Applying biometric matching to location-based surveillance technologies produces both fascinating possibilities and scary scenarios.
I recently spoke with Tactical Information Systems CTO Alex Kilpatrick and Mary Haskett, co-founder and president, about the state of biometrics and what we need to be concerned about as surveillance becomes more prevalent in our society. They’ll expand on many of these ideas during a session at the upcoming Where 2.0 Conference.
Our interview follows.
What is biometric matching and how might it be used in future consumer applications?
Alex Kilpatrick: Biometrics is the science that studies things that make an individual unique. Interestingly enough, there are lots of things that make an individual unique, especially when examined closely enough. The most common is fingerprints, but the pattern of ridges on your palms and feet are just as unique. Your iris, the colored part of your eye, is extremely easy to read and unique, even among twins. The shape of your ear, the way you walk, the size of your hands, your smell, the way you talk, and of course your face are all unique.
Biometric matching comes in two forms: verification and identification. Verification is when I come to a sensor and say “I am Alex Kilpatrick” and the sensor verifies that one of my biometrics, perhaps my face, matches the biometric on record. This type of matching is relatively easy. Identification is when I present a biometric to a system and ask it “Who is this?” That is a much harder problem, especially when there are hundreds of millions of records. The FBI deals with this problem every day, taking unknown fingerprints from crime scenes and looking for a match in their database containing millions of records.
Like most technologies, biometrics can be used for good or evil. In consumer applications, it can be used to help prevent identify theft by providing strong authentication for financial transactions. It can be used for convenience — to allow you to login to a computer, or gain entry to your health club without having to remember a password or carry an ID. Disney World uses biometrics to prevent season pass holders from sharing their passes with other people. It can be used to identify people who can’t identify themselves, such as Alzheimer’s patients, autistic children, very young children, people in accidents, etc.
Mary Haskett: I think the entire industry is holding its breath and waiting to see what’s going to happen in the consumer space.
The potential is enormous and current methods, like a card or code that you have to show or recite, are actually quite crude. But everyone is wondering if the consumer will accept it. Are they willing to use their fingerprints, face image, or iris image in these ways?
How are biometrics being used in surveillance technologies?
Alex Kilpatrick: In terms of “surveillance society” activities, there are only two players: face and iris. There are technologies such as gait — the way you walk — that may theoretically be used to monitor people, but these are not discriminating enough to uniquely identify individuals. For a biometric technology to be effective for covert surveillance, it has to be able to detect you from a distance without your knowledge. Currently, face matching is the only biometric technology that supports covert surveillance, meaning that you can be tracked without your consent. However, it is not robust in situations involving poor lighting, poor cameras, or poor angles. Face matching is very effective for “passport”-style controlled poses, but its accuracy drops off rapidly with shadows, or with the traditional angles used by current surveillance cameras.
Outside of face, there are iris cameras available now that can detect an individual at distances up to 2-4 feet, but these require the cooperation of the individual — they have to look at the sensor.
The bottom line, though, is that there are not any broadly effective biometric means of covert surveillance available right now. That will change in the near future, though.
The most “promising” technology for covert surveillance is 3D face matching. This uses a three-dimensional model of an individual’s face, so it is much more robust when matching partial faces, or faces at low angles from surveillance cameras. These systems are not currently effective for large populations, but research is progressing rapidly in this area. I would guess that this technology will be mainstream in the next 5-10 years.
Iris technology may also advance to become effective without user participation as well. Your iris is effectively a barcode to a computer, and it provides a much better system for matching than a face. For iris to be effective for covert surveillance, better cameras with highly adaptive focusing systems will need to be developed.
That said, the advancement of biometric technology may ultimately be a moot point because many people carry around a GPS tracker with them all the time in the form of a smartphone. These devices can track your location down to 10 meters if they use GPS, and 300 meters if they use triangulation. That may not be accurate enough to place you at a particular location, but it is enough to build a pretty accurate profile of your activities. The devices can be activated (including GPS) without your consent, if required by law enforcement or other authorities.
What are some of the pros and cons of location-based surveillance tech?
Mary Haskett: If you consider apps like Foursquare and Gowalla to be location-based surveillance technologies, and I do, then you’ve already experienced some of the benefits. I’ve run into people who were at the same cafe where I was eating and I was very happy to get a chance to connect with them. I’ve tried restaurants based on seeing people I know check-in and comment on their experiences. But I will also sometimes choose not to check-in at a restaurant because I don’t want to hear my kids complaining “You had sushi for lunch? Why don’t you ever take me when you get sushi?”
Alex Kilpatrick: Like so many technologies, the advantages are a double-edged sword. When I travel, I can meet up with people in the cities I am visiting, but I also have a social obligation to meet up with those people, even when I may not feel like being social. I can track my kids on their way home from school, but they can never have the covert thrill of going somewhere they probably shouldn’t go. A restaurant can offer me a free dessert for checking in, but I can also be targeted by a deluge of ads based on where I’m walking.
The biggest disadvantage of these technologies is the continual erosion of the expectation of privacy. As people share more, there is less of a societal need to keep things private. This results in people sharing more than they should, as well as a troubling lack of concern about what companies are doing with their data.
Scott Adams, of Dilbert fame, wrote a great blog post about living in “noprivacyville.” In this thought experiment, he took privacy to an extreme — would you be willing to have every aspect of your life tracked in exchange for 30% lower cost of living? Insurance companies are already offering discounts if you are willing to have them install a GPS tracker in your car, and accept continual surveillance. Those companies can save a lot of money if they can see how you really drive, and adjust your costs accordingly. Many people would welcome 30% savings, and they will probably feel like they aren’t changing their behavior at all. But it’s a slippery slope. Once you accept surveillance in one aspect of your life, it’s easy to let it slip into another. Before you know it you’re paying a 30% premium to have a browser that doesn’t track all of your web activity.
The biggest danger to society is not the technologies themselves. Technology can be controlled. The biggest danger is that over time our society will just accept surveillance as part of the cultural landscape.
How can people protect themselves from unwanted surveillance?
Alex Kilpatrick: There are “dazzle” techniques that can be used to degrade face matching — contacts can block iris matching, a rock in your shoe will fool gait sensors, etc. However, all of these approaches are stop-gap measures. They don’t address the fundamental root of the problem: Ultimately, as a society we have to decide that we will accept some risk in exchange for living in a truly free society.
The biggest barrier to unwanted surveillance is knowledge and vigilance. Knowledge about where it is occurring, knowledge about what is being done with the information, knowledge about who is behind the surveillance and what their motivations are. Learn to ask “Why do you need this?” and “What if I leave this blank?”
Vigilance is about protecting your privacy; don’t share personal information unless there is some real value to sharing it, and only share information with the people who absolutely need the information in order to do their job, or with people you trust. Once you share the information, it’s out of your hands. Trusting a company to protect it is not a viable long-term strategy. The only long-term strategy is building a society where people value privacy and are willing to fight for it.
Associated photo (on home and category pages): Points by Vince Alongi, on Flickr