The controversial application of face-recognition technology to millions of Australian driver’s license photos is a “relatively small database” in global terms, according to a biometrics executive who says today’s face-recognition algorithms are fast enough to scan thousands of faces at a time and robust enough to secure everyday financial transactions.
Improvements in face-recognition algorithms had steadily improved the ability of automated systems to identify individuals in video footage of increasingly low resolution – allowing for identification from greater distances from a surveillance camera, for example.
Yet the algorithms had also become far more computationally efficient, NEC Australia general manager of smart systems Paul Howie told CSO Australia, allowing for near instantaneous recognition on powerful computers and enabling the technology to be scaled downwards to become an everyday form of 2-factor authentication (2FA) on all manner of mobile and low-powered fixed devices.
“Five years ago we were talking about a person walking to a point and standing there for a few seconds to get verified” as with the Department of Immigration and Border Protection’s Arrivals SmartGate and Departures SmartGate systems installed by French company Morpho years ago, Howie explained. “Now you can just walk past or towards a camera, and it can pick you up.”
Issues of resolution and time to scan are irrelevant when matching fixed photographs like the driver’s licenses that state premiers agreed to hand over to the federal government for anti-terrorism purposes – 20m images is a “relatively straightforward implementation for us”, as Howie puts it – but they will play an increasingly important role by eventually allowing the more rapid identification of individuals within real-time video of a scene.
Face recognition has been around for many years, and static photograph-comparison technology will, for example, sit at the core of an $18m project to replace SmartGates with a ‘contactless’ biometric system as part of DIBP’s ‘Seamless Traveller’ program.
Testing of facial recognition against large datasets – the ongoing MegaFace experiment at the University of Washington tracks accuracy against a million-strong data set and has found a range of accuracy depending on whose algorithm is used.
However, recent improvements in speed and accuracy – and the popularisation of the idea thanks to the Face ID face-scanning feature of Apple’s upcoming iPhone X – have mainstreamed the idea of using non-intrusive biometrics as a more-casual replacement for passwords, contactless ID cards, PINs, and more demanding forms of identification.
Reports may have suggested that Face ID is confused by twins and other lookalikes, but Howie says other implementations have moved past that issue – “we’re good at twins,” he said – to the point where face recognition is likely to gain a foothold as a primary method of user identification and continuous authentication to online systems.
“Used individually and in combination, you can get a level of compliance where you can say that it is as strong as a fingerprint,” Howie said. “It’s even getting to the point where you have a solution set around face that you’d be able to use it for financial transactions. I think we can expect more of this as people get more comfortable that the technology is reliable – and that the legal and privacy framework around these types of technologies is something that everyday Australians are comfortable with.”
Non-intrusive scanning also allows for continuous authentication while an application is being used – a key capability to ensure that the logged-on user remains the one who is using an application.
This technique supports efforts to improve the security of cloud migrations and improve compliance with data-governance controls; new techniques strengthen its efficacy with gestures – for example a tilt of the head, wink or smile – to ensure that the scanned user is still alive and present in front of the device or computer.
Growing acceptance of face scanning will steadily see it expanded into smaller and smaller devices, potentially improving the security of Internet of Things (IoT) devices that could authenticate users who look at a built-in camera. The last generation of algorithms required 2 to 3 times as much computing power as the current generation, Howie explained, and this is continuing to improve.
“We have put a lot of work into reducing the computing power for our algorithms,” he said. “It’s all about getting face recognition into areas where you don’t need a lot of computing power to run a very small database of up to, say, 20,000 faces.”
“The computing power is here now, and the algorithms are being refined. The next generation of this is massively parallel computing – where you take it from a few seconds to be able to process thousands of faces in a stadium, to a few milliseconds.”
At the current pace of innovation, Howie said, algorithms are also learning to identify people using partial pictures of their faces or the sides of their heads. Visiting the NEC research labs recently, he laughed, “I joked about using the back of the head to identify people. They said ‘we’re working on it, but it’s 5 years away’.”