Give them the new razzle-dazzle
The first camouflage experts in modern warfare were artists, tailors, and craftsmen. For them, manipulation of light and shadow to fake images, alter perspectives, and even vanish whole scenes from the tableau was just another job. One with life and death consequences, that is.
This is not unlike the situation facing us in the near future with facial recognition software, whose perfection will have a major impact on our reasonable expectations of privacy. Now, one academic team has outlined a way to easily befuddle the snoopers, in a way the military artists of yesteryear might applaud for its ingenuity.
Such an effort, realized by a pair of glasses and described in a paper titled “Accessorize to a Crime,” could please privacy advocates. But it will also appall industry experts who hope to use these systems to identify suspects, while proving a boon for imposters trying to compromise access to secure systems protected by facial ID technology.
One of the more memorable camouflage schools of the twentieth century was the dazzle painters. Covering vehicles in all manner of carefully angled zigs and zags, their intent was to confuse optics by making a ship seem longer or shorter than it really was or moving in directions it wasn’t at speeds that it couldn’t.
Comparable methods have been adapted to misleading machines’ algorithms today, but much of what has been proposed leaves the user looking rather conspicuous compared to the average Jane or Joe.
If that styling became popular, of course, no one would look conspicuous unless they chose not to dress in such a way. But, for those who are hesitant to pour on the accessories and cosmetics (or bury their faces under a mask), the new study, conducted by a team of scientists from Carnegie Mellon and UNC, found a way to mislead facial recognition software with mundane means.
And no, it isn’t by wearing a Chewbacca mask at all times. The solution is much less involved.
Impersonate and dodge
There are two ways to defeat a facial recognition system, the report’s authors note. The first is by impersonation: to deliberately modify your appearance to resemble someone you want to be recognized as This itself. However, this would probably entail a breach of privacy given that the trick could lead to some database or scanner giving you that other person’s access. Such methods would hardly be ethical solutions to the problem, but rather a new form of identity theft.
The second is by dodging, that is, to appear as anyone but yourself, regardless of who the machine actually mistakes you as, which would have positive privacy implications in that it would defeat passive scans from CCTV rigs or the like photographing you all over the place as you go about your business.
Celebrities, one imagines, might enjoy this when confronted with picture-popping drones flying over a beach they’re relaxing at.
Beyond basic security and privacy considerations, one could also see some civil disobedience applications, such as coordinating and creating many false positives to be anonymous in that space, not unlike everyone agreeing to wear the same outfit at a protest march.
Police, of course, are rather sour on this given the potential for hiding suspects.
Existing glasses modifications exist, as the report authors note. Light-emitting glasses can play havoc on detection technology, but such wearables might stand out easily in a crowd. The team set about designing glasses that wouldn’t stand out at all. They used a commercial printer to print out glossy paper and affix that to the eyeglass frames.
Careful testing of color schemes and pixel positions yielded patterns that would, when detected, cause the facial recognition software to read features around the eyes that are not really there. The color patterns chosen (and at that, very carefully chosen for maximum effect) don’t look all that different from what one might randomly pick out at an eyeglasses store. This maximizes wearers’ inconspicuousness.
The team even found it is possible to map out a person’s features in enough detail to design a doppelganger glossy. Random men and women were assigned to impersonate celebrities, and did so most of the time, with one man impersonating Milla Jovovich and another, Carson Daly.
Celebrities, one imagines, might also enjoy this if they can trick some futuristic UAV into thinking their bodyguard is actually them to fool paparazzi with false positives.
Though some tricks didn’t take, the team believes that further research could produce more consistent results in cases of “mistaken” identity. This misidentification experiment was tested against Face++, which the researchers were able to fool. Another experiment, to see if the dodging method would work, was run against the Viola-Jones object detection framework, and, again, proved successful against it.
Facial recognition developers, though, can take solace in one aspect of the study. As New Scientist noted, “They might stop a shop from tracking your movements, but they’re less likely to fool border control – who always ask you to remove your spectacles.”