How much would a face need to be altered to evade facial recognition?
Facial recognition technology, which is also used to log in to smartphones and PCs, can recognize people even if they wear glasses or makeup, as long as they register their real face first. Some systems can even recognize people disguised with masks, scarves, sunglasses, etc. As some countries introduce
How Much Do I Need to Change My Face to Avoid Facial Recognition?
https://gizmodo.com/how-much-do-i-need-to-change-my-face-to-avoid-facial-recognition-2000533755
Gizmodo, a media outlet that covers news related to the latest technology and digital society, asked four professors specializing in computer science and other fields, 'How much would you need to change your appearance to fool a facial recognition AI?'
'I don't think it's realistic to change your face to fool cutting-edge facial recognition,' said Cynthia Rudin, a distinguished professor of computer science at Duke University. According to Rudin, as more people around the world wear masks due to the COVID-19 pandemic, facial recognition systems are likely to have been modified to focus on the eyes rather than the entire face. If you wear a mask and sunglasses, it's possible that someone won't be recognized by facial recognition, but Rudin pointed out that it's difficult to say that you've 'avoided facial recognition' just by hiding your face.
Even if you can significantly change your eyes through plastic surgery, your new face and name will be circulated on the Internet as you go about your life, and will be captured by any facial recognition system. 'The question of how to disguise yourself to avoid facial recognition shows how futile it is to avoid others capturing our biometrics,' Rudin said. 'If we want to avoid facial recognition systems, it's much easier to ask the government to make laws to protect us than to dramatically change our face.'
Walter Shirer, professor of engineering in the Department of Computer Science and Engineering at the University of Notre Dame, pointed out that the answer to the question of how much you have to change your appearance to avoid facial recognition depends on how you use the facial recognition algorithm. There are two types of human biometric authentication: 'one-to-one,' which verifies whether a person captured by a camera matches an ID registered in a database, and 'one-to-many,' which matches a photo of an unknown subject against an entire database of previously registered subjects. 'One-to-one' is often used for login authentication for smartphones and PCs and airport security, while 'one-to-many' is often used in surveillance such as law enforcement and government espionage.
According to Shirer, with the advances being made in facial recognition algorithms, it is now very difficult to avoid the 'one-to-one' mode. On the other hand, the 'one-to-many' mode has difficulty recognizing a match with the database if some parts of the face are missing, and if you always wear sunglasses in the summer and a scarf in the winter, the monitor may not have a sufficient database. Also, while 'one-to-one' can recognize the face without any problems even if the angle of the face changes, 'one-to-many' may have trouble capturing the front face even if you 'always walk with your head down'.
'Today's algorithms are quite good at dealing with subtle changes in facial appearance, such as acne, swelling or plastic surgery,' said Shirer. 'The best practical advice for avoiding facial recognition is to know where it is deployed and avoid those places. However, how long this advice will remain useful will depend on how widespread the technology becomes in the coming years.'
Liu Xiaoming, a computer science and engineering specialist at the Michigan State University College of Engineering, first defined 'avoiding facial recognition' as 'when a facial recognition system cannot recognize the subject's face when the subject is photographed by a camera.' Based on that, Liu proposed two ways to actively deceive the facial recognition system.
First, most AI models are vulnerable to adversarial attacks, so even small changes to input data samples can cause the system to fail completely. So while it's hard to avoid recognition by wearing a mask, scarf, or moustache when your real face is registered in the database, being able to update your face with new data increases the chances of the facial recognition system failing.
Secondly, Liu said that it is possible to deceive facial recognition systems by significantly changing the appearance of one's face with makeup, but added that 'it is difficult to answer the question of where and how much makeup one needs to apply to break through facial recognition.' This is because the differences in people's faces are more important than the differences in facial recognition systems, and some faces can resemble others with relatively little makeup, while others are not easily mistaken for others even with a lot of makeup. As for where and how much makeup one needs to apply to slip through facial recognition, it may be possible to have a dedicated app show one's face and be instructed on where to apply makeup.
'The answer to whether disguise can evade facial recognition is 'it depends,'' said Shubmel Plain Family, a professor of computer science and engineering at the University of Notre Dame. Facial recognition algorithms use a specific method to calculate a 'feature vector' from a facial image, and compare the two feature vectors of the recognized face and the face in the database to give a value indicating their similarity. For example, if the system gives a value indicating similarity between '0 and 100 (0 is a perfect mismatch, 100 is a perfect match)', the value will not be '100' unless the images are exactly the same, so the 'threshold value' of 'what value is considered to be 'similar' will vary from system to system.
So to avoid facial recognition, you need to know two things. First, what the old photos in the database look like. If the old photo is from the front, just looking down and passing in front of the camera will significantly lower the value. And if you can know what the threshold of the system is, you can determine how much of your face you need to hide or make up from the old photo. But since it's often unclear what threshold will be adopted, 'By gaining a little more knowledge of the facial recognition system, you can try out the most effective approach,' says Family.
Related Posts:
