Imagine being able to sit down in a bar, snap a few photos of people and quickly learn who they are, who their friends are, where they live, what kind of music they like ... even predict their Social Security number.
Now, imagine you could visit one of those anonymous online dating sites and quickly identify nearly every person there, just from their photos, despite efforts to keep their online romance search a secret.
Such technology is so creepy that it was developed, and withheld, by Google — the one initiative that Google deemed too dangerous to release to the world, according to former CEO Eric Schmidt.
Too late, says Carnegie Mellon University researcher Alessandro Acquisti.
"That genie is already out of the bottle," he said Thursday, shortly before a presentation at the annual Las Vegas Black Hat hackers' convention that's sure to trouble online daters, bar hoppers and anyone who ever walks down the street.
Using off-the-shelf facial recognition software and simple Internet data mining techniques, Acquisti says he's proven that most people can now be identified simply through a photograph of their face — and anyone can do the sleuthing. In other words, our faces have become our identities, and there little hope of remaining anonymous in a world where billions of photographs are taken and posted online every month.
"If we were able to do it, anyone is able to do it," Acquisti said. “The goal here is not to generate fear, but we are very close to a point where the convergence of technologies will make it possible for online and offline data to blend seamlessly ... and for strangers on the street to predict certain information about you from your picture."
With some 2.5 billion photos per month posted to Facebook, odds are very good that you can be recognized, he said.
"For most of us, there is already a photo of us online. It is close to impossible to take this data back," he said.
Using the unnerving term "augmented reality,” Acquisiti conjures up disturbing scenarios that involve law enforcement officials, marketers and other strangers constantly marrying offline and online data. Observers could overlay detailed information like political affiliation on pictures of crowds at protests, for example, creating a scary new form of crowd control, he suggested. Meanwhile, facial images could succeed in creating a national ID where enhancements to driver’s licenses have repeatedly failed, said Acquisti in his report, titled “Privacy in the Age of Augmented Reality.”
“Notwithstanding Americans' resistance to a Real ID infrastructure, as consumers of social networks we have consented to a de facto Real ID that markets and information technology, rather than government and regulation, have created,” it said.
Anyone who's ever posted a photo on a supposedly anonymous dating site has encountered the very real fear that a friend or co-worker might recognize them from their profile picture. That risk can be roughly calculated, however, and assessed. Most users take comfort that their profile will be "lost in a crowd," with thousands of others in that age group and city making their risk of exposure low.
But Acquisti found that the convergence of facial recognition software with social networks like Facebook tilt those odds wildly in favor of the would-be exposer, or stalker.
Acquisti searched for dating site users within 50 miles of a zip code, found about 6,000, and then found 110,000 Facebook profiles where users said they lived near that same zip code. After eliminating some profiles that didn't match his criteria, he instructed computers to churn through about 500 million pairs of possibilities.
It would take a human about 2 million hours to compete such a task, but Carnegie Mellon's cloud computing cluster got results in about 15 hours. One in 10 members of the dating site were positively "outed" by the database search. A bit of fine-tuning — limiting the geographic area further or allowing approximate matches — produced even better results. And one sobering reminder: The researchers didn't even need to log in to Facebook to get these results.
In other words, you can't get lost in a crowd anymore.
“(The technologies) make possible a world of personally predictable information, linkable from someone's face, through end-users' devices connected to the Internet,” the report concludes. “While anyone posting facial images of themselves on the Internet must realize that they may be recognized by strangers or friends, the possibility might seem remote." Now, it’s not, the report argues.
Acquisti's team enjoyed even better results when they could obtain photographs themselves for matching purposes. Random students who agreed to be photographed on the Pittsburgh campus of Carnegie Mellon could be positively identified at three times the initial rate — or more than 30 percent.
The researchers didn't stop there. Next, they linked the photos and names to student likes and dislikes gleaned from their profiles, with about 75 percent accuracy. Then, they combined this effort with work Acquisti had done in 2009 on predicting Social Security numbers, and found that they could predict the Social Security number for 28 percent of the subjects within four guesses. Finally, they built a mobile phone application that could achieve the same results while wandering around campus.
To refresh: Starting from a mere photo, they were able to determine name, friends, even SSNs.
"This is freaky," one student told the researchers. Said another, "(I'm) surprised and shocked with the accuracy."
One interesting side note — one in two participants believed, incorrectly, that their Facebook picture was invisible to strangers. (Facebook doesn't allow privacy limitations on profile images.) Only 10 percent made the rest of the profile information viewable to strangers, meaning they obviously care about privacy.
The researchers said the technologies will soon “democratize surveillance,” as sinking costs make peer-to-peer facial recognition cost effective and available to everyone.
Acquisti's tests aren't fool-proof — campus participants agree to full, frontal face photos, which are much easier for face recognition software to analyze. In real life, and even on Facebook, photos aren’t always so easy to use. But it's obvious what direction all this technology is headed in — making it harder and harder for people to find places to hide.
"We used to feel we were safe in a crowd," Acquisti said. "What concerns me most is what our brains tell us about being private in a large group like that. We think we can stay anonymous, but now, I don't think we can."
Companies like Facebook and Google have been flirting with facial recognition for a while, and have sometimes received a lot of negative publicity for doing so. On Tuesday, for example, the German government asked Facebook to disable its automated photo tagging feature that utilizes facial recognition software to determine who’s in photos that are posted to the site. (Click here for instructions on how to turn this off for your account.)
In July, Google acquired Pittsburgh facial recognition firm PittPatt, which makes the software Acquisti used in his research. In 2006, Google acquired image recognition company Neven Vision, and already includes the technology in its Google Goggles product, which lets mobile phone users upload pictures and ask Google for help identifying them. Earlier this year, Neven Vision founder and Google employee Hartmut Neven said the firm was working on incorporating facial recognition into the tool, but the company has issued several statements saying it has no plans to do so unless “strong privacy protections are in place.”
Of course, it’s easy to think up positive applications for such technologies – the ability to find dangerous criminals or terrorists in crowds, for example. Even online daters might trade privacy for the reassurance that prospective dates aren’t lying about their background.
But it’s just as easy to imagine more sinister uses. Here’s one: The marriage of face recognition to voter registration lists could have political activists wandering the streets on Election Day, picking out registered voters and escorting them to polling places.
There isn’t much consumers can do to ward off these potential privacy invasions, Acquisti said, given how many pictures are already online. Even efforts to blur faces, or avoid posting pictures altogether, probably wouldn’t work: “Nearly all of us have a picture online that’s connected to our name,” he said.
Despite Google’s apparent self-restraint, it’s also probably impossible to stop the technology from being developed, Acquisti warned. Instead, policy-makers should immediately start debating how facial recognition can be used.
“Do we want to think in terms of policies that can stop its abuse? How would we do that? It’s an incredibly difficult question to answer,” he said. “I’ve thought about this for several years and ... there is no obvious, clear solution.”