DHS's biometric Biometric Optical Surveillance System or BOSS should concern every American
Washington - The federal government is making progress on developing a surveillance system that would pair computers with video cameras to scan crowds and automatically identify people by their faces, according to newly disclosed documents and interviews with researchers working on the project.
The Department of Homeland Security (DHS) tested a crowd-scanning project called the Biometric Optical Surveillance System — or BOSS — last fall after two years of government-financed development. Although the system is not ready for use, researchers say they are making significant advances. That alarms privacy advocates, who say that now is the time for the government to establish oversight rules and limits on how it will someday be used.
There have been stabs for over a decade at building a system that would help match faces in a crowd with names on a watch list — whether in searching for terrorism suspects at high-profile events like a presidential inaugural parade, looking for criminal fugitives in places like Times Square or identifying card cheats in crowded casinos.
The automated matching of close-up photographs has improved greatly in recent years, and companies like Facebook have experimented with it using still pictures.
But even with advances in computer power, the technical hurdles involving crowd scans from a distance have proved to be far more challenging. Despite occasional much-hyped tests, including one as far back as the 2001 Super Bowl, technical specialists say crowd scanning is still too slow and unreliable.
The release of the documents about the government’s efforts to overcome those challenges comes amid a surge of interest in surveillance matters inspired by the leaks by Edward J. Snowden, the former National Security Agency contractor. Interest in video surveillance was also fueled by the attack on the Boston Marathon, where suspects were identified by officials looking through camera footage.
In a sign of how the use of such technologies can be developed for one use but then expanded to another, the BOSS research began as an effort to help the military detect potential suicide bombers and other terrorists overseas at “outdoor polling places in Afghanistan and Iraq,” among other sites, the documents show. But in 2010, the effort was transferred to the Department of Homeland Security to be developed for use instead by the police in the United States.
After a recent test of the system, the department recommended against deploying it until more improvements could be made. A department official said the contractor was “continuing to develop BOSS,” although there is no sign of when it may be done. But researchers on the project say they made progress, and independent specialists say it is virtually inevitable that someone will make the broader concept work as camera and computer power continue to improve.
“I would say we’re at least five years off, but it all depends on what kind of goals they have in mind” for such a system, said Anil Jain, a specialist in computer vision and biometrics engineering at Michigan State University who was not involved in the BOSS project.
The effort to build the BOSS system involved a two-year, $5.2 million federal contract given to Electronic Warfare Associates, a Washington-area military contractor with a branch office in Kentucky. The company has been working with the laboratory of Aly Farag, a University of Louisville computer vision specialist, and the contract was steered to the firm by an earmark request in a 2010 appropriations bill by Senator Mitch McConnell of Kentucky, the Republican leader.
Significant progress is already being made in automated face recognition using photographs taken under ideal conditions, like passport pictures and mug shots. The Federal Bureau of Investigation is spending $1 billion to roll out a Next Generation Identification system that will provide a national mug shot database to help local police departments verify identities.
http://www.nytimes.com/2013/08/21/us/facial-scanning-is-making-gains-in-surveillance.html?ref=global-home&_r=2&
DHS facial recognition system lacks privacy safeguards:
In response to an EPIC FOIA request, the Department of Homeland Security has produced documents revealing that the agency has failed to establish privacy safeguards for "BOSS" (the Biometric Optical Surveillance System), an elaborate system for facial recognition and individual identification.
The documents obtained by EPIC indicate that none of the agency's contracts or statements of work require any data privacy or security protections for BOSS' design, production, or test implementations.
The New York Times reported on EPIC's acquisition of these documents, noting also high failure rates for these systems. EPIC is also pursuing a FOIA lawsuit with the FBI over the agency's development of "Next Generation ID," which, when complete, will be the largest biometric identification database program in the world.
http://epic.org/2013/08/epic-foia---dhs-facial-recogni.html
DHS $6 billion cybersecurity award to go to private contractors:
The Department of Homeland Security's $6 billion cybersecurity award last week to a slew of contractors and vendors sets in motion a contest among them to sell federal agencies on new network monitoring, vulnerability assessment and mitigation technologies. The underlying goal of this massive "Continuous Diagnostics and Mitigation" (CDM) contract is to spur federal civilian agencies to move away from static approaches to network-security compliance reporting in favor of real-time monitoring.
“What they’re trying to accomplish here is moving from FISMA [Federal Information Security Management Act] reporting quarterly to see what’s going on a daily basis,” says Peter Allor, federal cybersecurity strategist for IBM Security Systems, alluding to the government’s IT compliance-reporting obligations spelled out under FISMA. FISMA, passed in 2002, is now widely seen as too much of a check-the-box approach, given how many security monitoring technologies support a real-time approach. IBM is just one vendor among the crowd of 17 systems integrators that won a spot on the DHS CDM contract awarded last week.
John Streufert, director of the National Cybersecurity Division at DHS, had a hand in the CDM last November before the RFP was issued. At the time, he expressed hope CDM might one day become a “cyberscope” for the federal agencies to know what’s happening in real-time on their networks and a way to mitigate vulnerability problems. He says federal agencies need to get away from inefficient and untimely paper-based vulnerability reporting.
Along with IBM, the systems integrators winning a spot on CDM include Booz Allen Hamilton, CSC, Knowledge Consulting Group, Lockheed Martin, Northrop Grumman, SAIC and ManTech. The contract also brings in dozens of vendors of monitoring, scanning, log management and security-information and event management tools. These include McAfee, Symantec, ForeScout, Splunk, Veracode, Rapid7, Core Impact, Microsoft, RedSeal, nCircle and several more. ForeScout, for example, said its CounterACT monitoring product has been included in product suites put forward by 11 out of the 17 systems integrators winning the contract.
The products and services under the CDM contract award will be available through the General Services Administration. However, DHS is expected to oversee the contract, which is established as a 1-year baseline for “indefinite quantity, indefinite delivery” purchases by agencies for a maximum total of five years and $6 billion if all options are exercised.
IBM, which will be selling its Security Endpoint Manager, Security AppScan and QRadar SIEM, notes the contract is set up in a way to engender competition while making it easier for civilian federal agencies to buy monitoring and mitigation products. The contract is also expected to be available to state and local agencies.
https://www.networkworld.com/news/2013/082313-cybersecurity-contract-273148.html