Facial recognition technology. It is in use in New Zealand and was recently in the news. Foodstuffs is the only major New Zealand retailer to use this invasive, stealthy, and unseen data collection method. It is used in 29 stores in the North Island in some New World, 4-Square and Pak n Save stores. Its use has been described as a ‘trial’ – a 4-year ‘trial’ period where shoppers have been blissfully unaware that their every move is captured and recorded. Foodstuffs have justified its use “as a crime prevention measure to help keep its staff and customers safe”.
Let’s call it what it is. Surveillance. The act of observation to obtain evidence. It represents the erosion of our so-called democratic freedoms and privacy that we used to take for granted but that are now entirely up for grabs (including but not restricted to) by government agencies, businesses, NZSIS, Immigration, and the Police.
In China, facial recognition technology is used “for racial profiling and its tracking and control of the Uighur Muslims has been roundly condemned as a shameful first for a government. Its cameras also spot and fine jaywalkers, verify students at school gates, and monitor their expressions in lessons to ensure they are paying attention.”
Russia has embraced the technology too. In Moscow, video cameras scan the streets for “people of interest” and plans have been mooted to equip the police with glasses that work the same way.
There have been reports that Israel is using facial recognition for covert tracking of Palestinians deep inside the West Bank.
Meanwhile in Britain, the Metropolitan and South Wales police forces have trialled facial recognition to find people in football and rugby crowds, on city streets, and at commemorations and music festivals. Taylor Swift even installed the tech at a gig in California to weed out stalkers.
theguardian.com
In 2010 Facebook “began implementing facial recognition functionality that helped identify people whose faces may feature in the photos that Facebook users update daily. The feature was instantly controversial with the news media, sparking a slew of privacy-related articles. However, Facebook users by and large did not seem to mind. Having no apparent negative impact on the website’s usage or popularity, more than 350 million photos are uploaded and tagged using face recognition each day.”
New, improved data collection methods are ongoing.
Skin texture analysis is said to overcome problems with facial recognition caused by different expressions and partially covered faces by analysing the distance between skin pores.
Another biometric that interests the police, because it can be done at a distance without a person’s cooperation, is gait analysis. As the name suggests, the algorithms identify people by the unique style of their stride, reflecting differences in anatomy, genetics, social background, habits and personality.
And then there is “vein recognition, (where) optical scanners are used to map blood vessels in the hand, finger or eye. Because our veins are buried beneath the skin, the scanners are considered hard to fool.”
And speaker recognition. “Already used by banks and the HMRC to confirm people’s identities and its use is spreading. Unlike speech recognition, which translates sounds to words, speaker recognition detects the unique acoustic patterns created by an individual’s vocal tract and their speech habits.”
The US firm, Vuzix, has teamed up with a Dubai firm, NNTC, to produce facial recognition smart glasses. The frames hold a tiny eight-megapixel camera which scans the faces of passers-by and alerts the wearer to any matches in a database of a million people. In Britain, Wireless CCTV is working on police body cameras that do much the same thing. A recent US patent goes further and describes a police bodycam that starts recording when the face of a suspect is spotted.
The Guardian
When we ask Siri for help or unlock our iPhone we use biometric data, so how do we balance seemingly innocuous use with security and privacy in the wider environment, such as shopping at New World? We can’t.
“Here are some of the major issues with biometrics:
- The biometric data storage can be hacked into allowing cybercriminals to access the biometric data.
- Since biometrics are unique, organisations may not consider implementing additional security measures.
- Biometric data is extremely vulnerable – once your biometric data has been compromised, you may no longer have control of it.
- A criminal may be able to duplicate some parts of your physical identity like obtaining your fingerprints from a cup.”
The most important thing to remember is that any digital data can be hacked by cybercriminals. This may seem unbelievable, but biometrics can even be faked to look real. In 2013, a German hacking group successfully bypassed Apple’s TouchID. A “fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID” (CCC).
[…]biometric data [is] extremely vulnerable. If you are hacked there is no going back.
Biometric data is not like a password where if it gets stolen you can reset your password to something new. If a hacker has a picture of your iris or your fingerprint, they could use your biometrics to access a system or smartphone.
HackerNoon
Do the NZ Police use facial recognition technology?
Yes they do.
In August 2020 it was reported that “Police have been quietly setting up a $9 million facial recognition system that can take a live feed from CCTV cameras and identify people from it.”
Initially to “collect 15,000 facial images a year, with that expected to expand up to 10-fold.”
Legal and ethical concerns?
As Lynch et al. argued in a recent Law Foundation report, if used on a mass scale FRT could be deemed as a ‘search’ without cause in contravention of human rights and privacy legislation. There are also big questions about where images are stored, who can access them and under what conditions.
data.govt.nz
- An informed use of facial recognition technology by NZ Police – data.govt.nz
- Facial recognition technology in NZ — Lynch et al. Law Foundation [PDF 2 MB]
How does this all fit within the Privacy Act and the storage, security, retention, and disposal of this data often collected without our knowledge?
The Privacy Commissioner this year called for public submissions. A report and a proposed regulatory framework are due out by the end of 2022 “with any work on further guidance or a code to take place in 2023”.
Following the disclosure of the Foodstuff ‘trial’ and prompted by the Privacy Commissioner:
Foodstuffs North Island have engaged constructively with the Office of the Privacy Commissioner on their proposed use of facial recognition technology, including sharing with us their privacy impact assessment for comment.
Office of the Privacy Commissioner
The report in 2022 and any proposed regulatory guidelines from the Office of the Privacy Commissioner in 2023 will make for very interesting reading.
Our bodily autonomy is under threat. Again.
