Carbon Chemist

Tag: face recognition

  • Stadiums Are Embracing Face Recognition. Privacy Advocates Say They Should Stick to Sports

    Stadiums Are Embracing Face Recognition. Privacy Advocates Say They Should Stick to Sports

    [ad_1]

    Thousands of people lined up outside Citi Field in Queens, New York, on Wednesday to watch the Mets face off with the Orioles. But outside the ticketing booth, a handful of protesters handed out flyers. They were there to protest a recent Major League Baseball program, one that’s increasingly common in professional sports: using facial recognition on fans.

    Facial recognition companies and their customers argue that these systems save time, and therefore money, by shortening lines at stadium entrances. However, skeptics argue that the surveillance tools are never totally secure, make it easier for police to get information about fans, and fuel “mission creep” where surveillance technology becomes more common or even required.

    The MLB’s facial recognition program, dubbed Go-Ahead Entry, lets participating fans go on a separate security line, usually shorter than the other queues. Fans download the MLB Ballpark app, submit a selfie, and have their face matched at an in-person camera kiosk at a stadium’s entrance.

    Six MLB teams are participating in Go-Ahead Entry, including the Philadelphia Phillies, Cincinnati Reds, Houston Astros, Kansas City Royals, San Francisco Giants, and Washington Nationals.

    Some MLB teams, including the Mets, have their own facial recognition programs for express entry. The Mets have been using the facial recognition company Wicket for its Mets Entry Express program since 2021. The Cleveland Guardians, similarly, have been using technology from the company Clear at its ballpark, Progressive Field, since 2019.

    Neither the Mets, MLB, nor Wicket immediately responded to WIRED’s requests for comment.

    The National Football League has also started using Wicket facial recognition for express entry. NFL spokesperson Brian McCarthy said in an X post that the league-wide program, at least currently, is only available to “team/game-day personnel, vendors, and media”—not fans. The Cleveland Browns and Tennessee Titans, however, do have facial recognition entry systems that fans can use. (The news of the NFL’s expanded use of face recognition still caused confusion on Facebook and X, where some people thought facial recognition would be required at the stadiums for all 32 NFL teams.)

    At Citi Field on Wednesday, the Mets Entry Express Line was used scarcely, perhaps five people every five minutes or so. There was never a line. The main security lines, though longer in comparison, took only about five minutes.

    The protesters at Citi Field represented some of the 11 organizations that consigned an open letter arguing against the use of facial recognition systems at stadiums, including Fight for the Future, the Electronic Privacy Information Center, and Amnesty International. The letter argues that “not only does facial recognition pose unprecedented threats to people’s privacy and safety, it’s also completely unnecessary.” The activists outside Citi Field on Wednesday passed out flyers to passersby with information about Go-Ahead Entry, declaring in all caps, “WE CALL FOUL ON FACIAL RECOGNITION AT SPORTING EVENTS.” This wasn’t their first protest on the issue; organizers with Fight for the Future also staged a protest last year at Citizens Bank Park, home of the Phillies, to agitate against its introduction of facial recognition.

    [ad_2]

    Source link

  • The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics

    The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics

    [ad_1]

    Police and federal agencies are responding to a massive breach of personal data linked to a facial recognition scheme that was implemented in bars and clubs across Australia. The incident highlights emerging privacy concerns as AI-powered facial recognition becomes more widely used everywhere from shopping malls to sporting events.

    The affected company is Australia-based Outabox, which also has offices in the United States and the Philippines. In response to the Covid-19 pandemic, Outabox debuted a facial recognition kiosk that scans visitors and checks their temperature. The kiosks can also be used to identify problem gamblers who enrolled in a self-exclusion initiative. This week, a website called “Have I Been Outaboxed” emerged, claiming to be set up by former Outabox developers in the Philippines. The website asks visitors to enter their name to check whether their information had been included in a database of Outabox data, which the site alleges had lax internal controls and was shared in an unsecured spreadsheet. It claims to have more than 1 million records.

    The incident has rankled privacy experts who have long set off alarm bells over the creep of facial recognition systems in public spaces such as clubs and casinos.

    “Sadly, this is a horrible example of what can happen as a result of implementing privacy-invasive facial recognition systems,” Samantha Floreani, head of policy for Australia-based privacy and security nonprofit Digital Rights Watch, tells WIRED. “When privacy advocates warn of the risks associated with surveillance-based systems like this, data breaches are one of them.”

    According to the Have I Been Outaboxed website, the data includes “facial recognition biometric, driver licence [sic] scan, signature, club membership data, address, birthday, phone number, club visit timestamps, slot machine usage.” It claims Outabox exported the “entire membership data” of IGT, a supplier of gambling machines. IGT vice president of global communications Phil O’Shaughnessy tells WIRED that “the data affected by this incident has not been obtained from IGT,” and that the firm would work with Outabox and law enforcement.

    The website’s owners posted a photo, signature, and redacted driver license belonging to one of Outabox’s founders, as well as a redacted screenshot of the alleged internal spreadsheet. WIRED was unable to independently verify the identity of the website’s owners or the authenticity of the data they claimed to have. An email sent to an address on the website was not returned.

    “Outabox is aware and responding to a cyber incident potentially involving some personal information,” an Outabox spokesperson tells WIRED. “We have been in communication with a group of our clients to inform them and outline our strategy to respond. Due to the ongoing Australian police investigation, we are not able to provide further information at this time.”

    The New South Wales police force confirmed to WIRED that it was investigating a data breach on Wednesday, but a spokesperson declined to share further details. On Thursday, the force announced that it, working alongside federal and state agencies, had arrested an unnamed 46-year-old man in a Sydney suburb. He is expected to be charged with blackmail.

    [ad_2]

    Source link

  • A Vending Machine Error Revealed Secret Face Recognition Tech

    A Vending Machine Error Revealed Secret Face Recognition Tech

    [ad_1]

    Canada-based University of Waterloo is racing to remove M&M-branded smart vending machines from campus after outraged students discovered the machines were covertly collecting face recognition data without their consent.

    The scandal started when a student using the alias SquidKid47 posted an image on Reddit showing a campus vending machine error message, “Invenda.Vending.FacialRecognitionApp.exe,” displayed after the machine failed to launch a face recognition application that nobody expected to be part of the process of using a vending machine.

    “Hey, so why do the stupid M&M machines have facial recognition?” SquidKid47 pondered.

    The Reddit post sparked an investigation from a fourth-year student named River Stanley, who was writing for a university publication called MathNEWS.

    Stanley sounded the alarm after consulting Invenda sales brochures that promised “the machines are capable of sending estimated ages and genders” of every person who used the machines—without ever requesting consent.

    This frustrated Stanley, who discovered that Canada’s privacy commissioner had years ago investigated a shopping mall operator called Cadillac Fairview after discovering some of the malls’ informational kiosks were secretly “using facial recognition software on unsuspecting patrons.”

    Only because of that official investigation did Canadians learn that “over 5 million nonconsenting Canadians” were scanned into Cadillac Fairview’s database, Stanley reported. Where Cadillac Fairview was ultimately forced to delete the entire database, Stanley wrote that consequences for collecting similarly sensitive face recognition data without consent for Invenda clients like Mars remain unclear.

    Stanley’s report ended with a call for students to demand that the university “bar facial recognition vending machines from campus.”

    A University of Waterloo spokesperson, Rebecca Elming, eventually responded, confirming to CTV News that the school had asked to disable the vending machine software until the machines could be removed.

    Students told CTV News that their confidence in the university’s administration was shaken by the controversy. Some students claimed on Reddit that they attempted to cover the vending machine cameras while waiting for the school to respond, using gum or Post-it notes. One student pondered whether “there are other places this technology could be being used” on campus.

    Elming was not able to confirm the exact timeline for when the machines would be removed, other than telling Ars it would happen “as soon as possible.” Elming declined Ars’ request to clarify if there are other areas of campus collecting face recognition data. She also wouldn’t confirm, for any casual snackers on campus, when, if ever, students could expect the vending machines to be replaced with snack dispensers not equipped with surveillance cameras.

    Invenda Claims Machines Are GDPR-Compliant

    MathNEWS’ investigation tracked down responses from companies responsible for smart vending machines on the University of Waterloo’s campus.

    Adaria Vending Services told MathNEWS that “what’s most important to understand is that the machines do not take or store any photos or images, and an individual person cannot be identified using the technology in the machines. The technology acts as a motion sensor that detects faces, so the machine knows when to activate the purchasing interface—never taking or storing images of customers.”

    According to Adaria and Invenda, students shouldn’t worry about data privacy because the vending machines are “fully compliant” with the world’s toughest data privacy law, the European Union’s General Data Protection Regulation (GDPR).

    “These machines are fully GDPR compliant and are in use in many facilities across North America,” Adaria’s statement said. “At the University of Waterloo, Adaria manages last mile fulfillment services—we handle restocking and logistics for the snack vending machines. Adaria does not collect any data about its users and does not have any access to identify users of these M&M vending machines.”

    [ad_2]

    Source link