September 3, 2017
Face-scanning tech is coming for your smartphone and you should be worried
/https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com%2Fuploads%2Fcard%2Fimage%2F574974%2F69936d84-7c64-402c-bd34-2f087c04c106.jpg)
There are few things more personal than a face. Every wrinkle, blemish, and freckle combine to tell a person’s story — an interactive and ever-changing map of one’s self unspooling over time.
Oh, and if smartphone manufactures have their way, that map will also soon be the preeminent key to your digital life. Unfortunately, that’s a problem.
Mashable spoke with about half a dozen experts who expressed concern that the push toward some form of facial-recognition tech will not only present an untold number of privacy concerns, but will actually make our devices less secure. Basically, it’s a lose-lose situation — albeit one that the smartphone makers of the world seem all too excited to drag us into.
“Absolutely people should be concerned.”
Companies like Apple, Google, and Qualcomm are charging ahead to make face scans the new biometric we’ll rely on for everything from unlocking phones to making digital purchases. Thumbprints, in the form of TouchID and similar tech, have for some time served this purpose, but early reports that the iPhone 8 will abandon this feature in lieu of a facial-recognition technology called Pearl ID make it clear which way the wind is blowing.
But at what cost? What will it mean when every cellphone stores some sort of detailed digital representation of our (surely) beautiful mugs? Is that really safer than an alphanumeric password? And what will happen when hackers — or government officials — come knocking?
Always on
Of particular note is one rumored feature in the forthcoming iPhone: resting unlock. Written as “accessibility.resting.pearl.unlock.” in the HomePod firmware leak, the speculation among developers is that this means the iPhone 8 will scan faces even when the device is lying face up on a table.
Basically, you won’t even need to touch your phone to unlock it (or make a purchase).
Sounds cool, right? But for that to work, facial recognition would need to be always on, a phrase that concerns Electronic Frontier Foundation Senior Staff Attorney Adam Schwartz.
“In general, ‘always on’ products raise special concerns,” Schwartz explained over the phone. He emphasized that “always on” features translate to always gathering information.
Scanning away.
Image: LILI SAMS/MASHABLE
“Once the always-on device gathers information, it may be available to many kinds of people, contrary to the user’s intentions,” Schwartz said.
“These include external data thieves, who may break into the device or the data farm where content is stored; or internal employees of the company that makes the device, who improperly misappropriate customer content; or the police, by means of a subpoena or search warrant (depending on what the police are demanding). So, before technology users activate their always-on devices, they should think long and hard about the privacy implications.”
“Once an adversary has our biometric there’s very little we can do about it.”
Jonathan Frankle, a second-year PhD Student at MIT’s Internet Policy Research Initiative, echoed those concerns.
“It’s a privacy issue that the camera on the phone will always be on,” he told Mashable in a phone interview. He added that it’s a similar privacy risk posed by devices like the Amazon Echo. That’s primarily because if you don’t need to activate the gadget before it captures data. The device, instead, will record all kinds of things that you don’t intend it to by default. Which, um, could get you in trouble.
And when it comes to a smartphone or the next iPhone, remember, there’s the added wrinkle of it always being on you — at least an Amazon Echo is restricted to your home.
Your face is key
Even putting resting unlock aside, however, Schwartz made it clear that his organization has numerous concerns with biometrics in general: everything from weak 5th Amendment protections (cops can force you to unlock your phone with a thumbprint), to biometrics being trivial to fake. But it’s facial recognition in particular that has him particularly worried.
“It raises unique issues of privacy,” said Schwartz. “Much more so than any other biometric.”
Locking things down (sort of).
Image: yipengge/Getty Images
Why? Well, a host of reasons. It’s easy to snap a picture of someone in a crowd, or pull a high-resolution selfie off Instagram. With Samsung’s Galaxy S8 face unlock shown to be hackable with nothing more than a photo, this shouldn’t exactly inspire confidence in those concerned about security — especially because, unlike a password, you can’t as easily change your face.
“It’s like setting your password to ‘password’ then tattooing it on your forehead.”
“Once an adversary has our biometric there’s very little we can do about it,” Schwartz warned.
To make matters worse, according to Frankle, current facial-recognition tech just isn’t that good. “Experts in the field widely agree that facial-recognition technology is not as accurate as fingerprint technology. Period.”
But that’s only the tip of the iceberg. Questions on the security of your specific device aside, Schwartz believes that a major company possessing a detailed map of your face isn’t the best idea.
“Absolutely people should be concerned,” said Schwartz. “What else is the company going to be doing with the face [scan]?”
That’s a question that Dan Tentler, a security researcher with The Phobos Group, has a few thoughts on.
“If you want to put your tinfoil hat on, imagine the scenario if Apple or Google were caught phoning home all that facial recognition data and keeping their own database of faces,” wrote Tentler over email. “We know they already do it to some degree, but what does that mean for consumers? If [consumers are] using their faces as a form of authentication, but doubly are the types to buy selfie sticks and littering pictures of themselves everywhere. It’s like setting your password to ‘password’ then tattooing it on your forehead. Then becoming a television news anchor, or a vlogger, or something.”
What do the companies have to say about all of this? Qualcomm, for its part, insisted that it’s taking security and privacy concerns seriously when it comes to the next generation of its Snapdragon chips (which could power advanced facial recognition in Android phones).
“While the [original equipment manufacturer’s] authenticator software implements the recognition itself, it enforces privacy by utilizing many features of the Snapdragon Mobile Platform,” said senior director of product management for Qualcomm’s Snapdragon security team, Sy Choudhury, in an email to Mashable. He added, “These are all steps that lead to the end-user’s face data being secure and private.”
We reached out to Apple for comment, but the company declined through a spokesperson. Google did not respond to our request as of press time.
Nuts and bolts
Of course, the specifics of the system matters — a fact that Jim Dempsey, the Executive Director of the Berkeley Center for Law & Technology, made clear over email.
“Will the process store your photo (most people’s phones already store a lot of selfies) or only the numerical result of the facial mapping process,” he told Mashable in an email. “Will photo or map be stored only on the phone or will it be stored in the Apple or Google cloud? The answers to these design questions will tell us a lot about the privacy implications of the system.”
In addition to larger questions of system design, the means by which a phone gathers the faceprint itself is important. Apple might employ infrared for 3D-visage mapping that could alleviate some of the security concerns expressed by Frankle, but even so, he was quick to insist that “infrared has its own challenges.”
I can confirm reports that HomePod’s firmware reveals the existence of upcoming iPhone’s infra-red face unlock in BiometricKit and elsewhere pic.twitter.com/yLsgCx7OTZ
— Steve T-S (@stroughtonsmith) July 31, 2017
What the phone actually considers a “face” will also come into play. Adam Harvey, a researcher and artist who’s explored confusing facial-recognition systems with what he’s dubbed CV Dazzle and HyperFace, explained that the next wave of face-oriented biometrics will likely rely on numerous elements of a person’s physical makeup.
“Although facial recognition seems to get the most attention in media reports, using a face alone is already an outdated approach for high-security facilities,” Harvey told Mashable. “It’s likely that the new biometric capabilities of the iPhone will employ a multi-modal approach combining fingerprint, face, iris, pupillary, and perhaps blink or liveness detection to improve the overall resolution and accuracy of the authentication.”
Even so, no biometric lock is perfect. Schwartz made this point loud and clear, emphasizing that no matter how secure the system is today, scientists (and later hackers) will always find a way to beat it tomorrow.
Moving forward
So where does this leave us? Should we be upset that Apple, Google, and Qualcomm are potentially making our devices less secure while simultaneously exposing our biometric data to greedy third parties — all for what amounts to bells and whistles?
Welp, when it comes to concerns that the government may want access to any biometric data stored by smartphone manufactures, Dempsey says that ship has already sailed.
“[The] danger is that a little bit down the road facial recognition gets normalized.”
“[Don’t] forget that government agencies in the US already have substantial biometric databases,” he reminded us. “All the states have photo databases of everyone with a driver’s license, and about half the states allow police departments to search those databases. As of 2016, the FBI had access to the DMV databases of at least 16 states.”
In other words, the FBI doesn’t need to run to Apple to get a scan of your face — they just have to ask the DMV.
So is there anything we can do about, well, any of this? Thankfully, if your goal is simply to keep your phone locked down, the answer is “sure.” It’s always been a better idea to use a strong alphanumeric password to lock one’s phone instead of just a thumbprint, and the impending wave of facial-recognition tech won’t change biometrics’ place in that hierarchy. (Using both forms in conjunction with each other, on the other hand, is a decent idea.)
Still, the more we rely on our face to serve as key to our phones, bank accounts, and digital life at large, the more corporations and government agencies we must permit to scan, categorize, and store one of the few remaining things that make us unique. And the more copies that exist out there, the easier it will be for hackers to exploit the impending wave of FaceID.
“[The] danger is that a little bit down the road facial recognition gets normalized,” said Schwartz. “Where is this going to stop?”
Does this matter to you now? Maybe, maybe not. But it probably will when someone drains your bank account using nothing more than a photo they pulled off your Instagram account.
Read more: http://mashable.com/2017/08/28/trouble-facial-recognition-technology-smartphones/
October 21, 2017
Smartphones Are Killing Americans, But Nobodys Counting
by MeDaryl • Cars • Tags: android, business, FACEBOOK INC-A, Food, iphone, Mobile Phones, smartphone, Social Media, technology, Tennessee, transportation, TWITTER INC
Jennifer Smith doesn’t like the term “accident.” It implies too much chance and too little culpability.
A “crash” killed her mother in 2008, she insists, when her car was broadsided by another vehicle while on her way to pick up cat food. The other driver, a 20-year-old college student, ran a red light while talking on his mobile phone, a distraction that he immediately admitted and cited as the catalyst of the fatal event.
“He was remorseful,” Smith, now 43, said. “He never changed his story.”
Yet in federal records, the death isn’t attributed to distraction or mobile-phone use. It’s just another line item on the grim annual toll taken by the National Highway Transportation Safety Administration [NHTSA]—one of 37,262 that year. Three months later, Smith quit her job as a realtor and formed Stopdistractions.org, a nonprofit lobbying and support group. Her intent was to make the tragic loss of her mother an anomaly.
To that end, she has been wildly unsuccessful. Nine years later, the problem of death-by-distraction has gotten much worse.
Over the past two years, after decades of declining deaths on the road, U.S. traffic fatalities surged by 14.4 percent. In 2016 alone, more than 100 people died every day in or near vehicles in America, the first time the country has passed that grim toll in a decade. Regulators, meanwhile, still have no good idea why crash-related deaths are spiking: People are driving longer distances but not tremendously so; total miles were up just 2.2 percent last year. Collectively, we seemed to be speeding and drinking a little more, but not much more than usual. Together, experts say these upticks don’t explain the surge in road deaths.
There are however three big clues, and they don’t rest along the highway. One, as you may have guessed, is the substantial increase in smartphone use by U.S. drivers as they drive. From 2014 to 2016, the share of Americans who owned an iPhone, Android phone, or something comparable rose from 75 percent to 81 percent.
The second is the changing way in which Americans use their phones while they drive. These days, we’re pretty much done talking. Texting, Twitter, Facebook, and Instagram are the order of the day—all activities that require far more attention than simply holding a gadget to your ear or responding to a disembodied voice. By 2015, almost 70 percent of Americans were using their phones to share photos and follow news events via social media. In just two additional years, that figure has jumped to 80 percent.
Finally, the increase in fatalities has been largely among bicyclists, motorcyclists, and pedestrians—all of whom are easier to miss from the driver’s seat than, say, a 4,000-pound SUV—especially if you’re glancing up from your phone rather than concentrating on the road. Last year, 5,987 pedestrians were killed by cars in the U.S., almost 1,100 more than in 2014—that’s a 22 percent increase in just two years.
Safety regulators and law enforcement officials certainly understand the danger of taking—or making—a phone call while operating a piece of heavy machinery. They still, however, have no idea just how dangerous it is, because the data just isn’t easily obtained. And as mobile phone traffic continues to shift away from simple voice calls and texts to encrypted social networks, officials increasingly have less of a clue than ever before.
Out of NHTSA’s full 2015 dataset, only 448 deaths were linked to mobile phones—that’s just 1.4 percent of all traffic fatalities. By that measure, drunk driving is 23 times more deadly than using a phone while driving, though studies have shown that both activities behind the wheel constitute (on average) a similar level of impairment. NHTSA has yet to fully crunch its 2016 data, but the agency said deaths tied to distraction actually last year.
There are many reasons to believe mobile phones are far deadlier than NHTSA spreadsheets suggest. Some of the biggest indicators are within the data itself. In more than half of 2015 fatal crashes, motorists were simply going straight down the road—no crossing traffic, rainstorms, or blowouts. Meanwhile, drivers involved in accidents increasingly mowed down things smaller than a Honda Accord, such as pedestrians or cyclists, many of whom occupy the side of the road or the sidewalk next to it. Fatalities increased inordinately among motorcyclists (up 6.2 percent in 2016) and pedestrians (up 9 percent).
“Honestly, I think the real number of fatalities tied to cell phones is at least three times the federal figure,” Jennifer Smith said. “We’re all addicted and the scale of this is unheard of.”
In a recent study (PDF), the nonprofit National Safety Council found only about half of fatal crashes tied to known mobile phone use were coded as such in NHTSA databases. In other words, according to the NSC, NHTSA’s figures for distraction-related death are too low.
Perhaps more telling are the findings of Zendrive Inc., a San Francisco startup that analyzes smartphone data to help insurers of commercial fleets assess safety risks. In a study of 3 million people, it found drivers using their mobile phone during 88 percent of trips. The true number is probably even higher because Zendrive didn’t capture instances when phones were mounted in a fixed position—so-called hands free technology, which is also considered dangerous.
“It’s definitely frightening,” said Jonathan Matus, Zendrive’s co-founder and chief executive officer. “Pretty much everybody is using their phone while driving.”
There are, by now, myriad technological nannies that freeze smartphone activity. Most notably, a recent version of Apple’s iOS operating system can be configured to keep a phone asleep when its owner is driving and to send an automated text response to incoming messages. However, the “Do Not Disturb” function can be overridden by the person trying to get in touch. More critically, safety advocates note that such systems require an opt-in from the same users who have difficulty ignoring their phones in the first place.
In NHTSA’s defense, its tally of mobile phone-related deaths is only as good as the data it gets from individual states, each of which has its own methods for diagnosing and detailing the cause of a crash. Each state in turn relies on its various municipalities to compile crash metrics—and they often do things differently, too.
The data from each state is compiled from accident reports filed by local police, most of which don’t prompt officers to consider mobile phone distraction as an underlying cause. Only 11 states use reporting forms that contain a field for police to tick-off mobile-phone distraction, while 27 have a space to note distraction in general as a potential cause of the accident.
The fine print seems to make a difference. Tennessee, for example, has one of the most thorough accident report forms in the country, a document that asks police to evaluate both distractions in general and mobile phones in particular. Of the 448 accidents involving a phone in 2015 as reported by NHTSA, 84 occurred in Tennessee. That means, a state with 2 percent of the country’s population accounted for 19 percent of its phone-related driving deaths. As in polling, it really depends on how you ask the question.
Massachusetts State Police Sergeant Christopher Sanchez, a national expert on distracted driving, said many police departments still focus on drinking or drug use when investigating a crash. Also, figuring out whether a mobile phone was in use at the time of a crash is usually is getting trickier every day—proving that it precipitated the event can be even harder to do.
Prosecutors have a similar bias. Currently, it’s illegal for drivers to use a handheld phone at all in 15 states, and texting while driving is specifically barred in 47 states. But getting mobile phone records after a crash typically involves a court order and, and even then, the records may not show much activity beyond a call or text. If police provide solid evidence of speeding, drinking, drugs or some other violation, lawyers won’t bother pursuing distraction as a cause.
“Crash investigators are told to catch up with this technology phenomenon—and it’s hard,” Sanchez said. “Every year new apps are developed that make it even more difficult.” Officers in Arizona and Montana, meanwhile, don’t have to bother, since they allow mobile phone use while you drive. And in Missouri, police only have to monitor drivers under age 21 who pick up their phone while driving.
Like Smith, Emily Stein, 36, lost a parent to the streets. Ever since her father was killed by a distracted driver in 2011, she sometimes finds herself doing unscientific surveys. She’ll sit in front of her home in the suburbs west of Boston and watch how many passing drivers glance down at their phones.
“I tell my local police department: ‘If you come here, sit on my stoop and hand out tickets. You’d generate a lot of revenue,’” she said.
Since forming the Safe Roads Alliance five years ago, Stein talks to the police regularly. “A lot of them say it surpasses drunk driving at this point,” she said. Meanwhile, grieving families and safety advocates such as her are still struggling to pass legislation mandating hands-free-only use of phones while driving—Iowa and Texas just got around to banning texting behind the wheel.
“The argument is always that it’s big government,” said Jonathan Adkins, executive director of the Governors Highway Safety Association. “The other issue is that … it’s hard to ban something that we all do, and we know that we want to do.”
Safety advocates such as Smith say lawmakers, investigators and prosecutors won’t prioritize the danger of mobile phones in vehicles until they are seen as a sizable problem—as big as drinking, say. Yet, it won’t be measured as such until it’s a priority for lawmakers, investigators and prosecutors.
“That’s the catch-22 here,” Smith said. “We all know what’s going on, but we don’t have a breathalyzer for a phone.”
Perhaps the lawmakers who vote against curbing phone use in cars should watch the heart-wrenching 36-minute documentary filmmaker Werner Herzog made on the subject. Laudably, the piece, , was bankrolled by the country’s major cellular companies. “It’s not just an accident,” Herzog said of the fatalities. “It’s a new form of culture coming at us, and it’s coming with great vehemence.”
Adkins has watched smartphone culture overtake much of his work in 10 years at the helm of the GHSA, growing increasingly frustrated with the mounting death toll and what he calls clear underreporting of mobile phone fatalities. But he doesn’t think the numbers will come down until a backlash takes hold, one where it’s viewed as shameful to drive while using a phone. Herzog’s documentary, it appears, has had little effect in its four years on YouTube.com. At this point, Adkins is simply holding out for gains in autonomous driving technology.
“I use the cocktail party example,” he explained. “If you’re at a cocktail party and say, ‘I was so hammered the other day, and I got behind the wheel,’ people will be outraged. But if you say the same thing about using a cell phone, it won’t be a big deal. It is still acceptable, and that’s the problem.”
Read more: http://www.bloomberg.com/news/articles/2017-10-17/smartphones-are-killing-americans-but-nobody-s-counting