 Welcome, everyone. It's time to surveil some meat space. All right. We are still seeking volunteers. Last I heard, the volunteer tent is just yonder. So if you've had a great time at EMF camp and you want to give back, this is a great way you can do that. Please welcome, with meat space surveillance, Alexander Martin. Thank you all very much. I should apologize first off. My laptop, the file system got corrupted. So no slides. I will be talking, which is something people do, I guess. I've got a video as well, which might be interesting. I'd like to thank Mustafa, Fran, Charlie and ToxCoda for trying to save it and making it worse. Also, I'd like to particularly ToxCoda, I'm sure it's the first time anyone has asked to borrow a hacker's laptop to turn off two-factor authentication for their work emails. Thank you. Much appreciated. So basically, first slide would have been Galileo quotes. Measure what is measurable, make measurable what is not so. So I didn't say that. That's just something in your head from seeing the slide. And now we seamlessly enter into the talk. Essentially, this is a talk about biometrics. The etymology of the word biometrics is obvious enough. Bio, meaning organic life metric, being to measure. And we understand what biometrics are pretty simply enough. Right fingerprints, they are patterns. It's fairly established maths in terms of how you differentiate patterns. And with DNA, nucleus-high sequences, there are more potential sequences than there are humans in existence by magnitudes upon magnitudes. So these can be used to identify people pretty easily. Faces are more difficult because it's not necessarily completely obvious how you go about measuring a face. Essentially, there are two ways you can approach this. They really get their best comparison in a 1993 write-up by Brunelli and Poggio, which is called facial recognition features versus templates. So this is really where slides would have been helpful because I'm not a scientist, I'm a journalist. When we get to the government stuff, I'm great, but the science side, I'm not a scientist again. I will try my best. So Brunelli and Poggio ran tests in 1993. These were really set up to work, to be successful. And they found that they got 90% accuracy when they used the feature method of matching faces and perfect accuracy with the template matching. These are still the dominant ways in which facial recognition works today, so it might be worth going into them a little bit briefly again, lack of slides. So what is feature-based matching? It's geometric relative positions of your eyes, your nose, your mouth, basically anything from the eyebrows down counts as the face. The face is, on the contrary, in terms of template matching, holistically represented. Feature-based is earlier. It's really one of the first. It's in the 50s as a scientist called Woodrow Wilson-Bledsoe, named after the former president who brought the US into the First World War. And it was input on a graphics tablet which was developed by ARPA, who also, or funded by ARPA, not developed by ARPA, potentially the RAND tablet, who also potentially funded the initial facial recognition research. That's not public. I mean, I don't know, that's a guess. They probably did. Template matching is, well, it's a fairly, bit more typical digital image processing activity. And again, where the slides would have been perfect in terms of presenting how it looks visually. Basically, the face is represented in a bidimensional array of intensity values. So you've got your x-axis, you've got your y-axis, again, fortunately most face is quite symmetrical. So you can have a look at how the, how the, you can see visually how the face is kind of presented. The images are compared then you have, obviously within any facial recognition system, you have an input sample image, captured through CCTV or body one video, and you have a database of images. In the UK, these are largely custody photo images, many of which seems to be inhaled illegally. We'll get on to that. And the sample image and the database image are compared with sort of typical Euclidean distances or more commonly using convolution masks. Bit more into the science side, feature based matching depends on using a vector of geometric features which in itself requires the images to go through a normalization process so that the features, again, nose, eyes, etc. are represented, can be represented independently of the position scale and rotation of the face in the sample image plane. This is achieved by Brunelli and Poggio by setting the intraocular distance and the direction of the eye-to-eye axis. That is still, for those who are worried and want to maintain your privacy, the key element in any facial recognition technology as far as I'm aware. If you have with the triangles of your eyes and nose, if that's obscured enough, you're not going to be recognized by at least an automated facial recognition system potentially. Other than that, good luck. I will leave aside the process of extracting features from that plane because it is pretty complicated but I guess most of you would be able to guess how you may do it when you're dealing with gradient directions in a face. And that's really what... Well, I guess on the template matching as well... Yeah, we've gone through that. And that is the idea, at least behind the technology, that underpins most of the technology... Well, that's what underpins most of the tech, blah, blah, blah. Questions persist, though, inevitably about how well it works and I'm going to quote at a bit of length here from an introduction to a paper by John Dowkman, the University of Cambridge, who invented iris recognition because he brings up an excellent point when it comes to the scalability of such systems. Dowkman, in his introduction to the paper which is titled Searching for Doppelgangers, Assessing the Universality of the Iris Code Imposters Distribution, starts off with the well-known birthday problem. I'm sure you're all familiar with it for the sake of those who aren't. It's a problem which asks how large does a group of people need to be before it is probable that two of them share the same birthday? So you think 365, maybe it's half of that. It's not, it's 23. It is probable if there are 23 people in a room that two of them will share the same birthday. And there is, according to Dowkman, an analogous biometric birthday problem. I quote again, for a given similarity threshold yielding some specified false match rates for single comparisons, he asks, how many different persons must the database contain before it becomes likelier than not that there is at least one biometric collision? We biometric technologies such as face recognition are usually tested and operated at the very undemanding criterion of false match rates equaling 0.001 which means that any given pair of random persons have probability of 0.999 of not being matched to each other. Since n persons, I'm going to skip the math too much here. Basically, Dowkman says this occurs when there are just 38 or more persons. That is the point at which a false match rate of 0.001 will bring up a false match. This Dowkman is looking at this at a great degree of scale and in terms also of complete automation. Face recognition systems in practice don't just say match or no match. They'll bring up a list of likely candidates of match who've been input to that system. As far as I'm aware, that is mostly all of them, but I'm not sure. I have to admit, and especially when we got onto the government side of things, government isn't tremendously transparent about this stuff. There is a limit to my knowledge, but I will present what I know. On the other hand, you have a man called Alessandro Acquiesti, who I apologize to him if he ever sees this and sees me murdering his surname, who did a study for Carnegie Mellon, which I will again quickly quote the summary from because it is a very interesting study and particularly relevant. He says we investigated the feasibility of combining publicly available Web 2.0 data with off-the-shelf face recognition software for the purpose of large-scale, automated, individual re-identification. Two experiments demonstrated the ability of identifying strangers online on a dating site where individuals protect their identities by using pseudonyms and offline in a public space. Based on photos made publicly available on a social network site. A third proof of concept experiment illustrated the ability of inferring strangers personal or sensitive information, their interests and social security numbers from their faces by combining face recognition, data mining algorithms and statistical re-identification techniques. The results highlight the implications of the inevitable convergence of face recognition technology and increasing online self-disclosures and the emergence of personally predictable information. AccuSE absolutely thinks and expects that we will have and it is feasible to implement enormous face recognition systems. Interestingly, he looked a lot at Facebook and Facebook was sort of called up on this a few years ago in the States with particularly Senator Al Franken bringing a Democratic Senator bringing forward the sort of concern that Facebook now has the largest database of face prints on people anywhere in the world. Interestingly, Facebook was audited by the Irish Data Protection Commission in 2011 and 2012 and it was told then it had to delete all EU face prints for tag suggestions which is, I don't use Facebook, I assume you guys might, where you upload a picture and it suggests who your friends are and it does that through using a tag suggestion feature. This was determined by the Irish Data Protection Commission to be unlawful where the Facebook has actually started deleting stuff or not, we don't know. I've asked, tried to get in touch with Facebook, they haven't returned my calls, guys, please do, you know, I'll be friendly. I spoke also to Ross Anderson at the University of Cambridge about this and I want to quote his points as well because they're pretty sterling as you can imagine, Ross's points are. So he says the practical question is whether in a given application you can limit the number of suspects against whom you're matching and whether you have photos of them. The several million people whose mug shots are on the police national database in the UK may be rather many and may give rather high false positive rates, false negative rates or both depending on how you set your recognizer. But there are 3,500 terrorist suspects in the UK, as the NCA says, then that's doable. I mean, just targeting them, potentially. The 35,000 people involved in serious organised crimes should also be doable. That doesn't mean that you will recognise any of them with any certainty when they walk through Waterloo Station and recognise them often enough for it to be useful. Anderson's points are sharp and bring us really onto the state use of facial recognition in the UK. So you mentioned the police national database. This is really, really old at this point. It's based on a 1970s Fujitsu mainframe. Basically, when you see companies put tenders out for people who know how to work with that really old tech, it is to support government contracts almost always. The PND holds, well, in 2014 we knew it held 13 million images. That is roughly 20% of the UK's population has its face captured there. Some of these may be duplicates, so maybe not all of you have your faces there, but it is statistically likely that somewhere between 15 and 20% have their faces held by police. We know this particularly because of Biometrics Commissioner report in 2014. The Biometrics Commissioner at the time is a QC called Alistair McGregor and he brings up the fact that his role as under the protection of freedoms act covers DNA and covers fingerprints but does not cover facial images. In fact, facial images do not occur anywhere in British law. This is a completely unregulated area which is why the police have so quickly been able to go towards it. Although they're still acting unlawfully and I cite the commissioner's report in areas of fingerprints and DNA profiles. So in 2012, if we jump back a bit, there was a High Court ruling and the High Court ruling was brought on behalf of individuals who weren't named with good reason, I imagine, because their facial images were being kept by the Metropolitan Police on the PND. The High Court ruled that this was really not acceptable. I can't quote again, I'm very sorry about that but determined that the Met Police needed to delete these pictures and should do so and this is a very close paraphrase in a matter of months, not years and they said that the policy needed to be revised. Government said it would revise the policy, Met Police said it would pay attention to that. So that was in 2012. In 2013 the government hadn't yet produced a biometric strategy. In 2014 it didn't again. Last year it didn't again. It hasn't done so this year yet. Maybe it's coming. The Metropolitan Police, I do want to find this quote. I won't though. The Metropolitan Police, on the other hand, when asked, a freedom of information requested under the Freedom of Information Act was sent in December of last year to the Metropolitan Police. Liberty were part of the supporting the claim against the NPS in the 2012 High Court case. And they said in that case, so they asked how is this progressing, you know, it's been three years and the Met Police said progressing brilliantly, we've deleted 560 photographs and then they said the issue is our IT systems aren't set up to handle a complex retention policy. So, and that presumably is a policy which allows you to delete photographs as well as store them. So, yeah, great forward movement there. The Met Police said and this is late 2015, they said they're implementing a new system this year. I'm unaware that that's been done yet. I'm fairly ignorant though. The Met don't come and tell me everything they do. The Bimetrics Commissioner also are unaware that they've done anything yet. And that was in his 2015 report which is interesting again. I mean, he submitted his report in December for 2015. They didn't publish it until March. Maybe even later the movement from government on this whole area forward has been pretty pretty slow. I will say from a completely objective perspective. Government has also the Science and Technology Committee of Parliament brought up some criticisms of the massive amounts of facial images which was being retained by the state. And the government said, yeah we're doing a review into this. A review of custody images. That hasn't been published yet either. From what I understand it was really really really bad and they just pushed it away. And it's going to be rolled in some way into the Bimetrics review which again has not yet been published. So that's at least where we're at with the PND. There are other uses of course. I don't know how many people here went to download festival last year. Show of hands. You're too you're too cool for that. You're too techno. That's cool. Lessons of police is in charge of download policing for downloads and they use some facial recognition technology there. You may have read that. You may have read it on the register. So good for you. We were the first to publish it. This was not mugshot matching. This was real time. This was live. This was everyone going to download having their face compared to a bespoke database that less than police said it had constructed itself. So they created the database they basically collected that database was collected by sort of bringing together the mugshots of between 1200 and 1600 offenders from across Europe who were known to target large music festivals to commit crime. None of them turned up at download. None of them at all. Not only that but in terms of how well it actually worked the force said that the trial was controlled trial. A number of officers and staff who had volunteered to have their photographs entered into the database were successfully picked out by it 77 times during the course of their duties in Donington Park where it was held. No information is provided to tell you how valuable this was or contextualized this figure such as the total number of times they should have been picked out or how strenuously they attempted to test the proof of concept system. Furthermore less than police run a mugshot matching facial recognition suite at their offices in Leicester. This is provided by a corporation, NEC Corporation and the suite is called Neoface. NEC Corporation get paid for Neoface now. They weren't paid however for download when they did it off their own cuff. Well, they were asked to do it. It's not quite clear why they were asked to do it or how they were asked to do it. But they went and they attended they sort of gave this stuff out for free there was no cost to it and subsequently the police announced there was no policing purpose policing utility for it. Then they also said the trial was not even being evaluated by Leicestershire police. It was all held all evaluations were held by the vendor. So yeah out of 90,000 attendees no one was picked up. So I mean yeah so this is CCTV IPTV footage and we reported on it shortly beforehand to this is a moment in which you get some relief from looking at my mug provided beforehand and we tried to get in contact with Muse actually they didn't respond to us they did respond to attendees and this is a bit of them singing as soon as I work this mouse. So the second bit of that is just as illegible to me as I'm sure it was to you. But fuck Leicestershire police is fairly audible. I was at, I then went to a bit later I managed to speak to Simon Cole who's the chief constable of Leicestershire police and he said he felt very alone very targeted when fuck Leicestershire police was said which I'm sympathetic for. I am, no one was to hear sort of 90,000 people cheering the idea of you as a bad person especially if you are there to prevent crime. And that is his purpose and that is how Leicestershire police look at the matter. So when we talk about all the faces that are held on the PND a lot of these are people who haven't been convicted and therefore their photos should be released unless they've been arrested and they've accepted a caution because if you accept a caution you are accepting your guilt even though you've never been to court and you may not have had any legal advice and if you do accept a caution under the protection of Freedom's Act 2012 your biometrics, your facial image your fingerprints, your DNA may be stored indefinitely and that doesn't expire so don't accept cautions if you're innocent. What else he said though was an interesting anecdote and they love it, they absolutely love the use of the technology and they trialled Neoface for me and it is impressive a lot of it I did find at least and the samples I was shown may well have been particularly presented to me in a way that was going to make lights of the criticisms that could be placed against it and show that the exceedingly good policing purpose but he pointed out a case for me and an argument to me which is hard from a civil libertarian perspective to question he said, he told me of a time in which a man who'd been to have his passport photo taken had subsequently a woman had alleged he sexually attacked her and they arrested this man they managed to find him because of this passport photo and using Neoface and then arrested him the woman however the victim did not want to press charges she did not want to go through that so at that point this man is unconvicted he is innocent and the police have a lot of evidence they could go with the CPS to prosecute but the lady, the victim whom should be prioritized does not want to go through with it at that point what should they do with his image Simon Cole's position is that they should offender manage there should be some facility to keep hold of this image and I'm not sure that there shouldn't be but then following on from that I asked him why not keep everyone's image then if it's no harm to innocent people why not have every innocent person's image on there at which point he was quite happy to say well we're around the land of all well then so a cop saying that which is brilliant and he's right I mean I'm not sure how we go about finding the balance between measuring who who should be exposed to potential state surveillance through facial recognition and who should not be this is also happening in Ireland I should say that the Irish Guards the Goddishier Corner recently proposed in their new five year program to professionalise and modernise their systems which are mostly still paper based by adding some facial recognition technology which is the best look of that it won't be easy you're also seeing it in Manchester where the police have strapped on about 3,000 body cameras body one video it's called officially which is being stored in the clouds you're seeing that in London where the Metropolitan Police are doing it so there are a lot of questions here but there are very little bits of legislation and regulation of the area one particularly interesting bit is another commissioner who's found his position again comes from the Protection of Freedoms Act 2013 he's a surveillance camera commissioner and basically what he does is he upholds and tries to encourage the adoption of something called the surveillance camera code of practice and I've got a lovely statement from his office that I do want to read out his position however is that if you can't read it out the surveillance camera code of practice requests that if you are using a surveillance camera you tell the public that you're doing it that we have policing in this country but it is by consent and what you are doing to the footage as well if you're applying facial recognition technology to the footage the public should also be aware of that that is in his terms what is included in the surveillance camera code of practice and the code of practice it is mandatory for police and state organizations to follow that anyone who controls a CCTV camera or surveillance camera in general it could be IPTV, it could be anything I'm not sure where I'm signing out on this because of the issue with my laptop but in short we don't have regulation on this matter at the moment from what I understand so Alison McGregor QC finished his two years in the role a few months ago from what I understand the new biometrics commissioner doesn't want to do what he did because it isn't part of his statutory obligations the new commissioner comes from science not a legal background there is another thing I'm meant to mention as well and there isn't much claim or cause at the moment to chase up facial recognition a big part of this is that the home office is settling complaints to it on biometrics out of court and this is only from a small home office minutes document a biometrics group meeting where they say they have six complaints against them at the moment three of which from unconvicted people putting the convicted to the side you've got three unconvicted people who are taking the home office to the European Court of Human Rights to say that their biometrics are being unlawfully held and the home office in that situation because the European Court of Human Rights will allow this are amicably arbitrating their settling this case out of the court and this is two things potentially it saves the taxpayer money if those people were going to claim millions which I think is unlikely but it also does it avoids setting a legal precedent for any any embarrassing opportunity to embarrass the government and it's very delayed biometrics review so if any of you guys have had your biometrics slurped up by all means you need to protect your rights thank you very much for your time I'm not sure if I'm going to be able to answer your questions but if you do want to shoot questions at me I'll give it a go or if you guys need to stage back we can do it outside we're a bit I actually know alright close to 30 minutes yeah so you said that it's 20 to 15% of the public does that mean that they've got images of people who aren't criminals and haven't been arrested or is this when they're booking people before arrest and then they're releasing them how are they getting the images from people that haven't been convicted so that's an excellent point so just on the police national database which I should say is a single database of comparison it is absolutely possible that they are using bulk personal data sets as have recently disclosed to be a thing to especially it wouldn't come under police wouldn't be able to do it but it could come under the directed surveillance powers under RIPAA to get enormous data sets say the passport's database for also facial recognition again though that is at such a level of security that it isn't possible for us to know of course I also forgot to mention social media images are being used but they're being used as sample images rather than the custody images and this is done lawfully these will be open source images from the police's perspective but it is concerning when we talk about putting stuff in public it is very public anyone will look at that and will potentially use it for any purpose as I'm sure this audience will know from its own experience of dealing with black hats or blue hats as that sort of odd model seems to be developing you talked about the fact that facial images are not mentioned in law at the moment from this perspective how does that interact with data protection so the data protection act does cover personally identifying information which facial images are considered part of so they wouldn't be able to simply just push that out and it's been the case for a long time in libel law for instance that if you publish someone's face without identifying them you're in breach of that could constitute identifying them there was a case with alleged talk talk hackers where the son or the telegraph published a picture of one of these kids it was quite reasonably obfuscated his identity but again he was identified from it his family was harassed etc it's really classy from the telegraph yes it is protected, facial images are protected under the data protection act but when you have a policing purpose that's a clear exemption for sharing data additionally there is, and I haven't found it but I've been authoritatively informed that there is exemption for sharing data within government under the protection of freedoms act if you've said yes it's fine for the government to have some data they don't need to if you mandate a purpose they don't need to care about that anymore they can share it between departments saying we've been allowed to have it hi that leads nicely onto my question I'm interested in biometric passport data because if you can share face models from one to the other then that would seem to me to be a good source for most of the people in this room right? I can't hear you if you can shout at me biometric passports yes very possibly, I mean before it wasn't really so much AFR before with passports until you get the e-gates coming in because authentication is done by a person and I had this in Hamburg where a very sort of burly surly German police officer was diligently looking over my passport comparing it to my face the e-gates is absolutely they do seem to be getting faster I've only used one once actually and I think that is also the primary design and use and hope for biometric passports as well and something absolutely worth looking into in more detail hello you spoke about Facebook and them drawing the images off have you ever heard of like any third parties using Facebook to scan through like in the intelligence services or something not with Facebook but there was a very famous case in Russia where the Russian social network I think is vk.com or vk.ru or whatever well basically the Russian version of 4chan and teenage boys can be trusted to do anything it's chased off to pornographic models and so an API was made to this Russian Facebook face print database and they used it to identify amateur porn models and then harass them online so certainly it can happen Facebook has not at the moment allowed any access to to sort of question or query its database of face prints it is the largest face print database in the world that has ever existed Facebook are right on the frontier of this technology as well they've got fantastic really they're taking so many strides forward when it comes to AI research and Facebook's artificial research team or FART as I like to call it is exceptional but again I think there is some recognition that from Facebook particularly there is hesitation about their use of users data their response finding out more about their response to the Irish data protection commissioners informing them that the face print database must be deleted on EU citizens would be very interesting just thought I'd mentioned that there's a billboard in Birmingham New Street that is doing not they specifically say that it's not doing facial recognition it's doing demographic recognition and targeting advertising to the people who are coming off the trains I wasn't sure whether you were aware of it that's really interesting my concern is that there's a fine line between demographic recognition and facial recognition I don't know how they're processing it I did find out that they were doing cloud processing on it so the data is at least going into AWS do you know who is running it I believe it's actually Amazon no Amazon are great yeah there was a website not too long ago age robot or how old are my robots which you would upload a photograph to and it would give you a rough estimation of your age and of course it was quite crude but it was wrong and those especially I notice I remember Louise Mench did it and she was told she was a 25 year old woman she's quite happy to tweet about that and the ability for this to get people's ages wrong was comical and it made it go a bit viral but this was actually run by Microsoft and they were using it to show how good Azure was at handling surprise workloads and needing rapidly to scale up in terms of server demands and I think when we look at face recognition the future face recognition it is going to be connected very deeply with cloud technologies that is where the processing and the storage is going to be thank you very much Altenor thank you guys