iMARS

A set of solutions to better detect identity document fraud and image manipulation forgeries.

iMARS

Full Name: image Manipulation Attack Resolving Solutions

Start Date: September 1, 2020
End Date: August 31, 2024

Funding Scheme: Research and innovation action — RIA, Horizon 2020 (Secure societies - Protecting freedom and security of Europe and its citizens)
Total Funding: 6,988,521.25 €
EU Contribution: 6,988,521.25 € (100%)

Consortium Members: Norges Teknisk-Naturvitenskapelige Universitet NTNU Alma Mater Studiorum - Università di Bologna (ITA) Universiteit Twente (NED) Hochschule Darmstadt (University of Applied Sciences H-DA) European Association for Biometrics (NED) Katholieke Universiteit Leuven (BEL) Institute of Baltic Studies (EST) Bundeskriminalamt (GER) Ministerie van Binnenlandse Zaken en Koninkrijksrelaties (NED) Politidirektoratet (NOR) Kentro Meleton Asfaleias (GRE) Hellenic Police (GRE) Cyprus Police (CYP) Inspectoratul General al Poliției de Frontieră al Ministerului Afacerilor Interne (ROM) Police Fédérale Belge (BEL) IDEMIA Identity & Security France (Coordinator) Cognitec Systems GmbH (GER) Vision Box - Soluções de Visão por Computador SA (POR) Imprensa Nacional - Casa da Moeda, S.A. (POR) Arttic (FRA) Surys (FRA) Mobai AS (NOR) IDEMIA Identity & Security Germany AG (GER)

Links:
Related projects: EFFECTOR D4FLY BORDERUAS CRiTERIA FLEXI-cross I-SEAMORE ITFLOWS MELCHIOR METICOS NESTOR ODYSSEUS PERSONA ROBORDER TRESSPASS

Concept and objectives of the iMARS project are clearly detailed on its website: “The main goal of iMARS is to develop tools to detect manipulated face images, in particular morphed face images in the identity document life cycle and verify the authenticity of identity documents, as well as ensuring that European passports including morphed or otherwise manipulated images can no longer be issued within the European Union.
The objectives of the iMARS projects are to: Develop performant Morphing Attack Detection (MAD) solutions suitable for enrolment, forensic investigation and border crossing; Document Verification and Fraud Detection (DVFD) tools; Assess biometrics systems vulnerability with regards to morphing attacks; Make document verification and fraud detection tools available to support border guards in their missions; Anticipate new morphing attacks on face and other biometric modalities in future travel documents; Train people involved in ID document application, delivery and control, to increase their ability to detect morphing attacks; Contribute to standardisation efforts in the field of Presentation Attack Detection and face image quality assessment; Provide open access benchmarks to enable follow on research activities on Morphing Attack Detection; Ensure that the technologies developed are accepted by citizens and respects privacy and other EU regulations.”

Technology Involved

The main purpose of iMARS is the “design and test of new MAD (Manipulation Attack Detection, ndr) algorithms”. Crucially, these will apply “both for Single MAD (S-MAD, where only one suspicious image is available, e.g. from a passport), and Differential MAD (D-MAD, when the passport image and a live image of the person presenting it are available).” Technical details are listed in the project’s publications.
Expected impacts of iMARS’s solutions include technological achievements (“Supporting security practitioners by semi-automatically verifying ID documents, searching for forgeries and very recent document frauds, providing them with insights on the way detection algorithms decide (training)”) and ideological achievements (such as “A re-establishment of societies’ confidence in the principle “one individual – one passport” and “one passport – one individual” by strengthening the chain of identity”; and “Ensuring that the technologies developed are not only accepted by border guards, passport application officers and forensic experts, but also accepted by citizens”).
Detailed presentations are included in the minutes of the first iMARS Workshop (March 2023). It is interesting to note how the project’s FAQ includes this Q&A: “Is iMARS providing an Automated Decision System? No, IMARS is providing technology that is supporting human experts in their decision in an assisted manner.”
However the iMARS Grant Agreement, which we managed to (partially) obtain through an access to information request to the Research Executive Agency, also highlights that “The MAD solution is expected to enable efficient and reliable automatic data authenticity checks and elevate the process and security of biometric technology to a level that allows operational deployment. This is especially important as the EU intends to establish common identity repositories including biometric data, such as for Third Country Nationals (TCN).”
It also importantly adds that “The project will also investigate fingerprint and iris manipulation attacks which is relevant in the Smart Borders context;” for example, “in case of doubt in the result of a biometric face recognition at a Smart Border gate, a second line inspection shall be done with fingerprint recognition.” Also, “because in the evolution of Smart Borders, iris recognition shall be considered.”

Relationships

The “Related Projects” page lists METICOS, TRESSPASS, and FIDELITY (ended in 2016).
A post on the project’s website illustrates its origins: “Whilst iMARS is at the early stages of its research and development, its origins started over 7 years ago”, with FIDELITY and, after that, SOTAMD, but no details are given of these relations.
From the Grant Agreement we obtained, however, we learn that “The iMARS partners have been involved in many previous FP7 and H2020 projects relevant for iMARS. The technologies developed in iMARS will benefit from the knowledge gained in these projects and from and networks of partners (practitioners, governmental agencies…) the iMARS partners have established”.
These projects include:
1) SOTAMD (ISF), whose objective “is to identify the state-of-the-art of morphed face image detection mechanisms by collecting in a distributed effort a database of morphed face images, for which image quality (…) is ensured. This database will serve for the iMARS project as high-quality dataset with at least 150 subjects.”. Furthermore, “The beneficiaries of the SOTAMD-project are also members of the core team of iMARS”;
2) PROTECT (H2020);
3) BODEGA (H2020);
4) FIDELITY (FP7), as “One of the findings of the FIDELITY was the vulnerability of Face Recognition System with respect to Morphing attacks” (which is tackled by iMARS);
5) ORIGINS (FP7);
6) ABC4EU (FP7);
7) FASTPASS (FP7);
8) MOBILEPASS (FP7).
The ambition is however clearly geared towards commercialization: “the core partners of the consortium” are “committed to exploit the results of the project commercially (industrial partners) and to transform them into new knowledge (research centers and academics) and teaching material (for training of law enforcement officials and/or for academic education).”
An even more fundamental impact is envisioned at societal level, as the Grant Agreement claims that “It is expected that this project has a major impact on the services provided by each MS to its citizens” — and not just within the EU, as “the solutions are expected to be suitable for worldwide border control purposes.”
The project is part of the BES Cluster of Border External Security-related EU-funded projects.

Status

No public deliverable or detailed information is available on validation tests for the project’s outputs at the time of writing. We only have the scant information provided by its corresponding Cordis fact sheet, which vaguely argues that iMARS technology will be “validated in real border control conditions”, before adding that “To reach the targeted TRL6 (Technology Readiness Level 6, ndr), these technologies will be validated in laboratory conditions using operational data collected from six border control sites (with border to countries outside EU)” (https://cordis.europa.eu/project/id/883356)

Main Issues

A first, blatant issue is that, even though the project has been running since September 2020 and has, at the time of writing, just been completed, only three deliverables are available to the public (cfr. https://imars-project.eu/deliverables/ and https://cordis.europa.eu/project/id/883356/results): a “Social acceptability report”, a report on the “Legal, ethical and societal requirements” for iMARS outputs, and the project’s “Dissemination & Communication plan”.
We asked the Research Executive Agency for a full list of iMARS public deliverables, but we were not provided with it. It is therefore hard to give an exhaustive assessment of the project’s main issues. We did however manage to obtain a redacted version of the project’s Grant Agreement, and in it we found that the project has some 36 deliverables, of which only 7 are “Public”.
Deliverables concerning use cases description, testing methodology, the actual technologies developed, the exploitation plan and all those related to ethics requirements are either “Confidential, only for members of the consortium (including the Commission Services)” or “Classified information: RESTREINT UE”.
The project however claims that in order to “ensure that iMARS solutions respect any potential ethical, societal, legal concerns”, and fundamental rights, technical and operational Giudelines and Best Practices will be produced,  including notions on how to address “issues of automated decision-making and excessive trust in automated tools for manipulation detection and Al”.
The Grant Agreement also underscores that there are “major ethical and societal sensitivities” to be taken into account when developing iMARS solutions, and argues that “there is a strong argument for addressing such ethical and societal considerations already in the R&D phase, should the novel border control systems become a success”.
Solutionism is, as commonplace for several of the EU-funded projects analyzed in this database, in full display. For example, the Grant Agreement claims that “The problem of document fraud has the potential to undermine the public trust in biometrically enabled travel documents and applications such as the Smart Borders Package”, but immediately adds that this can be solved “With new concepts and algorithms to detect document fraud and image manipulations”. It is through these algorithms that “society will re-establish confidence in the principle “one individual – one passport” and “one passport – one individual””.
Even more bluntly put, “The iMARS results will reassure the EU citizens”. After all, the EU Commission wouldn’t want a Consortium “composed of the best and most relevant industry European players in the field of biometric face recognition and/or integrated border gates” to fail or be hindered in future deployments both within and outside the EU.
Deliverable D3.1 further adds a nuanced discussion on how iMARS technologies will be included in the risk-based classification provided by the AI Act, with a “particular emphasis” on “the classification and analysis of iMARS biometric identification systems” under its framework. For example, some high-level requirements are listed, including principles such as explainability and non-discrimination.
In general, writes the deliverable, “It is strongly recommended that iMARS algorithms are explainable and allow for human oversight. It is also encouraged that they are developed by taking into consideration demographic balance to avoid bias and consider disabilities of the data subjects and environmental conditions in operational scenarios. iMARS solutions should provide for alternatives in case of failure and respect the data protection principles”.
It is not however clear if and how these principles have actually been operationalized, and translated into effective mitigation strategies.
Furthermore, the possibility of banned uses for iMARS technologies is also envisioned (“If iMARS algorithms were to be used for biometric identification that occurs “remotely in publicly accessible spaces, in real-time, and for law enforcement purposes”, iMARS algorithms are likely to be included in the list of ‘prohibited AI practices’”).
Lastly, the possibility that iMARS tools will be “used as a component of so-called EU Large-Scale IT systems” is considered, involving both Art. 83 of the AI Act and the provisions contained in the Schengen’s Borders Code. According to an April 2024 article by Biometric Update (https://www.biometricupdate.com/202404/imars-workshop-reveals-progress-and-incident-growth-in-face-image-morphing), a potential integration with the EU’s Entry-Exit System (EES) was being examined, and reflected in both the above-mentioned Guidelines and in two impact assessments conducted by an independent ethical advisor. Unfortunately, we couldn’t obtain them.
Also, public support for iMARS solutions is contentious. And in fact, D3.2 — the Societal Acceptability Report — resulted in two very different assessments from its reviewers. While the first reviewer argues that “The deliverable becomes particularly interesting as it concludes that there is sufficient public support for the deployment of the developed iMARS solutions, and it will be a valuable basis for the deployment phase of the iMARS tools (…)”, the second one crucially warns that “Although there is sufficient public support to the adoption of technologies that are developed during the iMARS project, the public should be more involved in the process of the development of certain applications”.
Some harsh remarks follow: “From our point of view”, continues the second reviewer, “it would be good to consider already involving the public about a biometric application when it is still under development, instead of when it comes into force. For instance, for the public it is quite clear what facial recognition is, as it is currently used on smartphones or in banking, however the public is not aware of who retrieves these data and whether their data are secured. In conclusion, the relevance of certain biometric tools should be more careful explained, to take away the distrust in the government. Moreover, one should likewise consider developing a communication strategy that is more inclusive and focuses on the whole society” — as for example “one could conclude that the elderly did not have the opportunity to participate in the survey as they have no access to internet” (In fact, Figure 1 shows that surveyed individuals ranged from 18 to 64 years of age. People older than 64 are not represented).
Values, rather than technologies, should be explained, continues the reviewer: “Besides, the communication towards the public should be more about the purposes of biometric applications, as well as the safety of these products, and not solely about the technical part of biometric applications.”
Also, not alla respondents from the survey conducted for this deliverable — in France, Germany, Italy, Spain, the UK and USA — are comfortable with having AI checking their ID. Writes D3.2 that “About 60% of the respondents agree with government collecting and analysing home addresses, fingerprint images, personal identity codes and photos of the citizens, which have been provided earlier to the authorities, in order to provide secure means of identification. About 55-60% of the respondents support also keeping such identity document data in a unified national registry. The agreeability of use of artificial intelligence in checking the identity of persons remains a challenging topic, as 30% of the respondents remain undecided on desirability of the use of such technologies. This is most likely due to the novelty of the topic and insufficient understanding of the potential consequences of such use technology. The risks that are involved in using artificial intelligence for verification identity and the related mitigation measures are, therefore, to be carefully explained to the citizens before actual adoption of new technologies.”
As an important final methodological note, all the iMARS deliverables we obtained — namely, the Grant Agreement and D3.3 — were still “subject to review and approval of REA”, wrote the EU Commission agency in response to our access requests, and should therefore “be considered as drafts and the final version might differ, in some cases even significantly.”