Fujitsu Tech Can Track Heavily Blurred People In Security Videos

itwbennett writes Fujitsu has developed image-processing technology that can be used to track people in security camera footage, even when the images are heavily blurred to protect their privacy. The company says that detecting the movements of people in this way could be useful for retail design, reducing pedestrian congestion in crowded urban areas or improving evacuation routes for emergencies. An indoor test of the system was able to track the paths of 80 percent of test subjects, according to the company.

LOL@ Use-case

[SeaFox]

Like any retailer would be interested in protecting the privacy of their shoppers identity while still wanting to track them.

Re:LOL@ Use-case

[rmdingler]

According to TFA, Fujitsu was forced to scale back A large, long-term facial recognition study it was planning to carry out at Osaka Station because of privacy concerns.

They seem to have several plausible shopper-related motives for tracking people, sort of like in Minority Report, but it doesn't take a Nobel-worthy leap of the imagination to see where this technology might be used to further eradicate personal privacy.

Re:LOL@ Use-case

[lkcl]

actually i worked for a company that provided path information (it's really really important) and privacy was absolutely key. they went to a lot of trouble in the design of the software so that, if they were ever compelled, even by a court order, to "identify individual X", they would LITERALLY be unable to comply and, to avoid contempt of court, would need to go to some technical lengths to explain why. they didn't use images (because they don't work) - instead they used GNURadio to do GSM passive decoding and signal-strength detection. and no, you *can't* track the person themselves, nor can you get their telephone number, nor can you decode their phone conversations, nor can you decode their SMS messages (not "and track 1000s of phones on affordable commodity off-the-shelf hardware at the same time"). they also track bluetooth and wifi, but again, the mac addresses are hashed (with salting) *before* being stored on disk. the reason for this kind of paranoia is really really simple: they ABSOLUTELY DO **NOT** wish to be involved in privacy and identification issues. it would destroy their reputation. so they made damn sure it simply could not happen, even if they were compelled by a court order.

anyway - first important thing: the definition of a "path" (and why it's critical). a "path" is, as the word suggests, the places that an individual goes to, and how they got there, how long it took, and how long and where they were stationary. key factors critical for shopping mall owners to be able to provide to their retailers: (1) how many unique shoppers went into *their* store (broken down by time and date is also helpful). (2) how long each unique shopper spent in their store. (3) also useful to know is where they went *before* going to another store. it's therefore necessary to weed out "passers-by", and duplicates (losing the path then picking it up as a *separate* person, repeatedly) is *especially* bad as it completely mucks up this all-important information that the retailers, it turns out, really really like to have once they know it's available.

think about it: this information is really, really important. in attracting retailers, without this equipment (or anything like it), the conversation is "come to our retail park, we have 6 million visitors a year". the retailer isn't interested in that. *with* the equipment (or anything like it), the conversation goes further, "and the unit we would like to interest you in gets 15,000 unique visitors per day if occupied by someone with your type of retail profile, especially because there's a macdonalds / starbucks within 100 / 50 metres and we know that that gets better numbers for you". *that's* powerful stuff, and it allows the shopping mall management to pick (and test, and research) interesting combinations of retailers that will make the whole mall a lively and attractive place to be, instead of being boring, half-empty of both retailers and customers (the other half being tired, stressed and exhausted), and doing a dis-service to everyone who bothers to go there.

so anyway i had to be up on the "competition" so to speak, because we frequently got questions coming in from clients being pitched the "visual tracking" technology.

first flaw in visual tracking technology: balloons, signs, pigeons, dogs, baby strollers - anything that moves in uncontrollable ways that is big enough to block people: you're hosed. pigeons etc. are fun because they randomly block out huge areas directly in front of the camera if they get close enough. even "other people" is enough to block "other people". even identifying "people" from children, babies, animals - this is hard enough as it is and requires enormous CPU resources... the number of people in some of these malls is *enormous* - tens to hundreds of thousands.

second flaw in visual tracking technology: it's intrusive. put a camera in a shopping mall and people automatically get edgy. it changes their "behaviour", which is precisely what you do not want. the last thing you want in

Re:LOL@ Use-case

[disambiguated]

instead they used GNURadio to do GSM passive decoding and signal-strength detection. and no, you *can't* track the person themselves, nor can you get their telephone number, nor can you decode their phone conversations, nor can you decode their SMS messages (not "and track 1000s of phones on affordable commodity off-the-shelf hardware at the same time"). they also track bluetooth and wifi, but again, the mac addresses are hashed (with salting) *before* being stored on disk.

I think it would still be possible to deanonymize that path data. If you make a credit card purchase, the information about time and place of the credit transaction can be associated with whatever id you use hashed or not. The path data has information that someone was standing at the cash register at that time and place. With the credit card information (or even just loyalty card information) you know who it was and can associate that with the entire path through the mall. Similarly, if they walk past a Starbucks and their smartphone associates with their WIFI, now if you have access to Starbuck's information you can deanonymize it from that. Or it could be deanonymized with the security cameras.

I don't see then how it could be subpoena-proof if you store the actual path, regardless of however you anonymize it. They can subpoena your data together with other data to get what they want.

Re:LOL@ Use-case

[lkcl]

I think it would still be possible to deanonymize that path data. If you make a credit card purchase, the information about time and place of the credit transaction can be associated with whatever id you use hashed or not.

you're assuming that the data collection rate is of the order of seconds. if you check the GSM spec for cell tower ping times, make some educated guesses on average phone usage including SMS, GPRS and call usage, and so on - bear in mind that this is a *passive* system as it is illegal to interfere with mobile phone operation - and also bear in mind that the positional accuracy is somewhere around a 20 metre radius - and then think about the number of people in any one store i think you'll find that statistically speaking the argument that you present falls completely flat.

the technology that the company i worked for is pretty cutting edge for innovation, but it is definitely pushing the limits of reasonably affordable off-the-shelf equipment that a shopping mall retail centre is prepared to pay, in order to obtain access to the kind of reports that it provides.

sure you could put in equipment that costs $250,000 per monitoring station, you could then have accuracy of 0.5 metres, you could get cell tower operator licenses (or other agreements) and do man-in-the-middle attacks which would get you the information presented in the argument that you give, but aside from the fact that no retail centre would ever pay for such ultra-expensive equipment in the first place the very fact that it *was* capable of getting them involved in court cases would actually *deter* them from buying it!

think, please. _why_ would a shopping centre manager make the *deliberate* decision to spend money that could cost them both retailers and shoppers if there was a disastrously-bad publicity report (either in the news or from another Snowden-style leak) which implicated them in privacy invasions?? it just doesn't add up, does it?

so ironically the inaccuracy of the off-the-shelf (GNURadio-based) equipment is a selling point (insufficient accuracy and data collection rates to be used to violate individual privacy) whilst at the same time being just sufficient to provide the kinds of large-scale statistical reports that the retailers need... and no more.

Re:LOL@ Use-case

[disambiguated]

Well, I still think the data can be deanonymized. I don't need to make any assumptions other than what you've told us.

the places that an individual goes to, and how they got there, how long it took, and how long and where they were stationary. key factors critical for shopping mall owners to be able to provide to their retailers: (1) how many unique shoppers went into *their* store (broken down by time and date is also helpful). (2) how long each unique shopper spent in their store. (3) also useful to know is where they went *before* going to another store.

Even if the time resolution is 5 minutes, and the spacial resolution is only enough to identify which stores I visit, that is enough to identify me. If I go to the mall, stop by and get a coffee, wander around for a while, then make another purchase in another store, using my credit card both times, I may very well be the only person who made purchases at those two stores within a 5 minute window at each store. Each purchase makes it more likely to be unique. Now if I put on dark glasses and a baseball cap and stop by Victoria's Secret to buy some lingerie for my mistress, with cash, it's possible to link that to me via your path data.

It isn't the path data per se that is identifying me -- it's a combination of that and other data. It doesn't have to be credit card data, like I said. It could be wifi, loyalty cards, security cameras, even witnesses... anything that can associate me uniquely with one of your paths. And it doesn't even have to be unique, just narrowing it down to a handful of people is useful to law enforcement.

Don't get me wrong: It sounds like you and the company you worked for care about privacy and did everything you could to protect it. That's commendable. And it sounds like you did a good job. (Plus I think it's cool you used GNU Radio.)

It's also commendable that you understand the conflict of interest. The retailers would like to have better spacial and temporal resolution: they'd like to know which aisles people walk down, what displays they stand in front of and for how long, etc. The retailers will ask for that and if you don't provide it someone else will. So there will always be pressure to make it more useful. But the more useful it is to retailers, the more useful it is to anyone else who might try to get access to it, whether it be through hacking or subpoena.

I am skeptical whenever I hear "don't worry, we've anonymized the data." I've seen too many ways that data can be deanonymized, and I'm not a professional data miner or forensic hacker, so I don't know what other devious methods there might be that I've never heard of and would never occur to me. The key point is that as long as you store the path itself then anything that can link me to part of it can link me to all of it. The only way to avoid that would be to obliterate the path data and only store aggregate information (averages, sums, etc.)

I'm pretty consistent

[Snotnose]

My path through the grocery store is pretty consistent. Wander through produce looking for what I need. Beeline to the back wall, where the meat is. Head to eggs/dairy, next to the meat. Hang a 180, down the frozen foods aisle, hang a left, where the deli is for my meat and cheese for the week. Do a 180, head to the checkout.

Every other month or so I need something like fish sauce, olive oil, etc, and then they can track me wandering aimlessly down the aisles, if they had microphones they'd hear me muttering "dammit, why don't they label the aisles better" and "dammit, where's the damned kimchi"

Staples like tomato sauce, chicken stock, etc are bought a couple times a year at Costco.

Re:I'm pretty consistent

[CaptainDork]

Actually, we knew that already using our video tracking system.