The Power And Peril Of Facial Recognition In The Cloud
By Matt Pillar, editor in chief
For retail LP professionals and local law enforcement agencies, facial recognition technologies have historically been a neat concept with an impractical application. For starters, readily available and relatively inexpensive video analytics algorithms have only recently matured to the point of positive age and gender analysis. The rich biometric facial analysis required to assess identity with acceptable certainty isn’t the stuff of off-she shelf software, so it hasn’t exactly made it to the top of the LP budget plan.
The bigger barrier is the fact that criminal databases have been small and splintered and off limits to the wide majority of retailers. Even with a networked camera/analytics infrastructure that has the algorithmic horsepower to establish criminal identity, the likelihood of finding a match without a cohesive network of databases is unlikely, and time consuming even when it does work.
The historical barriers to effective facial recognition for criminal identification have been rooted in disparity of databases and a lack of processing power.
Then came the rise of Google, the ubiquity of Facebook and Twitter, and the cloud, and on the fifth day former Google CEO Eric Schmidt said “let there be a great database in the sky.”
Now, Google-owned PittPatt and other cloud-based facial recognition applications have just the comprehensive database they were looking for. The Internet. The same Internet that has your picture plastered all over it.
Consider that last year, researchers at Carnegie Mellon tested cloud-based facial recognition software in two distinct settings—it successfully matched unidentified profile photos from a dating Web site to positively identified Facebook photos, and it successfully matched random pedestrians on a college campus with their online social media identities. It established those connections in under a minute.
For security professionals, the ability to quickly leverage the entirety of the Internet as the database that drives facial recognition applications is nothing short of amazing. From quick and positive identification of known shoplifters to that of organized criminals and terrorists, we’re on the cusp of widespread deployment of the most powerful law enforcement tool since the handcuff.
Of course, the Orwellian aspect of the concept has, put simply, freaked a lot of people out. When, within 60 seconds of walking past a camera, marketers can identify me as Matt Pillar, a 37-year old Northwest Pennsylvanian and father of two elementary school children who spends his free time camping and fishing and who likes to eat steak and drink beer—and that’s just scratching the surface—I’m caught somewhere between being awed and feeling violated. Even more concerning is the thin line between the technology that enables this intimate knowledge and access to even more private data—like my passwords and social security number and purchase history—and whether that technology is sufficiently locked down to guard access to such information from inappropriate access and usage.
That’s making the far-fetched assumption that there’s any consensus at all as to what personal data access and usage is appropriate.
I’m interested in your expert opinions. How useful would cloud-based facial recognition technologies that leverage the Internet as their master database be for retail LP applications? How would it stack up compared to existing tools like the National Shrink Database, LERPnet, and the Retail Theft Database? And, who’s responsible for guarding the digital privacy of the consumer?