Activists from Fight for the Future prowled the halls of Congress in "jumpsuits with phone strapped to their heads conducting live facial recognition surveillance" to "show why this tech should be banned." Read the rest

Every year, the AI Now Institute (previously) publishes a deep, thoughtful, important overview of where AI research is and the ethical gaps in AI's use, and makes a list of a dozen urgent recommendations for the industry, the research community, and regulators and governments. Read the rest

Apple's Faceid -- a facial recognition tool that unlocks mobile devices -- has a countermeasure that is designed to prevent attackers from scanning an sleeping/unconscious (or dead) person's face to unlock their phone, by scanning the face for signs of consciousness. Read the rest

Facebook has lost a procedural appeal related to a 2015 Illinois class-action lawsuit over the company's use of facial recognition data, and now it could be on the hook for billions in damages. Read the rest

Alan Wendt writes, "Detroit commissioners arrested the police commissioner Willie Burton during a public meeting because he wouldn't stop talking about the secret meetings where the commission decided to install facial recognition systems." Read the rest

Privacy advocate Allie Funk was surprised to learn that her Delta flight out of Detroit airport would use facial recognition scans for boarding; Funk knew that these systems were supposed to be "opt in" but no one announced that you could choose not to use them while boarding, so Funk set out to learn how she could choose not to have her face ingested into a leaky, creepy, public-private biometric database. Read the rest

I recently wrote about how much I enjoyed testing the OnePlus 7 Pro. One of the nicer things about it was the fact that its in-display fingerprint reader, unlike the one in the last-gen OnePlus handset, works in a timely manner. Too bad that, no matter how quickly it can read a fingerprint, it still isn't smart enough to stand up to a bit of arts and crafts from a determined security hacker.

Now, before anyone goes and loses their minds over this hack, it's important to note that in order for it to work, a digital interloper would need to get hold of the fingerprint belonging to the handset's owner in order to copy it. The best way to secure your phone against a hack like this, or being forced to unlock your smartphone for the authorities is to lock it down with an alphanumeric code.

While using biometrics to unlock your hardware might be convenient, when push comes to shove, it won't keep your digital life secure from professional snoops for long. Read the rest

Matt Carthy is a Sinn Fein MEP from Eire; he's standing for re-election in the upcoming EU elections and has had fliers prepared with his headshot. Read the rest

An overwhelming vote in the European Parliament last week means that the EU will merge a grab bag of existing biometric databases to create the Common Identity Repository (CIR), with biometric data on 350,000,000 people (both EU- and non-EU persons) that will be available for use by all EU police and border authorities. Read the rest

LipPass is a user verification system for mobile devices that verifies your identity by the unique way that you move your lips. Developed by researchers at Shanghai Jiao Tong University, the system doesn't validate based on the sound of your voice but rather the movement of your mouth. From IEEE Spectrum:

The researchers realized the audio components on smartphones can be exploited to depict the movement of a person’s mouth by analyzing the acoustic signals that bounce off the user’s face. Since each person exhibits unique speaking behaviors—like lip protrusion and closure, tongue stretch and constriction, as well as jaw angle changes—this creates a unique Doppler effect profile that can be detected by the phone. The platform then uses a deep learning algorithm, which extracts distinct features from of the user’s Doppler profile as he or she speaks. Next, a binary tree-based approach is applied to distinguish the new user’s profile from previously registered users, which also helps discriminate between the identity of legal users and spoofers...

In a controlled laboratory environment, LipPass achieved an overall authentication accuracy of 95.3 percent... Across all environments and all kinds of attacks, the overall (spoof) success rate was less than 10 percent, though attacks that used the third method—a recording of the user's Doppler profile—did succeed nearly 20 percent of the time under controlled, laboratory conditions.

"Lip Reading-Based User Authentication Through Acoustic Sensing on Smartphones" (IEEE/ACM Transactions on Networking) Read the rest

American prisoners are being forced -- on pain of losing access to the prison phone system -- to provide training data for a voice-print recognition algorithm that private contractors are building for biometric surveillance system that listens in on prisoners' calls. Read the rest

Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a "universal fingerprint" that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors). Read the rest

A leaked police-training presentation from digital forensics company Elcomsoft (a company that made history due to its early run-in with the DMCA) advises officers not to look at Iphones seized from suspects in order to avoid tripping the phones' facial recognition systems -- if Iphones sense too many unlock attempts with faces other than those registered as trusted, they fall back to requiring additional unlock measures like passcodes or fingerprints. Read the rest

Last week, it was revealed by a sharp-eyed Redditor that the information kiosks at a mall in Calgary, Canada, were full of software designed to track the age and sex of anyone that stopped to use it. Pretty damn greasy. Greasier still, the management company that operates the mall, Cadillac Fairview admitted that the software was in use at a number of its other properties. The greasiest bit out of all of it? They shrugged off privacy concerns raised by a number of news outlets as there’s nothing in Alberta’s laws that keeps them from doing it without permission, or warning mall patrons that it’s being done.

Well, that was last week.

From The CBC:

The privacy commissioners of Alberta and Canada are launching investigations into the use of facial recognition technology, without the public's consent, in at least two malls in Calgary.

A notice posted Friday to the Alberta privacy commissioner website says the investigation will look to determine, "what types of personal information are being collected, whether consent for collection or notice of collection is required or would be recommended, for what purposes personal information is collected, whether the data is being shared with other businesses, law enforcement or third parties, and what safeguards or security measures are in place to protect personal information."

It’s said that Alberta’s privacy commissioner opened the investigation, based on the level of public interest surrounding the issue of whether or not it’s cool for property owners to collect biometric information without a visitor’s knowledge or consent. Read the rest

If you’re from just about anywhere in the world, with the exception of the United States, beginning this week you'll find that visiting Canada will feel a whole lot more invasive. Moving forward, it will be necessary for all foreign nationals to provide Canadian Immigration officials with their fingerprints and photographs, if they're applying for a visitor's visa, work permit, want to attend a Canadian university, or if they wish to apply for a work permit or status as a permanent resident.

From The Daily Hive:

A spokesperson for Immigration, Refugees and Citizenship Canada (IRCC) told Daily Hive that “new regulations will support the expansion of biometric collection to all applicants from Europe, the Middle East and Africa who are applying abroad for a temporary resident visa, work permit, study permit, or permanent residence.”

The spokesperson noted that IRCC currently collects biometrics from “in-Canada refugee claimants, overseas refugee resettlement applicants, individuals ordered removed from Canada, and individuals from 30 foreign nationalities applying for a temporary resident visa, work permit, or study permit.”

Now, here’s the creepy part. Canada will be sharing the data they collect on each person entering the country with the Migration Five/Five Country Conference: The United States, Australia, the United Kingdom and New Zealand. For those keeping track at home, these same nations also comprise the Five Eyes intelligence sharing alliance, which, as Edward Snowden was kind enough to warn us about back in 2013, has been spying on one another’s citizens as a way of circumventing laws that keep Five Eyes member countries from spying on their own people. Read the rest

The Biometric Mirror scans people's faces and uses AI to compare their faces against a database of other faces to produce a personality profile of the scanned person. The reports include ratings for the individual's responsibility, happiness, aggression, attractiveness, weirdness, and emotional stability. The project lead is Dr Niels Wouters at the University of Melbourne's Centre for Social Natural User Interfaces. The project was created for the purpose of examining the ethics of such systems, not to commercialize it.

Facial recognition is already being used by police departments, most notably in China, which has announced plans to build an overarching surveillance network that is "omnipresent, completely connected, always on and fully controllable".

In Australia, legislation to create a national database of faces and other biometric markers is currently before parliament. For the recent Commonwealth Games, Queensland police matched drivers' licence photos with security footage.

City of Perth has deployed facial recognition cameras in the Perth CBD to identity what it calls "troublemakers" on a "Black Watchlist" that it controls. Critics say the local government is trying to be a shadow police force.

Aside from the dystopian scenario of an all-powerful government (Minority Report), there's the dystopian scenario of an all-powerful corporation (Bladerunner)

Facebook, already under scrutiny for data-mining practices, has rolled out facial recognition tools that consumer and privacy groups say violates user consent. The technology can be used to remotely identify people without their knowledge.

Jo Lauder of ABC (Australia) tried out the system and wrote about it. Her report is shown above. Read the rest