What happens when biometrics meet the Divine?
Image: Flickr/Louis Berk
Dozens of churches in the United States and around the world are using facial recognition software to track their members, according to the company that's selling them the software to do it.
Moshe Greenshpan is the founder and CEO of Skakash, an Israeli company that aims to provide churches with a program called Churchix to scan everyone who walks through their holy halls. The program was covered in a VentureBeat interview with Greenshpan back in February, and enjoyed a string of recent coverage in European outlets like Der Spiegel and The Times. It sounded wild, so I called Greenshpan to find out more.
But, when I asked Greenshpan in our interview if he could provide the names of some of his clients so that I could speak with them about their use of facial recognition, he was reticent—a theme that would develop throughout our conversation as he refused to confirm numerous details about his operation.
"I can tell you in general that churches also don't like to be described as privacy invaders," Greenshpan told me. "Most of them would like to keep this confidential. We try to encourage churches to make Churchix more visible, so it will become like a checkpoint for registration. Of course, so far we haven't had great success in doing that."
"One of the churches also uses Churchix to identify criminals and sex offenders"
The idea behind Churchix is to keep track of which congregation members are attending services and events. It works like this: When a new member of a congregation is registered, he or she will be asked to provide a file photo, which is fed into the church's local database. Churchix then extracts identifying facial features from this photo. From there, the software is also hooked up to cameras streaming live video, or pre-recorded video can be used.
The program matches people in the video to their reference photos, and, Greenshpan claims, under optimal conditions the software can reach 99 percent accuracy. It's a bold claim; if true, that number rivals Google's and Facebook's facial recognition software, which respectively clock in with 99.63 and 97.25 percent accuracy.
According to Greenshpan, at least one church used Churchix for purposes other than making sure members are in their pews come Sunday morning.
"One of the churches also uses Churchix to identify criminals and sex offenders," Greenshpan said. "They have a problem in their vicinity, in the neighbourhood, with sex offenders, and they were able to identify two criminals using it. Churchix allows you to enroll any person. What they did was enroll a list of suspects—criminals—their photos, and that's how Churchix identified them." Greenshpan declined to provide further details.
This kind of activity is concerning, Jennifer Lynch, an attorney specializing in biometrics at the Electronic Frontier Foundation, told me in an interview. Not just because of the creepiness of being spied on in a house of worship, but because Churchix may be significantly less accurate under non-optimal conditions—in other words, real life.
"We know that most face recognition is highly inaccurate in uncontrolled lighting conditions and uncontrolled angles of view," Lynch said. "There could be a case of many false identifications, and in the case of Churchix, we don't know what churches are doing with that data. Are they reporting it to the police? We could have people being falsely identified as sex offenders."
Watch more from Motherboard: The Electrophobes
Policymakers are playing catch-up with biometric surveillance, despite the fact that facial recognition technology is proliferating across the world. It's currently in use by law enforcement and private companies —even music festivals are scanning the faces of their molly-popping attendees. Even so, Lynch said there are just two US laws, on the books in Illinois and Texas, that regulate how commercial ventures use the technology.
But a church using facial recognition? That's a whole other question entirely, according to Ben Sobel, an undergraduate researcher and incoming Google Policy Fellow at the Georgetown University Center on Privacy and Technology. Sobel penned an article last week for the Washington Post on the legality of facial recognition tech.
"The laws that I'm looking at from 2008 and 2009 are explicitly directed towards commercial uses," Sobel said. "I don't know if or how the game is changed when a church is using it."
"Churches have been off the radar"
As far as churches using facial recognition goes, Lynch said, a church using the technology would pose a challenge to privacy advocates because of how novel it would be.
"As privacy and consumer advocates, we'd been addressing these other, commercial situations—like the retail environment—so we've developed models for how we think face recognition companies should address data collection," Lynch said. "But churches have been off the radar."
Of course, there is the question of how legit Churchix really is. The program is a spin-off of a division of Skakash called Face-Six, a facial recognition suite marketed toward casinos and cops. Other companies, like Face First, also supply commercial face recognition tech to these markets. According to the February VentureBeat profile, Face-Six's early customers included one of the largest casinos in Asia, and an "Israeli security organization."
Again, the names of these clients aren't listed on Face-Six's site. Greenshpan told me that he wiped them from the site because many wished to remain anonymous to avoid getting embroiled in a privacy controversy. Greensphan would not divulge the names of his Face-Six clients when I asked, either.
Many questions remain about Churchix and Greenshpan's company: How effective is their software, really? Who is using it, exactly? Greenshpan even refused to divulge the software's price when I asked, opting to merely say "a few thousand."
But, based on what we do know about the state of biometric privacy law in the US, it's at least worth hazarding a guess as to what handing facial recognition to your neighbourhood church might result in: a bonafide privacy mess.