As facial recognition use grows, so do privacy fears

Above, a facial recognition system for law enforcement during the NVIDIA GPU Technology Conference in November 2017, which showcases artificial intelligence, deep learning, virtual reality and autonomous machines. (AFP)
Updated 08 July 2018
0

As facial recognition use grows, so do privacy fears

  • Facial recognition is playing an increasing role in law enforcement, border security and other purposes in the US and around the world
  • While more accurate facial recognition is generally welcomed, civil liberties groups say specific policy safeguards should be in place

WASHINGTON: The unique features of your face can allow you to unlock your new iPhone, access your bank account or even “smile to pay” for some goods and services.
The same technology, using algorithms generated by a facial scan, can allow law enforcement to find a wanted person in a crowd or match the image of someone in police custody to a database of known offenders.
Facial recognition came into play last month when a suspect arrested for a shooting at a newsroom in Annapolis, Maryland, refused to cooperate with police and could not immediately be identified using fingerprints.
“We would have been much longer in identifying him and being able to push forward in the investigation without that system,” said Anne Arundel County police chief Timothy Altomare.
Facial recognition is playing an increasing role in law enforcement, border security and other purposes in the US and around the world.
While most observers acknowledge the merits of some uses of this biometric identification, the technology evokes fears of a “Big Brother” surveillance state.
Heightening those concerns are studies showing facial recognition may not always be accurate, especially for people of color.
A 2016 Georgetown University study found that one in two American adults, or 117 million people, are in facial recognition databases with few rules on how these systems may be accessed.
A growing fear for civil liberties activists is that law enforcement will deploy facial recognition in “real time” through drones, body cameras and dash cams.
“The real concern is police on patrol identifying law-abiding Americans at will with body cameras,” said Matthew Feeney, specialist in emerging technologies at the Cato Institute, a libertarian think tank.
“This technology is of course improving but it’s not as accurate as science fiction films would make you think.”
China is at the forefront of facial recognition, using the technology to fine traffic violators and “shame” jaywalkers, with at least one arrest of a criminal suspect.
Clare Garvie, lead author of the 2016 Georgetown study, said that in the past two years, “facial recognition has been deployed in a more widespread and aggressive manner” in the US, including for border security and at least one international airport.
News that Amazon had begun deploying its Rekognition software to police departments sparked a wave of protests from employees and activists calling on the tech giant to stay away from law enforcement applications.
Amazon is one of dozens of tech firms involved in facial recognition. Microsoft for example uses facial recognition for US border security, and the US state of Maryland uses technology from German-based Cognitec and Japanese tech firm NEC.
Amazon maintains that it does not conduct surveillance or provide any data to law enforcement, but simply enables them to match images to those in its databases.
The tech giant also claims its facial recognition system can help reunite lost or abducted children with their families and stem human trafficking.
Nonetheless, some say facial recognition should not be deployed by law enforcement because of the potential for errors and abuse.
That was an argument made by Brian Brackeen, founder and the chief executive officer of the facial recognition software developer Kairos.
“As the black chief executive of a software company developing facial recognition services, I have a personal connection to the technology, both culturally and socially,” Brackeen said in a blog post on TechCrunch.
“Facial recognition-powered government surveillance is an extraordinary invasion of the privacy of all citizens — and a slippery slope to losing control of our identities altogether.”
The Georgetown study found facial recognition algorithms were five to 10 percent less accurate on African Americans than Caucasians.
Microsoft announced last month it had made significant improvements for facial recognition “across skin tones” and genders.
IBM meanwhile said it was launching a large-scale study “to improve the understanding of bias in facial analysis.”
While more accurate facial recognition is generally welcomed, civil liberties groups say specific policy safeguards should be in place.
In 2015, several consumer groups dropped out of a government-private initiative to develop standards for facial recognition use, claiming the process was unlikely to develop sufficient privacy protections.
Cato’s Feeney said a meaningful move would be to “purge these databases of anyone who isn’t currently incarcerated or wanted for violent crime.”
Jennifer Lynch, an attorney with the Electronic Frontier Foundation, said that the implications for police surveillance are significant.
“An inaccurate system will implicate people for crimes they did not commit. And it will shift the burden onto defendants to show they are not who the system says they are,” Lynch said in a report earlier this year.
Lynch said there are unique risks of breach or misuse of this data, because “we can’t change our faces.”
Evan Selinger, a philosophy professor at the Rochester Institute of Technology, says facial recognition is too dangerous for law enforcement.
“It’s an ideal tool for oppressive surveillance,” Selinger said in a blog post.
“It poses such a severe threat in the hands of law enforcement that the problem cannot be contained by imposing procedural safeguards.”


KSA must become more resilient against cyberattacks

Updated 22 July 2018
0

KSA must become more resilient against cyberattacks

  • Healthcare data is of particular interest to hackers because it can be used to blackmail people in positions of power
  • A trained security professional cannot win the battle against cybercrime with just a mere knowledge of IT security

DUBAI: Cybercrime attacks could double over the next two years and cost Saudi Arabia’s economy up to SR30 billion ($8 billion) by 2020, according to security experts who warn the Kingdom is the most targeted county in the GCC for online fraudsters.
While Saudi Arabia is stepping up the war against cybercrime, the Kingdom must invest in training its own security professionals, expand its pool of skilled workers and strengthen its cybersecurity regulation to become more resilient against emerging attacks.
“Based on our relationship with key Saudi clients, we see that cybercrime in Saudi is growing faster than in most of the countries in the world, with more than a 35 percent increase in the number of attacks during the past year,” said Simone Vernacchia, a partner in Digital, CyberSecurity, Resilience and Infrastructure for PWC Middle East.
“Based on our experience in the GCC, Saudi is being targeted more frequently, and the cost of cyberattacks is 6 to 8 percent higher than in the rest of the GCC countries. The Saudi economy provides a more appealing target for cyberattackers.”
Vernacchia said it can be difficult to measure the true direct and indirect cost on Saudi Arabia’s economy each year.
“This said, we would expect direct and indirect costs arising from cyberattacks to total $3 to $4 billion (SR11.25 billion to SR15 billion) for 2018,” said Vernacchia.
“Assuming the growth will not be affected by large-scale events, we expect the direct and indirect impact of cyberattacks to grow up to $6 to $8 billion (SR22.5 billion to SR30 billion) by 2020. Among the major external events that can affect this figure, uncertainties in the region can result in an even more aggressive surge of cyberattacks.”
Vernacchia said there was a lack of willpower in organizations to invest in security measures, and urged them to invest in the manpower and technology that will enable them to become more resilient in the face of growing attacks. While Saudi is “not completely unprepared,” most businesses in the Kingdom are investing in cybersecurity far less than the leading countries.
“We see the average investment in cybersecurity awareness and capability to be on average about 60 percent lower in Saudi Arabia than what is invested by organizations of the same size in leading countries.
“This is a result of limited regulatory requirements for private entities, as private companies are trading the immediate benefit of spending less on cybersecurity protection with the high cost of one — or more — potentially highly effective targeted cyberattacks.”
An increase in cybersecurity regulation could also strongly limit the growth of cyberattacks, Vernacchia said. “The limited amount of cybersecurity-related regulation is a key issue, as it’s having two key effects. On one hand, some businesses are underestimating their exposure, and thus not investing in cybersecurity as they should — de facto increasing their risk. Other businesses are waiting for regulation to be drafted before investing in cybersecurity, in fear that the organization, processes and solutions they would implement may not be in line with the regulatory requirements which are coming.”
Amir Kolahzadeh, CEO of cybersecurity firm ITSEC, said Saudi-based business are reluctant to invest in adequate cybersecurity measures as they fail to recognize the long-term value of the initial investment needed.
“The core issues that every business is looking at in cybersecurity is a line item expense instead of looking what the cost would be if there is a breach,” he said. “This is a worldwide epidemic at the moment. However, it is much more evident in the GCC due to lack of truly trained IT security professionals who can show the business acumen, foresight and the communication skills to demonstrate that potential losses are exponentially greater than the cost of securing the enterprise.”
David Michaux, of online security company Whispering Bell, said as Saudi Arabia forges ahead with its knowledge-based economy and becomes “more online,” the potential for attacks will grow.
With Saudi Arabia’s Vision 2030 of a “knowledge economy,” growth in the ICT will be fueled by digitization — including IT innovation, big data projects, smart city initiatives, and cloud-based services. In addition, Saudis are among the most active social media users in the world — and largest adopters of Twitter in the Arab region.
Mathivanan V., vice president of ManageEngine, said while Saudi Arabia has taken “significant steps” to achieve cyber-readiness, including the introduction of the National Authority of Cyber Security which aims to enhance the protection of networks, IT systems, and data through regulatory and operational tasks, he warned that sophisticated cyberthreats have evolved in the wake of digitization and urged companies to better employ sustainable IT practices and state-of-the-art cybersecurity tools.
“A trained security professional cannot win the battle against cybercrime with just a mere knowledge of IT security,” he said. “What he needs is the right weapon to master the art of cybersecurity.”
James Lyne, head of R&D at SANS Institute, which specializes in information security, said given Saudi Arabia’s visible agenda to lead the charge in smart cities, connected industry and to develop a knowledge economy, it is key that the Kingdom also has an equally ambitious cybersecurity skills strategy.
“A gap between the two will lead to substantial attacks and reputation damage for the region,” he said.
“Firstly, Saudi Arabia needs more cybersecurity practitioners overall — particularly with the ambitious development projects being undertaken as part of the Kingdom’s 2030 Vision. Secondly, existing cybersecurity practitioners also have to continue to sharpen their skills to increase the depth of their expertise.”
He urged companies not to ignore the fact that employee behavior is a weak link in cybersecurity and is becoming an increasing source of risk.
“Many of the breaches that occur still take advantage of basic cybersecurity failures and, as such, education has to be a huge part of the solution. Everyone in Saudi Arabia has a role to play in making sure that cybercriminals get fewer clicks on their nasty emails, documents and phishing links.”
He said it was difficult to truly grasp the overall financial figures associated with cybercrime.
“That said, even the tip of the iceberg that we do see is very substantial and it has already been demonstrated that Saudi Arabia is a major target. Given attackers have already had success compromising facilities, it is extremely likely other cybercriminals will follow.”