The Uses and Limits of Amazon’s “Rekogntion” Facial Recognition Software

 

A new test by the ACLU demonstrates these limitations

 

 

 

 

The American Civil Liberties Union recently tested Amazon’s facial recognition tech — and the results were less than favorable. To test the system’s accuracy, the faces of all 535 members of congress were scanned against 25,000 public mugshots, through Amazon’s open Rekognition API. Although none of the members of Congress were in any of these mugshot lineup, Amazon’s system nevertheless generated 28 false matches. The ACLU claims this raises some particularly serious concerns about Rekognition’s use by law enforcement and in the legal and medical world.

 

“An identification — whether accurate or not — could cost people their freedom or even their lives,” the group said in an accompanying statement. “Congress must take these threats seriously, hit the brakes, and enact a moratorium on law enforcement use of face recognition.” (ACLU)

 

According to The Verge, an “Amazon spokesperson attributed the results to poor calibration.” However this does not necessarily account for the results. Amazon’s system currently operates with the default confidence threshold of just 80 percent. Yet Amazon claims it recommends at the very least a 95 percent threshold for situations such as medicine and law enforcement where relying on a machine to ID someone could cost them their freedom, life, or worse.

 

“While 80% confidence is an acceptable threshold for photos of hot dogs, chairs, animals, or other social media use cases,” the representative said, “it wouldn’t be appropriate for identifying individuals with a reasonable level of certainty.” (ACLU) Even still, the Rekognition suite does nothing to affect that recommendation during the process of setting it up, and there is of course little to nothing to prevent law enforcement agencies from using the default setting of 80 percent.

 

In May of this year, this tech came into the limelight when the ACLU report was able to show the system being in use by a number of LEO agencies including the police of Orlando, Florida. It is sold as a part of Amazon’s Web Services cloud, and is quite inexpensive with a costs as low as less than just 12 dollars a month for the entire department.

 

Furthermore, this test demonstrated a continuing problem of many facial recognition systems, which have  historically had considerably difficulty    in accurately identifying both women and non-white minorities. Of the 28 false matches, 11 involved black members of congress, although they make up just around 20  percent of the whole of congress itself. Some other systems fair even worse. With the system used by the London Metro Police force producing as many as 49 false matches for every legitimate hit, which then necessitates a manual and time and resource consuming search though these false-positives.

Ostensibly, facial recognition IDs would be confirmed through multiple human sources before an arrest would be made, though many say that even checking faces violates privacy rights. Worse still, it is not hard to imagine a situation where an officer sees a false match that leads him to believe the potential arrestee could be armed and dangerous, and also plant ideas about the person before even really investigating, changing the outcome of a routine stop from routine, to possibly violent, even deadly.

Security Technology of South Texas works with analytics and facial recognition video surveillance in its projects, and are experts in integrating, understanding, and sourcing only the best tech to get your job done, at a price you can feel good about. Let us show you the difference between a local, responsive, company that strives for only excellence and client satisfaction versus the kind of experience we have all come to expect from the detached, hard to reach, and inferior service and installations inherent to the juggernauts of the security industry.

Please contact us through email at admin@gostst.com on our website or via phone at  210-446-4863   24/7

Sources: ACLcomU, Verge.com,  Amazon.

Voiceprints: The Next Thing in Biometrics

 

A voiceprint is a set of measurable characteristics of a human voice that uniquely identifies an individual. Based on both the physical configuration of the speaker’s mouth and throat, these biometrics can then be expressed as a mathematical formula. “The term applies to a vocal sample recorded for that purpose, the derived mathematical formula, and its graphical representation.” (Forbes) Voiceprints can be used in voice ID systems for user authentication.

 

Voiceprint technology was, thought their own admission,developed first by the NSA in an attempt to catalogue through their claimed worldwide recordings of phone and VOIP. Naturally, this was justified with the tried and true gambit of “National Security. As the tech becomes more mainstream though, we should expect to see it in more and more institutions beyond the government and spy and intelligence agencies.

 

Citi, for instance, has made use of voice biometrics authentication in order to recognize customers from their voice withing a mere first few seconds of conversation. They launched the project this year to “automatically verify a customer’s identity while the customer is explaining the reason for calling, allowing customer service reps (CSR) to skip tedious questions about the customer’s first pet’s name, place of birth, last four of the social, favorite sports team and nearest sibling’s place of residence.” (Citi)

 

Citi’s   branch handling the  manufacture of voice biometrics makes claims that its software is capable of securely and rapidly authenticating customers in real-time without any effort fro the customer, reducing service times. This frees CSR to do their work and enhancing overall cyber-security and authentication, reducing fraud.. “Citi Voice Biometrics uses sophisticated technology to identify roughly 130 different physical and behavioral characteristics within a person’s vocal pattern” then matching those with the prerecorded voice print in order to verify the caller’s identity. It takes just under a minute to set up the system; and around 250,000 of Citi’s U.S. credit card holders have already opted in, according to the Citi. This would make its deployment of this type of voice biometric is the largest in the U.S. outside of government intelligence.

“Voice biometrics allows us to fundamentally change the customer experience – from ‘Who are you?’ to ‘How can I help?'” said Andrew S. Keen, Citi’s chief administrative officer for global consumer operating functions. “This is one of several new capabilities we’re introducing to increase protection while decreasing friction for Citi clients. We take a multi-pronged approach to security, and voice biometrics is an additional layer of defense. Our ultimate goal is to provide protection, peace of mind and convenience for our customers.” (Andrew S. Keen of Citi)

Please contact us through email at admin@gostst.com on our website gostst.com or via phone at

210-446-4863   24/7

 

Sources: Security Today Magazine, Citi, NSA.gov

Retail Security: Intelligent Video

As brick and mortar companies continue to drive the level of competition up in the retail market space as they compete against online companies offering free shipping and very low prices, they must seek every possible advantage so as to grow their revenues while still addressing conventional security threats such as inventory loss through internal and external theft, also known as “shrinkage”.

Fortunately for those working in a retail space, the security industry has developed products allowing for greatly enhanced security in addition to a whole range of features that are useful in tracking customers and streamlining various processes. There are five key areas associated with the concept of “Intelligent Video”: People counting, traffic pattern analysis, customer satisfaction, the reduction of theft, and monitoring the exterior. Here we will look at these aspects of “Intelligent Video”, more commonly known as analytics enhanced video surveillance.

Unlike a company that operates strictly online, traditional storefronts have a difficult time determining just how many people visited their location each day. Counting visitors can enhance efficiency and make it easier to make decisions which could affect conversion rates and per-customer transactions. Cameras at the entrance should use WDR or “Wide Dynamic Range” so as to bring the clearest images to the analytics software.

Using analytics to monitor and analyze traffic patterns can involve heat mapping, which visually shows a hot and cold flow on screen based on customer flow. Regional people counting analysis helps show how people move through the store. Data like this can be used in determining where to place products, how high on the shelf, and etc. This software can also show how much visitors look at any particular display. Ultimately, all this data can be combined to get a very clear picture of what your customers do on average, and therefore what your best options are for the store.

As far as improving customer satisfaction goes, it simply follows from the implementation of the aforementioned changes based on analytics information. Line times can be reduced or eliminated in the store. On a broad scale, analytics will determine how many people to bring onto staff on any given day and what hours they should work. HD cameras can also be used to individually capture transactions at the register.

As for reducing theft, a wide range of options is available. IR cameras for very low light areas to motion detection or more advanced tech such as tripwire or removed object analysis will enhance the overall effectiveness in managing inventory and reducing theft. PTZ (Pan, Tilt, Zoom) cameras are useful in monitoring the exterior of the building. Having a camera for every corner and corridor also eliminates the possibility of false injury claims and confirms facts in the case of a burglary.

Security Technology offers the integration of security solutions such as these, along with analytics to get the best overall picture of what goes on in your storefront.

Please contact us through email at admin@gostst.com on our website or via phone at  210-446-4863   24/7

Sources: Security Today Magazine

Securing and Configuring in The Cloud

Over the last decade, cloud computing and storage has rapidly changed the way businesses of all kinds operate.  Modern enterprises that wish to stay competitive turn increasingly to a hybrid IT environment which allows them to leverage advantages of cloud based solutions alongside having whatever physical hardware that they maintain on-site. Cloud infrastructure is highly scalable, but on-site systems may be more directly controllable or may feature proprietary/in-house software. The promise of reducing operating costs and gaining a competitive advantage is attractive to any company, but in order to pull it off, specific security challenges must be overcome or accounted for.

Hybridizing an already complicated IT environment can have the effect of rapidly increasingly the complexity of systems. Depending upon which services are owned and managed by that business and which are provided via “Cloud Service Providers” or CSP, the enterprise must regulate and integrate multiple applications and systems, a process which may require multiple different skill sets. This all creates a lot of moving pieces which can make it difficult to maintain  visibility  for all the existing data.

Data breaches at the highest levels make headlines on the daily and have done so for the last several years. Major compromises include Sony with a possible hack coming from North Korea, Verizon, where as many as 14 million customers records were exposed due to server mismanagement, as well as Equifax and many others losing critical information such as customer’s bank information and social security numbers.

Securing all this data is a complicated task, but probably the most common mistake requires no special skills to address. Overlooking the basic integrated security controls is surprisingly common and a simple misconfiguration at this level can compromise an entire operation and leave its data completely exposed and liable to experience theft and/or unwanted modification or hacking. As we all know, something as small as this can expose customers, employees, and the critically important private data of companies to calamitous outcomes. Following are some key considerations in avoiding cloud misconfigurations and steps to keep safe a typical hybridized IT environment.

Studies (Redlock) have shown over half, in this case 53% of companies using cloud storage will admit to accidentally exposing customer data due to mismanagement or deliberately circumventing certain built in security features. Hackers know this, and as more and more organizations make the move to the cloud, attackers will increasingly pursue this “low hanging fruit” of security risks. Security misconfigurations are among the most common ways attackers gain control and leverage withing a network. Because those creating services such as Amazon S3 cloud storage seek to make their interfaces as flexible as possible, this sometimes has the inadvertent effect of exposing cloud environments and contained data (aka “buckets”). These buckets can be accessed simply through a URL so long as the user has the appropriate permissions.

Misconfigurations can occur at any level of your applications stack- “the platform, web server, database, framework” (Security Today Magazine) or in the custom code itself. Also common is for attackers to target and take advantage of any poorly configured devices that may be connected to the network. Use of default passwords and/or otherwise not configuring devices accessing the Wi-Fi can lead to an attacker exploiting a system which will allow them to immediately begin making changes and exfiltrating data.

The reality is that most of these problems come down to human error and ignorance. A common misconception is that the providers of these cloud solutions provide security themselves. This is simply not true. It is always up to you to check what security they do provide and to account for that when you implement your own security. Very rarely or never will the defaults of the cloud service be sufficient. And so regardless of however network environments evolve, the “foundational tenets” will remain. “Maintain visibility of your attack surface and continue to monitor it” at all levels. (Security Today Magazine) Apply security protocols to the cloud environment in the same manner you would do for your traditional environment. And of course, make sure to secure all the loose ends and back-doors, ensuring proper configuration throughout your network.

Please contact us through email at admin@gostst.com on our website or via phone at  210-446-4863   24/7

 

Sources: Security Today Magazine