When Biometrics Goes Wrong

File this under the category: just because you can do something doesn’t mean you necessarily should do something.

There’s been a good amount of recent chatter online regarding the upcoming IE and Firefox plugins for the Polar Rose photo indexing service.

Similar to the initial intent of almost-acquired-by-Google Riya, Polar Rose’s goal is to create a search engine for faces in photos. As quoted from the company website:

“Polar Rose makes photos searchable by analyzing their content and recognizing the people in them.”

This works by getting people to identify people in their own photos and photos from friends (see this example from Flickr) – essentially using people to train the system. Using standard techniques from biometric facial recognition software usually used by law enforcement, these static photos are then used to create a three dimensional model. This is done by using a couple of standard position points (typically pupils, tip of nose, curvature of the mouth) as references and then calculating the position of the face.

By using meta-data encoded in the picture, it’s also possible to adjust the facial image based on the date and age of the photo. So, a picture of you clean shaven picture of you in the summer can be correlated with a later picture of you taken in the winter with a full cold-defying beard.

If you’re not concerned yet, think about the ramifications of this – photos posted online with plausible anonymity are no longer anonymous at all.

As a biometrics researcher, it’s been important for me to stay on the side of the authentication, not identification. Authentication means that there’s a claimed identity that you start with, and then the biometric system confirms it. For example, with the vAuth(tm) platform that by company has created, you have to provide your user ID (or an alternate identifier), then you have to provide voice samples to confirm your identity claim. Consumer/corporate Fingerprint systems work the same way – you present an identity claim (login ID, ID number, ID card) then validate that you are the person you claim to be.

Systems like Polar Rose’s are identification systems – it takes a photo, extracts the face, compares it against the corpus of collected faces and tries to identify who it is. Technology like this is better handled by law enforcement, not put in the hands of the general public.

There are millions of pseudo-anonymous pictures online. For example, I have a couple hundred pictures on Flickr. Some of these have my first name. None of them have my last name. Now, let’s say that one of my friends is a Polar Rose user – he or she could start identifying my face using my complete name – without my knowledge or permission. Now, let’s say someone else stumbles across a photo of me from somewhere else, like a candid from a cocktail night (where I am not mentioned in the photo commentary or credits) and is also a Polar Rose user. That person uses the plugin to see who I am and gets my full name. That person is now a single Google search away from knowing where I work, where I live, where I eat and drink from possible blog entries.

It’s a slippery slope to the erosion of privacy. Embarrassing photo from the office holiday party make it online? That photo of you in the skimpy bikini? The one from your buddy’s bachelor party? These are perfect examples of photos where you don’t care if they’re online because they’re pseudo-anonymous, meaning that if someone knows you in real life, they might be able to identify you from the photo. However, the majority of people who might see the picture don’t know who you are aside from whatever information you choose to attach to the picture. Consider these pictures to be generally available.

The ethics of using biometrics for identification are complex and murky. Putting a potential stalker’s tool into the hands of miscreants, stalkers and pedophiles isn’t something to be taken lightly – and a simple license agreement stating that the tool can’t be used for stalking just isn’t going to be enough.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>