
Facial Recognition’s Threat to Privacy Is Worse Than Anyone Thought - CapitalistCartr
https://www.eff.org/deeplinks/2016/10/memo-doj-facial-recognitions-threat-privacy-worse-anyone-thought
======
Animats
A facial recognition database of politicians would be easy to construct. There
are plenty of pictures of them. We could have tracking sites for elected
officials. Surveillance cameras around Washington could report their
locations, and who is meeting with whom.

That might provoke something like the Bork Video Privacy Protection Act.

~~~
krapp
As long as this technology exists, and will eventually become ubiquitous, I
see no reason why we shouldn't be doing exactly that. And for police as well.

I should have an app that tells me the name, badge number and location of
every officer on duty within ten miles of me, updated in real time, with
constant video and audio surveillance. If a cop so much as sneezes it should
be posted on the internet before they wipe their nose.

That would put the "civil" back into "civil servant" real quick.

~~~
gozur88
>I should have an app that tells me the name, badge number and location of
every officer on duty within ten miles of me, updated in real time, with
constant video and audio surveillance.

That's a great idea. If you're a bank robber.

~~~
abandonliberty
You're right, we should put video trackers on all civilians so we can know
what they're doing at all times.

Consider how effective it has been at reducing police complains when they wore
cameras. Imagine if everyone did.

Certainly your concerns about bank robbery could be easily proven false with
recent crime rates, but you left out pedophiles, terrorists, and murderers.

Let's track everyone and end all crime.

~~~
gozur88
>You're right, we should put video trackers on all civilians so we can know
what they're doing at all times.

Oh yes, I can see how you got that from what I wrote.

------
notliketherest
I haven't had a Facebook for years, yet I'm absolutely convinced that Facebook
has maintained my social graph through pictures my friends and others have
posted with me in them. This is the real unprecedented threat: crowdsourced
surveillance by a private company. We need strong laws and leaders to prevent
this sort of thing from happening in the first place. And should the
government be allowed to "tap in" to this graph to monitor people with a
warrant? Scary times.

~~~
pdkl95
For a look at a disturbingly plausible future, see Tom Scott's ~2min sci-fi
short "Oversight".

[https://www.youtube.com/watch?v=RIuf1V1FhpY](https://www.youtube.com/watch?v=RIuf1V1FhpY)

~~~
Mathnerd314
It's plausible only in spirit. An actual listing of terrorists does not have 3
terrorists within a 1-mile radius, and does not need volunteers; the FBI
already has such a database. But as recent terrorism has shown, the databases
are not be sufficient to prove or disprove terrorism. It's just more security
theater.

If the FBI started extending its database to more trivial crimes, like say
speeding tickets, then it might start being useful. A law that isn't enforced
evenly isn't really a law; it's an excuse for the police to harm people they
don't like. Computerized enforcement seems like a good goal to aim for.

------
FullMtlAlcoholc
One way to counter facial recognition is by applying makeup in a certain
pattern that resembles David Bowie or 80's style cyberpunks. [1]

That 80's vision of the future really is here.

1\. [http://cvdazzle.com](http://cvdazzle.com)

~~~
BurningFrog
[https://xkcd.com/1105/](https://xkcd.com/1105/)

~~~
FullMtlAlcoholc
Hence the whole David Bowie/Lady Gaga look of it. We'd just need to make glam
rock/punk popular again!

~~~
tpeo
Just (adverb):

1\. Exactly.

2\. (ironic, oblivious) Used to imply that an otherwise impossible task is
just the opposite.

 _Time travelling is possible. We just need to get our hands on some of that
negative energy._

------
oceanswave
Seems like a lot of folks get 'privacy' and 'anonymity' confused. Should I
have a right to keep information I create about me private? Sure. Should I be
able to keep private or at least know the data that others collect about who
they think is me? Muddier. Yes, perhaps when that information is used to make
a tangible decision about me - think credit scores.

However, if I poop on a casino's lawn and it's truly me, and they bar me from
their premises, and the casino uses some sort of digital, always on mechanism
to ensure that I don't return, do I have a right to that data about me?

~~~
pdkl95
> get 'privacy' and 'anonymity' confused

When it isn't possible to avoid being observed, privacy _depends upon_ the
anonymity gained from misrepresentation.

Dan Geer's recommended[1] definition for 'privacy' in the age of ubiquitous
surveillance:

> Privacy used to be proportional to that which it is impossible to observe or
> that which can be observed but not identified. No more -- what is today
> observable and identifiable kills both privacy as impossible-to-observe and
> privacy as impossible-to-identify, so what might be an alternative? If you
> are an optimist or an apparatchik, then your answer will tend toward rules
> of data procedure administered by a government you trust or control. If you
> are a pessimist or a hacker/maker, then your answer will tend towards the
> operational, and your definition of a state of privacy will be my
> definition: the effective capacity to misrepresent yourself.

[1]
[http://geer.tinho.net/geer.blackhat.6viii14.txt](http://geer.tinho.net/geer.blackhat.6viii14.txt)

~~~
dimino
I _hate_ how "hacker" has always been synonymous with anti-establishment.

~~~
krapp
I hate how "hacker" has been co-opted by the establishment.

~~~
dimino
I hate how a hobby/profession must be a lifestyle or worldview.

I'm interested in breaking things, so now I have to hate my dad? He's the one
who got me interested in breaking things!

~~~
krapp
But "breaking things" is kind of an anti-establishment act by definition.

You may not agree with it, but anarchist ideology was a fundamental part of
hacker culture long before computer literacy became mainstream. The modern
usage is a corruption of an ideal.

~~~
dimino
I get that, but I hate it.

~~~
contravariant
Now I'm not sure if that is anti-establishment or not.

~~~
krapp
Yuppies were the children of hippies who rebelled against their parents by
embracing conservatism, so it wouldn't be without precedent. How do you
counter the counterculture when it wins and just becomes culture?

------
aluminussoma
I updated my Google Photos app and was amazed to see that it could search all
of my photos by clicking on an icon of a person's face. It even found faces of
people in multiple photos whom I don't know. I couldn't find any mis-labeled
photos. When I showed this to a family member, they were not amazed but
creeped out.

If there were a way to hook this up with my Nest Cam, I would be speechless.

The article focuses on its impact to people of color. Will this specific issue
go away if accuracy becomes near perfect? We'll still have to deal with its
impact on everyone - and that could invite broader regulation.

~~~
paavokoya

      my Nest Cam
    

People buying literal spyware to spy on themselves is definitely part of the
problem.

[http://www.computerworld.com/article/2476599/cybercrime-
hack...](http://www.computerworld.com/article/2476599/cybercrime-
hacking/black-hat-nest-thermostat-turned-into-a-smart-spy-in-15-seconds.html)

EDIT: I knew this would get downvotes from a crowd that simultaneously abhors
surveillance yet trumpets spyware like Nest as innovative. Cognitive
dissonance is strong here.

~~~
strictnein
Nothing to do with cognitive dissonance. Some of us just aren't impressed by
"hacks" that require the "hacker" to gain physical access to your home and the
hardware.

> "Once an attacker has physical access"

Also, strangely the article isn't about the the Nest Cam, so it's really just
the billionth in a series of articles that reinforce that if an attacker has
physical access you're screwed.

~~~
paavokoya
Does Nest ping to any companies servers?

------
carapace
I don't think we are going to be able to NOT have ubiquitous surveillance. The
tech won't go away and only gets better.

The question is not how to prevent it, because we can't (my premise.) The
question is, who gets to use it and for what?

We're going to have to learn to live without hypocrisy.

~~~
dredmorbius
That is why laws constrain the technically attainable.

We don't pass laws against things which cannot be done (at least not as a
normal course of action).

~~~
carapace
Let's say we make laws that proscribe that no one shall use the tech "the
wrong way", how do we ensure that _everyone_ is adhering to those laws without
using the tech "the wrong way"?

My point is that we can't constrain the technology by passing a law, because
you have to enforce it, and to do that we have to use the technology.

In the limit we're going to have either hypocrisy and have a system like North
Korea, or we're going to sort our shit out and have a system like Star Trek.

(I'm hopeful, despite being well aware of which of my examples is fictional.)

~~~
dredmorbius
I'll give you a specific example. David Simon of _The Wire_ talked about the
longshoreman's union in Baltimore in a UC Berkeley lecture titled "The
Audacity of Despair", available on YouTube. It's long but excellent. At 36m30s

[https://m.youtube.com/watch?v=nRt46W3k-qw](https://m.youtube.com/watch?v=nRt46W3k-qw)

In it, Simon mentions that the union was so corrupt that every day it had to
forward a copy of documents -- possibly _every_ document produced or received
-- mail, memos, publications, P.O.s and receipts -- to either the DoJ or the
state's AG office, under a consent decree. Basically, _because of a long
history of abuse of power_ the union had to run open books to law enforcement.

The financial world operates similarly: companies are subject to audits (by
private companies, not even government agencies, though _those_ companies are
themselves audited) for compliance with accounting practices and such. That
is, again, _you open your books_.

Regulation of other organisations operates on similar grounds. Pharmaceutical
companies are regulated as to their drugs produced, food processors to their
own practices, especially in beef, dairy, pork, and poultry. Some industries
gain exceptions to anti-trust regulations in return for more regulation and
oversight of other elements: major league sports, insurance (underwriting
boards), telecoms, and transportation (rail, truck, air, sea). An item which
popped up following Trump's request for followers to patrol polling places
_was a specific injunction on the GOP for doing just that_ dating to the early
1980s (and set to expire Real Soon Now, though Trump may just have fouled that
up). Southern states in the US have operated under injunctions dating to the
Voting Rights Act for violations of its provisions (some of which may have
expired or been reduced by recent SCOTUS rulings, I've not kept close track).

Google itself _is already operating under a consent decree running for 20
years until 2031_ as a result of "deceptive privacy practices" (that's the
FTC's language, not mine) in rolling out its Buzz social network:

"FTC Charges Deceptive Privacy Practices in Googles Rollout of Its Buzz Social
Network"

The mechanism for enforcement:

 _The settlement requires the company to obtain users’ consent before sharing
their information with third parties if Google changes its products or
services in a way that results in information sharing that is contrary to any
privacy promises made when the user’s information was collected. The
settlement further requires Google to establish and maintain a comprehensive
privacy program, and it requires that for the next 20 years, the company have
audits conducted by independent third parties every two years to assess its
privacy and data protection practices._

[https://www.ftc.gov/news-events/press-
releases/2011/03/ftc-c...](https://www.ftc.gov/news-events/press-
releases/2011/03/ftc-charges-deceptive-privacy-practices-googles-rollout-its-
buzz)

It turns out that people have faced the questions of trust, verification,
audit, and compliance for a long time. Trust, third parties, bounties, and
similar mechanisms are typical modes for ensuring compliance. There are ways
of determining if personal or private information has leaked (look up
"fictitious entries" or "honeytraps" \-- I've made a recent HN submission on
the topic though it didn't go far). And yes, there are times that the auditors
themselves are corrupt: Arthur Anderson and Enron, Ernst & Young HK and the
Mozilla v. WoSign and StartCom CA backdating scandal. Mozilla will refuse to
accept further audits from E&YHK, meaning that E&Y effectively mined its own
credibility to generate present business at a cost of any future trust (I'd
really like to see what the future fall-out of this is).

 _Yes, passing effective laws is PRECISELY how you constrain technology._

~~~
sesqu
> The settlement requires the company to obtain users’ consent before sharing
> their information with third parties if Google changes its products or
> services in a way that results in information sharing that is contrary to
> any privacy promises made when the user’s information was collected.

This seems like an awfully convenient explanation for why Google has started
to demand affirmation of their terms of use every few weeks, if not for the
date of 2011. I don't remember when they started with the demands, but it was
2014 or 2015.

------
notduncansmith
I'm all for privacy tools for now, but the privacy-surveillance arms race
feels like a hack compared to actually fixing the culture that creates a need
for privacy. Is anyone discussing what it would take to solve the problem from
that level?

~~~
astrobe_
Privacy is a lie by omission. Lies are a necessary feature for societies (even
non-human animals can lie). Therefore, privacy is a necessary feature for
societies.

~~~
notduncansmith
> Lies are a necessary feature for societies

Could you defend this assertion, please?

------
ageitgey
If you are curious _how_ these facial recognition systems actually work, check
out [https://medium.com/@ageitgey/machine-learning-is-fun-
part-4-...](https://medium.com/@ageitgey/machine-learning-is-fun-
part-4-modern-face-recognition-with-deep-learning-c3cffc121d78)

------
Theodores
I wonder if we will dispense with the need for ID. Imagine borders where no
passport is needed or ATM machines that just take a quick iris scan instead of
a physical card. Or other emergency services such as hospitals able to check
if you can pay the bills or have the required citizenship. I don't think that
the crowd that have store loyalty cards would complain if CCTV rather than the
card applied the perks.

In such a brave new world identity theft would be a thing of the past and
everyone would have less theft to worry about. So there could be upsides for
law abiding consumers and not just fascist government police forces.

~~~
rfrank
From my understanding, one of the tricky bits of biometrics as passwords in
general is that you can't really change them. What happens when the future's
equivalent of an ATM skimmer scans your iris?

Could also lead to increased violence in muggings/robberies, etc. If
fingerprints or eyes become necessary to access what it is they want to take,
they'll just add those to the list of things to take from you.

~~~
screaminghawk
>one of the tricky bits of biometrics as passwords

Serious question, would a passport be considered a password in this context?

>ATM skimmer scans your iris

Your credit card is authentication but your PIN is authorization. I imagine
your iris will replace your card, not your PIN.

The difference between authentication and authorization can be confusing in
some real world examples.

~~~
rfrank
Interesting point re: authentication vs. authorization. In the situation of an
iris scan as authentication, what then becomes the authorization? Multi-factor
biometrics, some sort of 2/3/4fa scan?

Broadly speaking, solutions to that problem which involve more biometric data
make me uncomfortable, in no small part because I just don't trust the people
who operate the systems.

Don't know on the passport thing, although my gut says no. Do you mean people
just having a passport in general, so say an iris scan pulls your passport
data & cross references it against a camera at the ATM? Or having it
physically on you so its RFID chip is read?

I've just started thinking/learning about these sorts of problems, so as of
now I don't have many opinions on how things should be done haha.

------
wickedlogic
The problem with mass surveillance, is mostly that masses aren't using it to
benefit/protect themselves.

------
kalys
Just wondering if piercings or earrings with infrared LED can prevent facial
recognition.

~~~
leesalminen
I would also like to know the answer to this question.

------
GoToRO
As technology gets better, the world gets smaller. In the end Earth will be as
big as a small village: everybody will know everybody.

~~~
prodigal_erik
This is a disaster, because the brutal conformism of villages is the reason
they lag behind cities where freaks are allowed to exist in anonymity.

~~~
GoToRO
Well...

1\. At least it is a disaster that we experienced before.

2\. At some point conformism will mean "you have to be like everybody else:
unique".

~~~
pixl97
Oh, you want to challenge the status quo. Burn him at the stake.

Just because we did something in the past, doesn't mean we should start doing
it again in the future.

~~~
GoToRO
I don't propose to do it again in the future. I think it will come anyway no
matter what.

------
pmyjavec
Where losing control of our technology and privacy, when people start saying
things like _we 'll get the government to fix surveillance_, we are introuble.

------
vorotato
Worse than anyone thought? I doubt it.

~~~
WalterBright
You'd be right. I thought it was obvious. I wonder if wearing things that
partially obscure the face will become popular.

------
kazagistar
Facial recognition + augmented reality = read reviews by exes at bars.

------
LargeCompanies
What's the best facial recognition app (native or web) out there now for
consumer use?

Does one exist yet that's works as reliably or almost as reliably as what the
cops at using?

------
BurningFrog
Like it or not, this is an inevitable consequence of advancing technology.

Since it can't be stopped, the thing to think about is how to adapt to it.

------
zk00006
So what is the message? Honestly, I didn't get any information form the
article.

~~~
mcguire
" _We knew the threat was looming. But a brand new report[1] from the
Georgetown Law Center for Privacy and Technology indicates the problem is far
worse than we could’ve imagined._

" _In response to the report, EFF has joined a large coalition of privacy
advocates[2] to demand the U.S. Department of Justice, Civil Rights Division
take two major steps to keep facial recognition in check:_

" _1\. Expand ongoing investigations of police practices and include in future
investigations an examination of whether the use of surveillance technologies,
including face recognition technology, has had a disparate impact on
communities of color; and_

" _2\. Consult with and advise the FBI to examine whether the use of face
recognition has had a disparate impact on communities of color._ "

[1] [https://www.perpetuallineup.org/](https://www.perpetuallineup.org/)

[2] [https://www.aclu.org/letter/coalition-letter-department-
just...](https://www.aclu.org/letter/coalition-letter-department-justice-
civil-rights-division-calling-investigation-disparate)

------
joshuaheard
The loss of privacy should be balanced against the aid it provides to law
enforcement to catch criminals. So, even though the loss of privacy is more
extensive, the capability of the cops to catch the bad guys is also better.

~~~
FullMtlAlcoholc
We're in the safest era in human history. How many more rights would you like
to give up for more security?

~~~
joshuaheard
AFAIK you don't have a right to privacy while in a public space.

~~~
FullMtlAlcoholc
If someone followed you constantly while you were in public, that can be
considered stalking and you could get a restraining order against them.

~~~
joshuaheard
Only if they threatened violence.

