7-7-2020 1:34pm Correction: The original article stated Facial Recognition was used to catch protester. That is not true. Social media video was used possibly with a Tat-C database search. No facial recognition was in use according to most accounts. CyberHoot wanted to set the record straight before being asked about this.

The death of George Floyd, caused by a police officer, sparked national outrage and countless protests and the advent of the “Black Lives Matter” movement. In some cases, peaceful protests were interrupted by violence by a few who smashed store windows, looted, and committed arson. In the cases of violence, law enforcement sought to identify the looters, property destroyers, and arsonists using social media video and possibly other identity technologies such as tattoo recognition and possibly facial recognition (although in the Philidelphia arrest, no mention was made of facial recognition tools).

CyberHoot first wrote about Clearview AI’s large facial recognition database back in January 2020 and again in April about how facial recognition was being developed to work with COVID-19 masks on. The point being, facial and other identity recognition technologies (Tattoo database) are multiplying rapidly.  We need to understand what that means and establish rules for their use, requirements for these database’s protection, or else risk losing our privacy forever.

What Is Happening?

On May 30th riots broke out in downtown Philadelphia, PA, leading to damage, looting, and police cars being lit on fire. The following week, a 33 year old woman was charged with arson for allegedly torching the two PPD vehicles.

Law enforcement investigated these violent protests including “various videos” of the incident posted on social media which ultimately led to this woman’s arrest.  The FBI saw a video of the woman allegedly lighting the PPD cars on fire, identified a tattoo of a stylized peace sign on her right forearm; and a Vimeo video showing the same woman removing a flaming piece of wooden police barricade from one car and shoving it through the window of another. How did the police identify the woman based upon a shirt and a tattoo?

New Identity Technologies

The FBI has been working with the National Institute of Standards and Technology (NIST) to create a tattoo recognition program called “Tatt-C”. The technology involves creating an open tattoo database to use in training software to automatically recognize tattoos, similar to a facial recognition software. However, the FBI didn’t mention using that database, or its vast wealth of facial images, to find the alleged arsonist; but it is important to note that they certainly could have used this technology to find the perpetrator. This vast database contains mostly images of tattoos from prisoners, but does contain those out in the public as well. Technology like the Tatt-C and other biometric scanning tools like facial recognition bring up issues involving privacy, with hundreds of millions of photos in these various databases. What’s clear is these privacy breaching technologies are here and are being used across the world by law enforcement. 

Privacy Concerns

In a perfect world, powerful applications like these will help law enforcement identify and catch criminals. However, privacy advocates point out that not every nation using this technology is acting in good faith. From China to Russia to perhaps even the US, powerful nation states are using these technologies to track their citizens, their dissidents, and persons of interest. 

Whenever powerful technologies such as these are being used by companies, we must beg the question, what is going to be done with our data? What happens if these technologies fall into the unethical hands or hackers steal the data in a breach?  We already know that Clearview AI’s entire customer list was stolen earlier this year?

The adage, “with great power comes great responsibility”, applies perfectly to identity recognition technology whether facial, tattoo, voice, or otherwise. It is easy to imagine hackers going after such databases to exploit their content, thereby giving criminals yet another weapon to use against the general public. It is also easy to see that societal norms need to be established that protect the privacy of citizens and only allow the use of such technologies under very limited circumstances. 

The Constitution, through the Fourth Amendment, protects people from unreasonable searches and seizures by the government. The Fourth Amendment, however, is not a guarantee against all searches and seizures, but only those that are deemed unreasonable under the law. Using identity technology is arguable searching for individuals with the intent of seizing them.  Care must be taken to ensure this is not abused.

Sources: NakedSecurity, NIST Tatt-C Article

Additional Reading: Facial Recognition Technology that Works even with Coronavirus Masks

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!