Make like a Dandy Highwayman to beat Face Recognition Software

Spoofing biometrics has become a mini-industry, as one would expect as the technologies of recognition become more pervasive. And not all of these methods are high-tech. Tsutomu Matsumoto’s low tech ‘gummy fingerprint‘ approach to beating fingerprint recognition is already quite well-known, for example. I’ve also seen him demonstrate very effective iris scan spoofing using cardboard irises.

Facial recognition would seem the most obvious target for such spoofing given that it is likely to be the system most used in public or other open spaces. And one of the most ingenious systems I have seen recently involves a few very simple tips. Inspired by the increasing hostility of legal systems to masks and head coverings, CV Dazzle claims to be an ‘open-source’ camouflage system for defeating computer vision.

Among the interesting findings of the project, which started as part of the Interactive Telecommunications Program at NYU, is that the more complex and high-fashion disguise-type attempts to beat facial recognition did not work as well as the simpler flat camouflage approaches. The solution suggested thus involves many of the same principles as earlier forms of camouflage: breaking up surface patterns and disguising surface topography. It uses startling make-up techniques which look a bit like 80s New Romantic face painting as deployed by Adam and the Ants – hence the title of this post! The system concentrates especially on key areas of the face which are essential to most facial recognition software systems such as the area around the bridge of the nose, cheekbones and eye socket depth.

Results from the CV Dazzle project

So, will we see a revival of the Dandy Highwayman look as a strategy of counter-surveillance? Or more likely, will social embarrassment and the desire to seem ‘normal’ mean that video surveillance operators have a relatively easy life?

Adam Ant in the early 80s

Biometrics in Afghanistan

There’s a very interesting video-report from Sebastian Meyer here on the US military use of biometrics in Afghanistan to try to identify Taliban in what he calls ‘frontline anthropology’. Wired revealed last month that the NATO / US army operation is planned to be expanded into a nationwide biometric ID card scheme by next May. Wired says that there are only two biometric systems operating in Afghanistan but they don’t seem to have noticed that the UNHCR mission in the country is also using biometrics to identify returnees who  have already claimed the financial assistance on offer and are making fraudulent claims, in conjunction with the Afghan government. Are these systems all connected? More investigation is needed…

City of Leon to install mass public iris-scanning

The City of Leon in Mexico, if a report in Fast Company are to be believed, is going ahead with a scheme that goes far further than any other urban surveillance project yet in existence. They are already installing scanners that according to their manufacturers, Global Rainmakers Inc., an until recently secretive company with ties to US military operations, can read the irises of up to 50 people per minute.

Now, we have to be careful here. Gizmondo, as usual has gone way over the top with reports of ‘the end of privacy’ (which, if you believed their stories has already happened as many times as the apocalypse for 7th Day Adventists…) and talk of the ‘entire city’ being covered and ‘real-world’ operations (i.e. in uncontrolled settings). In fact, if you read the  Fast Company report, and indeed the actual description of the products from the company, they are far more limited even in their claims (which are likely to be exaggerated anyway). There is no indication that the iris scanners proposed will work in uncontrolled settings. When the company talk about the scanners working ‘on the fly’, they mean that they will work when someone is basically looking at the scanner or near enough whilst no more than 2 metres away (in the most advanced and expensive model and significantly less for most of them) and moving at no more than 1.5 metres per second (and, again, slower for the lower range devices). All the examples on the company website show ‘pinch points’ being used (walls, fences, gates etc.) to channel those being identified towards the scanner. In other words, they would not necessarily work in wide public streets or squares anyway and certainly not when people were moving freely.

So is this what is being proposed? Well, there are two phases of the partnership with Leon that the company has announced – and we have as yet no word from Leon itself on this. Phase I will cover the settings in which one might expect levels of access control to be high: prisons, police stations etc. Phase II will supposedly cover “mass transit, medical centers and banks, among other [unnammed] public and private locations”. It is also worth noting that the scheme’s enrolment is limited to convicted criminals, with all other enrolment on an entirely voluntary basis.

I am not saying that this is not highly concerning – it is. But we need to be careful of all kinds of things here. First of all, the Fast Company report is pure corporate PR, and the dreams of the CEO of Rainmakers, Jeff Carter (basically, world domination and ‘the end of fraud’ – ha ha ha, as if…) are the same kind of macho bulltoffee that one would expect from any thrusting executive in a newish company in a highly competitive marketplace. Secondly, there’s a whole lot of space here for both technological failure and resistance. The current government Leon may well find that the adverse publicity from this will lose rather than gain them votes and that in itself could see the end of the scheme, or its being limited to Phase I. In addition, without this being part of wider national networks, there may in the end be little real incentive for anyone to enrol voluntarily in this. Why would banks in Leon require this form of identification but not those in Mexico City or Toluca for example? Will the city authorities force everyone who use public transport to undergo an iris scan (which would make the ‘voluntary’ enrolment a sham)? This could all end being as insignificant as the Mexican companies offering RFID implants as a supposed antidote to kidnapping, it could be the start of a seismic shift in the nature of urban space, or it could be a messy mixture.

I hope my colleagues in Mexico are paying attention though – and I will try to keep updated on what’s really going on beyond the corporate PR.

India’s Biometric Census

A while back I was wondering how India was going to enrol 1.2 Billion people in its planned national Biometric ID card scheme. Well, I should have guessed that the answer was that it would combine it with a national census. This is apparently exactly what is going to happen, according to the BBC. The next Indian national census will be the first one not just to count and classify individuals with written answers, but will also take biometric details. These will then form the basis for the new ID database, with its 16-digit unique identifying number. And the process has already started – the only thing I can think of that will cause it significant problems is not any civil liberties opposition but rather the ongoing revolutionary movements often called ‘Maoist’ but really a lot of different loosely affiliated rural-based organisations…

Do we need to be concerned about a new iPhone face-recognition app?

The Huffington Post has got itself in a twist about a new iPhone face-recognition app, Recognizr, that it claims will enable someone to take a person’s picture and instantly give them access to all their social networking details. Except that isn’t quite the case. As one (largely ignored) commenter points out, it’s not quite as the HP portrays it. It isn’t an open system – the original story (linked in the HP one) says that you have to opt in to the system, and upload your photo, and other social networking sites you want to be linked, into the developer’s own database. So only those who have decided they want to be part of this system can be recognised and linked. It’s only a rather small step from existing methods of social networking, and perhaps considered as the face recognition equivalent of giving out a business card. There’s the potential there for all kinds of development from this though, I would agree, but this isn’t (yet) a stalker’s or a marketer’s dream.

You can find the Swedish developer, The Astonishing Tribe (err, TAT!), here, and the source story, which is just slightly more circumspect, from Popular Science, here.

(Thanks to David Lyon for the link to the HP story).