And you thought the cops were bad... Civil rights group warns of facial recog 'epidemic' across UK private sites Facial recognition is being extensively deployed on privately owned sites across the UK, according to an investigation by civil liberties group Big Brother Watch. It found an "epidemic" of the controversial technology across major property developers, shopping centres, museums, conference centres and casinos in the UK. The …
Covered by Data Protection Act already. Has been this way for a long time, even for home security cameras.
https://www.gov.uk/request-cctv-footage-of-yourself
If doing facial recognition such that individuals have a personal identifier (some encoded ID based on the shape of their face) then I would think GDPR applies too.
(edit for afterthought:) Is there different legislation for dashcams? If not then how do they meet the requirement about "owner’s details are usually written on a sign attached to the camera"? Or are we all allowed to get car owner's details from DVLA by saying "they had a dashcam, give contact details"?
I'm sure someone will correct me if I'm wrong, but dashcams are just video recorders. And as far as I was aware taking photos or video in public spaces is perfectly legal. Plus the dashcam is not performing facial recognition.
The use of dashcams when you travel onto private land might be a different matter, but then it would be a civil matter between yourself and the land owner.
Well while I appreciate the sentiment just how many people will file GDPR requests for every store they use?
If and when this becomes widespread the amount of people willing to file requests will be vastly outnumbered by people who won’t care or can’t be arsed.
How many GDPR requests have you filed this year for ordinary stuff so far?, imagine doing them for everywhere you visit, both governmental and business
Sure for *commercial* databases if you *know* (through consent or notice) you might be on there (but ofc nobody is properly admitting to it right now).
Nothing to prevent individual/personal databases of this data though; as mentioned before, we need an open source database of police stations and parliament to track attendance and cross reference associations, before they will consider a fair legal address to the problem (otherwise it'll all be "OK in the name of security/terrorism for which GDPR bypass exists").
Actually the more you think about this the further you go down the rabbit hole into paranoia.
Many ATM's have cameras now, which conceivably be tied to your account number and personal details, and how about those handy auto tills at supermarkets which you obligingly match to yourself with loyalty and payment cards.
Not saying they are doing this, but what if?
tbh I'm less concerned about the police or government than I am about companies or private individuals (the KGB and Stasi that were had positively prehistoric information systems compared to even your local police force these days, but that didn't stop them sending lots of people to prison camps or an early grave).
If you are of interest you will have maybe a dozen people tailing you these days maybe your own satellite, in fact commercial photo recognition could give you a cast iron alibi if the powers that be mismatches you "couldn't be him sir we just got video from Tesco's of him browsing the cheeses at the time the crime was committed".
The big problem I see is with companies using it, leading to a huge rise in personal spam while shopping :
https://www.youtube.com/watch?v=7bXJ_obaiYQ
https://www.youtube.com/watch?v=WWiUe5G1VSc
Me : Do you have my mug on your database?"
Business : "Dunno, what do you look like, send us a recent picture and we'll see."
Me : "Ok, it's on it's way."
Some time later, "Well, do you have my mug on your database?"
"We do now, and oh, by the way, that'll be £119.25 you owe us."
Me : "Wtf, GDPR requests are free of charge.
Business : "They are, the money is due to the shattered lens of our camera."
You are quite correct, you should be able to submit a request since it is not the Metropolitan Police that are carry out facial ID scanning in this case but a company called Argent. Elizabeth Denham is also investigating the links between the Metropolitan Police and Argent in regards to use of the data from the Kings Cross site (over 160 acres in area) plus the full facial ID scanning currently in operation over a similar area in Canary Wharf.
There is a precedent for making a request to the police, which was done recently by Liberty against South Wales Police, and which resulted in legal action against that force - the verdict is due any day,
This is just one product you can buy now:
https://software.intel.com/en-us/neural-compute-stick/training
By no means the only one, all you need is to build up enough pictures tied to customer data and bingo all for around €65, it works with the Raspberry Pi too.
And yes you can buy more expensive and heavy duty options.
Genie is out of the bottle now, while the police may get restricted Supermarkets and other businesses, or even private individuals are not.
This isn't a technology restricted to Governments anymore.
Not saying it's a good thing, just how it is.
There is facial recognition kit available for restaurants that allows the business to track every patron. Repeat patrons are matched with waitstaff to track regulars. Waitstaff and regulars are counted and each waitstaff member is assigned a weighted value based on the number and frequency of regulars.
I don't have knowledge if the patron's spending is factored in, but I briefly worked with a company that supplied this equipment that counted Hooters and one of those chain bars (TGIFridays or Bennegins, I forget which one) as customers.
Most of you El Reg readers are nodding your heads saying yes, this is easy to code.
This was three years ago. The genie is not only out of the bottle, it is dancing, flying, and singing an opera.
A friend worked for a high end restaurant in Phoenix 10 years ago. Customers who made bookings over the phone were tracked across repeat visits in terms of tipping, early/late, etc and this used to decide whether a new booking would be accepted, particularly if the covers were filling fast.
"Liverpool's World Museum scanned visitors with facial recognition surveillance"
Surely the value of facial recognition is to identify people you want to be aware of and who you know about. I can see that there is a valid use by public authories for trying to detect wanted/missing/vulnerable persons, (once proper rules have been sorted out), but for a museum?
What database are they comparing visitors to?
Are they worried about either of the Dr's Jones purloining some artefact for the next film in the sequence?
Are the mugshots of John Robie or Sir Charles Lytton loaded onto the system?
Are they worried that frequent visitors will be exposed to a cumulative dose of magic emanating from the exhibits and suddenly find themselves acting like John Hannah surrounded by non-Nestene Autons, so they're building up a database to decline entry after N visits?
"Any use of similar technology in the future would be in accordance with National Museums Liverpool's standard operating procedures and with good practice guidance issued by the Information Commissioner's Office."
I would hope that they would also obey the law and keep within the GDPR. That little regulation seems to have slipped their mind. Must be thinking about higher things.
Off topic, sorry, but ProtonMail seems to be either underattack or just plain failing just now. Not just me, I checked.
By chance I only noticed because I was about to email a communist to grass up my mum for being inadvertently racist. It is a fairly funny anecdote but two too many racial smears to publish here.
"Account temporarily unavailable. Please try again in a few minutes"
On and off for the past hour, longer for others. Kind of security related since the last time this happened it was totally GCHQ.
If you are going to use ProtonMail for the next 24 hours then maybe don't grass up your mum.
Off topic again, doubly sorry but I can't email a funny story securely so I read this:
Maths and tech specialists need Hippocratic oath, says academic
https://www.theguardian.com/science/2019/aug/16/mathematicians-need-doctor-style-hippocratic-oath-says-academic-hannah-fry
How did that oath work for Dr Shipman and Dr Mengele?
On the other hand my crappy tech college snuck ethics into our classroom. They left six old copies of Plato's The Republic in the bin in our portacabin, and naturally we stole them and prized them. I also read Russell's History of Western Philosophy in the weeks before my Electronics exams, and still passed.
Logic unites science and philosophy. Oaths, not so much. I promise you.
That article is a shameless plug for the Chrtismas Lectures. The problem I have wuth her assertion that the developers should take an oath is that it is the VCs and business types that are pushing 'AI' (or 'statistics' as I tend to call it) - or narrowly capable and unready technologies - on the masses.
> it is the VCs and business types ...
They're only pushing what they can buy from technically and mathematically capable practitioners. As Dr Fry says, ethics are taught alongside medicine throughout, whereas they're bolted on to a mathematician's skillset as an afterthought, if at all.
Yup. That would not be good programming.
How about a series of convenience methods that resolve to calling one functional method? Like:-
public Boolean destroyCity(String cityName){
return destroyCity(getCentreLatLong(cityName);
}
private Boolean destroyCity(Coordinates cityCentre){
Boolean annihilated=true; // default likelihood
try{
bomb(cityCentre);
} catch (Exception ex) {
annihilated=false;
}
return annihilated;
}
Even then I have kept “destroyCity” whereas, if I had longer deadlines I could produce destroyLocationToRadius, to allow for more finely grained control and many more convenience methods.
Unfortunately I had to skip the ethics discussion as I have been too busy.
Do the cops actually have a legal right to request a private company or organisation to use FR on their behalf?
Sometimes I think if Germany had succeeded in invading the UK in the 1940s, they would have had little trouble finding collaborators to work with them and snitch on the population.
As I posted earlier in another thread, it's time to adopt the Japanese and Chinese habit of wearing a mask in the street.
Do the cops actually have a legal right to request a private company or organisation to use FR on their behalf?
IANAL, but not specifically, I don't think. However, if you operate any kind of venue that requires a licence (and that includes places that serve alcohol or provide entertainment), the police can (and do) object to the issuing of licences, objections which are withdrawn if the venue agrees to certain conditions - such as the installation of CCTV. Technically, I think the issuing authority could ignore the objection, but usually they don't. Technically, the venue can appeal against an objection, but since the usual origin of the objection is that the place has been a source of violent behaviour and/or drug dealing, the likelihood is that they'd lose. I'm not aware of any circumstances in which a venue has been forced to install facial recognition yet, but if a crime is committed on premises with CCTV, the police could in theory seize the video as evidence and process it as they liked as far as I know
Do the cops actually have a legal right to request a private company or organisation to use FR on their behalf?
The cops, just like anyone, has the legal right to ask anything of anyone.
It's only when it comes to directing or requiring or ordering, whether explicit - "we are directing you under the following powers to..." - or implicit - "our response time to calls at this location could suffer " - that possible breaches of laws or rights enters into it.
An industrial estate nearby is installing an automated main gate after a series of thefts. It's capable of ANPR. The police have offered reduced callout times in exchange for a feed of the ANPR results. It's a handy way to extend the coverage with essentially zero oversight.
Going to the synagogue? Nah, it’s us “dangerous” Songs Of Praise Christians they’re tracking because we don’t go along with their Inverted Totalitarian PC crap and mandates against freedom of thought, freedom of speech, freedom of worship and religious beliefs...only the other two Abrahamic religions are allowed the latter.
"The police have offered reduced callout times in exchange for a feed of the ANPR results."
It'd be a shame if the bad guys got away before we get around to sending a car out. Got anything we might like in exchange for getting there on time?
Signed
Protection'R'Us
Walgreens has started entering customers full birth dates into the computerized cash registers when purchasing beer or liqour while a video monitor above the cash register shows that an overhead camera is pointed directly at the customer at checkout.
Walgreens even asked my father for his exact birth date even though he's in his mid eighties.
I wonder how many people in a 5 mile radius would have the exact birthday as someone else?
I firmly beieve Walgreens is collecting peoples photos and matching them with the birth date and any other data such as "Loyalty Discount" card or phone numbers.
Also, Mc Donalds has been changing their interiors to have self service ordering of food using phone apps and above each station there is also an overhead camera.
Home Depot and WalMart self checkouts also have cameras built into the monitors showing customers faces.
(Legal Disclaimer: These are just my beliefs and opinions and I have no proof of any of these companies hoarding users data or photos and is only based on past history of abuses)
"I wonder how many people in a 5 mile radius would have the exact birthday as someone else?"
You should look up the Birthday Problem sometime. Depending on how many people are in a five-mile radius, the odds of two people having the same birthday can surprise you (once you hit 23 people, the odds are better than 50/50).
As for the ubiquitous cameras, you have to figure there's at least some CYA tactics being employed here, especially with all the high-impact incidents lately.
Um, from what I've read, the UK is just as surveillance-camera bent as China, if not more so.
So the dark irony is that there still are people in the UK who consider that China is worse then them as far as camera surveillance is considered.
"Kent Police and West Midlands Police were named by ministers in June as collaborating with the Home Office to trial the technology to trace “missing and vulnerable persons”."
"However, Freedom of Information responses, seen by the Observer, reveal both forces are in fact fiercely resistant to piloting facial recognition and deny they agreed to help the Home Office trial the technology."
"The development leaves South Wales Police as the only force in England and Wales currently spearheading Home Office-funded facial recognition trials."
Room for an enterprising app here :-).
1: Establish (possibly crowd sourced data) database of all facial recognition camera locations.
2: App polls database, polls phone location.
3: If (Current location) (close enough) (facial recognition camera location) then (automatically file pre-templated GDPR information request)
That might get a little expensive for someone :-).
The big one for me that has not been mentioned is that this is on Google's site. That should be the one thing ringing huge alarm bells. Much like Facebook they have proven to do anything they want and then just say sorry after the event.
I would not be surprised to learn of links between Google and the developed. I expect all the data is also on US servers as well.
How long before we get some serious 'subtle' pieces of technology that cause facial recognition software to fail to recognise your face as a face.
(By subtle, i mean not including crazy makeup, weird tactical headwear, or bulky and obviously UV LED filled glasses.)
If this becomes too pervasive, i can't imagine it will take too long for people to build wearable anti-surveillance gear that is available to the public and which isn't distinguishable from other regular gear (like glasses, necklaces, etc)
The cat-and-mouse is already at play in Hong Kong, where cameras are in play. Thing is, expect counter-counter-technology to be employed as well, such as infrared thermal recognition which is harder to mask. I'm waiting to see an endgame for this: a piece of tech no counter-tech is possible or practical.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
