Digital surveillance, facial recognition, privacy and security

[Touring Mars]

The use of facial recognition technology is becoming more and more widespread, with the police in the UK already trialing facial recognition software to identify criminals. However, there is a growing backlash against the use of such technologies by law enforcement, government agencies etc., and San Francisco has become the first city in the US to effectively outlaw the use of facial recognition technology by public agencies.

However, the laws on such technologies are almost completely absent - there is no specific mention of facial recognition technology in UK law, for example - and the danger is that any possible legislation will be outstripped by the speed and nature of advances in technology. And perhaps the more insidious aspect of such technologies are that it is not merely the act of surveillance that is the problem, but the swathes of information available to private companies as well as public agencies, that lies behind the technology.

While business owners might be able to identify the odd shoplifter here and there and protect their businesses to some extent, the possibilities of what these technologies could be used for are practically endless - might it be that some day you could be prevented from entering a restaurant, shop, gym or leisure centre because of what your internet search history says about you? Is your digital footprint your private property or is it just a commodity that can be bought and sold by whoever can access it? Arguably, it is already too late for many people who may be worried about what 'Big Brother' might already know about you (where you go, who you hang out with, what you buy, what you surf on the web etc. etc.), but the question is what should be allowed in terms of what this information can and cannot be used for, and by whom...


-

P.S. I couldn't find a thread on this topic specifically, but please feel free to point out any relevant discussions elsewhere that I may have missed...

 

[Liquid]

the swathes of information available to private companies as well as public agencies, that lies behind the technology.

Definitely.

I do not believe even one iota in any altruistic notion of "safety". It will have a side effect of preventing some crime and expediting some investigations but it is snooping, pure and simple.

Using the razor I used in the America thread a few days ago, apply the same circumstances in an undesirable location and see if it fits the narrative of being a bad thing.

United Kingdom introduces facial tracking software to spy on citizens

Soviet Union introduces facial tracking software to spy on citizens

China introduces facial tracking software to spy on citizens​

I accept that labelling it as tracking software is open to interpretation but I think the point still stands.

It's almost cliche to describe something as Orwellian, especially when a lot of what is called Orwellian is actually Huxleyan, but we're one step closer to the televisions that watch you in Nineteen Eighty-Four.

While business owners might be able to identify the odd shoplifter here and there and protect their businesses to some extent, the possibilities of what these technologies could be used for are practically endless - might it be that some day you could be prevented from entering a restaurant, shop, gym or leisure centre because of what your internet search history says about you? Is your digital footprint your private property or is it just a commodity that can be bought and sold by whoever can access it?

While businesses (should) have the right to refuse service for whatever reasons they see fit, you raise an interesting point. Your search history can look extremely disturbing on the surface without any context. If someone had access to my internet history, they'll see a fair amont of Wikipedia research on, uh... bad topics? There are things that I find interesting to look up like Nazi Germany or plane crashes for various reasons and chiefly to see how we can learn to avoid repeating them. I studied German and German history at university so Naziism comes up a lot. Go figure.

With the increase in restricted access to online pornography, what's to stop third-parties seeing what type of porn you like watching and acting upon that?

 

[baldgye]

I don't think the government or private companies should be allowed to collect/harvest data or sell it.

For some reason there seems to be a double standard, in that it's illegal to open someone else's post, but harvest/generate every aspect of their life and personal interests is not only allowed, but you can create and form a multi-billion dollar company from such a business model.
The idea the government needs to collect and store every single person's information-regardless is immoral and wrong. Terrorists and foreign agents looking to undermine nations have succeeded in making our lives and the lives of our children demonstrably worse.

If you want to look at how private/personal information can be use against you, you only have to look how Scientologists act to any perceived threat. Now imagine if they had full real-time access to where you are and what you are doing/downloading/looking at and have for years.


I don't understand why police incompetence leads to a reduction in freedoms.

 

[Joey D]

For some reason there seems to be a double standard, in that it's illegal to open someone else's post, but harvest/generate every aspect of their life and personal interests is not only allowed, but you can create and form a multi-billion dollar company from such a business model.

The thing is, for the most part, people agree to have their data collected and sold. If you read through virtually any social media's policy it pretty much says that in order to sign up you're agreeing to let them harvest and sell you data. How else is a company like Facebook making money?

 

[baldgye]

The thing is, for the most part, people agree to have their data collected and sold. If you read through virtually any social media's policy it pretty much says that in order to sign up you're agreeing to let them harvest and sell you data. How else is a company like Facebook making money?

I don't disagree, but I still don't think it should be legal. I've run out of fingers for the number of times I've been told "if you're not doing anything wrong you've got nothing to hide"....

Also terms of service can say pretty much what they like, they still have to comply with law. How companies make money isn't really my concern, but when Facebook required a Uni email to use it (back when I signed up) it quickly became the place to organise and find out about nights out... they could've gone down the promotion/events route.

 

[Danoff]

The use of facial recognition technology is becoming more and more widespread, with the police in the UK already trialing facial recognition software to identify criminals. However, there is a growing backlash against the use of such technologies by law enforcement, government agencies etc., and San Francisco has become the first city in the US to effectively outlaw the use of facial recognition technology by public agencies.

However, the laws on such technologies are almost completely absent - there is no specific mention of facial recognition technology in UK law, for example - and the danger is that any possible legislation will be outstripped by the speed and nature of advances in technology. And perhaps the more insidious aspect of such technologies are that it is not merely the act of surveillance that is the problem, but the swathes of information available to private companies as well as public agencies, that lies behind the technology.

While business owners might be able to identify the odd shoplifter here and there and protect their businesses to some extent, the possibilities of what these technologies could be used for are practically endless - might it be that some day you could be prevented from entering a restaurant, shop, gym or leisure centre because of what your internet search history says about you? Is your digital footprint your private property or is it just a commodity that can be bought and sold by whoever can access it? Arguably, it is already too late for many people who may be worried about what 'Big Brother' might already know about you (where you go, who you hang out with, what you buy, what you surf on the web etc. etc.), but the question is what should be allowed in terms of what this information can and cannot be used for, and by whom...


-

P.S. I couldn't find a thread on this topic specifically, but please feel free to point out any relevant discussions elsewhere that I may have missed...

Well this is awkward. I actually don't have much issue with my government using my face to ID me. I know I'm hearing some heads explode right now about how I can say that. But I will say that this is one of the most important reasons why government's can't ban masks or facial coverings. Maybe you think it's women's lib to prevent a religious person from wearing a burqa, but it's a dangerous precedent. If everyone uses facial recognition and I can't go out in public with a mask, that's pretty concerning.

 

[ryzno]

The government already has your face in a database. License and ID photos... They already use that data when trying to figure out who someone is in surveillance video footage. Oh and don't forget about mugshots.

 

[Touring Mars]

For some reason there seems to be a double standard, in that it's illegal to open someone else's post, but harvest/generate every aspect of their life and personal interests is not only allowed, but you can create and form a multi-billion dollar company from such a business model.

One is legal because the information was handed over voluntarily and the other is illegal because it was not.

However... there are serious questions to be asked about whether people who use(d) Facebook, Google etc. really understood what they were consenting to when they signed up for those accounts. There is also a serious question as to whether these companies ever made it clear that their entire business models are based on selling that information on to third parties who can seemingly do whatever they like with that information - or at least by the time it may become illegal to harvest, share or sell certain information about people, it is already too late... the genie is out of the bottle, so to speak.

The thing is, for the most part, people agree to have their data collected and sold. If you read through virtually any social media's policy it pretty much says that in order to sign up you're agreeing to let them harvest and sell you data. How else is a company like Facebook making money?

As above, I reckon there is a question as to whether people really understand/understood the implications of accepting the terms of these sites - I would hazard a guess that a vanishingly small percentage of people have even read the T&Cs of social media platforms they've signed up to, let alone understood them. I guess these companies can't be blamed for that as such, but it doesn't absolve them of responsibility when it comes to the responsible, fair or even legal use of the data they've collected - Facebook are already finding this out, as it turns out that some companies they have shared user data with have been up to some seriously questionable stuff.

 

[baldgye]

One is legal because the information was handed over voluntarily and the other is illegal because it was not.

The government can (and does) legally and secretly (until Snowden) harvest every single piece of electronic information that is transmitted across the country.
To add further murkiness to this; Facebook (and other companies) create shadow profiles for people who do not use their services based on other information bought and sold (including meta data) and then sell that on too.

Ashley Madison, a good example of this. They bolstered their user numbers with fake users based off real people's information they bought in order to inflate their market value. When they got hacked a some of those people who'd never even heard of them let alone set up an account where publicly outed for cheating, when they hadn't... and how could these people ever protect themselves or prove their innocence?

There is also a serious question as to whether these companies ever made it clear that their entire business models are based on selling that information on to third parties who can seemingly do whatever they like with that information - or at least by the time it may become illegal to harvest, share or sell certain information about people, it is already too late... the genie is out of the bottle, so to speak.

...and this too...

But now our private information is kind of like any image updated to the internet. It's impossible to remove, track or secure...

 

[Joey D]

I don't disagree, but I still don't think it should be legal. I've run out of fingers for the number of times I've been told "if you're not doing anything wrong you've got nothing to hide"....

Also terms of service can say pretty much what they like, they still have to comply with law. How companies make money isn't really my concern, but when Facebook required a Uni email to use it (back when I signed up) it quickly became the place to organise and find out about nights out... they could've gone down the promotion/events route.

I'm not sure how it could be made illegal when you're giving consent to have the company use your data. If they use it in a way you didn't agree too, you should have the right to sue the company for damages.

As above, I reckon there is a question as to whether people really understand/understood the implications of accepting the terms of these sites - I would hazard a guess that a vanishingly small percentage of people have even read the T&Cs of social media platforms they've signed up to, let alone understood them. I guess these companies can't be blamed for that as such, but it doesn't absolve them of responsibility when it comes to the responsible, fair or even legal use of the data they've collected - Facebook are already finding this out, as it turns out that some companies they have shared user data with have been up to some seriously questionable stuff.

No doubt people have no idea what they're agreeing too. It's often joked that the biggest lie around is saying you've read and accepted the T&C, but still, that's on the individual not the company. I completely agree using the data and putting it behind language that's hard to understand is shady and unethical, but companies can still do it (at least in the US). And I do agree that any company collecting that data has a certain responsibility to maintain it securely.

 

[baldgye]

I'm not sure how it could be made illegal when you're giving consent to have the company use your data. If they use it in a way you didn't agree too, you should have the right to sue the company for damages.

Like I said in my last post, I'm not sure you could make it illegal now... the EU have that whole "right to be forgotten" but it's impossible to police and open to abuse.
That said, I don't think individuals should bare the brunt of court, the government should be able to protect it's citizens from abuse and it should act in our interests.

I can't even imagine trying to sue Facebook... and even if you win... how does that actually prevent them from just carrying on and then settling out of court for (in the grand scheme of things) small amounts?

 

[Danoff]

Ashley Madison, a good example of this. They bolstered their user numbers with fake users based off real people's information they bought in order to inflate their market value. When they got hacked a some of those people who'd never even heard of them let alone set up an account where publicly outed for cheating, when they hadn't... and how could these people ever protect themselves or prove their innocence?

Sounds like somebody got caught amiright?

Seriously though I think people need to be far more skeptical of what they're presented with. These days you can create simulated video and audio of someone and it's still not even necessarily them. Someone could present my wife with a video that appears to be me cheating, but was in fact doctored. Seriously honey, that's not me. Someone's framing me.

Actually this is a bit of an issue in porn where famous people's faces are being used. But I don't see how you can claim ownership over your likeness. Maybe some sort of trademark. Perhaps we'll all be seeking trademark protection of our faces to prevent their use. In the meantime, when the latest smear video comes out during the next US presidential election (and it will), let's all be skeptical no matter how legit it looks.

And I do agree that any company collecting that data has a certain responsibility to maintain it securely.

But they don't. And so far we've let them get away with like a year of free ID theft monitoring. In an environment where your personal information's integrity has so little legal value, you just have to assume that all of it is flapping in the breeze, regardless of whether you consented.

Edit:

I've joked that my personal information has been both stolen and voluntarily given (adoption application) to the Chinese government so many times that they're probably sick of copies of it. "This guy! Again! How many copies of Danoff's social security number do we need!"

 

[baldgye]

Sounds like somebody got caught amiright?

I'm not married and wasn't even engaged at the time of the AM hack.

 

[Danoff]

I'm not married and wasn't even engaged at the time of the AM hack.

It was funny because it was exactly the reaction you were arguing against...

 

[BobK]

Ont thing that I find particularly troublesome is the data Facebook and other social media sites accumulate on me -- I have no Facebook or Twitter or Instagram or whatever accounts yet they're still tracking me.

I also generally tend to read through those long-winded, boring and confusing ToS things. It does seem to me that they try to obfuscate things sometimes. In any case there's a fair number of Android apps that I looked at but decided not to install after looking over the ToS and permissions the app wants.

 

[Danoff]

Last weekend I was involved in a very strange discussion about country music in my living room. I don't normally discuss or listen to country music, or search it, or in any way acknowledge that country music really exists. Not out of hatred, but out of general disinterest. Anyway, I mentioned, by voice, multiple times during the livingroom conversation, the name "garth brooks". I did not type it in to my phone, or any other google account, or any computer. I did not search for country music, or type anything into any google account of mine related to country music.

This morning google news put a very unimportant story about garth brooks on my news feed.

It's so damned creepy. This is not the first time I've had this experience.

 

[Daz555]

Yep it is bloody weird.

 

[Touring Mars]

This morning google news put a very unimportant story about garth brooks on my news feed.

My condolences.

The most striking examples of this that I've come across have both involved receiving targeted ads based on what someone else has said in my company. The first happened soon after a friend asked me what kind of sound bar I had, and he was surprised to learn that I don't have a sound bar. A few days later, I got an email from Sony about sound bars... and, just last week, I went to the physio for the first time in about 15 years to see about my hip. The physio recommended I sleep with a pillow between my legs... and, lo and behold, I got an ad on my Facebook feed a few days later for a pillow specially designed for that exact purpose (that's pretty specific, eh?)... and yes, I didn't do any kind of search for a pillow prior to that.

I've tried testing it by talking about daft things (like holidays or cheap flights to a specific location that I have never Googled) but that hasn't produced any results. It will be interesting to test out the theory that suggestions from other people are being picked up by my phone... that said, those two ads stuck out because of recent, highly relevant conversations I'd just had, and it is quite possible that both are just coincidences, but it would be a good experiment to try in any case.

 

[MatskiMonk]

The physio recommended I sleep with a pillow between my legs... and, lo and behold, I got an ad on my Facebook feed a few days later for a pillow specially designed for that exact purpose (that's pretty specific, eh?)... and yes, I didn't do any kind of search for a pillow prior to that.

Location based adverts I'd guess. Assuming you had your phone on you, Google/Facebook knows you're there... it's also possible if you had e-mail or calendar entries on your phone that that's been picked up on.

Last weekend I was involved in a very strange discussion about country music in my living room. I don't normally discuss or listen to country music, or search it, or in any way acknowledge that country music really exists. Not out of hatred, but out of general disinterest. Anyway, I mentioned, by voice, multiple times during the livingroom conversation, the name "garth brooks". I did not type it in to my phone, or any other google account, or any computer. I did not search for country music, or type anything into any google account of mine related to country music.

Did anyone else? If the search was from your home IP, perhaps the news is just targeting its content back at the IP, rather than the user.

 

[Danoff]

Location based adverts I'd guess. Assuming you had your phone on you, Google/Facebook knows you're there... it's also possible if you had e-mail or calendar entries on your phone that that's been picked up on.



Did anyone else? If the search was from your home IP, perhaps the news is just targeting its content back at the IP, rather than the user.

I don't think anyone else searched garth brooks. There were country music-based searches going on, possibly from my IP (but with people who had their own google accounts). I was the only person who mentioned garth by name.

 

[MatskiMonk]

I don't think anyone else searched garth brooks. There were country music-based searches going on, possibly from my IP (but with people who had their own google accounts). I was the only person who mentioned garth by name.

We see a similar effect at our local pub quiz. You can google a fairly specific question, and within 2-3 words, the predictive search has the question you're looking for ready. This can only be because google has identified that people in a specific location like to ask a specific question. 10 hits from the pubs routers IP address for "What is the surface area of a regulation football" within 10 minutes lets the system know that if someone else in the same location types in "What is the...", the probability is high that they're asking the same question... whether or not it's happening because of IP, GPS or cell location, or both I don't know.

I do think it goes deeper than that so I just checked my google Ad Settings (https://adssettings.google.com/). Of the many things that seem irrelevant on the list, one stuck out. Google has associated me with "Liverpool" (the place in the UK). This is an odd determination for google to make.. so, having looked at Googles reasons for adding Liverpool to my Ad personalisation... their explanation is "Google estimates this interest, based on your activity on non-Google websites and apps while you were signed in". I take this to mean that pretty much every interaction I have with my phone is providing google with information, in this case I can't come up with any other explanation than I socialise, and work with a number of Liverpool FC fans, who will have recently been very active on their devices/apps, therefore interest by association.

... it also has me down as a country music fan.

 

[Famine]

We see a similar effect at our local pub quiz. You can google a fairly specific question, and within 2-3 words, the predictive search has the question you're looking for ready. This can only be because google has identified that people in a specific location like to ask a specific question. 10 hits from the pubs routers IP address for "What is the surface area of a regulation football" within 10 minutes lets the system know that...

... this is a crap pub quiz, because no-one knows anything and everyone is Googling it. What's the point of that?

 

[MatskiMonk]

... this is a crap pub quiz, because no-one knows anything and everyone is Googling it. What's the point of that?

That specific example was from the Jackpot round. The Jackpot round is designed to have one or two questions that nobody knows the answer to, to ensure it's only won at either the Easter Quiz or Christmas Quiz. Generally speaking I believe people are honest and don't cheat. But, as my team does, I think people check their own answers between rounds to see if they were right. The typical scorelines indicate there isn't a problem with cheating, there's little difference in the team ranking at the end of the night if the Wifi is working or not (the data signal is crap because village pub), and the teams that always win are of a generation that has to put on their bi-focals and hold a phone at arms length just to determine if it's switched on (that's actually the real problem with the quiz, rather than its difficulty, always the same teams get the loot). Out of 120 points available, the score spread is normally from the mid-80's to about 110 and a big determiner in that can often be if you messed up your Joker (double points) round.

 

[Famine]

That specific example was from the Jackpot round. The Jackpot round is designed to have one or two questions that nobody knows the answer to, to ensure it's only won at either the Easter Quiz or Christmas Quiz. Generally speaking I believe people are honest and don't cheat. But, as my team does, I think people check their own answers between rounds to see if they were right. The typical scorelines indicate there isn't a problem with cheating, there's little difference in the team ranking at the end of the night if the Wifi is working or not (the data signal is crap because village pub), and the teams that always win are of a generation that has to put on their bi-focals and hold a phone at arms length just to determine if it's switched on (that's actually the real problem with the quiz, rather than its difficulty, always the same teams get the loot). Out of 120 points available, the score spread is normally from the mid-80's to about 110 and a big determiner in that can often be if you messed up your Joker (double points) round.

Still, any Googling in a pub quiz makes me want to have a mobile phone jammer (although that's well illegal, unless you're the police).

 

[MatskiMonk]

Still, any Googling in a pub quiz makes me want to have a mobile phone jammer (although that's well illegal, unless you're the police).

Yeah, I agree*. Our nominated scribbler and tie-break-meister is a copper though... he'll get anything we need

*in principle. In practice, on the odd occasion a typical 7th place team has won it, I actually didn't care. We all turn up, every fortnight... a pub full of people, we all pay our £1.50, some of us host it, and the same few people effectively get their nights paid for because they win all the time. I don't begrudge the odd cheater if I'm honest.

 

[ImaRobot]

I've tried testing it by talking about daft things (like holidays or cheap flights to a specific location that I have never Googled) but that hasn't produced any results. It will be interesting to test out the theory that suggestions from other people are being picked up by my phone... that said, those two ads stuck out because of recent, highly relevant conversations I'd just had, and it is quite possible that both are just coincidences, but it would be a good experiment to try in any case.

I haven't tried testing it out myself, but there was a time that my friend brought up a subject. It was something I never looked up, nor was it something I ever spoke about outside of that one instance, as it just wasn't something I was interested in at all. Within the next week I got an ad about it on the front page of Facebook. I can't recall what it was, but I just remember it being really odd. It doesn't happen often, or maybe I just don't notice it as much because I haven't had a Facebook in some time.

Another instance was me talking and asking about requesting a new ergonomic keyboard, and talking about it to my Operations manager. I searched for a couple on my work computer and came across one from Staples that was decently priced and forwarded it over to the purchaser. That weekend I was getting ad's for Staples on Keyboards, on my Xbox One. This one seems a bit more explainable though, because I'm pretty sure I have the same email linked on my work computer as I do on my Xbox.

 

[Shaun]

... it also has me down as a country music fan.

Same here also .
I have however at some stage in the past turned off Urban/Hip-hop.

 

[Touring Mars]

Here's an interesting one...

https://www.theguardian.com/footbal...at-spied-on-illegal-bar-screenings-of-matches

La Liga (Spain's top football league) has been fined 250,000 Euro for using its app to locate bars broadcasting games illegally.

The app, downloaded by millions of people, was used by La Liga to remotely activate people's microphones and report their precise location, thus allowing them to identify bars who were showing games without a legal subscription.

They have argued that they should be allowed to use 'all means at its disposal' to tackle piracy of their content, but if that includes turning people's mobile phones into snooping devices without their knowledge or consent, then it is a different story.

 

[MatskiMonk]

Smart use of apps if you ask me.

 

[Liquid]

Smart use of apps if you ask me.

You give the app permission to access your microphone (disagree with it but you give your consent when installing the app) but you don't give La Liga permission to access your microphone.

That said, a €250,000 fine is nothing to the second or third most watched division in European football.