Two minutes after the glass door of the Capital Gazette newspaper in Annapolis, Maryland, was blasted by a shotgun round, and five newspaper employees were killed, police had the alleged shooter in custody.
But they had a problem when they took him in for questioning. He had no identification, he would not talk to police and his fingerprints returned no results from any database.
Police were stumped, but then investigators thought to put the mystery gunman’s photo into the state’s new facial recognition system. In a matter of minutes, the alleged shooter was identified as Jarrod Ramos, a man who had previously sued the paper for its coverage of his arrest and conviction on stalking charges a few years earlier.
While Ramos’ trial is still months away, the successful use of computer technology to confirm a murder suspect’s identity made it clear that facial recognition systems have reached the point where they can perform reliably enough to identify a random person fairly reliability.
What’s equally important is that this is one form of biometric technology that doesn’t require a lot of expensive hardware to implement nor does it require direct interaction of an individual with a card reader, biometrically-control door lock or similar technology.
Those two characteristics make it ideal as a way to improve corporate security in some specific ways while making it possible to sidestep the privacy concerns that surround government use of such technology. In many companies the implementation of facial recognition can be accomplished with little more than some software and a cloud account that includes access to artificial intelligence with image processing capability.
Finding such support isn’t particularly difficult. IBM focuses on exactly that capability with the IBM Cloud and Watson. Amazon, Google and Microsoft also have been perfecting such capabilities. In fact, Microsoft and Amazon have been catching heat from their own employees who fear that the technology is so good it will lead to privacy issues if the technology is sold to government and law enforcement agencies.
This technology could be used to bolster corporate and data center security systems by using existing surveillance cameras as part of a biometric security system. Chances are that you’ve already instituted some form of access control for sensitive areas in your company. These controls may include digital combination locks, smart cards or perhaps fingerprint readers. You may already have more than one of those access control methods.
But each of those systems requires a physical interaction with the person trying to gain access. If that person somehow gets past your perimeter security, then what? This is where facial recognition can help out.
Businesses that have access controlled areas, such as their data center, usually have some form of video surveillance. These may be cameras monitored by the building security team or someone else with responsibility for physical security. Those cameras are usually configured to watch the entry and exit of staff and visitors. They watch sensitive areas such as the machine room in your data center, hallways, and the areas near and within your sensitive compartmented information facility (SCIF).
While these cameras can watch for obvious criminal activity, such as the theft of computers, anything beyond that depends on the ability of people who might be doing the monitoring in real time to recognize the people in the image. But it’s unlikely that a person can reliably do this anywhere but in the smallest company.
This is where facial recognition comes in. You probably have photos of your employees in your human resources database and you’ve probably put them on your employee security badges. If so, you have the data you need for a facial recognition system that can confirm that anyone it sees is actually an employee with a need to be in the secure spaces of your corporate facilities.
While facial recognition isn’t perfect, in this use it doesn’t need to be. Your goal is to confirm that the people in your offices or data center are company employees with proper access. This doesn’t require a huge database even for a big company, and if there’s an occasional false identification, you have a security staff to resolve it.
There are no privacy issues as long as the surveillance is kept to areas that need to be secure. The acceptance of the surveillance cameras and facial recognition capabilities can be a condition of employment, just as is the case for fingerprint readers, iris scanners or other biometric readers.
Of course there will be some development involved. Your IT shop may be able to do this, or you may need to bring in a consultant who has the background to tie your employee photos to a facial recognition AI system. But the major vendors of facial recognition systems already have the APIs available, so it’s not an insurmountable task. In fact, enough organizations have been implementing cloud-based facial recognition that there may be open-source applications for your chosen cloud service.
The events in Annapolis demonstrated that facial recognition is in fact available and that it works. You still can’t use it to scan crowds to identify everyone there, but you don’t need to do that. All you need to do is recognize a few score or a few thousand employees with a need for access.