Face Search Engine Raises Privacy Concerns

holy_calamity writes "Startup Polar Rose is in the news today after announcing it will soon launch a service that uses facial recognition software, along with collaborative input, to identify and find people in photos online. But such technology has serious implications for privacy, according to two UK civil liberties groups. Will people be so keen to put their lives on Flickr once anyone from ID thieves to governments can find out their name, and who they associate with?"

Lesson #1

ANYTHING you do online is NOT private! PERIOD!

Re:Lesson #1 -- Don't Expect Privacy Online

I agree with the parent. Anybody that posts photos of him/herself on the net should reasonably expect that anybody will see them. This is the reason that I am a bit uncomfortable posting my bookmarks to del.icio.us.

My advice to anybody who wants their cake and eat it too: Use different handles for different applications.

That is, if you want to indulge in the MySpace/LJ/VOX blogging, then use a handle unique to that type of activity (eg. BlogUser99).
If you want to indulge in Flickr/Photobucket/Picasa photo-sharing, then use a different handle (eg. PhotoDad12).
The same goes for social bookmarking and product reviews on Amazon and the like.
And, of course you should never use your full name except for in business transactions.

By using different handles, you'll give black hats/feds/5kr1p7-k1dd13z a hard time trying to figure out who you really are.

Just my 0b00000010..

Re:Lesson #1 -- Don't Expect Privacy Online

Especially with the advent of social networking sites like MySpace and Facebook, and with user-supplied content, a-la YouTube. It's tough to keep a firm grasp on your privacy these days if you're at all part of any aspect of modern culture.

Agreed. I submitted a story to /. on 11 December (still pending??) about an article in TIME magazine.

http://www.msnbc.msn.com/id/15994151/site/newsweek / [msn.com]

From that story, a good example:

But two Bank of America employees at a private function celebrating the company's merger with MBNA couldn't have anticipated what happened to them. Their over-the-top rendition of U2's "One" (with custom lyrics like "Integration has never had us feeling so good") wound up being mocked by thousands of Internet critics. (Adding injury to insult, lawyers for U2's record label threatened a lawsuit for copyright infringement.)

Cheap video technology (esp. video-capable cellphones) and social sites make it all possible.

Simply being in public can get you on these social sites, whether you actually use them (or have even HEARD of them) or not. In the end, the only way to ensure your privacy is to not become a part of society. If you venture into public, you too could end up on some social web site.

And remember--this is the PUBLIC engaging in a type of surveillance on the PUBLIC. For the tinfoil hats out there, it's not just the government's watchful eye you have to be careful around; it's that video-capable cellphone in the hands of the seemingly innocent rider sitting across from you on the train, too.

squeezing out the marginalized

In a technical (and technological) sense, you're absolutely right. Given the nature of digital information, anybody putting any information online would be well advised to act as though it is going to get back to everybody they know, perhaps through channels that don't even exist at the time you put the information online.

But the more complicated social reality is that in most people's experience, the public-private distinction has usually been one of probability and degrees, not an all-or-nothing proposition. It used to be the case (and still is, though less and less so) that you could go to certain technically public places and still have a practical/probabilistic expectation of privacy. For example, you could go to a political or cultural event for an unpopular group (a gay pride parade, for example) and have a reasonable hope that it wouldn't get back to your employer or family. You might be in a technically public space and you (hopefully) knew you were taking a risk, but the risk was small enough that it was worth it.

The problem raised by this kind of technology is that it is eliminating those kinds of physical and virtual spaces -- the spaces where you can meet and interact with others and have some practical (if not airtight) expectation of privacy. The fact is, there are very few real places you can socialize with lots of other people that have a truly complete expectation of privacy, so the probabilistic expectation is often the best you can hope for. For people with some kind of politically or culturally marginalized interest -- and let's face it, who doesn't have at least one interest that falls into that category -- it's a sad development.

"collective intelligence"

Polar Rose relies on a combination of our unique face recognition algorithms and the collective intelligence of our users.

They seem to have made a fatal assumption.

Privacy??

Welcome to Web 2.0. Check your privacy at the door.

Governments?

Who says they aren't already doing this? Unlike your credit report, you can't see everything they've been gathering on you.

You don't have to put it up

I do some street photography and, although I don't personally publish material on the web, some of the people who hire me do. So even if you don't put your photo on Flickr because you are afraid of being identified by search engine there is nothing stopping me from putting it up there for you.

Let me say this now.

All those photos where perfectly legal... in the countries in which they were taken.

Video of how it works

A video on the Polar Rose website (avi format) shows the technique being used to reconstruct actor Tom Cruise's face: http://www.polarrose.com/img/tom.avi [polarrose.com]

pr0n

Startup Polar Rose is in the news today after announcing it will soon launch a service that uses facial recognition software,

The only "facial" recognition software I use is Google Image Search with Safesearch turned off.

you can't hide from everyone

let's face it -your information is out there somewhere. Instead of being afraid of getting involved in some online community, let's think of better measures of protection against identity theft.

Acid face test...

A face search engine should be able to identify the ghost that appear in the background of a picture (i.e., The Grudge).

No big deal, it won't work anyways

Unless face recognition has improved drastically, this company will just fail like the last couple companies which attempted to do anything with it.

Re:No big deal, it won't work anyways

Unless face recognition has improved drastically, this company will just fail like the last couple companies which attempted to do anything with it.

Wrong: nowadays, anything that remotely has to do with security, identification, tracking and general populace control (to save us all from all these hordes of terrorists of course) is big money. Look at most of the advances in computing these days: they're almost all about biometrics, RFID, detectors of this-or-that... Most of it is hype, but it nets whomever spews it a lot of government money.

Finally

Ach, so I will finally be able to look up this lovely Russian girl I've met online.
She's been sending me pictures of herself (chuckles) and her name is Sonya..
She's SO sexy she's got me worried, but my worries will finally go away as soon as I check her photo with this new service!!!

Yes, they will.

Will people be so keen to put their lives on Flickr once anyone from ID thieves to governments can find out their name, and who they associate with?"

The bad guys already know so hiding only hurts your friends. The resources they own are the ISP, your non free OS, your phone calls and public "security cameras". Your friends only have what you can give them. The bad guys want to limit your ability to match their power and knowledge. The only solution is to guard what's really private and give rest away as freely as possible.

Now, the Permanent Record

And now, every picture on Myspace will become part of your Permanent Record.

But at least dating sites will be able to filter out copies of pictures of famous people and porn stars.

Witness Protection

I'm curious how things like this will work with Witness Protection.

Setting aside the fact that, at least right now, sunglasses fool these systems... if someone, lets say, a member of the Talini Crime family wants to find a rat. By giving a picture of him to this company, they could then search for pictures on the internet he appears in.

Considering how many pictures people take with random people in the background, it seems inevitable that said rat would turn up.

South Polar Rose

Is there a South Polar Rose ?
I've had a bunch of photos with no faces that I'd like to put names to for quite awhile now.
Tommy Lee was nice enough to identify one of them, but the others are just, well, unknown roses.

What's new?

Sure this sounds bad, but look at the rest of the web. Kids on myspace posting pictures of themselves doing drugs, underage drinking, etc... We've all heard of the dangers checking email at coffee shops, told not to follow links from our email to bank accounts, not to talk to strangers, the list could go forever and do we ever stop and think about the dangers? Sure for about a week, then the world forgets the rest. We're untouchable, next risk please. Oh, STDs, hmmm if I apply the method of this article "stop doing X" we should all be fine. Good luck.

Face Recognition, Body Recognition, ...

It will not be very long (a decade? two decades?) before face, body, gait, license plate, voice, speech, handwriting, textual habits, (and so on) recognition software will be powerful enough to recognize people in real-time, from a variety of real-time inputs.

Even the past will be open to analysis, a theme called "retroactive surveillance." For example, the Seattle bus system keeps timestamped footage of people coming in and out of the bus, and the Seattle bus system keeps records of where the buses are, and when, by GPS. In theory, these two systems can be correlated, and, if you have a system for analyzing faces, you should be able to connect the "network of data" to figure out who is where and when. This type of correlation is what software visionaries are working hard to achieve, with efforts such as the Semantic Web.

People who are worried about "the mark of the beast," through such things as RFID tags and so on, are worried about the wrong thing. You won't need to "wear" anything. You won't need any special marks, once software is sufficiently capable. Your face, your clothes, the way you walk, your posture, the regular patterns you follow every day, your voice, all are sufficient enough, in themselves, to serve as the "mark of the beast."

It is conceivable that you will be able to limit government use of this sort of technology. But will you be able to stop private users from using this sort of technology? If you envision a future revolution of some sort, do you believe that the revolutionaries would not use this technology themselves? To track the motion of police vehicles, and individual policemen, and the people who work for and against you?

The underlying activities behind these technologies: Collecting information, seeing, hearing, sensing, and then correlating what is seen, what is heard- these are foundational. The "problem" is simply intelligence, itself.

I doubt that willful blindness or doubt is going to help us in our path to the future. We see that backwards countries practicing willful blindness, not advanced ones.

a porn application

this kind of technology will certainly make it easier to find those individual chicks i see in porn that i want to see more of.

Well..

If you put your pictures online, everyone can see it, copy it, and (gasp!) even draw funny a mustache on your face. If you want to post your pictures online, use passwords, restrict the access. It is amazing that people whine about privacy when they have no regard about their own.

I guess

That they are really trying to find out if it's truely Britney in that video.....

wild goose chase

As other posters have pointed out, once something is online, it's not private anymore. Complaining about the 'privacy concerns' of this software bugs me, because it's a distraction from real privacy issues.

Reminds of the Libertarian Party (of which I am, unhappily, a member) - seriously complaining about trivial issues means that people will trivialize your complaints about serious issues.

Easier exams!

Wow I can use this to find someone that matches my student card. With any luck they'll know a little about mappings to NP hard problems.

Oh *come* *on*

Are we really going to pretend we didn't know technology like this was coming? Are we going to act all heated with righteous indignation about something that researchers have been chasing after for decades?

Everybody knew about it and expected this technology to be perfected sooner or later (and for now it seems that it's still a bit later). So, if you were that worried about someone being able to Flickr and Google your personal relationships together, you should have thought twice about putting your entire life up for digital scrutiny in the first place.

The privacy problem isn't with this technology, it's with people who put their personal life on the biggest computer network ever, freely accessible to all and then expect it to be private.

They need to get their head examined and by the looks of it, that's exactly what they'll get.

LawL

Now you can find out your neighbor's true identities, their "stage names", and what movies they've been in.

Dating sites...

I think many of the people submitting their images to dating or adult sites should start worrying right now...

This has probably been around for a while.

"Will people be so keen to put their lives on Flickr once anyone from ID thieves to governments can find out their name, and who they associate with?"

One thing to keep in mind is that the government generally ALWAYS has its hands on certain technologies LONG before the general public sees them (and often times before the general public even knows they exist). This technology has probably been developed and in existence for a while. The above quote might be better written as: "Will people be so keen to put their lives on Flickr once they realize governments can find out their name, and who they associate with?"

Not a problem

Just have the contents of a robots.txt file tattooed on your forehead.

what about the applications?

This technology would be amazing when working with photo software to add metadata. I would in fact pay a lot for something that would search through my 40,000 photos and tag people as appropriate. It would make life a lot easier.

No Problem

When I did the celebrity face search [myheritage.com] It matched me 96% with Kenneth Branagh.

So I can steal HIS ID now.

Controlling how "public" information is used.

I think we just have to accept that once we have made information public, it is eventually going to be used and abused in every way possible.

If you don't want that, try to keep your online profile as low as possible--there isn't much else you can do.

This always get to me--like when a guy (it happens every couple years) goes to the DMV and buys the DMV database and puts it online--all of a sudden everyone raises a stink. THE RECORDS ARE THERE--because this guy did something "new" with them is not a bad thing, perhaps making them available in the first place WAS.

There is also the implied fact/perception: people are "Trusting" that because the DMV is selling them for $300 or whatever, only businesses will buy them and therefore it's okay, it's the fact that this guy "Subverted" the business purposes and made them public is somehow worse. This is the stupidest pile of crap I've ever heard (and yeah, you hear that argument every time there is a discussion about this stuff).

Everyone would probably be a "Privacy Nazi" if they were smart enough to figure out what could be done with the information they are making public.

Current Technology Scary Enough

A friend of mine works for a security firm here in NYC. They do camera system installs for certain *really*, *really* high security locations. If he wanders around in certain areas of the city, he'll have a nice email the next morning retracing his steps with still photos at various locations. The surveillance operators just feed the system a headshot and the rest is history. Sure, it's a little joke amongst co-workers, but it's fully possible today, right now.

already done

www.alltefaces.com already does this, and is currently online

There should be an opt out...

Maybe a robots.txt -esque way of opting out of your picture's being indexed?

Does that seem backward to anyone?

It's odd, everyone seems to be fixated on the fact that people could use this to find images of them. The trouble I see with that way of thinking is that if an image you don't want viewed is on the internet it is there for one of 2 reasons
1)You put it there. In this case it's your own fault and you shouldn't complain.
2)Someone put it there without your permission. Think naughty landlords with hidden cameras or stalkers with telephoto lenses. In this case you generally don't know you're on the $/month "gentleman's website",interent shrine of undying love or heck, even some jerrk at work's myspace page and this image searcher has the possibility to point the fact out to you before someone you know spots it.

I would think people that don't want to be exposed on the internet would be happy to see something like this come out so they can see just how exposed they currently are.

Doesn't these things exist already?

Haven't you guys tried those sites where you upload a picture of your face etc. and it compares you with other celebrity lookalikes etc. ?

Diamond

An open source version of a content-based image search engine is already available in the Carnegie Mellon-Intel joint research project called Diamond. (http://diamond.cs.cmu.edu/) It has a facial recognition application called SnapFind which can already perform arbitrary face matching and other filtering (given the image data), and it is available for free. Disclaimer: I work on Diamond, which has many other applications than this, and thought it was appropriate to post.

Hash Collisions

I wonder how it would deal with twins or "doppelgangers".

Trendy

Privacy concerns are sooooo last month dude.

time to scan that yearbook....

AWESOME!!!! Now I can find all the people in my graduating class who got into porn!

This is asinine

Tom Simonite, the author of "the fucking article" is an idiot. The civil liberties groups who said "(the biometric-style tool could compromise the privacy of anyone who has their picture online)" are a bunch of morons. And kwdawson and holy_calamity should both be bitch-slapped for bringing us this asinine bullcrap.

Re:What IS OK?

For example, don't say require FISA warrants before listening, because it is quicker to buy another disposable cell phone than it is to obtain a FISA warrant.

They have NEVER needed FISA warrants before listening. In the event that they need to tap in an emergency (where waiting for a FISA warrant could lose the chance at intelligence), they can just start doing so. However, they do need to apply for a warrant within 72 hours of starting the tap. How could any reasonable person have a problem with this? All they are saying is that you cannot wiretap without ever telling anyone about it.

We obviously need some sort of security. What is OK?

Yes, we do. But we cannot forget that we have a system of checks and balances. Democracy does not move as fast as a dictatorship, and a dictatorship can (in theory) move much faster to protect its citizens. If that is what we truly want as a country then let's just do it and quit pretending. This whole "we are still a democracy with governmental checks and balances but because the president declared war on an abstract concept he can do anything he wants" thing we have going now just does not make sense. The excuses are always so flimsy, it is always a claim that it is perfectly legal under written law and when that proves to be false then it becomes "oh well, none of that matter anyway because he's got unlimited wartime powers".

But you ask what we can do? Obviously we are doing some things that make a lot of sense. Better information between the intelligence agencies is a no-brainer, and I would go as far as saying going after the Taliban in Afghanistan was a good move as well (Iraq was obviously a horribly stupid blunder/distraction though).

However we do a lot of stupid things also. Hiring a lot of poorly trained rent-a-cops to play detective in the airports was probably not the best use of our resources. Insane restrictions on what we can take on airplanes do nothing for security, but make ignorant people feel safer. The whole slew of ways we try to throw billions in poorly thought out "technical" solutions like RealID, MagicLantern, facial recognition (which doesn't work any better than space lasers shooting at ICBMs), and whatever kludged algorithm generates the Mo-Fly list do nothing for security and cost both money and civil liberties.

There are many tried and true intelligence gathering and counter-terrorism techniques, but the current administration is more interested in presenting a color coded security theater for the masses complete with high tech sounding ("it involves computers so you know it must be good") projects. The paranoid thinks they are just using "terrorism" as a bogeyman to implement systems to track and control all citizens. I actually think that is a side effect of their actual motivation to dump money into their friend's and contributer's companies.

Finkployd

Re:What IS OK?

What is OK for governments to use to fight terrorism that won't get privacy advocacy groups in a tizzy

Hopefully, nothing. That fact that you hear about someone complaining about every move a gov makes means the system is working (how well its working is another debate). Some of these groups are annoying, some are just stupid, but they all serve as checks in one way or another. Take a look at countries that don't have these kind of groups and there are much more serious problems (treading close to Godwin's Law already).

An old quote that can't be brought up too often: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety" Ben Franklin

Re:What IS OK?

"What is OK for governments to use to fight terrorism"

Ok well to start, you cant fight a philosophy. What you are perhaps asking is that the government do more to fight Criminals. I would say that we have enough laws already to fight criminals. Some would say that this is a brave new world we live in and they need better tools to keep up with the crimes. I disagree that the world has magically changed and that we need to become a police state to fight for security. You will never be secure, because security is a concept of the mind (thats why gun enthusiasts think that they can buy security, they are somewhat right). Even your american founding fathers knew this in what was argueably a more savage and brutal world than the one we live in. They say clearly, dont sacrifice liberty for security, and I think whatever country you live in that thats a good idea. I would suggest that you instead look at the root causes and motivations of these particular criminals. Bin laden has said specifically what he wanted, most notably the USA out of the middle east. Why not start with that?

Re:What IS OK?

I'm not being a troll, but it seems like every energy resource we come up with runs afowl (pun intended) with environmentalist and every security measure runs afoul of privacy groups.

It sounds like you question the validity of the problems the various groups have with various policies. You should consider that the issues they bring up represent real costs in the "big picture" that have been otherwise ignored. Not that there aren't extremists, but that there are extremists on both the pro and the con side in roughly equal (probably bell-curve shaped) proportions.

Thus, when taken as a whole, if the real big picture costs outweigh the real big picture benefits, then in a perfect world, those policies would be canceled.

It is entirely possible that only a minimal amount of security can achieve a net benefit in the big picture. If that's true, then the best policy really would be minimal security measures.