WHY THIS MATTERS IN BRIEF
As both our online, as well as our offline privacy, continue to be eroded, scientists are using AI to fight back.
Most of us probably don’t like the idea of some stranger finding out who we are, and then where we live, or what we’ve been up to recently, and so on, just by uploading a photo of us to any social media platform like Facebook, but thanks to the facial recognition systems used by social media sites this form of stalking, surveillance, or whatever moniker you decide to give it, even if you’re wearing a mask, is becoming increasingly possible, so much so that scientists, as well as others, recently decided to do something about it by turning a couple of Artificial Intelligence (AI) systems against one another. And who knows, it might even be a technology that helps us uncover fake news video footage, or let criminals slip through border security unnoticed, a phenomenon called photo-morphing, that I wrote about a while go, that’s already being used in real life. It’s also not the first time that two AI’s have duelled, Google pitted two against each other recently to see who’d win, then found out the more powerful AI became aggressive and won, but that’s another story…
At the University of Toronto in Canada, Prof. Parham Aarabi and grad student Avishek Bose started by designing two AI based neural networks. One of these used the same techniques as existing facial recognition systems, to identify people in photos. The other network sought to thwart the first one, by slightly altering the aspects of those photos that were being used to identify the people.
Even simple adjustments fool facial recognition systems
“The disruptive AI can ‘attack’ what the neural net for the face detection is looking for,” says Bose, “if the detection AI is looking for the corner of the eyes, for example, it adjusts the corner of the eyes so they’re less noticeable. It creates very subtle disturbances in the photo, but to the detector they’re significant enough to fool the system.”
The two networks went back and forth for a while, each one learning what the other was doing and trying to compensate for it. What ultimately resulted was an algorithm that could be applied to photos of faces, making them nearly facial recognition-proof yet still recognisable to people who knew them.
Aarabi and Bose then tested the system on the existing so called 300-W face dataset, which consists of photos of over 600 faces covering different ethnicities, lighting conditions and environments. Without the algorithm being applied to those images, a facial recognition system was able to accurately identify almost 100 percent of the people. Once it was applied, however, that rate dropped to 0.5 percent.
It’s now hoped that the algorithm could be integrated into a publicly-available app or website that people who are concerned about their privacy could use to treat or edit their photos appropriately before posting them.
Source: University of Toronto