Wednesday, June 15, 2016

Smile! You're [Always] On Candid Camera!

PARANOID:
adjective -- someone characterized by suspiciousness, persecutory trends, or megalomania. Example:  "The author of Snow Crash is not at all paranoid."
AKAMAI:
adjective -- Hawaiian word describing someone who is wise, astute, and discerning. Example: "The author of Snow Crash is very akamai."

There is a billboard in Hamburg Germany selling beer in a very unusual way.  It tailors its message to fit the gender and age of the person who passes by, specifically targeting women (even to the point of telling men to go away) and reminding viewers who look too young that they must meet the minimum drinking age. It does this by using the latest in face-recognition software that quickly analyzes the features of someone and adjusts the ad content accordingly.  Similar billboards have also been deployed in the U.S. Some of you will recognize this as being disturbingly similar to one aspect of the 2002 Science-Fiction movie, Minority Report.  However, it is most definitely no longer fiction but rather very real. Of course, in the movie the billboard ads targeted the specific individual passing by, adjusting the sales pitches based on the person's past buying habits, level of income, current mood, etc.  That's not possible is it?  And certainly not legal even if it is possible, right?  Well........read on.

Other current examples of how this technology is being used range from "clever" to "creepy," depending on how how feel about privacy and marketing techniques.  Some applications are similar to the billboards described above, others take things in new directions. In the U.S., 50 bars in Chicago participate in a system developed by Scene Tap. which uses cameras to analyze each bar's men-to-women ratio and average age of customers in real time.  The information is then made available to people who install an app on their smart phones, thus "helping bar-hoppers decide where to go" (Natasha Singer, NYT).  In Britain, cameras at the fuel pumps of Tesco stations analyze the faces of customers to determine their age and gender and adjust ads being displayed on the pump's small video screen while the person is gassing up. Retailers in Europe and the United States are using mannequins equipped with surveillance cameras that can track the gender, age and race of consumers who pass by or stop to look at the mannequins (Megan Van Vlack, Oracle.com). These and similar systems can enable retailers to see how long people of a particular race or gender remain in the shop, and adjust displays and the store layout to try to enhance sales (Consumer Reports, 2015). 

The marketing research company Kairos has taken this even further by developing software that can analyze the emotional reactions of customers from their facial expressions and attention span while looking at a display, allowing sales strategies to be tailored accordingly:
"Emotion analysis, driven through facial cues, is a powerful tool for identifying subconscious emotional reactions to stimuli ranging from ads to how a user might interact with a physical or digital experience. If a user smiles with contentment when they look at that huge movie poster depicting Miley Cyrus, you know that you are picking up something that they may not frequently admit to. Of course, in that situation, it is highly unlikely that they would buy the Miley Cyrus poster to go on their bedroom wall, but you might be able to encourage them to take their younger relatives to see the movie, as a 'family duty' ... Attention span can also be used as a measure of intent or intrigue. The longer somebody looks at some form of promotion, the more they are clearly interested in it. It is possible to alter content on a display, dependent on how long somebody stares at it." (Kairos White Paper)
None of the facial recognition applications described above involve determining the individual identities of those who are being photographed, but there are a number of instances in which this is being done, both with and without the knowledge of those being identified.  Presently there are no legal restrictions on collecting and using faceprint data, as Consumer Report summarized in a recent article:
"Facial recognition is largely unregulated. Companies aren’t barred from using the technology to track individuals the moment we set foot outside. No laws prevent marketers from using faceprints to target consumers with ads. And no regulations require faceprint data to be encrypted to prevent hackers from selling it to stalkers or other criminals." (CR, 2015)
To be fair, most of the current commercial examples of tying facial recognition to personal identification seem benign (albeit a smidge intrusive). For instance, according to Consumer Report, in 2010 a Hilton hotel in Houston introduced a facial recognition system as a security enhancement by tying facial analysis by cameras to the hotel's current registration list.  The same software was also used experimentally to alert employees when VIP guests were present so they could greet them by name. "The hotel wouldn’t comment on whether that program is still active. But facial recognition companies are actively marketing their systems to hotels" (CR 2015).  Other applications from FaceFirst and Herta are being deployed not only as security systems but also to identify preferred customers and alert employees so they can offer personalized service and tune their sales strategies (such as in-store discounts for those who opt in as part of a rewards program). Of course, the behavioral data that can be gathered for these individually identified customers is extremely valuable both to the company collecting it and to other businesses who might readily pay handsomely for it -- think targeted email lists on steroids. Someday soon you might be surprised when you are greeted by name as you enter a store you've never visited before -- your faceprint and shopping data have preceded you.  There is currently no law to prevent this kind of information sharing among merchants.

There are a few applications that aren't motivated by either security or marketing motivations, but not many.  One of the more novel uses of facial identification is called Churchix.  According to the creators' official description: "Churchix is a face recognition based event attendance tracking software ...  designed for Church administrators and event managers who want to save the pain of manually tracking their members attendance to their events. All you need to do is enroll high quality photos of your members into the software data base, then connect a live video USB camera or upload recorded videos or photos – and Churchix will identify your members!" I wonder if version 2.0 will also assess the mood and wakefulness of the attendees?

All facial identification systems rely on a database of digitized faceprints to link a new image to a particular person's name and personal information. Thanks to social networking sites like Facebook, LinkedIn, organizational rosters, and online dating services, such databases already exist and contain not only photos we have eagerly uploaded but a wealth of personal information as well, like birth dates, interests, and employment histories.  And the restrictions we think are in place about who can access those databases are often quite wrong, as revealed in a study conducted at Carnegie Melon University where nearly half of FaceBook users erroneously thought their profile photos were not viewable by all other FaceBook users.  Further, researchers in the Carnegie Melon study were able to determine the names, individual interests and background information for about 30% of the people in a sample of anonymous photos by simply matching them to publicly available Facebook profile photos. They were also able to identify the first five digits of the Social Security numbers of more than a quarter of those people whom they had identified (for ethical reasons they didn't try to obtain the full SSN's).

No hacking was involved in the Carnegie Melon study because the researchers didn't have to -- they simply used currently available facial recognition software and readily available social networking information. Imagine the treasure trove of data that awaits skilled hackers who gain access to other faceprint databases like those being developed by governmental agencies.

One particularly juicy target is the FBI's NGI database, estimated to contain around 52 million records and still growing which include not only fingerprints but also faceprints and other biometric data (see a report by the Electronic Frontier Foundation for details).  Although most of the records are for those with criminal records, about 4.2 million are for innocent people who have applied for jobs in which the employer requested a background check or required a fingerprint and photo as a condition of employment. Another hacker's dream is the database maintained by the U.S Department of State, which has the "largest facial recognition system deployed in the world with more than 244 million records" (EFF, 2014). When these databases are coupled with widespread deployment of cameras in public venues and with recognition software like Churchix or Herta's described above, the capability for real-time and archival surveillance of both known bad guys and people whom our current political environment deems potential evil-doers is greatly amplified. Those who yearn desperately to feel safe in a world that they perceive as increasingly threatening probably regard this as a good thing. However, the vulnerability of supposedly secure databases was demonstrated in 2015 by two major breaches of U.S. government sites holding personnel records and security-clearance files that provided access to sensitive information for at least 22.1 million people, including not only federal employees and contractors but their families and friends (see Washington Post, 7/18/15).  Even without the issue of potential hacking of government faceprint files, there are legitimate concerns about who can access the data and how it can be used that haven't been thoroughly addressed or even examined at all (EFF, 2014).

Facial recognition technology is perhaps yet another instance where technical capabilities have outpaced society's consideration of their implications (see also my earlier blog The Drones are Coming! ). In this case there are serious issues of privacy, security, and the right to choose when, where, and how our personal identifying information is used that need to be addressed quickly and thoroughly -- it's the akamai thing to do.

See you later...........and keep smiling!
_________________
Sources and Resources
Facial Recognition:  Who's Tracking You in Public?  Consumer Reports, 12/15
Face Recognition and Privacy in the Age of Augmented Reality (PDF), Carnegie Melon Study, 2014
Face Recognition Moves From Sci-Fi to Social Media.  New York Times, 11/12/11
Tesco's Plan to Tailor Adverts via Facial Recognition Stokes Privacy Fears. The Guardian, 11/13
Facial Recognition Technology is Everywhere. It May Not Be Legal. Washington Post, 6/15.
FBI Plans to Have 52 Million Photos in its NGI Face Recognition Database by Next Year. EFF, 4/14
UK's Spy Agencies Hold a Massive Database of Ordinary Citizens. CNET News, 4/16.
Hiding From Facebook, Snow Crash, 7/12.