Facial Recognition for Access Control?
Several years ago, I worked on a project prototype for a major group of sea ports that had an interest to use the state’s drivers license image database for facial recognition/verification of TWIC applicants and the eventual use for identity verification for critical card access points. The main focus of the project was to ensure that the person applying for the TWIC card was indeed who they claimed to be, and not an imposter. Neither the CCTV system nor the card access system had the built in software to do this, much less do it together, so we had to write the interface and the software to manage it. It worked, but not as well as we would have liked. We used a GPL’d algorithm for the facial recognition, which while good, would have some false positives and false negatives from time to time. Ultimately to me, it served as a proof of concept. It did work, and could be made as a serviceable monitoring and investigation tool for security. (Later we used that same GPL software to create a tool that would scrounge through the card access database and crop the cardholder photos to a uniform size. THAT worked really well.)
Years later, as far as I know there is still not an off-the-shelf system that provides a true facial recognition monitoring capability for access control violations. This seems like something very straightforward to do, and as most companies or government branches have an actively maintained photo database of their cardholder personnel, and most often have video cameras monitoring locations where access control is used.
The biggest limitation we found was the quality of the CCTV images against the badge database photos. Both were of rather poor quality, but if we used the software as just a pre-filtering tool for security operators, the margins of error were more tolerable. The idea was to still have a security guard doing the verification, but not for every photo, just the ones the software couldn’t handle well.
With Megapixel IP cameras replacing low resolution analog cameras, the probability improves of having a photo with an acceptable number of unique data points to match against an image database with a high degree of confidence. This means more information data points to compare, and fewer false positives and negatives. There are still other considerations such as angle of view, proper lensing, lighting, face concealment/alteration issues, and image database accuracy. And you must have most, if not all of these considerations to have a usable image. As shown here, even if you have good lighting and resolution, if you don’t have a good angle and lensing, you will not have a usable image for facial recognition of the cardholder.
Currently, there are about a dozen corporations world wide that offer some type of facial recognition software. Many of their larger customers are government agencies or the financial industry. It is used in some border crossings, passport identification, and high profile monuments. The FBI may be the most famous consumer of this technology, but it is not used in a widespread fashion as far as I know. Naturally, this isn’t something that is widely advertised by these agencies.
Still, as such a highly technically savvy country as the USA supposedly is, I’ve often wondered why we don’t have facial recognition with a national database at all critical locations like border crossings, airports, bus stations, train stations, embassies, and hospitals. I realize there’s a modest invasion of privacy, and nobody likes the thought of having “big brother” monitor your whereabouts, especially putting your name to your face in a specific location and time. It’s kind of creepy. But the other side of the coin is that if we maintain a central photographic database of active criminals and terrorists (which we do), then having feeds from certain cameras in certain high traffic locations might allow us to not only apprehend said criminals/terrorists in a timely manner, but even allow us to gain intelligence regarding their commuting patterns, associations, and personal habits. This is beneficial information that can reduce crime and terrorism.
Keep in mind, the government already has a very large database of photos, probably including you, even if you don’t have a mug shot in the NCIC. Facebook, Twitter, Instagram, LinkedIn, are all repositories available that most likely link your face with your name. The FBI has said that by 2015, it plans to have 52 million photos in its NGI facial recognition database. The FBI will include non-criminal information as well as criminal. Where’d they get those?! So, you may already be in the database, and maybe me too. Obviously, some people will object to this idea, some even quite profusely. But the genie is already out of the bottle. Getting him stuffed back in is going to be difficult, if not impossible.
So the natural progression on this “big brother” concern just may be to license the database. For a fee, allow vetted customers to have access to the database via an API to use this centralized database for government and limited private commercial purposes. Want to know if your daughter or son is in the NGI database? Maybe there’s a background check service company that can tell you. But for financial institutions, or the port authority I mentioned in the beginning of this article, it would be a boon of intelligence data. Not only would they have their own employees and contractors in their own database, they could also have access to a national database of “persons of interest” that could assist them in determining if a potential applicant is a criminal, or maybe even just a high risk. That has the simultaneous possibility of reducing their own risks, and providing timely information to Homeland Security about a potential threats whereabouts and possible intentions.
I think the future of this technology is already headed in this direction, and there may already be entities that are doing exactly what I’ve described, but I believe the technology will become more pervasive as some of the technological (and sociological) barriers are broken down.