Subscribe to this bi-weekly newsletter here!
Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security.
Facial recognition systems for use by law enforcement are all the rage these days. China has employed it on a vast scale to establish a surveillance network of sorts, while law enforcements’ use of facial databases in the US and UK have drawn scrutiny.
These tools often mix AI with a curated database of images pulled from other databases, which could be anywhere from government ID databases to Facebook, Instagram, LinkedIn, and other websites.
As The New York Times’ Kashmir Hill reported recently, Clearview AI’s software can virtually match any face and reveal their true identity. It’s been put to use by 600 law enforcement agencies and other private companies.
India is the latest country to jump on this bandwagon. The tool, developed by INNEFU Labs, converts every face into 512 data points which are fed into an AI algorithm looking for close matches.
The system, dubbed Advanced Facial Recognition Software (AFRS), has been employed by police forces during parades, and once at a political rally last month to screen crowds.
According to the company’s founder, Tarun Wig, the tool can be simply plugged into a facial database.
“The original database for the images depend on what the client feeds our tool. This is under the discretion of the customer, and if they want, they can even take data from Google, Facebook and other public sources, and ingest it into the system to recognize the faces,” Wig told News18.
All this is well and good. But good intentions alone don’t always ensure good outcomes. First off, there’s no guarantee the facial matches will be wholly accurate. Then comes the issue of incomplete and biased datasets.
But given the general lack of privacy regulations, deploying such technologies at a vast scale is doubly frustrating from a data privacy and security point of view.
The EU has GDPR, the state of California now has CCPA, but it’s non-existent pretty much elsewhere. For its part, the Indian government presented a revised draft of the Personal Data Protection bill last month, but it has now been deferred and is expected to be passed later this year.
Internet Freedom Foundation, a Delhi-based non-profit that works on digital liberties, said: “While technology is very well a force for good, prior to its integration in society, adequate safeguards and protection of target audiences need to be in place.”
Truer words have never been spoken!
***
Do you have a burning cybersecurity question, or a privacy problem you need help with? Drop them in an email to me, and I’ll discuss it in the next newsletter! Now, onto more security news.
What’s trending in security?
The past two weeks were about Apple’s encryption showdown, the data breaches at Mitsubushi Electric and the United Nations, and how antivirus maker Avast sold its users’ browsing habits to a variety of clients, including Facebook, Google, Microsoft, and Pepsi. In a troubling development, pilfered Wawa restaurant customers’ payment info are now on sale on the dark web.
Data Point
IBM’s Cost of Insider Threats 2020 Report — which surveyed 964 security professionals in 204 organizations across the world — found over 4,716 insider breaches in the past 12 months. Credential theft emerged as the costliest threat, with an average cost of $871,686 per incident. Negligent employees and criminal insiders were the other two top causes.
That’s it. See you all in a couple of days. Stay safe!
Ravie x TNW (ravie[at]thenextweb[dot]com)
