back to article And you thought the cops were bad... Civil rights group warns of facial recog 'epidemic' across UK private sites

Facial recognition is being extensively deployed on privately owned sites across the UK, according to an investigation by civil liberties group Big Brother Watch. It found an "epidemic" of the controversial technology across major property developers, shopping centres, museums, conference centres and casinos in the UK. The …

  1. adam 40 Bronze badge

    Covered by GDPR?

    Can't we just send in GDPR requests?

    "Do you have my mug on your database?" etc

    The cost of servicing them will surely put paid to this.

    1. Graham 32

      Re: Covered by GDPR?

      Covered by Data Protection Act already. Has been this way for a long time, even for home security cameras.

      https://www.gov.uk/request-cctv-footage-of-yourself

      If doing facial recognition such that individuals have a personal identifier (some encoded ID based on the shape of their face) then I would think GDPR applies too.

      (edit for afterthought:) Is there different legislation for dashcams? If not then how do they meet the requirement about "owner’s details are usually written on a sign attached to the camera"? Or are we all allowed to get car owner's details from DVLA by saying "they had a dashcam, give contact details"?

      1. KittenHuffer Silver badge

        Re: Covered by GDPR?

        I'm sure someone will correct me if I'm wrong, but dashcams are just video recorders. And as far as I was aware taking photos or video in public spaces is perfectly legal. Plus the dashcam is not performing facial recognition.

        The use of dashcams when you travel onto private land might be a different matter, but then it would be a civil matter between yourself and the land owner.

    2. Anonymous Coward
      Anonymous Coward

      Re: Covered by GDPR?

      Well while I appreciate the sentiment just how many people will file GDPR requests for every store they use?

      If and when this becomes widespread the amount of people willing to file requests will be vastly outnumbered by people who won’t care or can’t be arsed.

      How many GDPR requests have you filed this year for ordinary stuff so far?, imagine doing them for everywhere you visit, both governmental and business

    3. Anonymous Coward
      Anonymous Coward

      Re: Covered by GDPR?

      Sure for *commercial* databases if you *know* (through consent or notice) you might be on there (but ofc nobody is properly admitting to it right now).

      Nothing to prevent individual/personal databases of this data though; as mentioned before, we need an open source database of police stations and parliament to track attendance and cross reference associations, before they will consider a fair legal address to the problem (otherwise it'll all be "OK in the name of security/terrorism for which GDPR bypass exists").

      1. Anonymous Coward
        Anonymous Coward

        Re: Covered by GDPR?

        Actually the more you think about this the further you go down the rabbit hole into paranoia.

        Many ATM's have cameras now, which conceivably be tied to your account number and personal details, and how about those handy auto tills at supermarkets which you obligingly match to yourself with loyalty and payment cards.

        Not saying they are doing this, but what if?

        tbh I'm less concerned about the police or government than I am about companies or private individuals (the KGB and Stasi that were had positively prehistoric information systems compared to even your local police force these days, but that didn't stop them sending lots of people to prison camps or an early grave).

        If you are of interest you will have maybe a dozen people tailing you these days maybe your own satellite, in fact commercial photo recognition could give you a cast iron alibi if the powers that be mismatches you "couldn't be him sir we just got video from Tesco's of him browsing the cheeses at the time the crime was committed".

        The big problem I see is with companies using it, leading to a huge rise in personal spam while shopping :

        https://www.youtube.com/watch?v=7bXJ_obaiYQ

        https://www.youtube.com/watch?v=WWiUe5G1VSc

    4. The Nazz Silver badge

      Re: Covered by GDPR?

      Me : Do you have my mug on your database?"

      Business : "Dunno, what do you look like, send us a recent picture and we'll see."

      Me : "Ok, it's on it's way."

      Some time later, "Well, do you have my mug on your database?"

      "We do now, and oh, by the way, that'll be £119.25 you owe us."

      Me : "Wtf, GDPR requests are free of charge.

      Business : "They are, the money is due to the shattered lens of our camera."

    5. macjules Silver badge

      Re: Covered by GDPR?

      You are quite correct, you should be able to submit a request since it is not the Metropolitan Police that are carry out facial ID scanning in this case but a company called Argent. Elizabeth Denham is also investigating the links between the Metropolitan Police and Argent in regards to use of the data from the Kings Cross site (over 160 acres in area) plus the full facial ID scanning currently in operation over a similar area in Canary Wharf.

      There is a precedent for making a request to the police, which was done recently by Liberty against South Wales Police, and which resulted in legal action against that force - the verdict is due any day,

  2. Anonymous Coward
    Anonymous Coward

    So widespread as to be mundane now

    This is just one product you can buy now:

    https://software.intel.com/en-us/neural-compute-stick/training

    By no means the only one, all you need is to build up enough pictures tied to customer data and bingo all for around €65, it works with the Raspberry Pi too.

    And yes you can buy more expensive and heavy duty options.

    Genie is out of the bottle now, while the police may get restricted Supermarkets and other businesses, or even private individuals are not.

    This isn't a technology restricted to Governments anymore.

    Not saying it's a good thing, just how it is.

    1. BillG
      Boffin

      Re: So widespread as to be mundane now

      There is facial recognition kit available for restaurants that allows the business to track every patron. Repeat patrons are matched with waitstaff to track regulars. Waitstaff and regulars are counted and each waitstaff member is assigned a weighted value based on the number and frequency of regulars.

      I don't have knowledge if the patron's spending is factored in, but I briefly worked with a company that supplied this equipment that counted Hooters and one of those chain bars (TGIFridays or Bennegins, I forget which one) as customers.

      Most of you El Reg readers are nodding your heads saying yes, this is easy to code.

      This was three years ago. The genie is not only out of the bottle, it is dancing, flying, and singing an opera.

      1. Woodnag

        Re: So widespread as to be mundane now

        A friend worked for a high end restaurant in Phoenix 10 years ago. Customers who made bookings over the phone were tracked across repeat visits in terms of tipping, early/late, etc and this used to decide whether a new booking would be accepted, particularly if the covers were filling fast.

  3. M7S

    WTF are they scanning for?

    "Liverpool's World Museum scanned visitors with facial recognition surveillance"

    Surely the value of facial recognition is to identify people you want to be aware of and who you know about. I can see that there is a valid use by public authories for trying to detect wanted/missing/vulnerable persons, (once proper rules have been sorted out), but for a museum?

    What database are they comparing visitors to?

    Are they worried about either of the Dr's Jones purloining some artefact for the next film in the sequence?

    Are the mugshots of John Robie or Sir Charles Lytton loaded onto the system?

    Are they worried that frequent visitors will be exposed to a cumulative dose of magic emanating from the exhibits and suddenly find themselves acting like John Hannah surrounded by non-Nestene Autons, so they're building up a database to decline entry after N visits?

  4. nematoad Silver badge

    That's alright then.

    "Any use of similar technology in the future would be in accordance with National Museums Liverpool's standard operating procedures and with good practice guidance issued by the Information Commissioner's Office."

    I would hope that they would also obey the law and keep within the GDPR. That little regulation seems to have slipped their mind. Must be thinking about higher things.

  5. Danny 2 Silver badge

    ProtonMail outage

    Off topic, sorry, but ProtonMail seems to be either underattack or just plain failing just now. Not just me, I checked.

    By chance I only noticed because I was about to email a communist to grass up my mum for being inadvertently racist. It is a fairly funny anecdote but two too many racial smears to publish here.

    "Account temporarily unavailable. Please try again in a few minutes"

    On and off for the past hour, longer for others. Kind of security related since the last time this happened it was totally GCHQ.

    If you are going to use ProtonMail for the next 24 hours then maybe don't grass up your mum.

  6. Danny 2 Silver badge

    Hypocratic oath for maths and tech

    Off topic again, doubly sorry but I can't email a funny story securely so I read this:

    Maths and tech specialists need Hippocratic oath, says academic

    https://www.theguardian.com/science/2019/aug/16/mathematicians-need-doctor-style-hippocratic-oath-says-academic-hannah-fry

    How did that oath work for Dr Shipman and Dr Mengele?

    On the other hand my crappy tech college snuck ethics into our classroom. They left six old copies of Plato's The Republic in the bin in our portacabin, and naturally we stole them and prized them. I also read Russell's History of Western Philosophy in the weeks before my Electronics exams, and still passed.

    Logic unites science and philosophy. Oaths, not so much. I promise you.

    1. Wiretrip

      Re: Hypocratic oath for maths and tech

      That article is a shameless plug for the Chrtismas Lectures. The problem I have wuth her assertion that the developers should take an oath is that it is the VCs and business types that are pushing 'AI' (or 'statistics' as I tend to call it) - or narrowly capable and unready technologies - on the masses.

      1. Jonathan Richards 1
        Go

        Re: Hypocratic oath for maths and tech

        > it is the VCs and business types ...

        They're only pushing what they can buy from technically and mathematically capable practitioners. As Dr Fry says, ethics are taught alongside medicine throughout, whereas they're bolted on to a mathematician's skillset as an afterthought, if at all.

        1. Yet Another Anonymous coward Silver badge

          Re: Hypocratic oath for maths and tech

          Basic engineering ethics mean no programmer would make a destroy_london() function.

          They should make a destroy_city() function that can take any city as a parameter

          1. TimMaher Bronze badge

            Re: Hypocratic oath for maths and tech

            Yup. That would not be good programming.

            How about a series of convenience methods that resolve to calling one functional method? Like:-

            public Boolean destroyCity(String cityName){

            return destroyCity(getCentreLatLong(cityName);

            }

            private Boolean destroyCity(Coordinates cityCentre){

            Boolean annihilated=true; // default likelihood

            try{

            bomb(cityCentre);

            } catch (Exception ex) {

            annihilated=false;

            }

            return annihilated;

            }

            Even then I have kept “destroyCity” whereas, if I had longer deadlines I could produce destroyLocationToRadius, to allow for more finely grained control and many more convenience methods.

            Unfortunately I had to skip the ethics discussion as I have been too busy.

            1. Yet Another Anonymous coward Silver badge

              Re: Hypocratic oath for maths and tech

              The important points are to ensure it doesn't default to 'localhost' if you leave out the parameter

              and be really sure you aren't on the production system when testing it.

  7. Chris G Silver badge

    Legal right

    Do the cops actually have a legal right to request a private company or organisation to use FR on their behalf?

    Sometimes I think if Germany had succeeded in invading the UK in the 1940s, they would have had little trouble finding collaborators to work with them and snitch on the population.

    As I posted earlier in another thread, it's time to adopt the Japanese and Chinese habit of wearing a mask in the street.

    1. Anonymous Coward
      Anonymous Coward

      Re: collaborators

      Given how Boris used that very word this week, and what it meant in the real world in France during and after the war, I'd be very wary of it.

      1. John Brown (no body) Silver badge

        Re: collaborators

        Why? It was used in the correct context.

    2. Warm Braw Silver badge

      Re: Legal right

      Do the cops actually have a legal right to request a private company or organisation to use FR on their behalf?

      IANAL, but not specifically, I don't think. However, if you operate any kind of venue that requires a licence (and that includes places that serve alcohol or provide entertainment), the police can (and do) object to the issuing of licences, objections which are withdrawn if the venue agrees to certain conditions - such as the installation of CCTV. Technically, I think the issuing authority could ignore the objection, but usually they don't. Technically, the venue can appeal against an objection, but since the usual origin of the objection is that the place has been a source of violent behaviour and/or drug dealing, the likelihood is that they'd lose. I'm not aware of any circumstances in which a venue has been forced to install facial recognition yet, but if a crime is committed on premises with CCTV, the police could in theory seize the video as evidence and process it as they liked as far as I know

      1. Yet Another Anonymous coward Silver badge

        Re: Legal right

        So you live in a country where the police can say 'so you want to hold an exhibition of early Chinese sculpture?' 'well I suppose we could allow that if you install facial recognition'

    3. TimMaher Bronze badge
      Trollface

      Is this the right moment?...

      ...to remind readers that you can buy pixelated face masks on the web.

    4. eldakka Silver badge

      Re: Legal right

      Do the cops actually have a legal right to request a private company or organisation to use FR on their behalf?

      The cops, just like anyone, has the legal right to ask anything of anyone.

      It's only when it comes to directing or requiring or ordering, whether explicit - "we are directing you under the following powers to..." - or implicit - "our response time to calls at this location could suffer " - that possible breaches of laws or rights enters into it.

  8. Peconet57
    Linux

    Slavery by cameras.

    And we all had thought that Slavery had all but gone then the Governments come in with something else to keep us in check.

  9. Anonymous Coward
    Anonymous Coward

    private ANPR too...with results fed to the police

    An industrial estate nearby is installing an automated main gate after a series of thefts. It's capable of ANPR. The police have offered reduced callout times in exchange for a feed of the ANPR results. It's a handy way to extend the coverage with essentially zero oversight.

    1. Jonathan Richards 1

      Re: private ANPR too...with results fed to the police

      ANPR isn't subject to the Data Protection Act provisions, though, because vehicles aren't living persons.

      1. Yet Another Anonymous coward Silver badge

        Re: private ANPR too...with results fed to the police

        Until you tie it to specific people and start treating them differently because their car was tracked going to synagogue last Saturday

        1. Anonymous Coward
          Anonymous Coward

          Re: private ANPR too...with results fed to the police

          Going to the synagogue? Nah, it’s us “dangerous” Songs Of Praise Christians they’re tracking because we don’t go along with their Inverted Totalitarian PC crap and mandates against freedom of thought, freedom of speech, freedom of worship and religious beliefs...only the other two Abrahamic religions are allowed the latter.

          1. Anonymous Coward
            Anonymous Coward

            Re: private ANPR too...with results fed to the police

            >Going to the synagogue?

            But that's where the Sinn Fein Muslim terrorists go ....

    2. John Brown (no body) Silver badge

      Re: private ANPR too...with results fed to the police

      "The police have offered reduced callout times in exchange for a feed of the ANPR results."

      It'd be a shame if the bad guys got away before we get around to sending a car out. Got anything we might like in exchange for getting there on time?

      Signed

      Protection'R'Us

  10. Anonymous Coward
    Anonymous Coward

    I believe that is what is going on at the Walgreens drug stores in the US.

    Walgreens has started entering customers full birth dates into the computerized cash registers when purchasing beer or liqour while a video monitor above the cash register shows that an overhead camera is pointed directly at the customer at checkout.

    Walgreens even asked my father for his exact birth date even though he's in his mid eighties.

    I wonder how many people in a 5 mile radius would have the exact birthday as someone else?

    I firmly beieve Walgreens is collecting peoples photos and matching them with the birth date and any other data such as "Loyalty Discount" card or phone numbers.

    Also, Mc Donalds has been changing their interiors to have self service ordering of food using phone apps and above each station there is also an overhead camera.

    Home Depot and WalMart self checkouts also have cameras built into the monitors showing customers faces.

    (Legal Disclaimer: These are just my beliefs and opinions and I have no proof of any of these companies hoarding users data or photos and is only based on past history of abuses)

    1. Charles 9 Silver badge

      Re: I believe that is what is going on at the Walgreens drug stores in the US.

      "I wonder how many people in a 5 mile radius would have the exact birthday as someone else?"

      You should look up the Birthday Problem sometime. Depending on how many people are in a five-mile radius, the odds of two people having the same birthday can surprise you (once you hit 23 people, the odds are better than 50/50).

      As for the ubiquitous cameras, you have to figure there's at least some CYA tactics being employed here, especially with all the high-impact incidents lately.

  11. Anonymous Coward
    Anonymous Coward

    The collusion between police and private companies

    I like the word "collusion" in this context! Conspiring against the third parties, not unlike collusion between... well. And I once thought that the police are actually there to protect me :)

  12. Pascal Monett Silver badge

    "There is a dark irony that this authoritarian surveillance tool is rarely seen outside of China"

    Um, from what I've read, the UK is just as surveillance-camera bent as China, if not more so.

    So the dark irony is that there still are people in the UK who consider that China is worse then them as far as camera surveillance is considered.

    1. Anonymous Coward
      Anonymous Coward

      Re: "There is a dark irony...

      At least China is honest about what they do rather than trying to conceal it so the public don't know it's going on.

      I was in Beijing a while ago and the camera surveillance was obvious. It did feel just like being at home in the UK.

  13. Fruit and Nutcase Silver badge
    Big Brother

    Think of the Children

    "Kent Police and West Midlands Police were named by ministers in June as collaborating with the Home Office to trial the technology to trace “missing and vulnerable persons”."

    "However, Freedom of Information responses, seen by the Observer, reveal both forces are in fact fiercely resistant to piloting facial recognition and deny they agreed to help the Home Office trial the technology."

    "The development leaves South Wales Police as the only force in England and Wales currently spearheading Home Office-funded facial recognition trials."

    https://www.theguardian.com/world/2019/aug/17/police-halt-trials-face-recognition-systems-surveillance-technology

  14. The_Idiot

    Hmmm...

    Room for an enterprising app here :-).

    1: Establish (possibly crowd sourced data) database of all facial recognition camera locations.

    2: App polls database, polls phone location.

    3: If (Current location) (close enough) (facial recognition camera location) then (automatically file pre-templated GDPR information request)

    That might get a little expensive for someone :-).

    1. Strahd Ivarius

      Re: Hmmm...

      And after you collect the personal information of the App users you can sell it to the camera operators so they know which suspects to aprehend...

    2. RunawayLoop

      Re: Hmmm...

      Room for an enterprising app here :-).

      Also room for an enterprising business. Selling guy fawkes or groucho marx masks at the front door to said <exhibit/gallery/other local event> could start to be a real winner...

  15. hoola Bronze badge

    The Link To Google

    The big one for me that has not been mentioned is that this is on Google's site. That should be the one thing ringing huge alarm bells. Much like Facebook they have proven to do anything they want and then just say sorry after the event.

    I would not be surprised to learn of links between Google and the developed. I expect all the data is also on US servers as well.

  16. PapaD

    Counter technology

    How long before we get some serious 'subtle' pieces of technology that cause facial recognition software to fail to recognise your face as a face.

    (By subtle, i mean not including crazy makeup, weird tactical headwear, or bulky and obviously UV LED filled glasses.)

    If this becomes too pervasive, i can't imagine it will take too long for people to build wearable anti-surveillance gear that is available to the public and which isn't distinguishable from other regular gear (like glasses, necklaces, etc)

    1. Charles 9 Silver badge

      Re: Counter technology

      The cat-and-mouse is already at play in Hong Kong, where cameras are in play. Thing is, expect counter-counter-technology to be employed as well, such as infrared thermal recognition which is harder to mask. I'm waiting to see an endgame for this: a piece of tech no counter-tech is possible or practical.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020