversarial attacks, data poisoning or ‘master samples’, which can mimic multiple identities simultaneously. Research aims to develop detectors that generalise beyond specific training cases and enable the detection of such attacks.

Deployability:

The term ‘deployability’ covers practical usability and resource efficiency. Deep neural networks require high computing power, memory and energy, which directly impacts costs and the carbon footprint. At the same time, biometric methods are increasingly intended to run in embedded systems, such as in vehicles, head-mounted displays or mobile devices with limited resources.

Privacy:

A key issue is data protection. Biometric data is highly sensitive because it cannot simply be ‘changed’ and can be used for more purposes than just recognition. At the same time, large amounts of data are required to train models. Research is pursuing two lines of inquiry here: on the one hand, it is investigating which additional information, such as gender, age or other ‘soft biometrics’, is stored alongside embeddings and whether this can be selectively masked whilst identity information is retained. Secondly, the use of synthetic data is being discussed; this data exhibits realistic characteristics without being directly traceable to real individuals. Such data is intended to meet training requirements whilst also better fulfilling data protection requirements.

Equality and Inclusion:

Issues of fairness are prominent and relevant. In practice, biometric systems exhibit varying error rates along demographic lines. Certain groups are more frequently misidentified or rejected. The causes are not fully understood. Research projects are therefore systematically investigating which factors shape these differences, how fairness can be improved with existing feature extractors, and whether attack detection systems also protect certain groups better than others.

Transparency:

‘Transparency’ refers to the transparency of biometric systems. To date, it is often unclear which image regions or signal components actually contribute to the decision and how reliable a decision is. Pixel-precise assessments of image quality aim to clarify why certain faces are particularly helpful for recognition. In addition, methods are being discussed that assign an explicit measure of uncertainty to comparison scores and, ideally, explain why a comparison was classified as a match or a non-match.

The aim is to make decisions more comprehensible to external parties, such as border officials who need to interpret an algorithmic decision.

Legal Awareness and Social Adoption:

Ultimately, legal and social frameworks are of significance. Under the heading “Legal aware AI and AI aware laws”, the focus is on the need for technical systems and legal frameworks to be aligned with one another. Data protection law, specifically: special requirements for biometric data and future AI regulation, determines which forms of data collection, storage and reuse are permissible. At the same time, social acceptance depends on trust, transparency and perceived fairness.

Perspectives:

The vision of the research presented is a world in which biometric systems are simultaneously secure, compliant with data protection regulations, transparent, inclusive and ethically justifiable, and can thus hope for long-term societal acceptance.

Technical questions regarding recognition performance, robustness against attacks and resource efficiency are closely intertwined with data protection, legal policy and societal issues.