Feeds

Reverse-engineering artist busts face detection tech

Hacking Big Brother with help from Revlon

High performance access to file storage

Concerned about the proliferation of face recognition systems in public places, a grad student in New York is developing privacy-enhancing hacks designed to thwart the futuristic surveillance technology.

Using off-the-shelf makeup and accessories such as glasses, veils, and artificial hair, Adam Harvey's master's thesis combines hipster fashion aesthetics with hardcore reverse engineering of face detection software. The goal: to give individuals a low-cost and visually stimulating means to prevent their likenesses from being detected and cataloged by face-recognition monitors.

"The number of sensors that are going into the public spaces has been increasing," said Harvey, a student in New York University's interactive telecommunications program. "There's a lot of work to be done to catch up to where cameras are going because there have been so many advances in the last few years."

Although still in its adolescence, face recognition technology is quickly being adopted by governments and corporations to identify individuals whose images are captured by surveillance cameras. At the 2001 Super Bowl, for instance, officials digitized the faces of everyone entering Raymond James Stadium in Tampa, Florida and compared the results against photographic lists of known malefactors.

In another example, the city of Chicago two years ago made much fanfare of "Operation Virtual Shield," which was to use IBM software to analyze in real time thousands of hours of video being recorded on more than 1,000 continuously running cameras.

As a starting point, Harvey's research involves the reverse engineering of OpenCV, which its creators describe as an open-source "library of programming functions for real-time computer vision." From that work, he developed an understanding of the algorithm used to tell if an image captured by a camera is, say, a car, a building or a human face.

Based on the so-called Viola-Jones method (pdf), the algorithm examines the spatial relationships of an object captured in an image and looks for features commonly found in faces. Most faces have a dark region just above the eyes, while the cheek bones and nose bridge will appear lighter. When the algorithm detects enough such attributes, it guesses the object is a face. The method is generally regarded as effective. Errors are in favor of false positives, making it hard for unobstructed faces to escape notice when they aren't captured at an angle.

Once a face is detected, other technologies, such as face recognition, can be used to compare the face against a database in an attempt to identify the person it belongs to.

But Harvey has discovered that face detection can often be thrown off by using makeup to alter the contrasts the technology looks for. For example, dark patterns applied around eyes and cheek bones, as in the image below, are one such possibility.

These faces aren't detected by Viola-Jones algorithms

"There's a lot of trial and error," Harvey said. "The common thread is throwing off the symmetry" the algorithm looks for. "It's a lot more difficult than applying a bunch of makeup and hoping it works or putting on your 3D glasses left over from Avatar."

Technology that detects or recognizes faces still hasn't gone mainstream, said Ralph Gross, an expert in the field and a scientist at Hyperactive Technologies. For now, it's mostly limited to specialized applications, such as the Super Bowl outings or Las Vegas casinos, but he said he expects that to change.

"The technology is getting better all the time," he said. "Along with computing power being greater, it becomes more of an option. I think we're heading to the point where we as a society need to think about what we are comfortable with."

At the same time, Gross said a pair of dark sunglasses or a simple veil would probably prove just as effective at thwarting face detection as anything Harvey is recommending.

But Harvey, said the point of his project from the beginning has been to create disguises that do more than simply hide a person's face.

"The combination of hair, makeup and accessories gives you the potential to do an infinite number of creative new looks that have some futuristic value to them with anti-face-detection functionality," he said. "Maybe you could go to a privacy hair stylist in the future." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.