EFF to testify in support of California facial recognition technology ban

Last month, the City of San Francisco banned law enforcement agencies from using facial recognition software in cameras, and now the issue has been escalated to the State Senate.

While this is still only a minor thorn in the side of those who have complete disregard for privacy principles, it has the potential to swell into a major debate. There have been numerous trials around the world in an attempt to introduce the invasive technology, but no-one has actually stopped to have a public debate as to whether the disembowelling of privacy rights should be so easily facilitated.

After the City of San Francisco passed the rules, officials voted 8-1 in support of the ban, the issue was escalated up to State level. SB 1215 is now being considered by State legislators, with the Senate Committee on Public Safety conducting a review of pros and cons.

Numerous organizations have come out to support progress of the bill, and of course the official organizations representing law enforcement agencies at State level are attempting to block it. As part of the review process, EFF Grassroots Advocacy Organizer Nathan Sheard will testify in-front of the California Senate Public Safety Committee later on today [June 11].

The issue which is being debated here is quite simple; should the police be allowed to use such invasive surveillance technologies, potentially violating citizens right to privacy without knowledge or consent. Many laws are being passed to give citizens more control of their personal data in the digital economy, but with such surveillance technologies, said citizens may have no idea their images are being collected, analysed and stored by the State.

What should be viewed as an absolutely incredible instance of negligence and irresponsible behaviour, numerous police forces around the world have moved forward implementing these technologies without in-depth public consultation. Conspiracy theorists will have penned various nefarious outcomes for such data, but underhanded Government and police actions like this do support the first-step of their theories.

The City of San Francisco, the State of California and the EFF, as well as the dozens of other agencies challenging deployment of the technology, are quite right to slow progress. The introduction of facial recognition software should be challenged, debated and scrutinised. Free-reign should not be given to police forces and intelligence agencies; they have already show themselves as untrustworthy. They have lost the right to play around with invasive technologies without public debate.

“This bill declares that facial recognition and other biometric surveillance technology pose unique and significant threats to the civil rights and civil liberties of residents and visitors,” the proposed bill states.

“[the bill] Declares that the use of facial recognition and other biometric surveillance is the functional equivalent of requiring every person to show a personal photo identification card at all times in violation of recognized constitutional rights. [the bill] States that this technology also allows people to be tracked without consent and would also generate massive databases about law-abiding Californians and may chill the exercise of free speech in public places.”

Under existing laws, there seems to be little resistance to implementing these technologies, aside from the loose definition of ‘best practice’. This would not be considered a particularly difficult hurdle to overcome, such is the nuanced nature of ‘best practice’. Considering the negative implications of the technology, more red-tape should be introduced, forcing the police and intelligence agencies to provide suitable levels of justification and accountability.

Most importantly, there are no requirements for police forces or intelligence agencies to seek approval from the relevant legislative body to deploy the technology. Permission is needed to acquire cellular communications interception technology, in order to protect the civil rights and civil liberties of residents and visitors. The same rights are being challenged with facial recognition software in cameras, but no permissions are required.

This is of course not the first sign of resistance to facial recognition technologies. In January, 85 pro-privacy organizations, charities and influencers wrote to Amazon, Google and Microsoft requesting the firms pledge not to sell the technology to police forces or intelligence agencies. It does appear the use of the data by enforcement agencies in countries like China has put the fear into these organizations.

The accuracy of the technology has also been called into question. Although the tech giants are claiming AI is improving the accuracy every day, last year the American Civil Liberties Union produced research which suggested a 5% error rate. The research claimed 28 members of Congress had been falsely identified as people who had been arrested.

Interestingly enough, critics also claim the technology violates the Forth Amendment of the US Constitution. It has already been established that police demanding identification without suspicion violates this amendment, while the American Civil Liberties Union argues such technologies are effectively doing the same thing.

What is worth noting is that it is highly unlikely a total ban will be passed. This is not the case in the City of San Francisco, as the city has introduced measures to ensure appropriate justification and also that data is stored properly. The key with the rules in San Francisco is that it is making it as difficult as possible to ensure the technologies are not used haphazardly.

What we are most likely to see is bureaucracy. Red-tape will be scattered all over the technology to ensure it is used in an appropriate and justified manner.

Accessibility is one of the issues which privacy campaigners are facing right now. Companies like New York-based Vuzix and NNTC in the UAE are making products which are not obviously used for surveillance and are becoming increasingly affordable. Software from companies like NEC is also becoming more available, giving the police more options. A landscape with affordable technology and no regulatory resistance paints a gloomy picture.

The introduction of more red-tape might have under-resourced and under-pressure police forces frustrated, but such is the potential invasion of privacy rights and the consequence of abuse, it is absolutely necessary. The quicker this technology is brought into the public domain and understood by the man-on-the-street, the better.

Biometric adoption needs to speed up to exploit the digital bonanza

The idea of biometric identification is not new, though to realise the full benefits of the digital economy, adoption needs to increase and move away from hardware.

Speaking at AfricaCom, Barbara Iyayi, Chief Growth Officer for Element, didn’t so much attempt to justify biometric identification and authentication, but pushed for wider and more rapid adoption. As a disclaimer, it should be worth noting that Iyayi is pitching the case for her business to make more money, but there were a few useful points to be taken away from the presentation.

First of all, let’s set the scene. The world is becoming increasingly digital and companies are spending less time in front of their customers. This of course has its benefits, but at the same time a connection is lost with the customer. This connection not only depersonalises the situation, but also makes it difficult to track customers. As Iyayi pointed out, if you don’t know who your customer is, you’re in a pretty weak position.

This is not a new point, but occasionally it is worth restating the obvious. There are of course various means to identify and authenticate customers, however, there isn’t a perfect scenario right now. Some of the ways in which customers are being identified and authenticated is through the SIM or social media accounts. And here is the issue, neither of these routes are immune from abuse. If your SIM has been used to authenticate, losing your phone could mean losing your digital life, while social media accounts are all too easy to fake; we’ve all watched an episode or two of Catfish.

This is where biometrics are increasingly playing a role. Every new phone can now be unlocked by facial recognition or the users finger print, which is specific to that individual, but this is local to the device. The identifiers are locked into the hardware and not transportable to other areas of the digital economy. Iyayi’s pitch for her business is on the software side of things, removing the authentication from devices and creating interoperability throughout the entire digital economy. Again, it is worth noting this was essentially a sales pitch at the conference, though that shouldn’t take away from a very valid point.

Digital profiles are already being created dependent on the services you use online, your financial and employment histories and also your interests. However, without linking these profiles back to an individual, the system is open to abuse, and the accelerated value of the digital economy cannot be realised. This is where biometrics, in a software world, can play a role.

It is a simple idea, though adoption might not be as high as some would hope. The other issue which needs to be addressed is user acceptance of biometric identification and authentication. While Iyaya played down any resistance to the technology, we’re not as convinced. Digital natives might well be open to biometrics, which is of course promising for the future, but what about the generations who existed before the always-connected era. Perhaps anyone from the age of 40 upwards would be sceptical about such a scheme. It is more invasive that identifiers of previous generations, and there will of course be Big Brother conspiracy theorists out there…

Stories from some of the more freedom-adverse countries such as China will not help. Here, the government has been collecting identification data on individuals for what most would only assume are monitoring ambitions, though India has also been attempting to build its own database for less nefarious reasons. Some generations might be sceptical, though the same could have been said about texting taking over as the defacto means of communicating. As the younger generations get older, such ideas are adopted as the norm.

This will probably be the case for biometric identification and authentication. Soon enough, biometrics will penetrate such areas as payments, though for this to happen there needs to be more openness. Iyayi is right, biometrics are crucially important for the digital economy to reach the promised peaks.

DT turns to biometrics for authentication and fraud detection

Deutsche Telekom has selected Nuance’s biometric technology to help the team offer customers simplified authentication processes when calling the customer service hotline.

Once the inevitable bugs have been worked out of the system, customers will be able to speak their requests naturally instead of navigating a complex phone menu, while the sound of their voice can also be used to confirm their identity. It is still early days, but the cumbersome process of typing in long account numbers and trying to remember complex passwords with a capital letter, number, punctuation mark and human sacrifice, could be a thing of the past.

“We’re proud to be leading the way as the first German telecommunications provider to deploy voice biometrics on our service hotlines and making this advanced technology available to our customers,” said Ferri Abolhassan, Managing Director Service at Telekom Deutschland. “We can identify our customers quite simply and quickly by the sound of their voices and there will be no more time wasted searching for contract numbers. The procedure is one of the most secure available.”

As far as stereotypes go, the DT management team must be giddy imagining how efficiently calls will be directed around the customer service centre.

“It is no secret that consumers today have higher expectations and demands for the type of service they receive from the companies they do business with,” said Robert Weideman, GM of Nuance’s Enterprise Division. “Our conversational AI solutions enable Deutsche Telekom to power more natural customer service conversations and deliver individuals the help they need quickly and securely.”

Although there will of course be sceptical customers who will rigidly stick to the old cumbersome ways, those who embrace the technology will simply have to say ‘Bei der Telekom ist meine Stimme mein Passwort’ (which means ‘At Telekom my voice is my password’ in English) to identify themselves. It’s simple and efficient, the way customer services should be.

Voice biometrics work by digitizing a profile of a person’s speech to produce a stored model voice print. Each spoken work is reduces to segments composed of several dominant frequencies called formants, with each segment subsequently having several tones that can be captured in a digital format. The tones collectively identify the speaker’s unique voice print, which the Nuance technology will allocate to a specific customer.

Aside from reducing call times and improving the experience when attempting to find the right department, the technology can also help prevent fraud. The voice print itself is similar to a finger print in that they are unique to individuals. While no system is ever going to be 100% fool proof, the voice print certainly does sound more secure than security questions, the answers to which can be worked out by effectively profiling a potential victim.

AT&T is a company which has faced complications in this area recently. Michael Terpin is suing AT&T for $224 million following the theft of $23.8 million in cryptocurrency tokens which were transferred out of his account following a SIM swap con. To do this, the fraudsters would have had to gain access to Terpin’s account by answering the security questions. Getting around these questions has become somewhat easier in recent years, as more user information has become available through social media.

In theory, fraudsters could research what the answers would be by look at Facebook interests, employment history on LinkedIn or holiday snaps on Instagram. Security questions are hardly the most creative and this is an area most companies should look at addressing. Using a voice print to authenticate the identity of customers should remove a substantial amount of the risk associated with such con jobs.

While this is an interesting and useful development at DT, it is slightly behind on the times. Voice biometrics have been used by numerous organizations, with Royal Bank of Canada, Santander, TalkTalk, and Vodafone Turkey among those who have each enrolled more than 1 million customer voiceprints after implementation. That said, it is a nice development.

Biometrics could be a threat to the smartphone – NEC

Our lives are dominated by a tiny digital interface, but biometrics could offer future generations a more natural way to interact with the digital world.

Before hysteria develops it should be worth noting this piece is not predicting the death of the smartphone, but Shinya Kukita, Chief Engineer of the Global Business Unit at NEC pointed out it is not a very natural way for humans to communicate. You’re hunched over, prodding a tiny screen and sometimes squinting to pick out the details. We’ve gone from a very expressive, vocal being to one which is dominated by silent communication and limits. Of course there is some way to go, but the steps forward being made by biometric authentication mean the world could become a lot bigger.

“With so many displays on the street, based on location or biometric details public screens could become a personal display for that particular moment,” said Kukita. “Any screen could become personalised.”

The accuracy being shown by biometric authentication technologies is increasing quickly. At the NEC stand we saw a quick demonstration of its facial recognition tech and the software couldn’t be fooled by a picture of the individual or a video, and the software was even able to detect whether the individual was very an incredibly detailed mask. There are becoming fewer ways to ‘spoof’ the software according to NEC.

With the public display scenario, once there are sensors everywhere any individual could work up to a screen on the street and it would recognise that person. Maybe a two-part authentication would be needed to make 100% sure (choose from facial, voice, fingerprint, palm, iris, ear canal), but because all your data is stored in the cloud, this public display becomes your personal screen for the moment. It would not necessarily be the death of a smartphone, but it could decrease our reliance on it.

While it is feasible, there are more practical applications for the technology right now. Back when the Champions League took place in Cardiff in last year, the local police used NEC’s facial recognition software, known as Bio-IDium, to identify individuals who had been placed on a watch list. Perhaps these individuals were banned from the stadium, or they had been involved in a recent incident, but Kukita highlighted several arrests were made once they had been identified and the nearest officers informed.

This is a very specific usecase, and in many European countries only the police force have been enabled to use such technology, but there are wider applications. Display advertising on the street or screens in bus stops could be personalised to the individual who is standing in front of it. Using powerful AI technology, this advertising could go further, perhaps logging into your schedule and realising you need to be on the other side of town. All of a sudden the screen has ordered a taxi for you.

One of the big problems with these technologies is privacy. “There is a fine line to walk between privacy and security,” Kukita commented, and the rollout will have to be measured and conscious. The risky aspect of the facial recognition software is the fact it doesn’t have to be ‘opt-in’. With a finger print scanner you essentially give permission by offering your finger to the machine, but facial recognition can operate in the background without the knowledge of the user. It is a delicate balance to strike, hence why only police are legally allowed to use it right now. One major incident and public opinion could be influenced, setting AI progress back years.

There is a lot which needs to change in terms of regulation, a huge amount of progress to be made deploying sensors and a monstrous amount of public consultation which will need to take place before the world we have described is a reality, But, it isn’t really that far away.