Had my creepiest-ever encounter with face recognition recently.
I was traveling home from our first international trip since The Before Times. The country we traveled from has a US Customs office in the airport. We walk up to the counter, look into the camera, and without having handed over my passport, the agent says my name.
I know that I've given them my photo and that the search space for my match isn't huge (people on flights leaving in the next ~2-8 hours), but it absolutely freaked me out. I can't imagine it meaningfully makes us more secure, and it feels like the kind of thing that, to this article's point, could be trivially abused.
I visited China with someone who was from China but had been living in the US. It was a hot day and at one point I wanted cold water (which turns out is a very western thing and hard to get elsewhere) and the only option was a vending machine.
I expected at first to pay with coins, WeChat, or AliPay but she just showed her face to the camera on the vending machine and it charged it to her bank account. She didn't have to enter a PIN or show identity and the only device she had on her was a US-bought iPhone with no cell service.
I was blown away that not only was a camera able to identify her out of the probably hundreds of millions of people enrolled in the system, but it was confident enough to actually charge money to her account.
I still think about that to this day and tell people about it when they talk about the level of tech in the US.
Actually, this sounds very much like the initial concept of credit cards (Diner's Club at 1950) - where the "mechanism of payment" is just that, you get identified and they send you the bill afterwards. All the extra complexity of current credit cards such as balance verification and authorization features are just tacked-on workarounds for various risks, but the original core idea (at least as I see it) was essentially about simply identifying which customer should be billed.
I'd say you got pranked, but that may be wishful thinking.
Yeah, I don't think that system is "confident enough". Just that the error rate is acceptable. Some poor sod gets charged instead of you? Welp, tough luck. Pretty terrible.
Why wouldn't they? Their faces are probably many years already in government face recognition systems. Also they don't have much of a choice anyway with CCP.
At least they get some extra convenience because of it.
The answer should be obvious. There are unintential false-positives and unintentianal false-negatives. But, the real issues with this form of matching are intentional false-positives and what happens to the data.
Well, that would be the issue in many parts of the world, but the reporting refers to China, which has additional issues. In case you are not aware China is run by a dictatorial authoritarian regime that has expansive powers and has does not treat people humanely.
There has to be a ton of ways to fake someone's face. Holding a photo up to the camera might be a bit obvious to anyone around you, but a bit of latex or even a mask might not be.
But then again, if the surveillance level is already so high, you are likely to get cought after this.
(That is, if you stole money from someone important enough, so the police cares, but they probably would care about the general integrity of the system)
I agree, but I prefer it when they're at least upfront about it. It's much better than just silently collecting your data and then using it against it you in ways you'll never know or be able to trace back even if it's suspected. If my health insurance premiums rise suddenly, it'd take a whistleblower for me to discover that it was because my face was flagged more often at fast-food counters or bars.
The contents of the chip is encrypted with the machine-readable text on the picture page, so you cannot harvest people's data like that without opening the passport.
But nothing is stopping the US customs service (or any other service) to store the unencrypted data for later reference right?
I don’t find it farfetched that some big players would have a database that holds basically a huge lookup table that goes from encrypted data to the unencrypted data.
This wouldn’t work on your first visits, but return visitors could have their rfid read like that.
Or do the rfid chips hold some kind of randomness in them so they can do a type of handshake (that is unique every time) where that machine readable password is needed?
I was traveling home from our first international trip since The Before Times. The country we traveled from has a US Customs office in the airport. We walk up to the counter, look into the camera, and without having handed over my passport, the agent says my name.
I know that I've given them my photo and that the search space for my match isn't huge (people on flights leaving in the next ~2-8 hours), but it absolutely freaked me out. I can't imagine it meaningfully makes us more secure, and it feels like the kind of thing that, to this article's point, could be trivially abused.