Facial recognition software countermeasures

Software that tweaks photos to hide them from facial recognition:

A start-up called Clearview AI, for example, scraped billions of online photos to build a tool for the police that could lead them from a face to a Facebook account, revealing a person’s identity.

Now researchers are trying to foil those systems. A team of computer engineers at the University of Chicago has developed a tool that disguises photos with pixel-level changes that confuse facial recognition systems.

This Tool Could Protect Your Photos From Facial Recognition

This is of course just an arms race. The facial recognition will improve, the hiding software will get tweaked.

Rite Aid has been using facial recognition for 8 years

Jeffrey Dastin writing for Reuters:

The cameras matched facial images of customers entering a store to those of people Rite Aid previously observed engaging in potential criminal activity, causing an alert to be sent to security agents’ smartphones. Agents then reviewed the match for accuracy and could tell the customer to leave.

Rite Aid deployed facial recognition systems in hundreds of U.S. stores

The DeepCam systems were primarily deployed in “lower-income, non-white neighborhoods,” and, according to current and former Rite Aid employees, a previous system called FaceFirst regularly made mistakes:

“It doesn’t pick up Black people well,” one loss prevention staffer said last year while using FaceFirst at a Rite Aid in an African-American neighborhood of Detroit. “If your eyes are the same way, or if you’re wearing your headband like another person is wearing a headband, you’re going to get a hit.”

Shortcuts in Learing

So starts a great article on DNN’s and learning shortcuts:

Recently, researchers trained a deep neural network to classify breast cancer, achieving a performance of 85%. When used in combination with three other neural network models, the resulting ensemble method reached an outstanding 99% classification accuracy, rivaling expert radiologists with years of training.

The result described above is true, with one little twist: instead of using state-of-the-art artificial deep neural networks, researchers trained “natural” neural networks – more precisely, a flock of four pigeons – to diagnose breast cancer.

Shortcuts: How Neural Networks Love to Cheat

Sometimes the learning is clever; sometimes the learning is a problem. Mostly though, it’s hard to make sure an AI learns what you want it to learn.

Zoom and enhance!

Using computer systems to zoom and enhance is a tv trope.

But we’re getting better.

Researchers at Duke University have released a paper on PULSE, an AI algorithm that constructs a high resolution face from a low resolution image. And the results look pretty good:

6/23/2020 Update: The PULSE algorithm exhibits a notable bias towards Caucasian features:

It’s a startling image that illustrates the deep-rooted biases of AI research. Input a low-resolution picture of Barack Obama, the first black president of the United States, into an algorithm designed to generate depixelated faces, and the output is a white man.

What a machine learning tool that turns Obama white can (and can’t) tell us about AI bias

Automated systems are often wrong

And automated background checks may be terrible!

The reports can be created in a few seconds, using searches based on partial names or incomplete dates of birth. Tenants generally have no choice but to submit to the screenings and typically pay an application fee for the privilege. Automated reports are usually delivered to landlords without a human ever glancing at the results to see if they contain obvious mistakes, according to court records and interviews.

How Automated Background Checks Freeze Out Renters

So much of ethical AI comes down to requiring a human-in-the-loop for any system that has a non-trivial impact on other humans.

AI Bias Bounties

Like bug bounties, but for bias in AI:

A similar problem exists in information security and one solution gaining traction are “bug bounty programs”. Bug bounty programs seek to allow security researchers and laymen to submit their exploits directly to the affected parties in exchange for compensation.

The market rate for security bounties for the average company on HackerOne range from \$100-\$1000. Bigger companies can pay more. In 2017, Facebook has disclosed paying \$880,000 in bug bounties, with a minimum of $500 a bounty. Google pays from \$100 to \$31,337 for exploits and Google paid \$3,000,000 in security bounties in 2016.

It seems reasonable to suggest at least big companies with large market caps who already have bounty reporting infrastructure, attempt to reward and collaborate with those who find bias in their software, rather than have them take it to the press in frustration and with no compensation for their efforts.

Bias Bounty Programs as a Method of Combatting Bias in AI