Schneier on Security

Clive Robinson • October 22, 2025 11:22 AM

@ Bruce, ALL,

With regards,

“It’s easy to blame the tech, but the real issue are the engineers who only considered a narrow spectrum of potential faces. “

And that is being somewhat disingenuous.

The “engineers” work to a specification toward what is sometimes called a “Factory Acceptance Test”(FAT) to get “Sign off”.

So you need to move up the stack at least one step, to those who produced the “specification” and “FAT”.

But I can point out the same reasoning that they were

“Just working to the Customer Spec, under Management Direction.”

Which again moves up the stack.

The real problem is that the technology just does not work because of assumptions. As it’s a “signal to noise ratio” issue, where the actual signal is way way below the noise in the channel, thus you need to filter in ways that are at best extremely difficult.

Which is the point in the discussion where I begin to start sounding like a racist nut-bar, whilst I’m not.

Humans know that they are looking at a “face” primarily not by “what” facial features they see, but “where” they see it with regards to the broader physical shape of a human, that is based on the structure of the skeleton (and where the problems for bio-metrics actually start).

You can test this yourself by looking at people far enough away such that facial features really don’t get seen at the 1 in 2000 resolving ability of the “average” human eye (it’s known to be better in Australian Aboriginals).

So if we assume the features such as nose, eyes, lips etc are about 1cm or 10mm we should be incapable of recognising a person at 20,000mm or in US Imperial Units ~65ft. Which is about the distance from the back door to the bottom of the yard in traditional urban housing[1].

But actually we do recognize people even strangers which begs the question “How?”

In short it’s due to the skeletal structure how it moves and the gross feature shapes that easily show through even “street wear” clothing. But if we assume a little over 1200mm / 4ft visible that means we think it’s a person moving out to ~10,000ft or a between 1 and 2 miles, or “down the road” or “across the valley”.

Thus humans mostly don’t need to “recognize faces” to recognize people and what the are (it’s why the military basic training on camouflage for warfare is about hiding the body shape and characteristic movements).

But to recognise “individuals” biometrics has gone with “facial features”…

The reason is supposedly for precision that is whilst the size and shape of body parts sort of works the error rates only distinguish sort of reliably in very small groups like a family. Because the shape is defined by the structural bones with an overlaying layer of muscle, with a further overlaying layer of fat then skin and hair.

To see why this is important to understand put a surgical rubber glove on your hand that is too small and most of the surface features become smoothed away, then put on one a little too large, the same thing happens. Blow air into the glove so it gets slightly inflated and it’s not just surface features that get changed to the point they are too far off, it’s width and length in only semi-predictable ways.

The “solution” in bio-metrics with larger groups has in effect always been to “cheat with statistics” (because things just don’t scale up). That is it’s based on making lots of measurements and looking at the ratios and the ranges they fall into.

Thus it’s a scaling or “relative measurement” system at best. BUT the ratios are further not very precise due to amongst other issues that the fat layers suffer from fluid retention that changes during the day (people look tired when their features are not sharp).

We mostly don’t realise this untill we get older and various forms of oedema in the legs, indicates we have underlying health issues such as heart or kidney failure, high blood pressure and other symptoms of our impending demise… But our brains filter these changes out when it comes to recognising people.

Bio metric systems however don’t filter it out unless it’s built in in some way, and it’s usually not because of the CPU cycles required. The tricks used are to “find the bones” by making assumptions about the overlying muscles, fat, and skin (which suffers from the same issue as forensics “it ain’t science” because it’s going backwards from effect to assumed cause).

Then this “assumption of bone shape” is used as a pointer to a subset of the database of user profiles. Get it wrong and you get the wrong subset, you get the wrong person or no one depending on how much you relax the ratios…

And so on.

The thing is your genetic information defines your skeletal structure. This information comes from two sources “genetics” and “epigenetics” which you mostly inherent from your parents and the effects of the environment.

Thus groups of people in isolation develop characteristic differences based on evolutionary advantage.

It’s why by examination of just the physical characteristics of the bones we can tell quite a bit about what the person “may” have looked like.

But… Bone shape indicates “race” which in turn indicates muscle and the other layers that go over them.

If you interpret the bone shape incorrectly, you will get the layers wrong and you will end up with the wrong surface reconstruction. Or in the case of bio metric systems an incorrect pointer into the database search.

We’ve been aware of this issue long before the actual bio-metrics we use today. Less than two centuries ago people made assumptions based on racial characteristics that unfortunately still persist and it’s always a highly emotive and politicised issue.

But the fact is large group bio-metric systems by the nature of the way they work “discriminate” not by individual identity but race.

This subject is a very deep warren beneath the rabbit hole and it’s a place most do not want to go.

But as with all large group bio-metric systems they fail because of statistical failures.

Trying to improve a system usually involves “tunning it” in kind of the same way we do with “Current AI LLM and ML Systems” but on a more directed thus selective set of parameters.

If you look at the failures of LLM and ML systems you will find very very similar in large group bio-metric systems but in a less obvious way (it’s existed in fingerprint systems for as long as they have existed a fact that they try to keep hidden).

So yes such bio-metric systems are going to fail “because of the statistical fails” and we do not know how to solve these issues currently and we may never do so.

Which begs the question,

“Why do we build such failure prone systems, that we know are going to fail?”

The answer is three fold,

1, Idiots with large amounts of money, at their disposal have political mantras and need ways of implementing them at arms length.

2, Where there is money a market will form, it’s basic demand and supply at work.

3, Where data is collected it always becomes used for way more than originally claimed it would be.

Thus it’s a circular process to,

“Rob the tax payers and divert it into select pockets.”

But also as an enabler to a “Surveillance State” and all the societal harms that gives rise to.

So if you want to put the blame anywhere then put it on the constant supply of “political mantra idiots”.

It’s something that has been one of the defining characteristics in “The War on Terror” and the resulting “Security Theatre” that has diverted trillion into “favoured pockets” at the very great expense of general society. Not just directly but also due to “lost opportunity costs” and the associated “harms” that arise which is causing many of the issues we increasingly see in the News.

[1] US “lots” were once 100ft by 100ft so that a years supply of food could be grown/raised for a family in an ~25×25 house. Due to other issues such as utilities, though the square footage of a lot remained around 10,000, the lot shape became increasingly elongated to squeeze down the “frontage” along which the utility supply ran, thus getting more homes per unit length of supply infrastructure.

Clive Robinson • October 22, 2025 12:02 PM

@ Andrew Stur,

With regards your,

98.5% is hardly “a narrow spectrum” (8 billion vs 100 million)

It’s an entirely incorrect assumption.

Wired says “more than” which makes 100 million well south of the actual figure, as the majority of the worlds population fall in the “unknown” for people with significant facial differences[1].

Worse 8billion is just a statistical assumption that is used like the word “big” as being greater than “large”.

I’m a person with a couple of facial injuries that I’ve mentioned before. They have left a couple scars, one that is “in the bone” and one that is “in the flesh”. Due to where they are on the edge of the lower jaw they move with respect to each other and visibly change shape as I talk. People staring is not pleasant to the point of embarrassment.

Since I nolonger have to be “clean shaven” I grew a beard to cover it up.

Lets just say I’m reasonably certain I’m in that “unknown group”.

Worse I’ve actually been told to my face, my beard means I’m hiding something in a quite sinister way by a presenter in front of a room full of people. When I said why I had the beard the person almost shrieked with the glee in her voice that I was wrong and she was right…

I became curt and it went rapidly down hill.

[1] This large unknown group happens because they don’t have access to Health Care where those sorts of things are “logged”. And even where they are logged, they are not put into available records.

Clive Robinson • October 22, 2025 5:09 PM

@ Bear,

With regards,

‘I may have a dark imagination but the first thing I thought of was “PLEASE don’t give crooks a reason to remove people’s faces.”’

It was near the top of my long list of thoughts about “the harms” of Biometric systems I refered to above.

However at the top of my list was,

“Law enforcement and worse Guard Labour taking away peoples rights of silence and not to incriminate themselves.

We already see ICE and other Federal employees making demands of people to unlock their devices on demand. With Judges right upto and including the Supreme Court claiming what is in effect,

“If you have nothing to hide…, then you must be guilty by refusing.”

Biometrics allows Guard Labour access by simple brut force, which they have already done on several occasions.

US Law that originated from English law was based on two basic notions that went back a thousand years or so,

1, The presumption of innocence.
2, That prosecution had a burden to meet of “Beyond Reasonable doubt”.

For the simple reason “the state” has an unfair advantage over the innocent and all to often “abused their position” with “might is right” behaviours and “show trials”.

If people read the Fourth Amendment, and study a little “real not faux” history[1]. Then they would quickly realise that an overriding consideration of not just the Founders of the US but most others that practiced law there at the time (yup English lawyers) and the English that had made that part of America their home, was to rid themselves of the English Crown and it’s agents and their “Might is right behaviours” and faux prosecutions.

[1] I know it shocks many Americans when I tell them they are lied to outrageously in school in history and even science, and how much of what they were taught was not just wrong but deliberately so. Primarily for “propaganda reasons”, it often causes “cognitive dissonance” in them to be clearly visible. Some will view the evidence rationally and agree, others will continue believing what is false despite the evidence, and some will not view or hear the evidence and behave in ways that indicate they might even respond completely irrationally if not violently if you try to get them to do so.

Two you can fairly easily check for yourself,

1, Washington was not the first president (John hancock and eight others were before him).
2, Washington and all presidents that followed have never actually been democratically elected by the people of the US.

Several men held the position prior to Washington. Look up, Samuel Huntington, John Hanson, Elias Boudinot, Thomas Mifflin, Richard Henry Lee, John Hancock, Nathaniel Gorham, Arthur St. Clair, and Cyrus Griffin.

Check the way the voting process works, it was quite deliberately designed,

“To look democratic without it being democratic at all”.

Now having looked those up, wonder what other falsehoods you were taught at school…