Federal agencies across government are testing biometric technologies to secure buildings and travel, verify persons of interest and a host of other security uses. But one agency is looking at it from the other direction: How to counter evasion of biometric technologies, as well as the risks the technology itself might present.
The U.S. Marshals Service, the law enforcement arm responsible for “the protection of the judiciary and of the judicial process,” issued a request for information Monday seeking “a vendor capable of providing services for counter-biometrics expertise to deliver biometrics due diligence and to catalog the biometric threat environment.”
The Justice Department component is conducting market research to determine a procurement strategy for these consultation services.
“The contractor must be able to monitor trends in biometric technology, capabilities and performance, then apply this information to characterize the risk,” the RFI states.
According to the RFI, that expertise should include advising on ways to circumvent biometric technologies that would hinder the Marshals Service’s mission.
“The contractor must be knowledgeable on existing/current biometric capabilities and countermeasures to assess the impact of these capabilities in order to identify viable workarounds that would potentially mitigate the risks imposed in real-world situations,” the notice reads. “The contractor must have experience testing and evaluating biometric devices, specifically in operationally realistic environments.”
On the defensive side, the Marshals Service is interested in learning more about presentation attacks, in which an adversary attempts to trick a biometric reader.
“The goal of a presentation attack is to subvert the face recognition system by presenting a facial biometric artifact,” Raghavendra Ramachandra and Christoph Busch explain in an April 2017 article for the Association for Computing Machinery’s Computing Surveys. “Popular face biometric artifacts include a printed photo, the electronic display of a facial photo, replaying video using an electronic display, and 3D face masks. These have demonstrated a high security risk for state-of-the-art face recognition systems.”
“The contractor must have a complete understanding of the state of Presentation Attack Detection,” according to the RFI. “The contractor will also be required to create a biometrics and identity information training program to include training materials and personnel education.”
The service is also interested in meeting its small business set aside goals, if possible, and is encouraging 8(a) small businesses and other socio-economic designations to include that information in the response to the RFI.
The RFI was posted to the General Services Administration’s eBuy site, which restricts who can see certain solicitations.
Responses are due by 4 p.m. Feb. 18.