digest | AI software tool disables automated facial tracking

As privacy + security concerns increase, artificial intelligence finds solutions.
November 10, 2020

— contents —

~ story
~ paper
~ reference
~ reading
~ watching

— story —

Engineering researchers at the University of Toronto, in Canada — used AI software programs to design a privacy filter for your photos that disables automatic facial recognition systems.

Each time you upload a photo or video to a social media platform, its automated, digital facial recognition systems learn a little more about you. These algorithms ingest data about who you are, your location, and people you know — and they’re constantly improving.

As concerns over privacy + data security on social networks grow, Univ. of Toronto engineering researchers — led by Parham Aarabi PhD and graduate student Avishek Bose — have created a computer software algorithm to dynamically disrupt facial recognition systems.

What is facial recognition?

A facial recognition system is a tech capable of identifying a human face — found in a digital photo, graphic image, or in a video frame — and then matching it against a data-base of stored faces. The most advanced tech can be used to authenticate people through ID verification services — it can pinpoint + measure detailed, distinct facial features in an image. The process of measuring human physical characteristics is called bio-metrics.

Face recognition is commonly used on smart-phones and in robotics. Its accuracy as a bio-metric tech is lower than iris recognition, vein pattern recognition, voiceprint + fingerprint recognition. But it’s widely used because it’s contact-less and non-invasive, especially for video surveillance and automatically indexing images.

— paper —

platform: ResearchGate
paper title: Adversarial attacks on face detectors using neural net based constrained optimization
read | paper

Facial recognition gets better + better.

Parham Aarabi PhD said: “Personal privacy is a real issue as facial recognition becomes better + better. This is one way beneficial anti-facial-recognition systems can combat that ability.”

Their solution leverages a deep learning technique called adversarial training, which pits 2 AI algorithms against each other. In computing, deep learning is a math technique that uses complex sets of data — trained to find solutions to problems — to process information. Inspired by the biology of human thinking, deep learning helps computers quickly recognize and process images + speech. Like all techniques in the computer software field of AI — deep learning is good at recognizing hard-to-find patterns in big data-sets.

Computer systems called neural networks run AI software that can achieve astounding human-level abilities of pattern recognition. With their deep learning algorithms, they can process in seconds what takes human analysts weeks, months, or years.

A neural network uses a series of deep learning algorithms to recognize underlying relationships in a set of data through a process that mimics human reasoning. The researchers harnessed the power of neural networks to engineer a system that could block automated facial recognition.

images | below

A computer software program is able to identify a human face in a digital image — and then tag that face’s key facial features with points so that they can be measured.

The software measures these primary features — called landmarks or nodal points. For example: the distance between the eyes, the nose width, eye socket depth and distance from forehead to chin. The “total picture” of all this data is stored as your individual faceprint.

Each human face has a unique matrix of facial features, similar to the way a thumbprint is individual and unlikely to have a biological duplicate. So any human face can be used as a good bio-metric print — a unique identification that’s not easily copied. Using the point matrix — the faceprint — faces can be stored in a data-base, and then later matched against a data-set of all faces in a system.

How it works.

Aarabi and Bose designed a pair of 2 neural networks:

  1. the first neural network identifies faces — called the detection AI
  2. the second neural network disrupts the facial recognition task of the first — called the disruptive AI
  3. these 2 neural networks constantly battle + learn from each other

The result is an automated software filter that can be applied to photos, to protect a user’s privacy. Their algorithm alters very specific pixels in the image, making changes that are almost imperceptible to the human eye.

Bose said: “The disruptive AI can attack what the neural net for the face detection is looking for. For example, if the detection AI is looking for the corner of the eyes — it adjusts the corner of the eyes so they’re less noticeable. It creates very subtle disturbances in the photo, but to the detector they’re significant enough to fool the system.”

Aarabi and Bose tested their software on an industry standard pool of more than 600 faces — called the 300-W face data-set. This data-set includes a wide range of:

  • ethnicity
  • lighting conditions
  • environments
  • shadows
  • body poses
  • facial expressions
  • image quality

Their system successfully reduced the number of faces that were originally detectable from 100 % — down to 0.5 %

Bose said: “The key is training 2 neural networks against each other — one creates an increasingly robust facial detection system, and the other creates an even stronger tool to disable facial detection.

— project —

group: Imperial College London
motto: Scientific knowledge + protection.
web: homechannel

project title: 300 Faces in the Wild • data-set
web: home

* aka: 300-W

A powerful tool.

In addition to disabling facial recognition, the new tech also:

  • disrupts image-based search
  • disrupts feature identification
  • disrupts emotion + ethnicity estimation
  • disrupts all other face-based attributes that could be extracted automatically

Next, the team hopes to make the privacy filter publicly available — as a smart-phone app, mobile tablet app, or website.

Aarabi said: “10 years ago these software algorithms would have to be human-defined. But now neural networks learn by themselves — you don’t need to supply them anything except training data. They can do some really amazing things. It’s a fascinating time in the computer field, there’s enormous potential.”

Some fast-moving facts.

  • the global market for facial recognition is expected to reach approx. $13 billion by year 2027
  • facial recognition software is widely used in personal + public security, retail, transportation, hospitality, banking
  • 117 million US citizens have their faces stored in a law enforcement data-base
  • today’s facial recognition apps on mobile phones can authenticate user identity
  • apps on portable devices on college campuses take attendance + prevent cheating
  • the auto industry is launching facial recognition apps to replace vehicle keys
  • retail is developing apps to pick-out specific types of people by gender or age, to target advertising

facts source: Interesting Engineering


Univ. of Toronto | home • channel

Parham Aarabi PhD | home
Avishek Joey Bose | home


1. |

publication: University of Toronto Magazine
tag line: Celebrating the university’s research + teaching excellence.
web: home

story title: Engineering AI researchers design privacy filter for your photos that disables facial recognition systems
read | story

— summary —

As concerns about privacy + data security on social networks grow, engineering researchers have created an algorithm to dynamically disrupt facial recognition systems.

presented by

group: Univ. of Toronto
motto: As a tree through the ages.
web: homechannel

2. |

publication: Interesting Engineering
tag line: A cutting-edge, leading community designed for all lovers of engineering, technology, and science.
web: homechannel

story title: Privacy tool cloaks faces to trick facial recognition software
read | story

— summary —

The Fawkes method — developed to out-smart automated computer facial recognition — was developed by researchers at the Sand Lab at the University of Chicago.

presented by

group: Interesting Engineering
tag line: Founded on the core mission of connecting like-minded engineers around the globe.


1. |

publication: Interesting Engineering
tag line: A cutting-edge, leading community designed for all lovers of engineering, technology, and science.
web: homechannel

featurette title: This is how facial recognition works
watch | featurette

— summary —

Regardless of whether you are alone, in a crowd, or in real-time — facial recognition can identify you. Although people have known about facial recognition tech for some time, advances in deep learning + faster processing of big data have helped it develop quickly.

The global facial recognition market is growing each year. It’s being used in across many industries. Watch to learn how this bio-metric tech works.

presented by

group: Interesting Engineering
tag line: Founded on the core mission of connecting like-minded engineers around the globe.

2. |

publication: Hak5
tag line: Trust your techno-lust.
web: homechannel

featurette title: Defeating facial recognition
watch | featurette

— summary —

How to defeat facial recognition — and avoid surveillance? The crew explains.

presented by

group: Hak5
tag line: Advancing the info-sec industry: award-winning podcasts, leading pentest gear, and an inclusive community.

3. |

publication: Reason
tag line: free minds + free markets
web: homechannel

featurette title: How fashion designers are out-smarting facial recognition
watch | featurette

— summary —

Every day, your movement is tracked. Your purchases are logged, your searches saved. And increasingly, your face is scanned. Facial recognition tech is becoming more widespread daily, and governments are finding new applications in the midst of pandemic. Countries use location tracking to help compliance with quarantines. So can we resist the surveillance society — and should we?

Privacy activists say we should be alarmed by the rise of automated facial recognition surveillance. But some trans-humanists says it’s time to embrace the end of privacy as we know it.

presented by

group: Reason Foundation
tag line: Exploring new ways of living in an increasingly individualistic world.
web: home

4. |

publication: Murtaza’s Workhop
tag line: Weekly videos on robotics + AI projects.
web: homechannel

featurette title: tutorial: How to perform facial recognition
read | learning materials
watch | featurette

— summary —

In this video we’re going to learn how to perform facial recognition with high accuracy. We’ll first briefly go through the theory — and learn the basic implementation. Then we’ll create an attendance project that will use webcam to detect faces, and record the attendance live in a Microsoft Excel sheet.

presented by

group: Murtaza Hassan
tag line: Learning made easy: robotics + AI

— notes —

AI = artificial intelligence
NN = neural network
DL = deep learning

info-sec = information security
pentest = penetration testing device