Chapter 7: Forensic Biometrics

Welcome to Last Minute Lecture.

This free chapter overview is designed to help students review and understand key concepts.

These summaries supplement not replaced the original textbook and may not be redistributed or resold.

For complete coverage, always consult the official text.

Welcome back to the Deep Dive.

Today, we are taking a really thorough shortcut into one of the most critical and frankly most exciting areas of modern forensic investigation.

Forensic biometrics.

We're talking about identification that goes way beyond, you know, a simple fingerprint on glass.

Yeah, this is about using the human body itself.

Exactly.

Our biology, our behavior as the ultimate identification key.

That's right.

And our mission today is to, well, to dive deep into our source material, which is chapter seven of criminalistics, an introduction to forensic science.

Okay.

And we're going to try to understand exactly how these unique traits,

biological and behavioral, are captured, processed, and then used for identification.

And not just identification, but verification and matching.

Exactly.

This field is, I mean, it's fundamentally reshaping how law enforcement and government agencies identify people.

We really need to get into the mechanics of it and the limitations.

And to set the stage for why this technology is both, you know, absolutely essential and sometimes just shockingly unreliable, we have to start with a moment that really shocked the nation.

The 2013 Boston Marathon bombing.

Yes.

Let's unpack this for a minute, because it presents this this fascinating paradox about where the attack was even a decade ago.

It really does.

I mean, you have this horrific terrorist attack, three people killed,

264 others wounded.

Just awful.

And the investigation that followed was just on an unprecedented scale.

Oh, completely.

The FBI called on the public for help and they were just flooded with information.

Over 2000 reports and photos submitted almost instantly.

And crucially, among all those images, they had clear photos of the two suspects.

The Zarnaev brothers, Jolkar and Tamerlan.

Right.

So this wasn't a case of some, you know, unidentified ghosts.

These were individuals who had legal standing in the U .S.

Yeah, they were in immigration databases.

Jolkar had a U .S.

driver's license, so a current photo was on file.

And Tamerlan, he had actually been the subject of a previous terrorism investigation.

Which means his image was already sitting in existing FBI repositories.

So let me get this straight.

You have clear photos of the suspects and you have their high quality images already stored in government databases.

Yet, when investigators ran the images through the FBI's facial recognition system,

what happened?

It failed.

It failed to make a reliable match.

And that is the just the stunning failure that really highlighted how far the technology still had to go to handle real world scenarios.

So if the data was there, what went wrong?

What were the specific technical hurdles that caused this?

What made the machine blind?

Well, the source material is very clear about the limitations.

The first major hurdle is image quality.

The resolution.

Exactly, the resolution.

Even today, but especially back then, the software just struggles profoundly when it's analyzing faces from photos that are grainy or low res.

Which most of the public's photos would have been.

Right.

And in Tamerlan's case, he was also wearing sunglasses and a baseball cap.

Obstructionist.

Huge obstructions.

They drastically distort the results of a facial scan.

So simple accessories can defeat a multimillion dollar system.

At the time, yes, but it goes even beyond that.

The software had trouble compensating for just simple variables like the subject's posture or the angle of their head or even just the light exposure.

Things that change constantly in the real world.

All the time.

And those variables could throw the recognition algorithms completely off.

Investigators had to learn this the hard way and they ended up identifying the brothers using more conventional methods.

Tips from the public.

That's right.

That context just sets up this whole discussion perfectly.

We're talking about a technology that is incredibly powerful, but also surprisingly fragile.

It all depends on the conditions.

Exactly.

So before we jump into the detailed mechanics, let's briefly define the core concepts that structure this entire field.

OK, so to start, biometrics can be pretty neatly split into two foundational groups.

OK.

First, we have physiological biometrics.

This focuses on stable physical traits that don't really change.

Like fingerprints.

Fingerprints, retinal patterns, or even the unique geometry of your hand.

These are generally the most reliable for a positive ID.

And the second group.

That would be behavioral biometrics.

This looks at dynamic, unique patterns of action.

How you do something.

So less stable.

Much less stable and more experimental because your behavior can change.

Think about how someone signs their name, their typing rhythm, or even just their unique way of walking.

OK, so you have physiological and behavioral traits.

And the system uses that information for one of two functions, right?

Correct.

The first is biometric matching or verification.

This is typically a one to many comparison.

Looking for a needle in a haystack.

That's a great way to put it.

It scans a characteristic against a massive database to find one person of interest out of a huge crowd.

This is law enforcement's primary use case finding fugitives or terror suspects.

And the second function is biometric identification or access control.

And that's a one to one comparison.

It's much simpler.

It just analyzes a single trait to either grant or deny you entry to your phone, a secure facility, whatever it is.

Got it.

So that structure, the type of trait and the function of the search.

That's basically our roadmap for this whole deep dive.

So let's start at that foundational definition.

What is biometrics, really?

And why did it become the preferred solution over, you know, a simple lock and key?

Well, at its core,

biometrics is a cutting edge form of access control.

It accurately and efficiently identifies humans using those unique biological and behavioral traits we just mentioned.

And the source material uses a great real world example.

The Apple iPhone fives with touch ID also in 2013.

Yeah, it's a perfect illustration.

Before that, passwords were the standard and our data was just highly vulnerable.

It essentially makes you the key.

But a key that's, well, impossible to lose or copy.

Exactly.

The text uses this great analogy.

It's like imagining a world where your house keys are obsolete and everyone in your family can just touch the doorknob to get in because the system recognizes their unique physiology.

And the security argument for the shift is just so powerful.

It is because it solves two major problems at once.

First, the weakness of passwords.

Hackers can use tools like dictionary attacks.

What's that exactly?

It's software that just systematically generates combinations based on common words or known patterns to steal your credential.

And it works because we all pick terrible, easy to guess passwords.

We do.

And the second problem biometrics solves is our reliance on physical keys or key cards, which are so easy to lose or steal or copy.

Right.

And as the text emphatically states, you can lose a key, you can copy a key.

But a human iris is completely unique and, crucially, almost impossible to duplicate in a way that would fool a modern sensor.

OK, so we established that these systems operate in two modes, matching and identification.

Let's spend another moment on the operational difference, especially for law enforcement.

Sure.

So when systems perform biometric matching or verification,

they're running that one to many search.

They're built for institutions that are actively seeking a person of interest, trying to find someone in a crowd.

Exactly.

It makes it incredibly difficult for fugitives or terrorist suspects to hide if their data is already in some central repository.

And identification.

Biometric identification is purely about controlled access.

It's that one to one comparison.

You present your trait, your fingerprint, your face, and the system just verifies that you are who you claim to be.

Granting or denying entry.

Simple as that.

The precision for that function has to be extremely high.

When you talk about precision, the whole field is really a balancing act, right?

Between two competing measurements that determine how trustworthy a system is.

That's right.

Every single system has to balance the false acceptance rate, or FAR, and the false rejection rate, or FRR.

OK, so the false acceptance rate is?

That's how often an unauthorized person is wrongly accepted by the system, which is a massive security risk, a huge risk.

And the FRR, the false rejection rate, is how often an authorized user is wrongly rejected.

Which is just a major pain.

Super annoying.

Exactly.

It's a usability problem.

The goal is always to minimize both.

But here's the tension.

Minimizing one often increases the other.

And that's what makes developing these systems so complex.

I see.

So let's get into the two major groups of traits, starting with physiological biometrics.

These are the stable physical characteristics of the body.

Right.

The source text lists five key types in this category.

The most classic, of course, are fingerprints.

Everyone knows fingerprints.

Used for centuries.

And they're noted as the most cost efficient and easy to install system.

They're really the baseline for biometric ID because of their long history and near perfect uniqueness.

OK.

And then we have identification based on the entire hand.

Right.

That's hand and vein scans.

Humans have a unique set of traits just in the shape and geometry of the hand.

But the real unique marker is the veins, isn't it?

It is the detailed pattern of veins running through your hand, which they often capture using infrared light.

That pattern is unique enough to be a very reliable biometric marker.

So moving up the security ladder and probably the cost scale, we get to the eye.

Retina and iris scans, the gold standard, pretty much.

They're implemented in government institutions, high security areas,

places dealing with classified information.

They rely on that intricate map of the human eye, comparing complex muscles and fibers.

So they're expensive, but necessary for protecting really high value assets.

Correct.

And finally, in this physiological category, we have facial scans,

which, as the Boston Marathon example showed, are maybe the least accurate.

They are, especially for identification in a crowd setting.

They're still the least accurate because the tech struggles to distinguish subtle traits in still images, especially when they're low res or angled or obstructed.

Exactly.

We're going to dedicate a whole section later to the complex algorithms researchers use just to try and make the face as reliable as the iris.

OK, so if those are the physical identifiers, let's switch to behavioral biometrics.

These seem, I don't know, inherently less reliable.

They're based on actions.

And you're right.

They are generally considered much less stable.

Behavior can be affected by your physical condition, stress, even you consciously trying to change it.

This category is all about the way a human performs an action, starting with the most common handwriting.

It's the most commonly used behavioral biometric, but it's not just about looking at the shape of the letters on a page.

There's more to it.

A lot more.

A sophisticated sensor analyzes the stroke patterns, the curves, the arches.

And critically, the software measures the amount of pressure and force you exert on the sensor pad.

Wow.

It's a complex blend of pattern recognition and physics, comparing the dynamics of your signature to the original to determine if it's authentic.

That dynamic measurement adds a layer of complexity that just looking at it misses.

Precisely.

Next up, we have keystroke dynamics.

Your typing style.

Exactly.

It measures the unique way you type on a keyboard, your speed, how long you hold down a key, the rhythm of your movement between keys.

This is incredibly useful in places like a call center or a bank where multiple people might share the same computer.

So the software can know exactly who is sitting there.

Even if they're using the same login.

That's the power of it.

The software can monitor the typing rhythm constantly,

providing continuous authentication.

It could potentially flag an intrusion if the typing pattern suddenly changes.

Clever.

And then there's voice recognition.

This system measures the pitch and subtle dynamics in your voice,

your unique vocal tract characteristics.

Its acceptance is growing really fast, especially for mobile security, because it's so easy.

It's not intrusive.

You just speak naturally and the system verifies who you are.

And finally, the most experimental one, which sounds fascinating for surveillance from a distance, gate recognition.

Gate just refers to the entire cycle of walking.

Every person has a distinct way they walk, their posture, step length, speed, how they position their feet.

And the system analyzes that from far away.

It tries to.

But the text really stresses that this is still experimental and not highly accurate.

And I'm guessing the inaccuracy comes from all the variables.

Absolutely.

Yeah.

Wearing a heavy coat, carrying a backpack, even a minor injury.

All of those can easily modify your gate.

For now, its main use is maybe picking out a person of interest from a distance, but it can't provide the certainty you need for a positive ID.

That overview gives us a great map of what biometrics are.

Now, let's jump into how these systems actually work.

How do you take a messy real world trait and turn it into searchable data?

Right.

And there's this fundamental four step workflow that's universal, regardless of the technology.

It's the operating blueprint for the whole industry.

Exactly.

These are the four steps every biometric system follows, whether it's using a near infrared camera for an iris or a sensitive microphone for a voice.

OK, step one, the enrollment process.

This is where you first enter the system.

Right.

Definitionally, this is the process of capturing your initial foundational biometric data and storing it in a database for all future comparisons.

So it's creating the baseline.

Precisely.

It involves collecting the raw data through a sensor, a camera, a fingerprint reader and sending that raw input to a data acquisition module.

This creates the foundational template.

OK, so once that raw data is collected, it goes to step two, data preprocessing.

And this function is absolutely crucial.

It's all about cleaning of the input.

OK.

This module is responsible for enhancing only the necessary data points

and normalizing any corrupt or inaccurate data that might have come from the real world to give it like a specialized cleanup crew.

Can you give me a concrete example of that cleanup?

Certainly.

If it's a voice recognition system, this module removes background noise.

It isolates your voice from other chatter.

It standardizes the volume.

And for an iris scan.

For an iris scan, it works to eliminate blur, competency for you blinking or remove glare from a bright light.

Without this step, even a small change in the environment could lead to a massive false rejection rate.

And then we get to what the source calls the heavy lifting.

This is where the unique numerical signature gets calculated.

This is arguably the most complex and most important component.

Here, the module uses extremely sophisticated mathematical equations and algorithms to find and isolate the unique, non -repeating patterns within that cleaned up trait.

So it's moving from a picture to just pure math.

Pure numerical representation.

That's a perfect way to put it.

How does that look in practice, say, for a fingerprint?

OK, for a fingerprint, the algorithm doesn't see a swirl.

It sees a mathematical map, a subtle loop,

horal and arch changes.

It's determining the relationship between minutiae points, the ridge endings and bifurcations with near perfect accuracy.

And for an iris.

For an iris scan, the equations are judging the precise distance between muscle fibers in the eye.

The accuracy of the entire system really hinges on how sophisticated these feature extraction algorithms are.

So once the heavy lifting is done and those unique features are now just numbers, the system has to simplify it.

Which brings us to the final step.

Step four, the template generation module.

This module takes all that pure mathematical data from feature extraction and converts it into a standardized, simple, easy to read and highly time efficient format.

That's the template.

And this simplification serves two purposes, right?

It does.

First, efficiency.

It makes your individual biometric file extremely small.

This speeds up comparisons across massive databases from, say, minutes down to milliseconds.

And the second purpose.

Security.

These final templates are not the raw image of your face or fingerprint.

They're an abstract mathematical representation.

And crucially, these templates must be stored securely and heavily encrypted.

Why is encrypting the template so much more important than the raw data from step one?

Great question.

Because the template is the standardized key.

If a raw image of your face is stolen, that's a problem.

But your face changes over time.

If the standardized encrypted mathematical map of your iris, that unique immutable identifier is stolen.

That's permanently compromised.

Permanently.

You can change a password, but you can never change your iris.

The template is the permanent identifier, so its security is absolutely paramount.

That really puts the whole workflow into perspective.

From a messy real world trait, you clean it up, extract the unique mathematical signature and then encrypt that signature for fast, secure searching.

Now we're going to dive deep into two specific physiological biometrics, starting with the most stable and you could argue the most secure,

the iris, the iris code.

Right.

The human iris is that colored section around your pupil and its stability is the fundamental reason it's considered the gold standard.

It's made of muscle patterns.

Complex, tightly grouped muscle patterns.

And while your eye color is genetic, the intricate muscle patterns and construction of the iris are unique to every single person.

Even identical twins.

Even identical twins.

And here's where it gets really interesting from a forensic perspective.

That stability is built in from the very beginning.

The formation of the iris begins prenatally.

And as the fetus nears birth,

natural muscle fiber degeneration occurs.

And that's what forms those incredibly unique patterns we use today.

That's it.

Stability is just unmatched.

Crucially, the iris will remain physically unchanged for your entire life, short of some extreme physical trauma.

And it's protected by the cornea.

Perfectly protected.

So unlike your face or your skin or even your fingerprints, which can get scarred, the iris sees almost no alteration as you get older.

This makes it an incredibly stable and reliable ID.

And people have known this for a while.

The first comparison of the iris to a fingerprint was back in the 1950s.

Yeah.

By a British ophthalmologist, J .H.

Doggart, who noted its potential for infinite patterns.

But the modern era of iris biometrics really begins with one person.

Courtier John Dogman.

In 1985, he was approached to write a computer system for automatic analysis.

And by 1994, he had completed the groundbreaking technology we now know as the iris code.

And most systems today are still based on his work.

They are.

Most new applications still use the fundamental infrastructure and the mathematical elegance of Dr.

Dogman's original algorithm.

Now, we mentioned retina scans earlier and that iris scans are replacing them.

Why the shift away from retina scanning if the retina is also unique?

Well, the retina is composed of neural cells and unique veins at the very back of the eyeball.

And to image those patterns, you have to shine a powerful light directly through the pupil.

Which sounds uncomfortable.

It is, but there are other drawbacks, too.

First, the images can be affected by diseases like diabetes or glaucoma.

That's not an issue for the external iris.

And then there's the usability, which is the real feeler.

Exactly.

Retina scans require your eyeball to be fractions of an inch from a high power camera lens.

The process is long.

It's uncomfortable.

It's highly intrusive.

Whereas an iris scan is just a picture, a high definition photograph from a reasonable distance, a foot or more away.

That flexibility has made iris scanners the dominant choice, pushing retina scanners into very niche applications.

So let's detail this superior iris capture mechanism.

How does the camera get such fine detail?

All modern iris systems rely on a high quality digital camera combined with near infrared wavelengths or NIR.

Specifically, light in the 700, 900 nanometer band.

Correct.

Why is NIR light so important here?

Because visible light, while it captures color, lacks the textural depth you need for feature extraction.

NIR lighting gives you exceptionally rich detailed results because it penetrates the top layer of tissue just enough to reveal all the subtle craters and fine texture of the iris muscle.

And once it's lit up, the software isolates it.

It uses the outer landmarks, the circular shape of the iris, to isolate the region of interest.

And this prepares it for the mathematical heavy lifting.

Right.

The system then applies what's called a 2D Gabor wavelet, which is a specialized mathematical filter.

Exactly.

And this filter breaks the iris into multiple tiny partitions called phasors.

These phasors are the mathematical keys.

They map the orientation and speech frequency of all those fine features.

The direction and tightness of the muscle fibers.

Precisely.

And the end result of all this is the iris code template.

Yes.

The system translates all that phasor information into the final unique template called the iris code.

And here's the revolutionary part.

All the unique characteristics for a single iris can be stored using only 256 bytes of data.

256 bytes?

That's tiny.

In an age where one phone photo is several megabytes, storing a person's entire permanent ID in 256 bytes means you can search a global database almost instantly.

That's the real insight.

It's not just unique, it's tiny and fast.

And it's robust against things like bad lighting.

Very robust.

The system is designed to be reliable against minor contrast changes or overexposure.

The enrollment process itself is simple and fast.

It just take two photos, one invisible light, one with NIR to create a 512 digit iris code in a few minutes.

This precision has made it an invaluable tool, especially for the military.

Oh, absolutely.

The U .S.

forces, particularly in Afghanistan, collected biometric data on over 2 .5 million citizens.

This included everyone processed through jails, plus many local workers on military bases.

Creating a huge database.

A comprehensive repository of identity.

So this allows for real, mobile, on the spot identification.

Yes.

A soldier on patrol can use a portable iris scanner.

They hold it up to a person's eye.

And within seconds, the device checks them against the database.

So the soldier knows instantly if they're dealing with the suspected insurgent or just a civilian.

Right.

It dramatically enhances safety for the troops and helps reduce civilian casualties.

And the FBI is obviously integrating this into their systems.

Of course.

They're adding iris data into the massive next generation identification system, the NGI, which we'll cover in detail soon.

And the goal is the world's largest repository of iris codes.

That's the goal.

Law enforcement and correctional institutions are already sharing data with over 12000 iris codes submitted so far, which really underscores the confidence the government has in iris stability.

OK, that brings us to the other end of the spectrum.

We're moving from the immutable iris code to facial recognition, which the text calls the highly variable ID.

And that's a perfect description.

This is a field defined by its unique advantages and just staggering challenges.

The biggest advantage being passive data acquisition.

The subject does not need to participate, meaning I can be identified without even knowing I'm being scanned.

Precisely.

Millions of people can walk past a CCTV camera, get scanned and be identified without any interaction.

This makes it incredibly effective for passive surveillance of large crowds or tracking known fugitives in public spaces.

And it's non intrusive and hygienic for, you know, daily access at an office building.

Right.

But the vulnerabilities are just they're numerous, as we saw at the Boston Marathon case.

Right.

Glasses, hats, beards, all of it.

They easily throw off the results.

And the human face changes so dramatically over time.

Age, weight, medical conditions.

Plus, unlike the iris, you can disguise it pretty easily.

So the system has to analyze a ton of different variables, a vast array of them.

Cheekbones, chin contour, the distance between your eyes, all of which require complex compensation mechanisms.

And what's the biggest, most unbelievable vulnerability?

Spoofing.

Even the most sophisticated systems can often be tricked by a simple high resolution 2D picture.

A photograph.

Seriously.

A simple photograph or a static mask.

This massive security gap means you need constant human Overwatch or you have to integrate a secondary biometric like thermal scanning to prove the face is actually alive.

So the history of automating this started back in the 90s.

With Matthew Turk and Alex Petlin, who pioneered automated recognition using a technique called Eigen faces.

And Eigen faces was foundational.

It was because it shifted the process from human comparison to mathematical analysis.

It involves creating these complex mathematical matrices of human faces and using them to generate standardized templates.

And those templates analyze things like symmetry.

Primarily symmetry and the relative size of features.

This is the first method that really let computers cycle through thousands of faces without human error, setting the stage for everything they came after.

And to show the power of these systems when they actually work, we have the case of Jose Salvador Lantiga.

It's an incredible story.

He was a Florida businessman who tried to fake his own death to collect insurance money.

The classic scheme.

He then assumed a new identity, Ernest Ellen Willis, and he had a whole disguise, a brown toupee, a dyed beard.

He lived under the radar for months.

But he got caught when he applied for a passport.

Correct.

When he submitted that passport photo,

state of the art facial recognition software was able to match the picture disguise and all to the original identity of the allegedly dead Lantiga.

So it saw past the toupee and the beard.

It did.

It showed that modern systems can analyze the fundamental permanent geometry of the underlying bone and muscle structure.

Compensating for those superficial changes.

So because the face is so complex, researchers needed multiple methods to deal with all these issues.

Exactly.

The text details three highly accepted techniques, and they fall into two categories,

appearance based and model based.

Let's start with appearance based.

The first is principal component analysis, or PCA, which is built directly on that Eigen faces method we just talked about.

How does PCA work then?

PCA takes the target face and tries to overlap it with thousands of stored 2D face images, the Eigen faces.

It mathematically assigns weights to the similarities and differences and uses algorithms to determine how close the match is.

What's its biggest limitation?

His biggest limitation is that it requires a full frontal face image to be a viable sample, which you almost never get from a surveillance camera.

Almost never.

So that immediately limits its use in the real world.

OK, the second appearance based method is linear discriminant analysis or LDA.

This is an improvement, right?

It is because it serves a critical mathematical goal.

It tries to maximize the difference between distinct people while minimizing the difference between multiple images of the same person.

So it's better at ignoring noise like bad lighting.

Exactly.

LDA is fast and effective at eliminating negative variables like changes in lighting, slight angle variations or temporary facial expressions, all of which would confuse a basic PCA model.

But it has the same constraint.

It does.

It also requires a full, clear face image and it needs a lot of data storage to do its work.

So if the first two methods fail with an angled or partial picture, what technique solves that problem?

This seems key to addressing the Boston bombing paradox.

That would be the third technique, elastic bunch graph matching or EBGM.

And this one is classified as a model based program.

What does model based mean here?

Instead of relying on a 2D image overlap, EBGM creates a nonlinear geometric map of the face.

Like a digital acupuncture map.

That's a great analogy.

It uses a sequence of graphs to map the relationship between specific landmark features, the edges of the lips, the tip of the nose, the centers of the eyes.

So the scanner plots geometry, not just comparing raw images.

That's the most accessible way to describe it.

The scanner plots these features on a dynamic grid, and those points are then transferred to a database as an algorithm of numbers.

And since it relies on the relationship between those points, it can tolerate significant angle changes, partial obstructions or rotation.

Because the distance between my nose and my eye stays the same, no matter the angle of the picture.

Precisely.

This method maps the face with extreme precision and allows for partial and off center pictures to be analyzed, making it highly effective for real world surveillance.

This discussion about algorithms and databases leads us right to the culmination of all this.

The FBI's massive 1 .2 billion dollar project, the Next Generation Identification System, the NGI system.

It began replacing the old integrated automated fingerprint identification system, or IAFIS, which should have been around for decades.

It took seven years and over a billion dollars.

It did.

It became fully operational in September 2014.

And its goal wasn't just to upgrade fingerprints.

It was to provide a comprehensive suite of resources, linking things like facial recognition and iris scans with traditional data like names, age and weight.

Let's break down the key components, the increments of NGI, starting with facial recognition.

NGI's facial recognition system became fully active in April 2015.

It compares suspect images against its database and provides probability rankings, a high or low likelihood of a match.

But it's not a positive ID.

And this is essential to remember.

The FBI strictly emphasizes these results are only an investigative lead,

not a legally positive identification.

That still often requires a fingerprint or a human to confirm.

That's a vital distinction.

What about the other less traditional identifiers?

That would be the scars marks and tattoos increment or SMT.

OK.

This lets investigators include in -depth descriptions and images of body marks.

So an officer can look up a suspect based on a distinctive tattoo, which can establish identity or even track gang affiliations.

They also built in a rapid notification system.

The wrap back service.

This sends automatic notifications to agencies across the country about the criminal activity of people who are already in the system.

So a parole officer would know instantly if their client got arrested somewhere else.

Instantly.

It's incredibly valuable for criminal supervision.

And the NGI relies heavily on its photo database, the interstate photo system or IPS.

The IPS is the core criminal database.

It contains over 30 million front facing mugshot photos of individuals who have submitted 10 prints.

So every face is linked to a full set of fingerprints.

Has to be.

And the majority of these photos, over 80 percent, are classified as criminal identities and the other 20 percent.

The rest are civil identities submitted for things like background checks, licensing or military security clearances.

But like the other facial results, the IPS is currently used strictly as an investigative lead.

But the FBI search capabilities go way beyond just those 30 million photos, right?

Thanks to a unit called face services.

Yes, the facial analysis, comparison and evaluation services.

This is the central FBI unit that runs these comparisons.

And they don't just access the IPS.

They can search external databases.

Right.

They can search or request to search databases owned by the departments of state and defense.

Plus systems managed by 16 participating states.

So when you add all those external sources together, how big is the total searchable repository?

The number is just staggering.

Over 411 million face photos are available to face services.

Four hundred and eleven million.

Wow.

And this repository includes not just criminal mugshots,

but the vast number of civil photos from state and federal databases.

Drivers licenses, visa photos.

That's a profound number.

It means the FBI has access to virtually every American who holds a driver's license in a participating state.

This is where the whole issue of civil liberties comes into play.

It really does.

It raises a huge question about data collected for one purpose.

Getting a driver's license, being repurposed for criminal investigations.

And again, these are just leads, not positive IDs strictly treated as investigative leads.

The system is designed to generate a set of possible matches,

especially because the source images are often grainy or low res.

Beyond all these new increments, NGI also improved the FBI's core function

Massively.

The new 10 print system algorithm dramatically increased accuracy.

The old IAFIS system was about 92 percent accurate.

The new NGI system achieves a remarkable 99 percent accuracy.

Which also speeds things up.

Significantly a massive gain in efficiency.

And they solved a major problem investigators had for decades.

Crime scenes with palm prints instead of fingerprints.

The National Palm Print System, or NP -Possess, it came online in 2013.

So many crime scenes yield a palm impression from someone steadying themselves, for example.

And that data used to be useless.

Often, yes.

The NPPS now holds millions of palm prints and it works with the new latent print search algorithm to search the universal latent file.

This has the potential to solve cold cases that were stuck for decades.

Finally, there's a huge component dedicated purely to officer safety.

The Repository of Individuals of Special Concern, or RISC.

This is a critical mobile app accessible from a patrol car.

What does it do?

It lets an officer rapidly fingerprint a suspect, just the two index fingers, and compare them against a repository of 2 .9 million prints of known terrorists, sex offenders and other wanted persons.

And how fast is it?

It's designed for speed.

It returns an officer's safety warning in as little as 10 seconds.

It gives the officer instant information about who they're dealing with.

And this mobility is transforming street policing in general.

Absolutely.

The source mentions the cell phone size scanners from companies like Morphatrac.

An officer can have a suspect place a finger on the device, and that print is instantly transmitted to federal and state databases.

Giving them a real identity and any active warrants in seconds.

Right.

It prevents suspects from lying about who they are and is a crucial development for officer safety and efficiency in the field.

So if we step back and look at the big picture, the entire scope of forensic biometrics today really revolves around this core dichotomy.

Stability versus variability.

Exactly.

On one side, you have physiological biometrics, like the highly stable IWIS code, which gives you exceptional near certain accuracy because the trait never changes.

And the data template is so small and precise.

Right.

And on the other side, you have the highly variable face.

The challenges of facial recognition require these complex algorithmic solutions, PCA, LDA, and especially that geometric mapping, EBGM.

And as a result, its findings have to be treated as probabilities as investigative leads, not a final ID.

And the FBI's NGI system is the ultimate infrastructure that links all of this together.

The stable and the veritable data points.

And it's achieving incredible breakthroughs like that 99 % accuracy for modern fingerprints and integrating palm prints into the search.

Which brings us to our final provocative thought for you to consider.

Building directly on the massive capabilities of NGI.

The source material highlights the sheer scope of this system,

particularly the 411 million searchable face photos.

And those are derived from both criminal and civil databases, like our driver's licenses.

This data is then used to enable passive surveillance through CCTV systems across the country.

So as this technology moves toward 99 % accuracy and gets integrated more into daily life, here's the question.

Where should we draw the line between effective crime prevention and the right to anonymity in public spaces?

Especially when your civil identification photos, you know, the one you submitted for driving privileges are repurposed without your knowledge for criminal investigations.

It's a question that gets more relevant every single day.

Thank you for joining us for this deep dive into forensic biometrics and the future of human identification.

We hope you gained a few aha moments along the way.

We'll see you next time.