Facial recognition technology is not a proportionate response to the occasional pick-pocket, but is equivalent to driving a nail into the wall using a sledgehammer, the first United Nations Special Rapporteur on the right to privacy Joseph Cannataci has told The Malta Independent.
In an interview published today, Prof. Joseph Cannataci and Dr. Reuben Farrugia, , a senior lecturer at the University of Malta in the Faculty of Information & Communication Technology, and also an expert in the fields of image processing and biometrics, were asked to explain the complex technology that is facial recognition from both legal and technical aspects respectively.
Farrugia explained that with a 97% success rate with images, “it’s hard to deny that the potential uses of this technology raise many questions as to the real implications this may have on our daily lives”.
Professor Cannataci argues that “politicians and companies may say whatever they please, but the law and our privacy need to be respected”.
In the same interview, which covered a range of topics in the world of privacy and technology, Cannataci and Farrugia also spoke about the differences between CCTV and imagery facial recognition, and the various potential breaches of privacy such a technology may commit.
The technical aspect - Reuben Farrugia
Face Recognition Technology – How does it work?
In September, Prime Minister Joseph Muscat said that the government is considering arming security forces with face recognition cameras in ‘certain areas’ and Paceville. The previous year, the government company Safe City Malta, part of the government’s public-private partnership arm Projects Malta, also proposed using Paceville as a “prime candidate to test the system, as a town that offers a security challenge”.
Before we get into the legality and necessity of face recognition CCTV cameras, how does it actually work?
The Malta Independent met with Dr Reuben Farrugia, a senior lecturer at the University of Malta in the Faculty of Information & Communication Technology, and also an expert in the fields of image processing and biometrics, including face recognition.
Face Recognition for Images
Farrugia explained that face recognition is not like what we see on television in series such as CSI:Miami, a show famous for its dramatization of investigative methods where different points on the face are measure to create a virtual model of an individual’s appearance, but a more modern technique which stems from a 2015 paper published from the Oxford University where they used deep neural networks.
Essentially, face recognition has to detect texture differences between one face and another, for example, the rate of change of the eyebrows.
This technology is being heavily invested in by companies such as Facebook and Google, both companies which have used it successfully for face recognition, and already have a huge data set of faces on their platforms consensually provided by its users.
“To train a face organizer you need a huge data set of faces – we are talking about millions of photos which have to be labelled. Access to that is easy since there are public data sets which you can use to train your own network.”
“Train?” you may be asking?
Indeed so! Farrugia explained that for this software to work, you must input a huge amount of labelled faces for training, and over time it will learn discriminate between different persons. If you train the network using 1000 persons it will be able to discriminate between unseen faces as well.
This technology has recently been shown to be as accurate as people who are trained for face recognition, so as he puts it, “that is something that is scientifically proven”.
With a 97% success rate, its hard to deny that the potential uses of this technology raise many questions as to the real implications this may have on our daily lives.
Next step – CCTV?
As Farrugia reasoned, using this technology for CCTV is very different from image-use because “the environment of CCTV is much more difficult”.
“When you have images or photos taken with a camera, then face recognition is easier. But when, for example, you are using video footage and it is raining, or the camera is moving, then it is harder to implement the technology because the image being used is blurred or not as clear as a still image would be.”
The quality of the cameras to be used also comes into question, as the majority of people buy lower quality cameras due to the expenses that come with HD cameras. Your typical CCTV cameras are not, for example, the same as the ones used to shoot football matches which can do a whole bunch of different things and keep their quality.
“Typical CCTV cameras are quite cheap, and the quality is not that good. Their video files are also compressed because of their size, and this leads to loss of quality and information.”
All these are problematic because if you apply a face recognizer on low quality CCTV images then it simply won't work. So, in terms of face recognition technology you must have good quality cameras for it to function properly.
The legal aspect - Prof. Joseph Cannataci
Apart from the technological hurdles that facial recognition brings with it, it is also important to consider the legality of having constant, advanced surveillance on a population.
For the privacy side of the facial recognition question, The Malta Independent spoke with Professor Joseph Cannataci, the first United Nations Special Rapporteur on the right to privacy, Head of Department of Information Policy & Governance and Deputy Dean for the Faculty of Media & Knowledge Sciences at the University of Malta.
Application of the Law
Cannataci explained that at this moment in time, the law that applies to Malta in this place comes in three forms.
Firstly, there’s the General Data Protection Regulation (GDPR), which covers the collection and use of personal data and which came into force on the 25th May 2018. Personal data is defined as “any form of data which can be linked to an identified or identifiable individual.”
The GDPR is a law which Malta contributed to in the drafting stage, but over which it now has no control. Basically, this was not a directive from the European Union which Malta then transposes into law, but a higher-level form of law, i.e. a regulation where every single comma applies all over the European Union and which can’t be changed unless a majority of all EU member states would agree.
The GDPR applies to all data with the exception of data which is used in the criminal justice sector and the national security sector.
The second form is the one which is used for the criminal justice sector, and this comes under what we call the “Police directive”, which came into effect on the 6th of May 2018, and which is very closely matched to the GDPR but which requires transposition into Maltese domestic law before it can come into effect.
The Maltese Government has to implement this Directive when it comes to data that is collected and used for criminal justice purposes.
Finally, there are the obligations of the Maltese Government under Convention 108. The latter is European Treaty series 108 which is the Council of Europe's data protection convention of January 1981, as revised earlier in June of this year, which was officially opened for signature on the 10th October 2018 through Protocol CETS 223.
What does this mean?
As Cannataci clarified, this means that in accordance to Article 9 of that convention, you can only interfere with a person's privacy for the purposes of National Security, the Economic Wellbeing of the State, and the Detection, Prevention, Investigation, and Prosecution of Crime. Moreover, the aforementioned purposes only be invoked if a measure which can interfere with one's privacy is already envisaged in the law, and that measure is necessary and proportionate in a democratic society.
“Therefore, as we've seen in all the recent case law from both the European Court of Human Rights in Strasbourg, and the European Court of Justice in Luxembourg, in order for any Government to put a measure in a law, it must meet the tests of necessity and proportionality in a democratic society. Before putting out a system in Malta’s streets, even if only on a trial basis, whether it’s the Government or a private company, they would need to have the right laws in place and Malta’s Information Commissioner on board with full permission granted in advance. I know and trust our Commissioner. He would not grant permission without the right safeguards and the last time I asked him no such permission had been granted. So, politicians and companies may say whatever they please, but the law and our privacy needs to be respected.”
Existing Systems and Comparisons
To begin with, as he pointed out, we must start by making the important distinction between normal CCTV and Facial Recognition.
Normal CCTV is something which is recorded, and can be looked at by a human operator live. But, in the end someone is going to have to watch it, and someone else is going to have to identify the person who passes in front of the camera.
Facial recognition technology ups the ante considerably because it is capable of comparing data against an existing database.
Another important comparison is our ID card system. The ID card system has already rather controversially been used for voting, but the data was collected for a purpose.
The tests previously discussed in this piece are always applied to these varying systems.
Cannataci started by describing how, for example, the United States and other countries had tried facial recognition many times, and because of the failure rate it made it more of a hindrance than a help. Particulary because if a technology gives you a bunch of false positives, you have to understand how the error rate is calculated.
But, before you get to the error rate, you have to try and establish the purpose of installing it.
“If you can prove that it is absolutely necessary to have it, then you must have a law that enables the government or a private company to put it up; it proves that it's necessary, and that the job can not be done with any other technology or means which is less technology intrusive; and that it's proportionate.”
“If you want to drive a nail into the wall, you do not use a sledgehammer because you will break the wall.”
Essentially what he meant was that if you want to catch the occasional pick-pocket, then it is not proportional to put up cameras everywhere.
A possible scenario he presented that could (maybe) justify this level of surveillance was placing cameras at the airport immigration desks or at the Haywharf, where the argument would be that they would be using a database of pictures of known terrorists to catch someone trying to get into the country.
“But to propose to put in high definition cameras in Paceville, or in Valletta, what's the justification?”
“Frankly, given that the statistics in Malta suggest that it is one of the safest places on the planet, then there are no threats of that sort in Malta which could prima facie justify putting in facial recognition in most of the public places on the island.”
Data Mining
Living in the “era of big data analytics”, as Cannataci put it, today’s computers have the ability to link up lots of things from different databases. So if you start linking up data from facial recognition to cameras, databases of people's pictures, picture to picture comparisons - you not only have facial recognition from HDTV cameras installed in streets, but you also have the ability to cross relate.
“When you look at what we can do with big data analytics these days, it’s the joining up of the dots that presents a risk to society. If you allow people to be able to profile people according to all their movements, it’s going to become even more difficult to protect the privacy of the individual.”
A prime example would be that most of us are already giving away our location using a smartphone.
This is where the GDPR applies by forcing companies to give people the ability to control how they use their data.
Cannataci pointed out that someone could potentially look into someone’s data with the hope of finding damaging information that could be used to manipulate the victim.
“Therefore, should we be in a situation where people are put under such surveillance that they have facial recognition?”
Why would we give up freedom or privacy?
“I have not seen any evidence of people wanting to give up that amount of freedom. The evidence that I have seen across the world is that people want to preserve their freedoms.”
He adds that the evidence he has seen for people giving up their privacy for CCTV without facial recognition revolves around rather inconsequential scenarios such as neighbours leaving their garbage out at the wrong time, or because people are vandalising their property. In those cases the use of CCTV has been shown to be primarily a deterrent rather than a means of solving the crime.
So much so that some years ago, the Detective Chief Inspector at the MET Mick Neville is on record as saying that only 6.7% of the UK street crime had been solved thanks to CCTV.
“It can be useful sometimes, but it's not infallible and it doesn't enable you to catch the perpetrator every time.”
“Does it require automated facial recognition? No.”