Re DHS Is Starting to Scan Americans' Faces Before They Get on International Flights

["Dave Farber" <dave () farber net>]

---------- Forwarded message ---------
From: Christian Huitema <huitema () huitema net>
Date: Thu, Jun 22, 2017 at 8:14 PM
Subject: Re: [IP] Re DHS Is Starting to Scan Americans' Faces Before They
Get on International Flights
To: <dave () farber net>, ip <ip () listbox com>




On 6/22/2017 11:42 AM, Dave Farber wrote:




Begin forwarded message:

*From:* Rich Kulawiec <rsk () gsp org>
*Date:* June 22, 2017 at 1:41:10 PM EDT
*To:* Dave Farber <dave () farber net>
*Subject:* *Re: [IP] DHS Is Starting to Scan Americans' Faces Before They
Get on International Flights*

...



1. As noted, the false positive rate is likely to be significant, which
will inconvenience (and more) some travelers.

The general understanding is that this kind of face recognition is about as
good as a 4 digit PIN. The problem here is not to pick a face at random
from a crowd. It is to check whether the person in front of the camera
correspond to the expected ID. This is pretty much the same application as
unlocking your laptop or your cellphone via face recognition. Granted, the
phone or laptop applications will try to get several pictures of the person
to get better results. So DHS probably needs to keep many pictures of the
subject, not just one. So it is probably not just the passport's picture.
In fact, each time I fly back from abroad, I have to pass through the
automated entry booth that scans my passport, and takes my picture.
Guessing how the government work, I do not believe that DHS discard these
pictures. So it seems that the database is already there...

In that context, false positive means that the system says, "yes, this is
the person we expect" when in fact it is someone else. The effect would be
to let an interloper board the flight. That could happen if some bad folks
recruited a "mule" that looks more or less like their operative, asked the
mule to buy the ticket, and then let their operative board the flight
incognito. If the system is good enough, that seems like a very risky
operation. But it could work if the baddies have a copy of the DHS
algorithm and of the training data, and can test their hack in advance.


But the false negative rate will be too.  And given the propensity of
operators to "believe the computer" -- something we see far too often
in every field of IT -- this could have serious consequences.


False negative means that the system fails to recognize the person. In that
case, the obvious answer is to ask them to show their ID. Plus, of course,
harvest the picture so the algorithm work better next time.



2. What happens when -- not IF, but WHEN -- the entire database is
compromised?


That will never happen, of course. Just like bad folks are never going to
get at your Facebook profile pictures.


-- Christian Huitema



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170622222115:9DE6189A-57BA-11E7-9266-BECDA59DFBE0
Powered by Listbox: http://www.listbox.com