Las Vegas police could boycott working NFL games over new facial ID policy
reviewjournal.comThis kind of biometric security is getting a bit ridiculous. It would be different if it was done in a secure way and by that I mean secure in the sense that the person who provides the biometric data you had the ability to secure it wherever it went. This could absolutely be done but the reason it's not is companies totally want to gather this data from people and then sell it to other companies for machine learning and other purposes. Same with our government that wants to gather this kind of data.
It would be quite straightforward to make your biometric identity a public private key kind of setup. Companies have access to your public key and you yourself carry your private key as some sort of physical identification that is unlocked with a two-factor method. This way any physical biometric thing is done on a device you own that could be mandated to be open technology completely auditable to be secure and all you do is use your physical doodad to interface with their thing to authenticate that yes you are the private key holder for this given public key.
It would be much more secure than identification cards that we have now such as driver's licenses or passports. It would also be far more secure than the biometric style authentication they want to do now with them essentially owning a copy of your biometric data. But there is no profitability in true security and privacy for the citizens.
Worth remembering the US Army built a biometric database of Afghan officials (police officers included) and they lost control of it to the Taliban. They sold it as a "for your own safety", and now it's a kill list.
https://www.independent.co.uk/tech/taliban-afghanistan-biome... ("Taliban likely to have access to biometric databases of Afghan civilians who helped US" (2021))
- "The biometrics initiative was initially tested in 2002. Its goals then were to prevent criminals and Taliban insurgents from infiltrating the Afghan army and police force[...]"
- "The Taliban may also be using the Afghan government’s biometric-based ID card known as the Tazkira to track and target people, Ramanjit Singh Chima, Asia Pacific Policy Director at Access Now, told news agency Reuters."
- "Particularly at risk are individuals in central positions in the Afghan military, police and investigative units."
It doesn't matter if it is Napoleon, Hitler or who ever. Asking about winter boots and blankets is a no go. Plan for the plan.
> It would be quite straightforward to make your biometric identity a public private key kind of setup.
There is no repudiation, attestation or key rotation in this setup, with all the attendant problems that creates.
All of those things can be part of it. You're totally forgetting where we're coming from right now which is your identification or attestation is a little plastic card that is issued by the government based upon some other pieces of paper. There is no rotation of that either. The primary thing people use to identify you is your social security number in the United States which was never even envisioned as a way to identify someone it was simply an account number.
What I'm proposing puts the private key in your hands and requires you to locally do some sort of second Factor authentication to release it so it can be validated against the public key that the government or another entity has.
To issue or reissue or key rotate as you say can support the same methods we have now for determining identity and it also provides a better more secure method for determining identity.
You have to keep in mind perfect is the enemy of good and any solution that puts your identity in your own hands is massively better than what we have now and what any country has now.
you can always save up for plastic surgery!
"In response to this data breach we are offering you free Experian plastic surgery services for the next year."
The main issue there is that the mantra something you know, something you own, something you are is completely wrong in the authentication context. The issue there is that the biometric “something you are” cannot be revoked and also depends on the relying system having some kind of secure path to whatever sensor measured it. So in the end as an authentication it is only useful as convenience feature (eg. how TouchID/FaceID works on Apple platforms). Identification is another thing and obviously biometrics are useful there, but well, there are not that many ethical uses for system that does identification without authentication.
Seems like the key issue here is this: what is the purpose of conducting the authentication? In the case of personal accounts, it's for the benefit of the individual. They get their own account to safely store personal data. Here, the individual management of biometric authentication devices, as you described, is a great thing. A passkey can be generated without exposing biometric data. The individual has the responsibility and incentive to keep their devices secure.
But the above article is an example of the opposite case, where the authentication is for public security. In this situation, the individual cannot be entrusted with their own auth, so if each person were to use their own device, it would need to be quite tamper-proof. Seems far simpler at this point to do face / fingerprint auth, where the security guard ensures that no one is wearing a mask or fake finger. Yes, there is the concern that the bio-data could be stolen / misused, and for that reason I think that bio-auth for public safety should be limited to a single standard type (e.g. face), with the others being reserved only for private auth. That way, a compromise can be reached between public safety and individual privacy.
> It would be quite straightforward to make your biometric identity a public private key kind of setup.
How would that work? Maybe the biometric part acts as a domain name from which the public key might be downloaded? Who is the custodian of face-public key pairs?
The Apple and Google pushes for digital IDs are basically that, but support is limited at best since it's depending on 50+ different local governments to get up to speed on all this tech stuff.
More importantly than being outraged over the biometrics invasion (which you should 100% be outraged over). You should be more outraged at the hypocrisy.
Las Vegas runs a fusion center which has some of the most invasive monitoring, capturing, metrics/data collection of most agencies.
They do the following: - license plate recognition on every intersection. - microphones through the city which listen to conversations - drones which fly into and above people’s back yards. - Weaponized drones, ie fly drones into windows to break them, or people to stop them - thermal imagine of people’s houses and backyards. - facial ID against social media from cameras, as well as NCIC and more. - they have fake social media profiles they use to follow pages, groups, individuals suspected of bad behavior - they purchase PI from brokers en masse and run against it. - they probably have more cameras than almost any city in the US. - they have taps into all casinos cameras and microphones.
… these are the same officers who are upset over the new facial ID policy.
Here’s a brief news clip. But I also know these details because I’ve seen them first hand.
https://www.fox5vegas.com/video/2023/11/14/fox5-takes-an-ins...
Don't be naive. Today they require photos from cops, tomorrow from fans.
AI is already being used to keep out fans they don't want, they don't need them to submit photos or give permission[1]. In addition to being a vastly smaller and harder to replace group than fans, police are also far more organized than fans. That's the only reason they are being asked.
[1]:https://www.nytimes.com/2022/12/22/nyregion/madison-square-g...
This is the same police union that’s argued that releasing the names of police formally accused of misconduct is a privacy violation, their concern for privacy does not extend further than the ranks of their union and certainly not to the broader citizenry.
They already have facial recognition entry at events in some cities like Seattle. It’s dystopian seeing everyone accept it without question.
This site asks permission to send data to more than 160 servers. To read an article.
The title confused me because here in Germany the police are civil servants and they generally don't have a right to strike or just choose not to do their job as they're an executive organ of the state but apparently here the police is just.. side hustling?
"conversations with officers “making them very well aware of what they’re agreeing to.” But the decision may come down to what individual officers are comfortable with, Grammas said. Overtime security work is not mandatory for officers, but voluntary."
Maybe it's a cultural thing but blurring the line between an officer in their public capacity and what is basically private security at a sports event should be two separate things. Hiring the police out as a private security force where they then get to negotiate what rules they have to play by has a Judge Dredd vibe to it
Often at large private events the city will require a certain number of police, that the host must hire. And they can only hire from local departments that have worked out these deals letting officers do this on their own time, but in uniform.
It’s weird, and often sort of extortion
> Hiring the police out as a private security force where they then get to negotiate what rules they have to play by has a Judge Dredd vibe to it
The work is voluntary overtime work.
They're not forced to accept voluntary overtime work. It's an optional thing they can choose to do above and beyond their base job, if the pay and terms are interesting enough.
I don't see why it's a problem. What are the alternatives? Forcing police to do security for private events inside of private venues as part of their job?
The way it works in Finland:
Police officers are public officials. As such, they do not have the right to have a second job or a side business by default. They may apply for a permit for a specific job, and it is usually approved if there are no obvious conflicts of interest or other reasons that could compromise their impartiality. Some jobs, such as private security, are automatically out of question.
If your event needs security, you hire private security. Police officers may have been involved in training the security personnel, but they can't work in the field. And if a uniformed police officer shows up at the event, it almost always means something has gone wrong.
Have private security work the private event. Send a token number of police along, at the city's expense (the same number they'd normally assign to an area with 50,000 people out and about, so the sports event isn't sucking disproportionate resources).
If the stadium is such a hotbed of crime and disorder that private security can't handle it and they really need to escalate constantly to involve armed law enforcement, stop allowing it to host games at all.
It should be impossible to negotiate this with individual policemen - if the state or municipality has the requirement and authority to provide security for something, then the conditions for that should be handled by the government (and then the officials would execute that as part of their ordinary non-negotiable orders of what duties their service requires), and if the government does not do that thing, then police officers should not be involved at all, this should be handled by private security, in which case even if someone from police participates off-duty, they shouldn't be permitted to have uniforms/badges/official authority, as they are not there as representatives of the state but as civilians.
There shouldn't be any middle ground - either the government sends the police to do whatever the government requires, or it does not - the policemen themselves should not get a choice, they exist to execute and enforce the government decisions, not make them.
yeah, this is super common here in the US. Off-duty cops are in demand as security guards and they can work in uniform, which to me is all kinds of weird. You can literally "rent a cop" (an expression used as a joke about mall security guards who are typically not cops at all) this way, complete with full police powers.
They are probably more annoyed that it will be harder to pull off no-show or low-show details.
These are usually pretty sweet overtime or moonlighting gigs, and where there’s a sweet gig for cops, there’s always an asshole or two ready to milk it.
Interesting concern given all of our pictures were already sold by META to every data broker on the planet..
They don’t sell data, they just collect it to target relevant ads. If you can find an instance of them (or Google) actually selling data to brokers, please share
Brave ai summary:
Facebook’s Facial Recognition Data Collection and Potential Sales to Third Parties in Texas
Based on the provided search results, here are the key findings:
In 2022, Texas Attorney General Ken Paxton sued Meta Platforms, Facebook’s parent company, alleging that it collected facial recognition data without users’ consent, violating Texas state law.
The lawsuit claimed that Facebook repeatedly captured and commercialized biometric data in photos and videos for over a decade without informed consent, sharing the data with third parties and failing to destroy it in a reasonable timeframe.
The state alleged that Facebook’s actions put Texans’ well-being, safety, and security at risk, and sought damages of “billions of dollars.”
In 2024, Meta agreed to a $1.4 billion settlement in the biometric data lawsuit, related to the unauthorized use of personal biometric data from uploaded photos and videos on Facebook.
Ken Paxton can't be taken seriously, nor can allegations he makes sadly. It doesn't make financial sense to sell the data itself and undermine their ad business; I wonder what that suit and settlement were about.
Not everyone's but only of those who uploaded them.
Nope. If someone uploaded a picture with you in it and tagged your name, they have you too.
Meta and Google want to retain their data moat to maximize their ad premiums over competitors. They really do not want to sell any data.
Google is handing real time location data, browsing histories, etc to 3rd parties while not technically selling it. Ex: https://www.eff.org/deeplinks/2020/03/google-says-it-doesnt-...