Category Archives: Other Randomness

The “Five Things” Meme

Bob has made me one of the latest victims of the “post five things you might not know about me” – so for what might be my last post of 2006, here are my five things…

  1. In 1999, I competed in the Northern California Golden Gloves competition in the 240+ weight class. After getting a “pass” through the first round, I went up against someone much taller, much heavier, with more experience and with a longer reach. I know you’re expecting me to say that I won, but come on – look at the odds. He didn’t knock me out, but I did have the experience of being punch drunk afterwards.
  2. After the January edition of San Francisco magazine is published next week, I might become a pariah in the San Francisco cocktail circles. Still, the people in the industry I respect understand how I can say that the local palate is still underdeveloped – and I think that the good people at Rye will still tap me on the shoulder to judge some of their upcoming competitions.
  3. Every Friday, you can find my wife and me at the end of the bar at Coco 500 drinking cocktails put together by one of the best bartenders in the city – Scott Baird. Sorry, did I say drinking? I meant researching for future competitions.
  4. Though I lived in Germany for almost three years, I can barely get by speaking Deutsch. I can, however, say that I have successfully spent many days at Oktoberfest – and by days, I mean days that started at 10am and ended at 10pm. It’s not about the drinking – it’s about the strength of your bladder.
  5. I never graduated High School. I have my Bachelors Degree (in Liberal Studies), but never finished my senior year at High School. I did, however, receive a Commonwealth Diploma from the State of Pennsylvania.

And on to the next victims… Jocelyn, Larry, Dave, James and Ash.
Tell us five things we wouldn’t know about you and then find five other suckers victims friends to bring into this network version of a chain letter.

When Biometrics Goes Wrong

File this under the category: just because you can do something doesn’t mean you necessarily should do something.

There’s been a good amount of recent chatter online regarding the upcoming IE and Firefox plugins for the Polar Rose photo indexing service.

Similar to the initial intent of almost-acquired-by-Google Riya, Polar Rose’s goal is to create a search engine for faces in photos. As quoted from the company website:

“Polar Rose makes photos searchable by analyzing their content and recognizing the people in them.”

This works by getting people to identify people in their own photos and photos from friends (see this example from Flickr) – essentially using people to train the system. Using standard techniques from biometric facial recognition software usually used by law enforcement, these static photos are then used to create a three dimensional model. This is done by using a couple of standard position points (typically pupils, tip of nose, curvature of the mouth) as references and then calculating the position of the face.

By using meta-data encoded in the picture, it’s also possible to adjust the facial image based on the date and age of the photo. So, a picture of you clean shaven picture of you in the summer can be correlated with a later picture of you taken in the winter with a full cold-defying beard.

If you’re not concerned yet, think about the ramifications of this – photos posted online with plausible anonymity are no longer anonymous at all.

As a biometrics researcher, it’s been important for me to stay on the side of the authentication, not identification. Authentication means that there’s a claimed identity that you start with, and then the biometric system confirms it. For example, with the vAuth(tm) platform that by company has created, you have to provide your user ID (or an alternate identifier), then you have to provide voice samples to confirm your identity claim. Consumer/corporate Fingerprint systems work the same way – you present an identity claim (login ID, ID number, ID card) then validate that you are the person you claim to be.

Systems like Polar Rose’s are identification systems – it takes a photo, extracts the face, compares it against the corpus of collected faces and tries to identify who it is. Technology like this is better handled by law enforcement, not put in the hands of the general public.

There are millions of pseudo-anonymous pictures online. For example, I have a couple hundred pictures on Flickr. Some of these have my first name. None of them have my last name. Now, let’s say that one of my friends is a Polar Rose user – he or she could start identifying my face using my complete name – without my knowledge or permission. Now, let’s say someone else stumbles across a photo of me from somewhere else, like a candid from a cocktail night (where I am not mentioned in the photo commentary or credits) and is also a Polar Rose user. That person uses the plugin to see who I am and gets my full name. That person is now a single Google search away from knowing where I work, where I live, where I eat and drink from possible blog entries.

It’s a slippery slope to the erosion of privacy. Embarrassing photo from the office holiday party make it online? That photo of you in the skimpy bikini? The one from your buddy’s bachelor party? These are perfect examples of photos where you don’t care if they’re online because they’re pseudo-anonymous, meaning that if someone knows you in real life, they might be able to identify you from the photo. However, the majority of people who might see the picture don’t know who you are aside from whatever information you choose to attach to the picture. Consider these pictures to be generally available.

The ethics of using biometrics for identification are complex and murky. Putting a potential stalker’s tool into the hands of miscreants, stalkers and pedophiles isn’t something to be taken lightly – and a simple license agreement stating that the tool can’t be used for stalking just isn’t going to be enough.