Connect with us
A study from Georgetown Law shows that police are using photos of celebrities and composite sketches to generate a facial recognition match. A study from Georgetown Law shows that police are using photos of celebrities and composite sketches to generate a facial recognition match.

Technology

Celebrity Photos, Composite Sketches, And Other Things The Police Feed The Facial Recognition System To Find A Match

Facial Recognition technology is becoming a popular tool among law enforcement agencies. Photo: Mike MacKenzie | Flickr | CC BY 2.0

Published

on

ad1

A recent study published by Clare Garvie from Georgetown Law Center on Privacy and Technology reveals that the police and law enforcement agencies were feeding celebrity images, composite and digitally rendered sketches, and pixelated close-circuit images to their facial recognition system to solve crimes. The study came out a few days following San Francisco’s vote to ban the police and city agencies from using facial recognition systems.

The study pointed out that there are little to no rules that govern how the police and other law enforcement agencies can use facial recognition software especially when it comes to what image they can submit to the system to generate investigative leads. As a result, they can submit all manner of “probe photos” of unknown individuals provided for search against a police or driver license database. Consequently, the police can – and do – submit low quality camera stills, screenshots from social media, filtered selfies, and scanned photo album photos.

As an example, the researcher pointed out to the case of a man who was accused of stealing from a CVS in New York City. While the store’s surveillance system captured the obstructed and pixelated photo of the suspect, the facial recognition system used by the NYPD was not able to generate a match. As creative as the NYPD can get, they noticed that the suspect “kinda” looked like the actor, Woody Harrelson, and fed his image in the system. This celebrity “match” was sent back to the investigating officers, and someone who was not Woody Harrelson was eventually arrested for petit larceny.


On the left: a slide from the NYPD FIS describing its “celebrity comparison” technique. On the right, a photo of Woody Harrelson. (Source: left, NYPD; right, Gabriel Cristóver Pérez/LBJ Presidential Library.)

According to the study, Woody Harrelson was not the only celebrity whose photo was used to identify his criminal doppelganger. Facial Identification (FIS) of the NYPD also used a photo of New York Knicks player to search its facial recognition database for a man with an assault charge in Brooklyn.

“The stakes are too high in criminal investigations to rely on unreliable—or wrong—inputs. It is one thing for a company to build a face recognition system designed to help individuals find their celebrity doppelgänger or painting lookalike for entertainment purposes. It’s quite another to use these techniques to identify criminal suspects, who may be deprived of their liberty and ultimately prosecuted based on the match. Unfortunately, police departments’ reliance on questionable probe photos appears all too common,” Garvie wrote in her study.

Meanwhile, Garvie also notes that the police is not only using photos of other people – celebrities at that – to match someone who is not them. One of the most questionable practice, the researcher noted, was the police are using composite sketches in generating a match in the database.

“At least half a dozen police departments across the country permit, if not encourage, the use of face recognition searches on forensic sketches,” she highlights.

In fact, the brochure from Maricopa County Sheriff’s Office in Arizona states that “the image can be from a variety of sources including police artist renderings,” and that the technology “can be used effectively in suspect identifications using photographs, surveillance still and video, suspect sketches and even forensic busts.”


Examples where an imposter, not the subject of the forensic sketch, is returned as the highest ranking face recognition match. (Source: Klare, Li, & Jain (2010), all rights reserved.)

The renowned privacy lawyer argues that this is a dangerous practice, and misidentification is highly probable. “The most likely outcome of using a forensic sketch as a probe photo is that the system fails to find a match—even when the suspect is in the photo database available to law enforcement. With this outcome, the system produces no useful leads, and investigating officers must go back to the drawing board,” Garvie argues.

While law enforcement agencies argue that the use of facial recognition is limited to initial identification alone and will not be considered as a positive ID, Garvie provided cases where FR systems were used to implicate innocent people solely based on facial recognition matches.

“NYPD officers made an arrest after texting a witness a single face recognition “possible match” photograph with accompanying text: “Is this the guy…?” The witness’ affirmative response to viewing the single photo and accompanying text, with no live lineup or photo array ever conducted, was the only confirmation of the possible match prior to officers making an arrest,” cited Garvie in her study.

In the end, Garvie said that even if the FBI is positive that the accuracy of facial recognition becomes better as algorithms improve, these improvements won’t matter as long as there is no regulation as to how they should be used.

“In the absence of those rules, we believe that a moratorium on local, state, and federal law enforcement use of face recognition is appropriate and necessary.”

Note: All images were taken from the study manuscript.

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama. I also own a cybersecurity blog called Zero Day.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cybersecurity

Kaspersky Antivirus zero-day could ironically allow hackers to track users

Kaspersky has already issued a patch to resolve the vulnerability.

Published

on

Photo: David Orban | Flickr | CC BY 2.0
ad1

A German journalist discovered a flaw in the system of Kaspersky Lab’s antivirus that led to a significant security risk which allowed cybercriminals to track Kaspersky customer without their knowledge.

This all started when Ronald Eikenberg began testing antivirus programs for his own publication. A few months later he discovered that on a website, Kaspersky’s antivirus has been injecting some code. Eikenberg said that it seems that Kaspersky is trying to find ways in interacting with the site even though there is no browser extension on the system.

“One of the purposes of the script is to evaluate Google search results displayed in the user’s browser. If a link is safe, the Kaspersky software will display a green shield behind it,” he added.

In this era, most of the companies and websites would require tracking users across the internet to identify them and learn their interest to provide the target advertisements to be shown to them. Usually, this would require 3rd-party cookies, and this would allow even Facebook or Google to track your movement throughout multiple websites.

The problem however when using Kaspersky Antivirus is that it exposes a user by tagging them with a unique identifier that will record and keep track of what you visited in the past four years, which would allow some sites and third-party services to track them even though users have already blocked them. This will be putting the users at risk since everything that the user does is being monitored or kept track of.

“That’s a bad idea because other scripts that run in the context of the website domain can access the HTML code at any time—and thus the injected Kaspersky ID. This means in plain language that any website can simply read the Kaspersky ID of the user and misuse it for tracking,” the researcher says.

Instead of using unique identifiers, they were given a specific ID assigned to a particular computer; thus, it does not change after several days.

This attack could lead to scamming people by either asking their personal information or bank account information through the form of a payment system. One good example would be that a pop-up will show up and say ‘your license has expired, please enter your credit card information to renew your subscription.’

This process would affect multiple users that are using Kaspersky Antivirus. 

There was a patch that was issued last month to update all Kaspersky antivirus program for all the user of a specific version. However, there is still a version of the security tool that still allows a malicious hacker to know that antivirus software is installed on the machine.

Another way to somehow mitigate the problem is to manually uncheck in the software settings depending on the situation that you feel you are being spied on.

Kaspersky has already removed the unique identifiers for the GET request to enhance somehow the process of checking web pages when it comes to malicious activity. The change was provoked by Eikenberg after he notified Kaspersky about the possible risk of personal information disclosure when using unique identifiers for the GET request.

A statement released by Kaspersky revealed that based on their research, there is a minimal chance that this could be carried out in practice, but it is theoretically possible to happen. The complexity of the program would help fend off the leak of private information and also its low profitability would somehow be a discouragement for the hacker. 

Nevertheless, the company would still need to improve their system in order to prevent further mishaps, the private information that should be protected by the company is a due responsibility that should not be taken short for. Thus it is a severe issue if Kaspersky does not resolve the problem at hand right away. 

On a brighter note, if users want to disable tracking altogether, they can manually disable the URL advisor feature from the settings – additional – network- uncheck traffic processing box. This procedure will allow the user to be safe and not be monitored for the meantime while using the said application.

Users of specific tools that sole purpose is to protect our information and protect the user, having this kind of issue will bring distraught to the public in trusting some of the protection programs to install on their devices.

Continue Reading

Gadgets

Huawei warns Trump of disrupting the dominance of Apple, Google

Huawei CEO said that if the U.S. government continues to deny them of using Android, they will be forced to use HongMeng OS on their new smartphones, disrupting the dominance of Google and Android.

Published

on

Photo by Kamil Kot on Unsplash
ad1

Huawei is poised to take over and disrupt the dominance of two long-standing tech giants in the smartphone industry, Google and Apple, and when pushed by the U.S. government to their last recourse if Washington continues denying the Chinese company access to the Android operating systems for their future smartphone products, it will have no choice but to fight against Google and Apple, which is bad for the U.S., Huawei CEO Ren Zhengfei warned.

Ren stated in an interview that if Google strips them from the Android operating system, then the world will know a third operating system. Ren also claimed that releasing a third operating system will not be the best choice for the two major companies since there will be more competition.

The blacklisting was announced last May, and since then, Huawei has been claiming to launch a new smartphone with a new operating system. The operating system, named HongMeng or Harmony OS, will be better than both the current operating system available, the tech giant said.

People have been wanting a better version of the smartphones that we are using now, instead what we got instead are clever phones that have low-latency, better smart-TVs and even watches that are able to connect to the internet.

Huawei claimed that they don’t have a “plan-B” if ever the banning of Google would happen, according to Ren. If ever Google is not used, they plan to shift HarmonyOS to be viable to smartphones, but it would take some time since the shift would require them to create a whole new system that would be on par when it comes to its performance.

The problem all started when there were claims that due to the coziness of Huawei with the Chinese government, it is feared that the devices would be used as a tool to spy on other countries. This was all the reason that caused the U.S. to ban companies from using equipment from Huawei way back in 2012.

An executive order from President Donald Trump placed Huawei on the list of the U.S. Department of Commerce’s Bureau of Industry and Security on May 15. However, Trump agreed to be more lenient on the restriction as a part of a deal to resume business trade talks with China in June.

If the U.S. really does deny access to Google’s operating system, then Huawei has no choice but to create an alternative, and it will be backed up by China for Huawei to create this alternative.

Ren warned Google, “you cannot rule out the chance that the third operating system might outrun them someday.”

The U.K. can’t practically decide on what to do right now as other major telcos still work hand in hand with Huawei by continuing to sign agreements with them. While the U.S. still is still tangled in trade talks with agriculture, so the cycle of their industry is still the same, fast-moving and no change. 

Supplying ‘authoritarian regimes’

In an interview, Ren also admitted that Huawei supplies “authoritarian regimes.”

“I actually do not make any prejudgement of a government first before we sell to our customers. Because every country has a sovereign system, it’s not in our position to interfere with the sovereignty of other states. If we did, then we would be playing the game of politics, right? And that’s a matter for sovereign states.”

The situation where Huawei is on right now might be a little difficult since it will require a gamble if ever they were denied access with Google’s operating system. Right now, Huawei still does not have any ‘plan-b’ course of action, but they will have to make an alternative when the time comes. They also plan to compete with the two biggest Operating system provider (Google and Apple). 

The U.S. is still pondering on whether to continue the relationships with Huawei or to completely ban them and make them a permanent blacklist on U.S. Department of Commerce’s Bureau of Industry and Security, halting any form of trade with Huawei and demolishing the support that they are still currently having with Google.

The long term plan is still hazy, but if ever the U.S. does force China into a full-scale Android alternative, others will jump on board. And, despite the rhetoric, the U.S. really does not want that.

Continue Reading

Cybersecurity

‘Vanda The God’ hacking group claims responsibility over massive healthcare website attacks

The attack affected websites from the U.S., U.K., New Zealand, and South Africa.

Published

on

Photo by Clint Patterson on Unsplash
ad1

Tu Ora Compass Health server fell after being targeted by hackers causing medical facilities to stop their operations; the worse part is that they are not alone because they are a victim of a massive attack that has affected different websites and companies from around the world.

The crisis that the hacking made was not only small scale but was also able to affect quite a lot of countries, including the U.S., the U.K., and South America-based websites. Four medical facilities in New Zealand was compromised that has caused them to halt all operations; thus, risking thousands of private information under their possession.

From a report, Tu Ora Compass Health’s website was not working correctly and is showing some errors; with this, it resulted in a chain of bugging websites. Kuripuni, Greytown, Featherston, and Carterton medical centers could not even be accessed at the same time as Tu Ora Compass Health’s website went down.

Tu Ora Compass Health, however, reported that there were no unnecessary leakage of patient’s data or any compromised information.

“Shortly after we became aware of the incident on August 5, we contained it by taking the compromised server offline. This stopped all access to any applications and data on that server and elsewhere within our network.” Chief executive of Tu Ora Compass Health, Justin Thorpe said.

“Vanda the God” was the name of the attack group that made themselves known by openly claiming that they have already hacked and posted the information that they got from it on their Twitter account.

Most of the affected sites on their list were government sites. Here is a list of those sites that are already posted on their Twitter: 

Vanda The God is an international hacker group that hacked a couple of government sites, but it is still unclear if they have a motive over the attacks. Nonetheless, they have been hacking sites and replacing their home page with vulgar anti-government statements, which points out to the direction of a hacking as a political statement.

With their series of hacking and manipulating websites, does this even raise awareness or encourage people to be politically active? DataBreaches.net tried to reach out to them via Twitter to ask if what they are doing is making any difference, or what is making a change. They replied by tweeting, “I believe the people who see the message open their eyes and see that the governments are corrupt Me (sic) people that society screams for their rights.”

Currently now Tu Ora Compass Health is working on their technology providers to investigate the intrusion that recently occurred. They have to restrict the website temporarily; thus, all those 20 affiliated GP practices around the country could not also be accessed. 

According to Tu Ora Compass Health, since patients trust them with information that is very private, they will treat this as serious as they can, making sure to implement all necessary actions to ensure that the server is much more secure and capable of fending off any future hackers. However, Thorpe would like to apologize for any inconvenience that this has caused by taking a few servers offline.

“We are currently working through the process of restoring access to this server and ensuring all our systems are as secure as possible.” as per Thorpe.

Cyber attacks are common in this era according to statistics made by Cybersecurity Reports, which says that cyberattacks have increased by 59% for 2018. And by December 2018 there have been much more attacks that peaked at 80 per day. This rate is highly alarming since there are a lot of vulnerable websites that can easily be penetrated, and personal information could be leaked.

The most common types of vulnerabilities in 2018 based on an analysis made by Sitelock were; Cross-site scripting or XSS, SQL injection (SQLi), and cross-site request forgery (CSRF). 

There are many forms of cyber attacks that are possible to be used. And it is better to be equipped with a much higher form of security system is your website is managing a ton of information that might be at risk. Hackers will want to get there hands on that information, and thus if there is a flaw in your security, it is just giving them easier access to their pot of gold. Being secured is better than being at risk of any loss. 

Continue Reading

Trending