Facial recognition is increasingly common, but how does it work?

Jessica Gabel Cino, Georgia State University

The Trump administration’s efforts to impose new immigration rules drew attention – and legal fire – for its restrictions on the ability of people born in certain majority Muslim countries to enter the U.S. In the frenzy of concern, an obscure piece of the executive orders did not get scrutinized, or even noticed, very much: an expansion of facial recognition systems in major U.S. airports to monitor people leaving the U.S., in hopes of catching people who have overstayed their visas or are wanted in criminal investigations.

It’s a much more powerful version of the method your phone or computer might use to identify friends in your photos. Using computers to recognize people’s faces and validate their identities can streamline access control for secure corporate and government buildings or devices. Some systems can identify known or suspected criminals. Businesses can analyze their customers’ faces to help tailor marketing strategies to people of different genders, ages and ethnic backgrounds. There are even consumer services that take advantage of facial recognition, like virtual eyeglass fitting and virtual makeovers.

There are also serious privacy concerns as government agencies and companies are more able to track individuals through their communities, and even around the world. The facial recognition market is worth approximately US$3 billion and is expected to grow to $6 billion by 2021. Surveillance is a large reason for growth; government entities are the primary consumers.
The FBI has a database with images of approximately half the U.S. population. There are also fears of people using facial recognition to engage in online harassment or even real-world stalking.

As facial recognition becomes more common, we must know how it works. As someone who studies and researches the legal implications of new technology in criminal investigations, I believe it’s important to understand what it can and can’t do, and how the technology is progressing. Only then can we have informed discussions about when and how to use computers to recognize that most human of features – our faces.

How it works

As one of several methods of what are called “biometric” identification systems, facial recognition examines physical features of a person’s body in an attempt to uniquely distinguish one person from all the others. Other forms of this type of work include the very common fingerprint matching, retina scanning, iris scanning (using a more readily observable part of the eye) and even voice recognition.

All of these systems take in data – often an image – from an unknown person, analyze the data in that input, and attempt to match them to existing entries in an database of known people’s faces or voices. Facial recognition does this in three steps: detection, faceprint creation, and verification or identification.

When an image is captured, computer software analyzes it to identify where the faces are in, say, a crowd of people. In a mall, for example, security cameras will feed into a computer with facial recognition software to identify faces in the video feed.

Once the system has identified any potential faces in an image, it looks more closely at each one. Sometimes the image needs to be reoriented or resized. A face very close to the camera may seem tilted or stretched slightly; someone farther back from the camera may appear smaller or even partially hidden from view.

When the software has arrived at a proper size and orientation for the face, it looks even more closely, seeking to create what is called a “faceprint.” Much like a fingerprint record, a faceprint is a set of characteristics that, taken together, uniquely identify one person’s particular face. Elements of a faceprint include the relative locations of facial features, like eyes, eyebrows and nose shape. A person who has small eyes, thick eyebrows and a long narrow nose will have a very different faceprint from someone with large eyes, thin eyebrows and a wide nose. Eyes are a key factor in accuracy. Large dark sunglasses are more likely to reduce the accuracy of the software than facial hair or regular prescription glasses.

A faceprint can be compared with a single photo to verify the identity of a known person, say an employee seeking to enter a secure area. Faceprints can also be compared to databases of many images in hopes of identifying an unknown person.

It’s not always easy

A key factor affecting how well facial recognition works is lighting. An evenly lit face seen directly from the front, with no shadows and nothing blocking the camera’s view, is the best. In addition, whether an image of a face contrasts well with its background, and how far away it is from the camera, can help or hurt the facial recognition process.

Another very important challenge to successful facial recognition is the degree to which the person being identified cooperates with – or is even aware of – the process. People who know they are using facial recognition, such as that employee trying to get into a restricted room, are relatively easy to work with. They are able to look directly at the camera in proper lighting, to make things optimal for the software analysis.

Other people don’t know their faces are being analyzed – and may not even know they’re being surveilled by these systems at all. Images of their faces are trickier to analyze; a face picked out of a crowd shot may have to be digitally transformed and zoomed in before it can generate a faceprint. That leaves more room for the system to misidentify the person.

Potential problems

When a facial recognition system incorrectly identifies a person, that can cause a number of potential problems, depending on what kind of error it is. A system restricting access to a specific location could wrongly admit an unauthorized person – if, say, she was wearing a disguise or even just looked similar enough to someone who should be allowed in. Or it could block the entry of an authorized person by failing to correctly identify her.

In law enforcement, surveillance cameras aren’t always able to get very good images of a suspect’s face. That could mean identifying an innocent person as a suspect – or even failing to recognize that a known criminal just ran afoul of the law again.

Regardless of how accurate it appears to be on TV crime dramas, there is room for error, though the technology is improving. The National Institute of Standards and Technology has estimated that stated error rates are declining 50 percent every two years, and are currently around 0.8 percent. That’s better than voice recognition, which has error rates above 6 percent. But facial recognition may still be more error-prone than iris scanning and fingerprint scanning.

Privacy concerns

Even if it’s accurate, though – and perhaps even more so as accuracy improves – facial recognition raises privacy concerns. One of the chief worries is that, much like the rise of DNA databases, facial features and photos are being warehoused by government agencies, which will become able to track people and erase any notion of privacy or anonymity.

New privacy problems are cropping up all the time, too. A new smartphone app, FindFace, allows people to take a person’s photo and use facial recognition to find their social media accounts. Ostensibly a convenient way to connect with friends and co-workers, the app invites misuse. People can use it to expose identities and harass others.

These new capabilities are also raising concern about other malicious uses of publicly available images. For example, when police issue alerts about missing children, they often include a photograph of the child’s face. There is little regulation or oversight, so nobody knows whether those images are also being entered into facial recognition systems.

This, of course, doesn’t even touch on using facial recognition tools along with other technologies like police body cameras, geolocation software and machine learning to assist in real-time tracking. That goes beyond simple identification and into the realm of where someone has been, and where the software predicts they will go. Combining technologies offers attractive options for crime fighting, and deepens the fissures in our privacy.

Technology provides powerful tools, and the law is often ill-equipped to keep pace with new developments. But if we’re going to be using facial recognition in immigration and law enforcement decisions, we must engage with its possibilities and its detriments, and understand the issues of accuracy, privacy and ethics this new capability raises.

Jessica Gabel Cino, Associate Dean for Academic Affairs and Associate Professor of Law, Georgia State University

This article was originally published on The Conversation. Read the original article.

There is no silver bullet to stop fraudsters

Jennifer Wilson, Macquarie University

A common stereotype of fraudsters is that they are psychopaths. That fraudsters are considered manipulative, callous and remorseless is understandable, considering the consequences of fraud.

But these traits are not necessarily typical. Different people commit different types of fraud in different circumstances.

I reviewed decisions handed down in fraud trials and found that some fraudsters were completely remorseful, some were partly remorseful and others showed no remorse at all. Several fraudsters I interviewed described distress at violating their morals. One fraudster spoke of his regret at causing harm to his victims.

False stereotypes of who fraudsters are, and why they do what they do, could lead us to go after the wrong people.

Stereotypes aren’t helping

That the “typical” fraudster is a middle-aged male manager is another stereotype. But this does not explain two of the largest frauds by individuals in Australian history, both committed by women – Rajina Subramaniam (A$45 million) and Sonya Causer ($20 million).

Theories about fraud offer little help in predicting fraudsters. The dominant theory, The Fraud Triangle, presents fraud as comprising motive, opportunity and a justification.

But it says nothing about who will have both a motive for fraud and decide to commit fraud.

An adaptation of The Fraud Triangle, The Fraud Diamond, adds an extra element – capability. The rationale is that some level of capability is needed to identify and exploit an opportunity for fraud.

But, as I will explain later, this also is too simplistic.

How to spot a fraudster

Opinions differ on whether fraudsters are different from the rest of us and, if so, what makes them different. Some fraudsters who offend to protect their employers are highly conscientious, irresponsible and lack regard for social norms. In contrast, fraudsters who offend for their own benefit have been found to be narcissistic and lacking conscientiousness.

Some fraudsters have gambling addictions, but not all addicts commit fraud. Some researchers question whether gambling may sometimes be an excuse rather than a reason for fraud.

One of the fraudsters I interviewed described feeling desperate to provide for his family after some investments went bad. He said his shame about his crimes would prevent him from re-offending. Another said he would not re-offend because the risk of a criminal record could prevent him from providing for a family if he had one in future.

The varied results from all this research show the folly in picking just one metric to try to identify a fraudster. Organisations that screen using only criminal records, for example, may wind up hiring more risky, rather than less risky, employees.

Anyway, most employees convicted of fraud do not have prior criminal records and may never re-offend.

Career fraudsters may not show up in a criminal records check. Some are smart or lucky enough not to be convicted, charged, or even caught. Previous employers may not realise they have been victimised. Employers may also decide not to involve the authorities to avoid bad publicity.

So what do you do?

So how do organisations predict which employees might commit fraud when there is no reliable psychological test to screen them?

Employers need to start by avoiding what psychologists call a fundamental attribution error – focusing on characteristics of individuals while ignoring the effect of environment on their behaviour. This means that to predict who is likely to commit fraud, we need to understand the effect of fraudsters’ environments.

I have created a model to explain how different factors, involving both the potential fraudster and their wider context, may influence different stages of fraud in different ways.

As you can see, there is no one thing we can point to that leads to fraud.

To illustrate the model using the capability element of The Fraud Diamond, an incompetent manager may start falsifying financial statements to disguise his or her mistakes. A lack of capability is no barrier if organisations have poor accounting controls. A smart fraudster may steal more money over a longer period than a less capable fraudster. He or she may also avoid detection altogether.

There is no silver bullet to stop fraudsters. Predicting who is likely to commit which type of fraud under which circumstances would involve comparing a lot of people in the same circumstances who offend and
with those who don’t. But we don’t yet have the data to do this.

If employers want researchers to tell them which employees are likely to commit fraud, they need to help by reporting fraudsters to the authorities instead of sweeping their offences under the carpet. Researchers need to understand that someone who steals repeatedly may have more in common with a kleptomaniac than a serial killer.

In the meantime, we all need to consider that someone who steals to pay for medical treatment for a dying relative may have little in common with a billionaire Ponzi scheme operator.

Jennifer Wilson, Combined PhD / Master of Organisational Psychology candidate, Macquarie University

This article was originally published on The Conversation. Read the original article.

Making companies pay for failing to prevent employee fraud

Jeanette Van Akkeren, Queensland University of Technology

The high cost of organisational fraud in both private and public sectors in Australia continues to haunt organisations, particularly fraud committed by “trusted” employees.

Cases prosecuted this month include former Sydney Ferries CEO Geoff Smith, who was sentenced to more than three years jail for a corporate credit card spending spree, and former Burke Shire Council deputy CEO Frederick Aqvilin, who is alleged to have illegally transferred more than A$1 million of council monies to his own account.

Spectacular cases in recent history include A$45.3 million stolen from ING by an employee over five years, and A$16.4 million stolen from Queensland Health, and later attributed in part to poor supervision and management.

Often even more damaging are financial crimes committed by groups of senior executives working in collusion within large organisations – frauds that are usually very difficult to detect.

Who can forget HIH, One.Tel and Clive Peeters? And then there’s the evolving Commonwealth Bank and ASIC fraud scandal in which the activities of dodgy financial planners led to thousands of people losing their life savings.

Multiple victims

The victims of fraudulent acts are not only shareholders or customers of the company; innocent employees are at risk as they can lose their jobs as a consequence of these crimes.

Then there are those who have missed out on aid from a not-for-profit organisation where a major fraud has been perpetrated. According to accounting firm BDO’s 2014 Not-For-Profit Fraud Survey, 70% of organisations that experienced fraud in the previous two years had suffered fraud in the past. This suggests many organisations had failed to implement fraud prevention policies.

KPMG reports that, although managers commit less fraud overall, the cost of a single incident can be hundreds of millions of dollars. Determining the overall cost of fraud to a nation like Australia is almost impossible as more than 50% of cases are never reported. This means the true cost is at best, an educated guess.

Accountability in the UK and beyond

Recently, and in response to the ongoing problem of corporate crime, UK Attorney-General Jeremy Wright has considered bringing in a new offence of “failure to prevent financial crime”.

The proposed reform to the UK Bribery Act could result in companies being found guilty of financial offences regardless of whether the board knew about them, making it an offence if a company is found to have failed to prevent financial crime.

The fallout for companies, should this reform pass through parliament, is the potential of multi-million pound fines and reputational damage should rogue employees commit fraudulent acts that were preventable. This is in addition to legislation already enacted that places strict and heightened liability upon companies, directors and individuals for bribery-related acts when carrying out business in the UK.

The implication for Australian and other international organisations doing business in the UK is that the Bribery Act has extensive territorial scope, making them equally liable and exposed to prosecution for failure to prevent bribery, regardless of where the misdemeanour occurred. Therefore, if the reform is passed, Australian organisations doing business in the UK would also be open to prosecution if it could be shown that inadequate systems and weak control measures contributed to the crime when it occurred.

Organisations may argue that they are compliant with the Foreign Corrupt Practices Act (FCPA) or local laws such as CLERP 9 rules sitting under the Corporations Act, but this alone does not constitute immunity under the UK Bribery Act or, for that matter, with the US Sarbanes-Oxley Act.

Are Australian legislators doing enough?

The Corporations Act, passed in 2004, developed rules relating to financial disclosure, whistleblowing and remuneration for directors and executives and is relevant to company directors of small and large organisations. They are legally enforceable auditing standards, which have shifted the emphasis on fraud controls back into the corporate governance arena.

However, 10 years on there has been little change in the corporate fraud climate in Australia with cases continuing to emerge. The UK Bribery Act and proposed reform, alongside the tightening of the Sarbanes-Oxley rules in the US place greater emphasis on fraud prevention, compliance and corporate governance than currently exists in Australia.

The crackdown on organisational bribery and corruption by international legislators shows a growing intolerance of less than honest corporate practices.

Improving and strengthening governance and other control measures to minimise corporate fraud may spawn the next wave of legislation and force companies to take their fraud prevention strategies more seriously. It remains to be seen if reform to the Bribery Act is passed, and whether Australia adopts a similar legal principle. Regardless, unless organisations become more vigilant, proactive and transparent on minimising fraud, legislators may just force compliance upon them.

Jeanette Van Akkeren, Senior Lecturer in Forensic Accouning, Queensland University of Technology

This article was originally published on The Conversation. Read the original article.

How Facebook could be threatening your romantic relationship

Sam Carr, University of Bath

Deciding whether technology is “good” or “bad” can be like trying to decide the same thing about food. That is, it’s pretty obvious that it’s good in some ways and bad in others. But we need to be mindful of both as we tumble deeper into a digital age.

Some argue that technology has an immensely positive influence on our closest relationships. Facebook CEO Mark Zuckerberg claims that “when people are connected, we can just do some great things. We have the opportunity to bring the people we care about closer to us. It really makes a big difference.”

This is true. But we shouldn’t be too quick to generalise. Technology can also have a toxic effect on intimate relationships, one of which is Facebook’s own potential to exacerbate romantic insecurity.

The key features of insecurity are mistrust in a partner’s loyalty and fidelity; a deep rooted fear that they will abandon us, and a hyper-vigilance or awareness of potential threats to the relationship. It’s our psychological response to the fact that, on some level, life’s cruellest paradox is that those we love the most could (and often do) hurt us most deeply.

Insecurity can be a pervasive and enduring trait in some people but it can also vary in response to triggers (real or imagined) that heighten it. It has been well established as a driving force behind relationship conflict and disharmony because people are compelled to cope with it by seeking unreasonable levels of certainty, exerting excessive control, and punishing significant others for perceived wrongdoings.

It would be simplistic to suggest that technologies such as Facebook cause romantic insecurity. People were insecure long before social media came along. But it is important to explore how insecurity is intensified or shaped by a social media platform that facilitates an unprecedented degree of fusion between partners’ social networks.

Facebook – which started life comparing the appearance of Harvard students – gives couples access to multiple features of their partner’s social life. This includes a visible list of “friends” (raising questions such as “Why is he friends with her?”, “Why is she still in touch with her ex?”); documented public interactions with such “friends,” and pictures, comments, likes, and posts, each of which can be all too easily surveyed and scrutinised. This can serve as excellent fodder for the insecure mind that is hyper-vigilant to potential relationship threats.

A recent anthropological study revealed that some young people are indeed finding that Facebook permits a level of access to partners’ social interactions that fans the flames of romantic insecurity to uncomfortable levels.

One participant told of her reaction to seeing that her boyfriend had written a message in Italian to a girl on Facebook. Suspicious that she was being cheated on, she used translation software to understand the words, spent two hours “Facebook stalking” the mystery girl to find out what she looked like and who her friends were, and then eventually realised that, in fact, her “rival” had a boyfriend of her own. At this point, the suspicious girlfriend decided to stop using Facebook.

The same study highlighted that young people felt confused and conflicted about whether they were actually insecure people in the first place, or whether Facebook had played a major role in generating their insecurity.

Insecurity settings

Many suggested that insecurities frequently arose over issues they simply would not (and should not) have known about, had they not had a platform for such pervasive scrutiny and surveillance of their partner’s social lives.

One contributor commented: “I couldn’t decide whether it was the fact that I checked Facebook that triggered my not trusting him, or I already didn’t trust him, and Facebook just perpetuated it.”

Larger studies have supported the idea that Facebook seems to bring out the green eyed monster, arguing that it exposes people to ambiguous information about their partner to which that they wouldn’t otherwise have had access.

One of the fundamental ways that technology has changed society is by facilitating our surveillance of one another. It has been argued that we are now firmly living in an age of surveillance. But there must be a line, beyond which we pay a price for such a high degree of surveillance, such as human rights infringements and excessive invasion of privacy.

Facebook delivers a language of surveillance into the realms of young people’s relationships, changing how people relate. Some are finding that there is a line to be drawn here too, and that the psychological cost of excessive access to romantic surveillance includes a thriving sense of insecurity.

Sam Carr, Lecturer in Education, University of Bath

This article was originally published on The Conversation. Read the original article.