Posts Tagged ‘ Freedom of Information ’

Private Eyes Are Watching You

Oct 18th, 2009 | By Innovya follow-up | Category: Articles

United Kingdom is Leading Pack in Face Recognition; Is U.S. Next?

By ASHLEY PHILLIPS – ABC NEWS

A 17-year-old walks into a liquor store, carries a 12-pack of beer up to the counter and hands the clerk a flawless fake ID. Unbeknown to him, the clerk need not even glance at the ID before turning him down. His face gave him away. A facial recognition system placed behind the store counter analyzes the teen’s 17-year-old features and informs the clerk of his illegal age. It’s just one of a litany of uses for the fast-evolving surveillance technology, a field that has security experts salivating and privacy advocates bracing for a battle.

biometric recognition

(Getty / ABC News)

Computers that can pick out fugitives in a crowd, video cameras that scold people for littering, eyes in the sky that detect crimes as they’re being committed. While these scenarios may sound straight out of George Orwell’s “1984,” they are becoming reality and could be headed for your corner store sooner than you think.

Although still being researched across the globe, facial recognition technology has already taking hold, particularly in Great Britain.

Last week, Budgens, a U.K. grocery story chain, announced that it would use facial recognition technology to prevent its clerks from selling alcohol and cigarettes to underage customers. The photos of customers who were refused previously will be stored in a database, and then if the offenders come in to buy similar products again, the clerk will be alerted.

Similarly, the British government plans to roll out a facial recognition pilot program in London airports this summer. People who hold biometric U.K. and EU passports can pass through unmanned gates. At the gate, their faces will be scanned to match them to their passport records.

Though the technology has been around for years and the British are embracing it and moving forward, technology experts say facial recognition — and the cameras needed to support it — wouldn’t fly with privacy-obsessed Americans, at least not yet.

“[Facial recognition] really has picked up steam in the last 10 years,” said Vijayakumar Bhagavatula, who teaches electrical and computer engineering at Carnegie Mellon. “The principle has been around for 25 years, but it started getting put into commercial systems five to 10 years ago.”

Bhagavatula describes the technology simply.

“Let’s say a digital camera is taking a picture of someone’s face. So now it gets represented in computers as a bunch of numbers,” he said. “Humans have no problem [saying] that’s someone I know. The computer has to look at those numbers and say, ‘Are these the same set of numbers corresponding to a person I took a photo of a year ago?’”

It’s a complex process, and it is not flawless. For computers, those numbers representing human features can change based on the person’s expression, lighting and overall quality of the image, according to Bhagavatula.

To combat this, researchers are constantly looking for new algorithms to analyze facial features. Currently, many researchers are looking at features that don’t change, such as the distance between the eyes, the angle made by the tip of the nose or the length of an eyebrow, he said.

“Many methods try to capture these kinds of things that are unique to people’s faces,” he said. “You hope that these numbers stay the same when a person smiles or frowns.”

The U.S. Privacy Police

The kind of monitoring that would enable facial recognition to work well has not caught on in the United States, at least not yet, according to Paul Saffo, a technology forecaster in Silicon Valley.

“The English have always had a slightly different attitude toward privacy,” Saffo said. “They’ve never had a strong a privacy culture as America has had. The English do not have a constitution. Their protections are in common law. It is easier for the government to overstep notions of privacy than it would be here, because you have people invoking the Bill of Rights.”

But Saffo believes that given the right crisis, the United States would eventually accept the technology.

“Do not underestimate the psychic shock of the London subway bombings,” he said. “We bleat and cry about privacy, but we happily surrender our privacy for the cheapest of coin.”

So far, most legislative pushes for video monitoring by city governments have been thwarted.

This week in Washington, D.C., a bill pushed by the city’s mayor calling for nearly $1 million in funding for citywide public cameras was voted down by the city council.

“People sometimes talk about video surveillance systems as moving forward inexorably in the United States, but we’ve seen quite a few successful protests,” said Mark Rotenberg, the director of the Electronic Privacy Information Center. “I think there are a lot of questions that need to be asked about video surveillance. The most obvious one is: what is the purpose?”

“[Britains] have embraced a really extraordinary amount of monitoring by the government that I don’t think the U.S. would accept,” he said.

Yeah, but Does It Work?

Some critics also take issue with the accuracy (or lack thereof) of facial recognition technology.

In perfect conditions, facial recognition can be fairly effective, according to experts, but in less than perfect conditions it can be wildly inaccurate. For example, it is difficult for a computer to identify a person who is walking on a city street or in an airport where his face might be blurred, obscured or shadowed.

“We have gotten a long way from where we were 10 years ago,” says Carnegie Mellon’s Bhagavatula. “But good algorithms have an 80 percent accept rate. It’s pretty good, but not perfect.”

Rob Jenkins, a psychology professor at the University of Glasgow in Scotland, may have found at least one way around the technology’s inaccuracies. Jenkins and his colleague Mike Burton published a study in the journal Science in January that outlined a method to get 100 percent accuracy from computers by using what the researchers called an “averaged” face image, made up of 20 photos.

“The great thing about this averaging process is it just washes out all these differences of single photographs. The lighting and the pose all kind of becomes neutralized,” Jenkins told ABCNEWS.com in January. “And what you’re just left with is the core of the face. The aspects of the image are consistent from one photo to the next.”

Since that study, police, governments and companies have shown interest in his research, Jenkins said. And although he is interested more in how the mind recognizes faces than how the technology is used, as a citizen, he finds the ubiquity of CCTV troubling.

“New technologies that are being unveiled as being the solution to problems — often they’re just a better key to locking and unlocking something, but that doesn’t mean that you shouldn’t think about what’s behind the door,” he said. “Because if you put all this trust in a new technology, … you can find yourself in quite a hairy situation.”

Jenkins points out that sometimes even humans can’t recognize familiar faces.

“The human brain is the most sophisticated computer we know of,” he said. “Engineers are setting themselves [up] with a very difficult problem by demanding accurate performance. Even humans can’t do this reliably and should give us pause. … Is the goal a realistic goal? Are we ever going to build a machine that can do that? And maybe we will, but I think it’s a question that’s worth asking.”

Tags: , , , , , , , , , ,
Posted in Articles |


Rewrite of privacy law for 21st century

Oct 14th, 2009 | By Innovya follow-up | Category: Articles, Opinions

Peter Timmins - WEDNESDAY, OCTOBER 14, 2009

The Federal Government has announced its stage one response to the Australian Law Reform Commission’s Report 108, For Your Information: Australian Privacy Law and Practice.

In a speech to the International Association of Privacy Professionals in Melbourne, Special Minister of State Senator Joe Ludwig said the Government’s intention was to effectively rewrite the Commonwealth Privacy Act 1988for the 21st Century. Full details of the response are contained in this 144 page response released at the same time. The response sets the foundation for a revamped privacy framework, addressing 197 of the 295 recommendations in the ALRC’s Report. Key features, as outlined in the Minister’s speech and in the detailed response are to

  • provide for one set of Privacy Principles for Commonwealth agencies and relevant businesses alike. Senator Ludwig said the Government was all too aware of the flaws of regulatory duplication, unnecessary complexity of obligations and rights, and the impediments to information-flow inherent in the current situation of treating the Government and private sector separately. New Government proposals for the Privacy Principles include: a requirement to take reasonable steps to implement compliance with the Privacy Principles, under the ‘openness’ principle; a ‘missing persons’ exception under the ‘use and disclosure’ principle; greater accountability for entities that transfer information overseas under the ‘cross-border data flows’ principle; and specific permission to handle Commonwealth, state and territory government identifiers for identity verification purposes under the ‘identifiers’ principle.
  • deal with developing technology by ensuring the Privacy Act will be technology neutral. Various parts of the response will further protect against emerging threats and privacy pitfalls by empowering the Privacy Commissioner to undertake research, and provide guidance and education on technologies that enhance or impact on privacy. Biometric information will be included in the definition of ‘sensitive information’ (reflecting its unique nature and heightened risks of misuse)
  • strengthen the Privacy Commissioner’s powers of investigation, compliance and enforcement of the Act. The Commissioner will be able to handle complaints and gather information more effectively, compel appearances or production of documents, accept enforceable undertakings, and seek civil penalties for serious or repeated breaches of the Act. A new development will be a three-tiered scheme for binding Privacy Codes. Binding codes can be developed by organisations or agencies voluntarily, but the Commissioner will also be able to request a group of organisations or agencies to develop one where it would serve the public interest. If they fail to comply, the Commissioner can impose a mandatory code on the group. The Commissioner will be able to direct an agency to provide a Privacy Impact Statement. For the private sector, the Commissioner will be empowered to conduct Privacy Performance Assessments of personal information records to see if they are abiding by the Privacy Principles.
  • provide for the enhanced use of data for the purpose of credit reporting while including additional specific protections to ensure such data is used appropriately. In order to allow credit providers to undertake a more robust assessment of an individual’s credit risk, the Government will make changes which allow five positive datasets – the type of each active credit account, date of opening and closure of account, account credit limits and credit repayment history- to be included on an individual’s credit report.
  • improve health sector information flows and provide additional guidance for the use of health information; enact new rights to request transfer of records and to be told what will happen to health records if a provider closes down or changes hands
  • support and facilitate research in the public interest by simplifying regulation,while protecting community expectations of personal privacy. A harmonised set of rules for Government and private sector researchers will replace the two sets of binding guidelines on non-consensual handling of personal information; and the research provisions will be expanded to allow such handling for any research in the public interest, not just for health and medical research. Two important parameters of the current regime will also be maintained: the public interest in research must ‘substantially outweigh’ the protection of privacy – requiring a clear choice in favour of the research; and the National Health & Medical Research Council and the Privacy Commissioner will retain primary responsibility for issuing and approving the research rules.
  • new and consistent provisions on cross-border data flows. Agencies and organisations will remain accountable for personal information which is transferred overseas unless there is: informed consent of the individual; a legal requirement or authorisation for the transfer; strong public interest grounds; or, the other country has a law or a binding scheme, similar to the Privacy Principles, that will protect the information. Such a law or scheme must be enforceable by the individual. A mere contract binding the overseas party would not be enough to remove accountability for the information if it is offshore and there is no viable remedy for the individual.
  • through guidance and legislative amendment make clear that the Privacy Act (not the FOI Act as is the case at present) is theprimary avenue for access to, and correction of, an individual’s own personal information. The Privacy Act will be the key Commonwealth law for the collection, handling, disclosure and accessing of personal information. The focus of the FOI Act is intended to be on access to documents held by government other than an individual’s own personal information. However, in recognition that there will be circumstances where documents held by agencies contain a mixture of: (a) an individual’s personal information; (b) the personal information of third parties; and (c) non-personal information, in such a way as to make it difficult to release only the individual’s personal information, or that individuals may make access requests for files that contain such a mixture of information, the Government agrees that rights to access some personal information should be retained under the FOI Act. Agencies will need to establish administrative processes for dealing with the different access and correction requests that will arise under the Privacy and FOI Acts, having regard to the types of records and information they hold. Guidance on the interaction between the two Acts will be critical for agencies.
  • work with the states and territories to harmonise privacy lawacross the nation. The first stage response will create a platform from which the Government can pursue national harmonisation through discussion with the states and territories. Ultimately, the aim will be a consistent set of privacy standards for the Commonwealth, state and territory public sectors, as well as the private sector. The Federal Government will be looking to the states and territories to repeal privacy laws including health privacy laws that apply to the private sector. Additional national consistency issues will be considered in the second stage response.

Of the 197 recommendations addressed in this first stage, the Government

  • accepted 141, either in full or in principle;
  • accepted 34 with qualification; and
  • noted 2 recommendations.

20 recommendations were not accepted. While opinions will differ, only two struck me as noteworthy: rejection of the recommendation to extend privacy protection to personal information held about a deceased individual dead for 30 years or less; and rejection as unnecessary of action to ensure that federal legislative instruments establishing public registers containing personal information set out clearly any restrictions on the electronic publication of that information.

The Australian Law Reform Commission was pleased with the “giant tick” for its recommendations.

Next steps: the Government intends to release an exposure draft bill reflecting these changes to be sent to a Parliamentary Committee for consultation early in 2010, before returning to Parliament with a final bill. Once the first stage has progressed, the Government will then begin considering the ‘second stage response’ to the ALRC’s remaining 98 recommendations. ‘Second stage’ issues include proposals to clarify or remove exemptions; data-breach notification; a statutory cause of action for serious invasions of privacy; telecommunications privacy; decision making issues (such as authorised representatives and children’s privacy); and further national harmonisation.

____________________

Peter Timmins

Peter Timmins

Peter Timmins is a consultant who works on FOI and privacy protection issues in NSW Australia. He has legal qualifications, worked in Canberra and overseas with the Australian Foreign Service, and subsequently in the finance industry. Peter has wide experience as a consultant on policy development to governments around Australia.

Tags: , ,
Posted in Articles, Opinions |