Sadly, I think we are beyond opt-out with any facial recognition.
I recently showed[1] to my daughter (10) as teaching her python, how easy it is to build some basic facial recognition using modern libraries and models.
I had it running with one of her pictures, and i just asked her to come in front of the computer for a second to check something out, and she was completely shocked when the video put her name below her face, and my name below my face. She was shocked, a bit curious, and a bit revolted.
On the next day when I took her to school, I just showed the amount of cameras on the way, and in the mall. At first she thought that its not an issue, as every camera only sees locally around it, so they cant connect her journey, but then she realised someone can own many cameras.
I think we need to invest much more into adversarial machine learning[2] and possibly form some sort of organization to fund it. (I hope it will be called move-78 as Lee Sedol's hand of god move against alpha go)
It's debatable how effective this is but CV Dazzle may just become a trend for youth. I'd support that but I'd expect to start seeing schools and commercial areas ban such practices.
its a screenshot of detecting me despite the paint, and i tried whole bunch of colors and etc to trick it that my eyes are not where they are, and it did not work, I think it was easier in 2014, seems you really need to hide your eyes now, and its gonna be quite annoying for bald people like me haha
You really need huge sample sets for this stuff to apply in the real world. We started using fingerprints because of how hard it can be to tell people apart.
Start talking 100 million faces + public cameras and it’s difficult. Where AI really stands out it having a specific face and looking for that in days of video footage. But, even then you want to train for false positives.
> I think we need to invest much more into adversarial machine learning
That just becomes an ever-escalating arms race. We need to invest in political and social systems that regulate the use of technology, not imagine that we'll overcome the dystopian use of technology by applying yet more technology.
Don't you people read the classics? Neal Stephenson seems to write books 10 years ahead of time that predict all technologies (crypto, metaverse, etc).
"Reamde" has multiple cool ideas (the miasma, basically our dystopian internet information sphere we live in today), but one of them is people walking down the street with glasses that have some kind of light device that shines on your face to confuse facial recognition.
Why? Every time people make new technology to subvert the government, they must raise their tyranny in order to regain control.
Encryption, for example. It denies the government information, evidence. There's nothing it can do about that. So will it criminalize encryption itself? Will it presume guilt if you refuse to decrypt? Will it ban free computers that run software not signed by the government?
After enough iterations, we'll either end up with an uncontrollable population wielding ubiquitous subversive technology, or an omnipotent totalitarian state that defeats any attempt at subversion before they can develop.
I hope for everyone's sake that the governments will discover their own limits before either outcome.
I just feel somehow personally responsible for the way things went with the internet and surveillance capitalism.
I remember in early 2000s how I used to download some programs[1] to pay me to watch ads. I didn't pay content creators anything, didnt donate, I didnt have money, but I could've spared some.
I'm conflicted about your comment, I'm glad that you are teaching important things to your child at very young age and at the same time I'm sad that the child will now worry about the things which we didn't had to when we were kids.
Ubiquitous facial recognition is inevitable. Governments that are prohibited by law from tracking faces and locations/times will just buy it from private companies, like has happened with automated license plate readers on tow trucks.
It is pointless to argue about legislation at this point. We have to assume governments and corporations will have this data. The only mitigation is to limit the overall power of governments and corporations.
It really isn’t pointless. Building, selling, or possessing facial recognition products or data obtained could easily be made illegal or extremely restricted.
We need to build an expectation of public privacy concept where everyone has the right to go about their public lives with only human levels of tracking, recognition, and memories. That is being seen and remembered a short while is acceptable, having every move recorded and attributed to me is not.
How could it easily be restricted? As long as people or corporations are allowed to sell timestamped, geostamped photos and videos, the aggregation can be done.
Just because something can be technically done does not mean that we cant impose restrictions that make it to costly to use except in the most constrained and extreme circumstances.
This is an oversimplification of a complicated story, but a great example is when the NSA stopped doing mass phone / text analysis because of the additional regulatory burdens imposed by the USA Freedom Act. The NSA contends that the data is still useful, but also that the difficulties of complying with the law make it not worth it.
Probably the same way you're prevented from selling CP, and fully automatic fire arms out of your home? It won't stop it 100%, but it certainly has an effect.
Would you eliminate sales of Internet-connected security cameras? Or just the sale of the data they collect? I am trying to understand how you think this is a genie that can be rebottled.
Banning individual product classes is a sure-fire way to keep regulators forever playing catch-up with industry.
Most ideal: make personal data a massive business liability, such that personal data is rarely even collected, let alone stored. This is much more possible than people believe (even making exceptions for current regulations like KYC). Does the local pizza place need to know anything more than my order, where to deliver it, and that the money arrived in their account?‡ Does a hotel or airline need anything other than a confirmation code to hand over the room key or seat? And yes, this may kill off or force pivots from businesses that exist today solely to spy on us—that's the point!
Only okay: personal data isn't shared or sold to third parties. Businesses can collect data on their own users, but it can't leak beyond the corp firewall or else big penalties come into play. Only okay because leaks are almost mathematically inevitable, so there will be constant lobby pressure to relax regulations, or enforcement thereof.
Not good: personal data can be collected, retained, and sold by basically all companies, and the penalties for unintentionally disclosing those data are just slaps on the wrist. At least it can't get much worse though, right? Right??
Businesses will adapt to any set of regulations—it's up to us citizens to demand the laws we want.
‡But what about remembering your favorite orders, or saving customers time by not entering their info for each new order? One options is to let them bookmark the page, so their device can get back to it easily.
I am not arguing for any laws. I am saying that I don't see how any legislation will stop this technology from being used to identify and track people.
We saw how eager people were to install Google Analytics on their websites. They don't care what they do to their users.
It's worth trying to get at least some of the genie back in the bottle. The laws against CP and automatic fire arms aren't 100% effective either, but that doesn't mean we abandon the idea of trying to regulate the activity completely, does it?
I am not arguing it would not be worthwhile to try. I argued that this data being collected and aggregated is inevitable. I still have not read a convincing reply otherwise. The ALPR data market is a perfect example of where we are heading.
How can you be prevented from murder? How was private ownership of gold illegal for decades? How was a farmer growing hay to feed their own horses illegal?
I still have not heard a realistic way these capabilities would be limited. Ordinary consumers and corporations will have this technology. It will continue to get cheaper. How would governments not have it?
The same people who sold browsing data to advertisers have this technology.
Copyright is a law that by design prevents the selling or buying or other transfer of some data, and it even sometimes works (black markets notwithstanding).
If your goal is to restrict the transfer of some other kind of data, copyright is already a legal and practical framework that had tackled the same problems, and offers solutions.
Copyright protects intellectual property. It does not protect those captured in photos taken by others. Trademark law maybe would work here. Is that what you meant?
Many states have two party consent laws that make it illegal to record private conversations without consent even in a public place. I fail to see how the same thing couldn't be done with video.
Of course finding the political will to restrict things like security cameras is a different matter, but I don't think it'd it'd case that we couldn't write effective laws to prevent this.
As I wrote, we are already seeing this. Tow truck companies sell ALPR data to aggregators. Ring and Amazon are collecting security camera data. Please explain what legislation you would propose.
Write data privacy laws which apply to surveillance cameras which require commercial entities to disclose what information is being collected, how it is being shared with provisions banning certain kinds of collecting, sharing, and storage with regulatory fines, criminal penalties, and provisions enabling class action lawsuits for misuse or other banned disclosures.
Disclosure is insufficient to prevent aggregation. The same kind of people who sold browsing data to advertisers are selling this data. If you do not want to be tracked, you have to get those around you to not provide the data.
You would come up with a decent legal definition of a surveillance camera with a distinction from a person taking pictures. You would add disclosure provisions, if an observed person could reasonably be expected to see and make a choice (say entering a business) there would be one set of rules, when a person couldn’t see a notice or make a choice (say a camera on a vehicle) there would be much more restrictive rules.
You would make it a crime to violate the rules but administered like and possible to sue in civil court for victims. The crime would be on the owner/operator of the camera and special provisions would be added for storage providers.
> Governments that are prohibited by law from tracking faces and locations/times will just buy it from private companies, like has happened with automated license plate readers on tow trucks.
Because of this, the current battles that many anti-surveillance activists are fighting is in procurement and vendor/contractor policies, mostly at the city and county levels. Lots of West Coast cities and counties (Santa Clara, Oakland, Seattle, San Diego) have enacted all kinds of new bureaucratic hurdles on any public funds used to pay for surveillance. These include requiring RFPs with open competitive bidding, public hearings, testing and certification that it actually works with an acceptable false positive rate, and approval in a public vote by the city/county council.
The Nation has a good overview of this shift in tactics, which is also opposed by some progressives who take a more abolitionist stance to surveillance and say that they don't want it to be legitimized if it passes all the bureaucratic hurtles: https://www.thenation.com/article/archive/mass-surveillance-...
I respect the intent behind these efforts. I just don't see how they will prevent ubiquitous surveillance.
Imagine this possible near future: Many property owners have installed smart doorbells and security systems with cameras. The data is being fed into aggregation systems and sold, just like clicks today. I can subscribe to an app on my phone for a few dollars a month (below the limit required to get formal approval in most organizations) that shows me where a face has been seen.
I don’t see why we couldn’t pass a law that says that the government can’t use $technology_x, and that this applies to government contractors and services purchased by the government or used by government employees acting in their professional capacity.
Your attitude on this doesn't make any sense to me.
A single man can record videos yes, but they can't record millions of videos and aggregate them into a searchable database. For that you need larger groups of people and a significant amount of infrastructure.
You could absolutely limit the ability to do this without having to outlaw cameras or social media or anything like that.
Are you making some blanket assumption that laws can't have an impact on private businesses? Because that's clearly not true.
No, I am not making a blanket assumption that we cannot have laws. I don't see how we can make collection and aggregation of data illegal, at least in the United States. Maybe it is possible in more authoritarian cultures, but those are the ones who will use it the most.
Databases of aggregated ALPR data exist and have economic value. Facebook exists and aggregates data. Can you elaborate on what kind of law you think should exist to prevent that?
I mean, you could ban “systems who’s primary purpose is to aggregate personal data on non-criminals” (please don’t nitpick the phrasing, I’m obviously not a lawyer) or something similar. I’m not sure why people are acting like this is an unsolvable problem - patent lawyers can write descriptions of fairly vague technological systems that hold up in court.
I am genuinely interested how this can be prevented. I don't see how it can. We are not far away from people having eyeglasses that are able to upload photos and download aggregated data. Everyone in your field of vision will have a dossier. It won't just be governments using this. It won't require some prior written permission. The same people that sold browsing data to advertisers will have this technology.
That is exactly what I wrote. Any government official/employee will be able to use this technology. If you are proposing some kind of libertarian non-government, that would be consistent with my original statement that the only way to limit this is to limit government.
> The only mitigation is to limit the overall power of governments and corporations.
Why is this the only mitigation?
By the way, who is going to limit the overall power and who is going to limit the power of those limiting the power and why? :)
At the end of the day it's people making decisions. The best way to have them making better decisions, is having more of them having a view of the world that reflects reality.
More reality, less bullshit -> better outcomes. Pretty simple.
Because people lie and when they say "we don't store" they really actually do. It's the difference between checking a single ID photo at a time and having a database full of photos every time you submit to it.
A lot of defeatism in this thread but I for one will opt out, just like the body scanners.
Why should we have to show ID in order to board an airplane? Frankly, that's none of the governments business. It's a tyrannical, invasive policy that should be reversed. Instead of doubling down on more of the same big brother overreach, why not fight it?
Exactly. This is a giant nothingburger. You can't get through a gate at the airport without showing government-issued ID, by which point they know exactly who you are, and every detail about your life. What exactly are you opting out of? You're still being recorded by dozens--if not hundreds--of TSA/airport security cameras every step of the way, and even if there isn't software automatically identifying and tagging you, it would be trivial to determine who you are. You're on camera when you arrive at the airport, you're on camera when you check in, you're on camera when you go through security, walk to the gate, and board the plane. It's unlikely a single second of your activity in the airport is off-camera (bathrooms notwithstanding).
I don't like the surveillance state, in particular the ubiquity of cameras in public open spaces where there's no compelling reason. I don't like the networks of private cameras people have attached to their front doors, all fed to Amazon and Google (and the state, most likely). If we're going to have cameras anywhere, though, the airport is the place I have the least problem with.
We're way past opting out, whatever that even means in this scenario.
It's not a nothingburger. An ID card has biometric information from years ago. Correlating a photo match with a ticket at gate check in gives confirmation for updating the stored id-face model, which means the recency and fidelity of the biometric data stored by e.g. the airlines or CBP is higher than that from the ID card.
Random surveillance video in an airport probably can't be used to update records because you have lower confidence of a match absent the other known factor that confirms ID. Moreover, masks/face covering is a norm that will also help subvert ambient face ID and model updating.
The data won't stay in the airport—the updated id-face model will be used in places where we expect or should expect more privacy of identity.
We as a society could decide to limit the legality of this. As individuals we can opt out and likely make a small but meaningful difference in the recency and fidelity of our collected and shared biometric data.
There's a flip side to this "nothingburger" argument. If it isn't such a big deal/difference over the status quo, then why do the airlines want it?
You say, "I don't like the surveillance state, in particular the ubiquity of cameras in public open spaces where there's no compelling reason." You are assuming there is no compelling reason because you do not personally know what that reason may be. Someone, somewhere, thought they had a compelling reason to go through the expense and hassle of developing and installing the surveillance system. It wasn't just "IDK, it's kinda neat".
It's clear from the gaping, empty space between our understanding of these systems and the desire of institutions to have them that something must be filling it. Whatever that "it" is should not be hidden from the public and communicated clearly, and not just hidden in a TOS-like document locked in a room with a tiger in the basement.
I suspect it's the combination of the defensive medicine effect (if something does go wrong, no one wants to be the one to take responsibility for having said no to a system that someone else will argue (true or not) that that system could have stopped the event), the belief that the security theater aspect makes customers feel safer, the belief that more data and whiz-bang technology is always better, and the decision makers don't have the technical expertise to understand that it is not getting them much in terms of increased security, and they can always make some money on the side by selling the data that they collect.
Not quite true about ID being required to get to gate. In USA, under 18 are waived through without ID. Over 18, I have gone through without ID. Be polite, say you misplaced it, and they will make you sign a form. Then on your way.
Most of the airport security theater is voluntary. Full body scans are also voluntary. Most soy boiz are too lazy to opt out.
Tangentially related, I wonder what happens if you wear a shirt that has a benign picture that matches a CSAM hash? Will everyone who takes a picture of you end up getting flagged by detection algorithms? I’m thinking in a similar vein to the magic DVD AACS number people printed on T-shirts mugs etc.
Will this become a great way for camera shy people to pollute any paparazzi shots of them?
This isn't related to the story at all. CSAM doesn't hash parts of a picture, so your shirt would only trigger it if somebody took a photo of just the shirt at a right angle.
Hence me going on a tangent :) So the solution for abusers is to just layer their photos inside subsections of normal photos to work around CASM?
Anyway was just a thought experiment on how to automatically opt out while “sticking it to the man”, so to speak. Maybe I should look into EUrion constellation marks instead!
To be fair, there was previously no systematic exit control process in US airports unlike in many countries including the Schengen area bloc, and many other countries have also long required photographs of non-citizens/non-residents along with exit controls. The US is more in line with the UK, Canada, etc. approach that doesn't allow any way of way of definitively knowing whether someone on a visa or restricted permit actually left the country if they were supposed to.
While I would have preferred a non-biometric approach for everyone, I'm hoping that moving some of the burden to exit control 1. lessens the workload of immigration enforcement domestically, and 2. encourages a very slow transition towards more seamless international transfers given that US airports usually weren't built for this, although a lot more work would be needed here.
My understanding is the that airline passenger lists are the equivalent exit “check” for the US and Canada. They are shared freely between the two countries as are entry checks into respective countries (hence the US or Canada can confirm an exit based on entry to the neighboring country).
That said, I think it’s mostly just “we can check if needed” and it’s not matched up automatically though that might have changed? I know if you’re an immigrant and you check your I-94 record with USCIS is usually wrong and missing data.
To be fair, the concept of passports (in the modern sense of a document required to cross a national border) is a relatively modern invention, on the close order of only about a hundred years.
I saw face-scan boarding an international flight at Atlanta last year. The reps for Delta did make it clear we could opt out by saying so, which meant them having to swipe my boarding pass. What was shocking is how few people bothered to question the system. Perhaps I am naive, but I trust CBP a lot more with my image than Delta. Maybe I shouldn’t trust either, but airlines seem to have gotten into the business of security. I do not trust them to keep their meandering and profiteering ways siloed off from passenger security systems.
Maybe you can at the boarding gate and in some other points but when you get out of the fly/plane and you enter in the airport, there’s a(t least one) camera above your head and you can’t walk in other directions. Maybe you have to wear hat, sunglasses and a mask…
Others critical points are at the temperature scanning at the entrance and at the passport check. I don’t think you can avoid those.
The facial recognition battle is lost. The only power we have is over how we behave as the losing side.
Of the few options we have, one is normalizing wearing recognition-scrambling makeup/masks. Another would be to get stickers of eyes, brows, and noses, and place them in random places around your face.
It'd be interesting to see some studies of the effectiveness of the different methods.
Well, until they ban facial recognition scrambling masks. If the burqa is banned in many European countries I don't see why facial recognition evasion devices don't also get banned.
People can recognize you with face recognition. Cops spend time looking at picture books of wanted people. Store clerks remember customers. Vegas casinos hire people with unusually good face recognition skills.
We're looking at the wrong end of the problem. We need to limit what consequences can come from being recognized. Like an "you can only be hassled once a year" policy for cops.
Meanwhile, watch the Hikvision Corporate Channel and get over it.[1]
> We're looking at the wrong end of the problem. We need to limit what consequences can come from being recognized. Like an "you can only be hassled once a year" policy for cops.
In some of Asimov's science fiction mystery short stories there was something like this [1]. Police had technology called a "psycho-probe" that could essentially read your mind, with a slight risk that doing so would cause permanent severe brain damage. Because of this risk the law was that a person could only be probed once.
That had some interesting consequences.
First, if someone who had never been probed was tried for a serious crime juries were reluctant to convict.
Second, a lot of criminals tried to get charged with crimes serious enough to get probed. Confess to a crime you didn't do in hopes of getting probed, cleared, and gaining immunity from probing for any future crimes you do. Even if you actually have to do a serious crime to get probed, it could be worth it to do so and serve your time to get that immunity for when you resume your criminal career when you get out.
[1] Definitely in at least one of the "Wendell Urth" mysteries collected in "Asimov's Mysteries" [2]. I'm sure probing is a big part of "The Singing Bell" and I think it was at least mentioned in "The Dying Night".
This has been my recent thinking on this as well. I wish we didn't have ubiquitous surveillance and I wish there was a way to stop it from expanding even more but that's not the world we live in. Privacy advocates who think they can stop this at the technology level are fooling themselves. The ship has already sailed.
What's left is to create a culture where the abuse of surveillance is heavily stigmatized. There are a lot of laws that could be passed to minimize the time that data is stored and how it is shared. The government is the only entity with the power to make rules to stop this, and the government is the entity that controls the spy agencies (who are the most frightening abusers of surveillance power) and could reign them in. But privacy advocates are almost always maximally skeptical of government power so they reject out of hand to work "in the system" as it were, to make changes.
Face recognition is one thing. Device free localization and identification by spectral/topological analysis of mm-wave antenna array data is even more invasive.
Hint: I'm talking about 5G and its big surveillance application, an open secret.
I don't remember all the details for sure sure but I read some research a while back about using some form of radar "thing" to identify people using a details like gait, ear shape and size, neck length and shape, upper back shape and width, arm length and a few other things that I really can't remember.
I think gait was the main factor along with height and then rest were used as filters.
Edit: Forgot to mention this was pretty crude 10 years ago. I'm assuming op is talking about a practical application for something similar.
Yup, exactly. Gait is the main thing I've seen too. But there are a whole grab bag of papers about these applications with different methodologies. Stuff like topological data analysis and machine learning are much more fleshed out these days, so these applications don't need to rely as much on rigid models to be accurate. Could be that they're using subtle, noisy information from breathing patterns, for example.
"Device free", "localization", "identification" and "mm wave antenna arrays" are some useful keywords for checking this stuff out on Google scholar. Some other alternatives for "device free" are "passive" and "adversarial". I think I remember one paper where they were identifying dozens of people at once with like 95%+ accuracy. I could be getting the details wrong on that one but it was along those lines.
For the high level overview though, you can just read the 5G industry whitepapers and it pretty clearly spells out that there are privacy implications and I'm sure that these kinds of applications are exactly why.
Remember, higher frequency = more information density = finer resolution. Which is also why these radio waves can't travel through as much stuff... They simply interact with more; more stuff is opaque to them, and as such they carry information about more interactions in their image.
> Facial recognition technology: How to opt out at the airport
in the US*
I thought this might be some China thing since the domain is cntraveler, or indeed a US thing since it seems also in line with both HN and the kind of stuff US airports do, but the title isn't quite clear so one has to click...
Sorry, this may be a silly question, but what are some ways to explain why this may be bad to someone? I personally don’t care if an airport or a mall know who I am and track me so trying to understand why it’s not great.
Information is power. Giving it away puts you at a disadvantage. History has shown that government and business will often use their power for evil. Need examples? Read the Bill of Rights and then the reasons they were written.
Global entry / TSA-Precheck only required my face when I entered the the US last month (LGA airport). While I have gotten used to having my picture taken at US airports, it was a weird yet incredibly fast experience
You could obscure your face and wear special contact lenses, and then you'd be instantly recognizable as "that guy whose license plate is all I's and ones".
I've never used facial recognition in the US and I never will. If they start requiring it for certain places/method of travel then I'll no longer use them.
had my first experience with this a couple months ago at the gate, had no idea it was even a thing. it probably did improve boarding time for the entire plane (A350 transatlantic, 300ish passengers) but after understanding how the tech works I’m more impressed with how quickly the scan is validated against the CBP database - literally a second or so.
It is already too late, first it is opt in, then it is opt out, then it is compulsory. This will happen if we let it have any use at all. Write your congressman now if you have a desire for this not to come to pass.
I recently showed[1] to my daughter (10) as teaching her python, how easy it is to build some basic facial recognition using modern libraries and models.
I had it running with one of her pictures, and i just asked her to come in front of the computer for a second to check something out, and she was completely shocked when the video put her name below her face, and my name below my face. She was shocked, a bit curious, and a bit revolted.
On the next day when I took her to school, I just showed the amount of cameras on the way, and in the mall. At first she thought that its not an issue, as every camera only sees locally around it, so they cant connect her journey, but then she realised someone can own many cameras.
I think we need to invest much more into adversarial machine learning[2] and possibly form some sort of organization to fund it. (I hope it will be called move-78 as Lee Sedol's hand of god move against alpha go)
[1]: https://github.com/jackdoe/programming-for-kids/blob/master/...
[2]: https://www.youtube.com/watch?v=bxbazQ6wJlU