surveillance

Toronto cops using facial recognition to nab lawbreakers

Facial recognition may have been banned for agencies this month in San Francisco, but in the bustling Canadian city of Toronto, police are using the technology to generate leads in investigations as more and more crimes are caught on video.  

Officers have conducted more than 2,500 facial recognition searches since the half-million-dollar system was purchased in March of last year.  

How does it work?

Toronto police use artificial intelligence to compare any photo or video evidence they gather against a mugshot database. That evidence can include anything from government surveillance, to public or private enterprises’ footage captured on security cameras.  

This is a controlled use of facial recognition that has obvious benefits for the public. In fact, in the case of the Toronto police, they had 80% accurate matches against their mugshot database; 60% of the time they were able to rely on these matches to further investigations. Though it’s far from perfect, it’s much more accurate than other jurisdictions using this method of identification.  

Extreme uses of facial recognition A.I.

Not all police forces are using facial recognition in appropriate ways. The U.K. police are notorious for their Minority Report-esque way of fighting crime before it happens — using software that has a shocking 98% error rate, and that wrongly targets women and people of ethnic minorities.  

Beyond the Western world, China has some of the most extreme uses of facial recognition on the planet. An entire city — particularly the Muslim minority population living there — is monitored 24/7 for facial recognition as well as gait recognition (the unique way people walk).

This city had a database breach where all this biometric data leaked out, which illustrates one of the worst aspects of these types of A.I.-driven recognition tools: the fact that once it’s out there, anyone could copy that pattern and abuse it. You can’t change inherent aspects about yourself the way you can easily change a password. 

Part of the investigative tool set

Toronto police are describing the way they use facial recognition as “part of the investigative tool set” but not as conclusive evidence on its own — and this is a good approach. It’s not foolproof and involves more error than DNA testing, for example, but because it’s regulated and part of a holistic way of identifying culprits, the risk is limited. 

Public consent needed

Canadian politicians are finally waking up to the importance of controlling any technology that has the potential to infringe on citizens’ privacy rights. Democrat MP Charlie Angus is sounding the alarm on Capitol Hill about the perils of tech that tracks people, saying that as a country we need to discuss guidelines for the legitimate uses of surveillance.  

Ask the right questions

Privacy is all about control and consent. We need to ask the important questions about facial recognition: what level of civilian oversight is provided, how long will the photos and videos be stored, and when investigations are closed, when does the data go away? Being informed and asking the right questions can prevent dangerous uses and abuses of emerging technologies.  

To learn more about protecting your identity at home or at work, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245. 

Protecting your digital identity in the era of mass surveillance – before it’s too late

San Francisco has just become the first U.S. city to ban facial recognition technology, to prevent discrimination and the inevitable curtailing of civil liberties that attends this type of artificial intelligence used by municipal agencies. Other cities are following suit, but despite this progress, the tech’s use is growing.   

If you frequent airports, sports stadiums, malls or grocery stores, facial recognition technology may soon be a big part of your life — whether you like it or not.   

Rather than check individual tickets, some airports are now using A.I. to scan faces as people pass the gates; if you’re paid up and your identity checks out, you’re allowed to board your flight.  Convenient, right?  

However, when the private sector uses our biometric data to discriminate their marketing tactics, we enter dangerous territory when it comes to the protection of your digital identity.  

Malls have been caught using facial recognition cameras to guess your age, gender and even mood to advertise accordingly, luring you to certain stores or kiosks where you’re likely to spend money.   

Even grocery stores can identify you in the aisles by your age and gender, displaying products on screens based on your marketing demographic. 

What is biometric data?

Biometric data — fingerprints, retinal scans, gait recognition (the way you walk), voice recognition, DNA, facial scans — are unique to the person, and aim to quickly confirm your identity.   

For individuals, the main benefits of using biometric data such as facial recognition are speed and convenience. You can avoid rummaging in your pockets for your concert or game tickets at a stadium. You can skip the lines, and just walk past scanning tech that can do the work instantly.   

For corporations, the benefits are more to do with the ability to sway purchasing behaviour. And for governments, they get to monitor and control populations by combining biometric and other surveillance data with artificial intelligence. 

Privacy concerns amid surveillance

The convenience of these technologies comes at a steep cost, especially regarding privacy. The most extreme example is China, where the government is known for abusing biometric data collection: they publicly shame people who jaywalk; they can capture facial scans and recognize citizens’ gaits to prevent those with a low social score from flying or from purchasing real estate; they can track anyone’s location at any time, often unfairly targeting ethnic or religious minorities.   

Closer to home, Toronto has been piloting the Sidewalk Labs project, a data-driven smart city initiative that facilitates things like snow removal and traffic planning, and can curb crime by way of sophisticated security cameras. But because Sidewalk Labs have refused to de-identify people, privacy expert Dr. Ann Cavoukian and others have denounced it as little more than a data mine that could cause harm if that data is leaked or abused.  

Glaring flaws in biometrics

Beyond surveillance, biometric identification has a major flaw: you can replace a compromised credit card, but if there’s a breach of your biometric data, you can’t change your face. Not easily, anyway!   

There’s a big possibility of false positives, too. In London last year, the Metropolitan Police misidentified and fingerprinted a 14-year-old black boy, and figures reveal this kind of mistake is no anomaly; in fact, facial recognition software wrongly identified members of the public as criminals 96% of the time.  

In its current iteration, facial scanning can also be racist and sexist; these technologies are prone to error when it comes to recognizing women and people of colour.  

Yet another issue: It can be used to advertise to you without your permission in malls and grocery stores, even in taxis. And with all facial recognition in the public sphere, the individual can never be sure when or how their sensitive data is being used, or whether or where it’s being stored.

The cost of convenience

While there are obvious pros to facial recognition — such as increasing border security and facilitating police efforts to track down dangerous criminals — as a society we need to ask how much of our personal data we’re willing to sacrifice in the name of safety and convenience. If it’s becoming too much, we need to call on legislators to stand up for citizens’ privacy before we become even more accepting of surveillance tech and all the risks that go along with it.   

Awareness training is the first step towards protecting your digital identity. Reach out to the Beauceron team to get informed on how our learning content can support your organization, info@beauceronsecurity.com

Mass transit system or tool for mass surveillance?

Here’s one for our Upper Canadian readers: Metrolinx, the Crown agency that manages public transit in Toronto and surrounding areas, has made the news again for sharing passenger data stored on Presto fare cards with law enforcement – without asking for customer consent or insisting on warrants from police.   

In 2018, there were 22 cases related to criminal investigations or suspected offences where the agency revealed card users’ information without a court order. 

Accountability is everything

This raises the question: Could Presto become a surveillance tool?  

The ease with which card data is being disclosed should be concerning. We’re a country based on the rule of law. Unless it’s a life-and-death situation requiring police to act quickly with Metrolinx, we need to prevent this type of immediate access to data. Even in an emergency, Metrolinx and police should have to thoroughly explain why the normal process of acquiring data was subverted.  

In a criminal investigation, police hate to do the paperwork involved – who wouldn’t? Especially when they have a proven track record of asking the agency to hand over the information they have. But due process is a crucial aspect of retaining the privacy rights of citizens.  

Information is power

Systems like Presto – where information is accumulated online in mass quantities and stored – can be hacked. And travel information could be very valuable for a hacker who wants to blackmail and extort their victim(s).  

Imagine a man who’s having an affair tells his wife he’s one place, but his Presto card information proves otherwise. Or an employee calls in sick to work when they were really at a job interview, and their transit data shows precisely where they went. The scariest example of this is stalking – when people flee bad relationships, the last thing they need is another layer of surveillance to combat, when their phones, cars and other tech may already be tracking them. 

As with many tech advancements, the promised convenience seems to outweigh the risk at first: with Presto cards, passengers get perks such as avoiding lineups by being able to add funds to cards online; they can simply tap a card rather than fumble in their wallet for tokens before their morning commute. The only perk they’re giving up is arguably the best one of all: anonymity! 

Proper people, processes, and technology

Metrolinx, just like many businesses or organizations offering speed and convenience, probably aren’t as mature as they need to be when it comes to handling people’s private information. They’re simply doing the best they can with the limited resources they have.  

It’s hardly just the TTC who are falling short – there have been cases thrown out of court when due process isn’t followed, or when warrants aren’t gathered to get critical evidence.  

Unless the proper people, processes and technology are in place, there’s no way to keep up with the complex issue of privacy rights.