The Cybersecurity 202: Maryland scored a win using facial recognition software in Annapolis shooting

|     Derek Hawkins, The Washington Post     |

POLICE responding to the mass shooting at the Capital Gazette newspaper in Annapolis faced a perfect storm of problems when they took the suspected gunman into custody: The man had no identification, he wouldn’t speak to investigators, and a fingerprint database wasn’t producing results.

But they had a backup plan: Investigators ran his photo in Maryland’s state-of-the-art facial recognition database. The system quickly returned a match.

The case appears to represent a highly successful deployment of the controversial technology, saving investigators critical time as they scrambled to identify a suspect and find out whether he was working alone. And it could boost arguments from law enforcement in favour of facial recognition at a time when systems such as Maryland’s have fallen under intense criticism from privacy advocates and civil rights groups who say they could be used to surveil innocent people or reinforce racial profiling. Proponents of the technology will surely point to it as a compelling example of the value such systems could offer police departments.

“This sensational case will probably awaken and create an awareness that will bring a lot more attention” to facial recognition systems among law enforcement agencies that haven’t adopted them, said a former lieutenant commander with the New York City Police Department’s cold case squad Tom Joyce.

“It’s an extremely progressive idea, and it’s really important to the investigation to accelerate the case,” said Joyce, now vice president of Vigilant Solutions, which offers facial recognition services and other digital tools to law enforcement agencies. “You don’t know if he’s working alone. You don’t know if he’s got other victims. And you want to rapidly bring those to resolution. This was a great application of that.”

A makeshift memorial outside the Capital Gazette’s office. – WP-BLOOM

Maryland police were able to identify the man they say fatally shot five Capital Gazette staff members on Thursday by feeding his picture into the Maryland Image Repository System, or MIRS, as my colleague Justin Jouvenal reported. The system uses algorithms to scan for a match across tens of millions of images from driver’s licences, offender photos and mug shots from an FBI database.

Police officials said facial recognition was their best option for identifying the alleged shooter, Jarrod Ramos, after the fingerprint database was slow to return a hit. In a news conference the morning after the shooting, Anne Arundel County Police Chief Timothy Altomare acknowledged the state’s system had “come under fire from civil libertarians”, but said the investigation would otherwise have taken “much longer”.

“It was a huge win for us last night and thus for the citizens of Anne Arundel County,” Altomare told reporters.

“The facial recognition system performed as designed,” Secretary of Maryland’s Department of Public Safety and Correctional Services (DPSCS) Stephen T Moyer told Justin in a statement. “It has been and continues to be a valuable tool for fighting crime in our state.”

But critics of the technology say not every case is as straightforward as this one. They also note that facial recognition systems tend to misidentify African Americans more often than whites and could allow police to conduct real-time surveillance against people not suspected of crimes.

“While the method seems to have performed well in Ramos’ case, there are still significant civil liberties concerns around the way police use MIRS,” wrote Russell Brandom of The Verge. “Police are supposed to remove people who were arrested but found innocent, but since the system is rarely audited, it’s hard to say if that’s actually happening. There are also racial justice concerns, given racial disparities in rates of arrests, compounded by higher error rates for African Americans in many facial recognition algorithms.”

In the wake of the shooting, Samuel Sinyangwe, a prominent racial justice activist and data scientist, pointed out there are few checks on how police use systems such as Maryland’s:

Samuel Sinyangwe tweeted “Note that half of all US adults are in facial recognition databases and there is very little oversight, testing for accuracy, or limits on how police use this software.”

And the Electronic Frontier Foundation, a digital rights organisation, said that even flawless facial recognition would bring major privacy concerns, tweeting “Let’s say facial recognition improves-that it produces correct matches 100 per cent of the time. Then what? Well, it means we can’t walk around ‘without the government knowing who we are, where we are, and who we’re talking to’, explained EFF’s Jen Lynch.”

Meanwhile, Clint Watts, a former FBI agent and senior fellow at George Washington University’s Center for Cyber and Homeland Security, wondered why police couldn’t have identified the suspect through other means, tweeting “Maybe there’s an investigative reason I’m not aware of, but if suspect has gone to this level of effort to hide his identity, facial recognition might be tougher than one thinks. Particularly if he’s not on social media.” – WP-BLOOM