Wednesday, July 07, 2021

When it comes to Biometric Tech Use in "Smart Cities" Seattle and Phoenix (Mesa) are Far Apart

You might not know it if you ever bother to take the time to read the Meeting Details for contract awards, but there's usually a phrase connected: "part of Mesa's Smart Cities Initiative".

There's a lot packed-into all that - one component is Facial Recognition.

But let's take a leap and note that there is at least one Arizona "columnist" (Jon Talton) who knows two cities first-hand: Seattle and Phoenix Metro Areas - both are homes to Amazon and Microsoft . . that's getting to the reason for uploading this post.

HEADLINE BRIEF from Smart Cities Dive

Seattle-area county say it's first US county to pass facial recognition ban

Published June 7, 2021 Maria RachalEditor

Smart Cities Dive | 2021-06-07

Facial Recognition Technology: Strong Limits Are Necessary to Protect Public Safety & Civil Liberties

Dive Brief:

King County, Washington — home to 2.3 million people in and around Seattle — will not allow government acquisition and use of facial recognition software, including by the Sheriff's office, per an ordinance the county council unanimously approved last week.

With the Seattle area being a home for tech giants and facial recognition software providers Amazon and Microsoft, the action to largely limit the category's applications is especially significant, said Brian Hofer, chair and executive director of Oakland, California-based Secure Justice, an organization that stands against government and corporate over-reach. "Symbolism does have real value ... it sends a message specifically to those companies marketing this technology that at least there in the county, a [significant] portion of the community does not want this technology to be used," Hofer said.

===============================================================

INSERT

China's Artificial Intelligence Surveillance State Goes Global - The Atlantic

Financial Times
China's proliferating smart city technology
Plus, the FT's global China editor, James Kynge, reports on how China's smart city surveillance technology is being used around the world, and ...
3 weeks ago

The Smart 5G City Means Permanent Surveillance and Risk

https://foreignpolicy.com › 2021/04/17 › smart-cities-surv...

Apr 17, 2021 — Becoming “smart” typically involves harnessing troves of data to optimize city functions—from more efficient use of utilities and other services to ...

Dive Insight:

Facial recognition systems can in part analyze surveillance images to enable law enforcement or other actors to identify individuals. But despite the possible contributions of such capabilities in criminal investigations, the technology prompts invasion of privacy concerns. . .

Minimal guardrails exist at the state or federal level, and local jurisdictions have increasingly taken matters into their own hands.

In King County, "The use of facial recognition technology by government agencies poses distinct threats to our residents, including potential misidentification, bias, and the erosion of our civil liberties," said Councilmember Jeanne Kohl-Welles, who sponsored the legislation, in a statement. "The use or misuse of these technologies has potentially devastating consequences which the new ordinance will help to prevent."

The King County decision came about two weeks after Amazon said it would extend a moratorium on police use of its facial recognition software indefinitely. Amazon last June put in place a one-year moratorium.

Recognizing the debates happening in localities across the country, the National League of Cities (NLC) issued a report earlier this year with information regarding how cities might approach the use and regulation of facial recognition technology.

"[M]any cities across the country are wrestling with the decision on how they approach it. Especially in the absence of federal guidance, cities and counties are really left to regulate the use themselves," said Brooks Rainwater, senior executive of NLC's Center for City Solutions. "We're in support of cities looking at the scope of facial recognition and deciding whether this is a tool that should be used in their community, or on the flip side whether or not it should be banned from either municipal use or all uses within that city." NLC does not take its own stance on whether or not a city ought to employ the technology.

King County's limitations on the technology, like most other localities that have taken action, does not cover private use of the technology. On the opposite coast, Baltimore is now considering a ban similar to Portland, Oregon's that could prohibit private use. The Security Industry Association, which counts Microsoft among its members, is speaking out against the scope Baltimore is proposing.

The debate has also elevated to the state level. Massachusetts passed a series of statewide restrictions in May on how police can and cannot use the technology in criminal investigations, and a bill is currently moving through Maine's state legislature that would limit the technology's use by state and local law enforcement.

Federal action may be on the horizon as well.

Sen. Jeff Merkley, D-Ore., last year helped introduce multiple pieces of legislation that would respectively establish a moratorium on the federal government's use of the technology until Congress outlines specific uses for the data; rescind federal support from state and local law enforcement entities using biometric technology; and prohibit private companies from "harvesting or profiting from" customer or employee biometric data without permission.

Merkley has plans to reintroduce the Facial Recognition and Biometric Technology Moratorium Act, which was brought forth last June but did not make it to a vote, Morning Brew reported on Friday.

NEW DEPARTMENT OF DEFENSE MODERNIZATION: Joint Warfighter Cloud Capability

A controversial IDIQ contract got terminated

Pentagon kills Microsoft’s $10B JEDI cloud contract, says tech is now outdated

Amazon's legal stall tactics seem to have paid off.

Tim De Chant - 7/6/2021, 1:52 PM

"Following years of controversy and intrigue, the Pentagon canceled its JEDI cloud computing contract with Microsoft today.

Microsoft was awarded the contract in October 2019, but work stalled as Amazon, the other finalist, mounted a legal challenge. Now, the Department of Defense has scrapped the entire project, saying that it’s out of date.

“The Department has determined that, due to evolving requirements, increased cloud conversancy, and industry advances, the JEDI Cloud contract no longer meets its needs,” a Pentagon spokesperson said in a statement. . ."

____________________________________________________________________________

Update 5:40 pm EDT: Microsoft and Amazon have both commented on the nixed contract.

"We understand the DoD’s rationale, and we support them and every military member who needs the mission-critical 21st century technology JEDI would have provided," Toni Townes-Whitley, Microsoft's President of US Regulated Industries, wrote in a blog post.

"The DoD faced a difficult choice: Continue with what could be a years-long litigation battle or find another path forward. The security of the United States is more important than any single contract, and we know that Microsoft will do well when the nation does well. Because the security of the United States through the provision of critical technology upgrades is more important that any single contract, we respect and accept DoD’s decision to move forward on a different path to secure mission-critical technology."

Amazon had a different take on the matter, of course. “We understand and agree with the DoD’s decision," an AWS spokesperson said to Ars. "Unfortunately, the contract award was not based on the merits of the proposals and instead was the result of outside influence that has no place in government procurement. Our commitment to supporting our nation’s military and ensuring that our warfighters and defense partners have access to the best technology at the best price is stronger than ever. We look forward to continuing to support the DoD’s modernization efforts and building solutions that help accomplish their critical missions.”

==========================================================================

New GAO Report via Techdirt/WaPo: Use of Facial Recognition Tech Deserves Some Actual Oversight

A source for reliable information with some unexpected findings -

Federal Watchdog Finds Lots Of Facial Recognition Use By Gov't Agencies, Very Little Internal Oversight

(Mis)Uses of Technology

from the getting-a-real-'Wild-West'-vibe-from-this dept

Tue, Jul 6th 2021 6:15am — Tim Cushing
> Facial recognition tech remains controversial, given its tendency to produce false positives and send cops after the wrong people.

> Private companies offering even sketchier tech than what's already in use (looking at you, Clearview) have made everything worse.

The upside is this state of affairs has prompted at least one federal government oversight entity to do some actual oversight. The Government Accountability Office (GAO) has released its report [PDF] on federal agencies' use of facial recognition tech and it contains a couple of surprises and, unfortunately, several of the expected disappointments. (via the Washington Post)

Proving You're You: How Federal Agencies Can Improve Online Verification | WatchBlog: Official Blog of the U.S. Government Accountability Office For instance, while we expect law enforcement agencies like the FBI, DEA, ATF, and TSA to use facial recognition tech, the report notes that a total of 20 agencies own or use the tech. That list also includes some unexpected agencies, like the IRS, US Postal Service, the FDA, and NASA.

There's also a surprising number of Clearview users among federal agencies, which seems unwise given the company's history for being sued, investigated, exposed as dishonest, and just kind of terrible in every way. Of the 20 agencies that admitted using this tech, ten have used or have contracts with Clearview, outpacing other third-party offerings by a 2-to-1 margin.

What are these agencies using this tech for? Mainly criminal investigations. . .This includes people who may have committed criminal acts during last summer's nationwide anti-police violence protests.

GAO's new list of troubled federal programs is longer than ever - The Washington Post One of the agencies on this list is the US Postal Inspection Service, which used Clearview to identify suspects who damaged USPS property or stole mail. The US Capitol Police also used Clearview to "generate leads" following the January 6th attack on the US Capitol.

That's what's known. There's a lot that's unknown, thanks to federal agencies apparently not caring who's doing what with whatever facial recognition tech they have access to.

Thirteen federal agencies do not have awareness of what non-federal systems with facial recognition technology are used by employees. These agencies have therefore not fully assessed the potential risks of using these systems, such as risks related to privacy and accuracy. Most federal agencies that reported using non-federal systems did not own systems. Thus, employees were relying on systems owned by other entities, including non-federal entities, to support their operations.

Yay! Your federal tax dollars at work putting citizens at risk of being misidentified right into holding cells or deportation or whatever. The less you know, I guess. . .

Then there's mind-boggling stuff like this:

Officials from another agency initially told us that its employees did not use non-federal systems; however, after conducting a poll, the agency learned that its employees had used a non-federal system to conduct more than 1,000 facial recognition searches.

The line between "we don't do this" and "we do this pretty much nonstop" is finer than I thought.

The CBP, which has used this tech for years, says it's still "in the process of implementing a mechanism to track" use of non-federal facial recognition systems for employees. So far, the CBP has come up with nothing better than hanging up a couple of clipboards. . .

In addition to being careless and cavalier about the use and deployment of unproven tech, the sullen shrugs of these thirteen government agencies are also possibly admissions of criminal activity.

When agencies use facial recognition technology without first assessing the privacy implications and applicability of privacy requirements, there is a risk that they will not adhere to privacy-related laws, regulations, and policies. There is also a risk that non-federal system owners will share sensitive information (e.g. photo of a suspect) about an ongoing investigation with the public or others.

Government Accountability Office - Wikipedia The GAO closes its depressing report with 26 recommendations -- thirteen of them being "start tracking this stuff, you dolts."

The second -- which makes two recommendations per failing federal agency -- is to assess the risks of the tech, including possible violations of privacy laws and the negative side effects of these systems misidentifying people.

There's no good news in this report.

Agencies are using unproven, sometimes completely unvetted tech without internal or external oversight. They've rolled out these programs well ahead of required Privacy Impact Assessments or internal tracking/reporting measures in place. The only pleasant surprise is that this hasn't resulted in more false arrests and detainments. But that definitely can't be attributed to the care and diligence of agencies using this tech because the GAO really wasn't able to find much evidence of that. But this does put the issue on the radar of Congress members who haven't been paying much attention to this tech's drift towards ubiquity.

Filed Under: 4th amendment, accountability, facial recognition, federal government, gao, oversight, surveillance