About Me

I am a Technology Fellow at Irish Council for Civil Liberties (ICCL) where I work on technology-policy with a focus on algorithmic decision making. Previously I was a researcher at TU Darmstadt where I worked on applied cryptography, privacy enhancing technologies (PETs) and Internet infrastructure security.

Recent Blog Posts

Template-based facial recognition

This post is an edited version of my Twitter thread from 3 November 2021.

On 2 November 2021, Facebook announced that they will delete the data and shut down the facial recognition system on Facebook.

Which data is being deleted? Facebook’s blogpost does not say that they will delete the models that were generated using the data. It also does not say that they will not use people’s image data to train models. It only says “we will delete more than a billion people’s individual facial recognition templates.” Is deleting templates enough?

What are these templates? Templates are not images. Templates are generated using images. To understand how templates fit into a facial recognition system, it can be useful to understand the different steps involved in a template-based facial recognition system [^1]. Here is a simplified version of the steps involved:

  1. Image collection: A collection of images. People upload images in Facebook. So, collection is easy.
  2. Creating templates: Using a combination of algorithms to process the collected images of a person to smooth out non-facial elements and the background.
  3. Storage: These templates are kept in a database.
  4. Template-matching algorithm (s) [^2]
  5. Identification system: Use the template matching algorithm to compare and match new images to the templates in the database to identify faces.

Sun and shade

I enjoy the sun. Not for any particular reason. I enjoy the sun just as I enjoy the clouds, the rain and the snow. They are in the nature. I enjoy them as they are.

I have many friends who place the sunlight on a pedestal. They value the sun much more than many other natural elements. They have a much more favourable view of the sunlight than the rain, for instance. This is in part because they have grown up in parts of the world where sunlight and the warmth it offers is not prevalent throughout the year. They make the most of the opportunities they get to bask under the sunlight.

Would they feel the same if the sun was beating down, day after day, without any possibility to find shade? Many who live in hotter parts of the world, especially closer to the equator experience the sun in this way. Many others, even those further away from the equator, have tasted days when the heat was too much to bear.

The sun can also be used as a metaphor as in the film A Sun (2019). The elder son, Hao, of A-Wen is brilliant. He is the sun of the family. His parents are proud of him. His brother hates him for being brilliant. He is shy, helpful and caring. People around him know that he is thoughtful. But, they have no idea what he is thinking.

He hardly puts a foot wrong. He is garnered with praises at almost all times. But, how does he feel? Does he bask in the sunlight of praises? Does he expect to be praised regularly? Is he afraid of making mistakes? His family and friends do not know the answers to these questions. Not until, they read his last message before he jumped off a building.

Hao was exposed to so much sun that he felt as if he was being burnt. Unlike many humans and non-human animals, he felt he “had no water tanks and no hiding places, but only sunlight1.” He was exposed to the uninterrupted supply of sunlight. He was not seeking a place to get tanned. The sun was hunting him down and burning him.

  1. Hao’s last message in A Sun (2019)↩︎

Father of a sun

When we are faced with situations in life that question the identity we hold close to our hearts, we sometimes distance ourselves from the event. If the event involves someone we know, then we create a story in our mind that makes the present easier to live. We avoid the wrongs and focus on the positives.

A-Wen in the 2019 film A Sun is one such person. His identity as a father is questioned when the younger of his two sons is sent to juvenile detention for accompanying a friend who chopped-off the hand of a similar-aged boy. A-Wen’s approach to continue living his life involves a mental tweak. Whenever someone asks him how many children he has, he responds confidently that he has one son. This mental tweak helps him to avoid thinking about his role as a father in the development of his younger son.

This mental tweak helps him for a few days until he faces another tragedy. One evening, the older son jumps to his death from the roof of their apartment building. His older son had been the spark in the family. Excellent student at school and high-achieving. He was shy and thoughtful. No one really knew what he was thinking about. Just that he was often deep in thought. He was the son the father was proud of.

How many sons did the father have now? He still had one son, the one he did not want to acknowledge. No mental tweak needed now. As the younger one tells one of the officers in the detention center, the older brother was brilliant. He was just brilliant. But, it does not matter anymore. Only the younger one is alive now.

A-Wen reminded me of a conversation with a friend. This friend told me how they are proud of a grand father who fixed planes. The grandfather fixed planes during the second world war. They, a pacifist, mentioned how their grandfather did not kill anyone during the war and they only fixed planes. I was struck by this line of thought. The planes were used to bomb cities. Their grandfather may not have shot anyone, but they did contribute to the apparatus that was used to kill thousands of people. Nevertheless, the belief that their grandfather had not killed anyone during the war made them proud and limited the guilt they might otherwise have felt.

Apple PSI

Earlier in August, Apple announced a technology to limit the spread of Child Sexual Abuse Material by detecting them before they are uploaded to iCloud. Child safety advocates have voiced their support for this technology while privacy advocates emphasize that this technology can be misused and there is no protection against this technology being used for other purposes by states around the world.

Many others have written about the system, how it works and the potential privacy and surveillance issues. As part of the system, Apple uses a variant of private set intersection (PSI) that when properly used can provide cryptographic privacy. I want to focus on this part of the system and whether its use provides even cryptographic privacy in this context.

PSI is a cryptographic technique where only the intersection of two data sets is revealed and nothing else about the data sets is revealed. Lets say that you and I are huge fans of Marcel Proust’s In Search of Lost Time. But, neither of us has the entire collection of seven volumes. We want to avoid embarrassing each other by mentioning Proust’s writing from the volumes that one of us has not read. We want to identify the books that both of us have read. We also don’t want to leak which other volumes we have read. For this purpose, we could run a PSI protocol to identify which volumes both of us have while not revealing anything else.

Apple PSI does something similar. In fact, it does even better. It does not even reveal the intersection, only the associated data when there is an intersection. However, I think that the assumptions required for the protocol to provide cryptographic privacy in this particular setting of Apple do not hold.

PSI protocols run between a server and a client are a specific instance of secure two-party computation (2PC), which allows two parties to run a protocol and compute a function, without revealing anything other than the outputs of the function. In the case of PSI, the output is the elements that are common among the participating entities. In the case of Apple PSI, if there are common elements between the sets held by the server and those on the client device, then the server is informed through the associated data while the elements themselves are not revealed to the server. The client receives no output.

When we run a PSI protocol, the client and server need to be available. In simpler words, both of them want to participate in the protocol at a desired time. The server and the client need to be independent and they should not collude with each other. Non-collusion is important in this discussion and it is a requirement if we are to prove any kind of security for these protocols, such as in Section 4.4 of The Apple PSI System.

Is this requirement of non-collusion satisfied in the technology proposed by Apple? The server is controlled by Apple. The client is also controlled by Apple. The end-user may be able to disable syncing with iCloud, but the end user cannot control whether or not to participate in the PSI protocol if they want to use iCloud. If the end user could control whether or not to participate in this technology, then Apple’s CSAM limiting technology will fail. So, Apple has good reasons to prevent user control. However, this also means that Apple cannot claim to provide the end user cryptographic privacy as the requirement for running PSI requires that the end-user wants to participate in the protocol and that the client does not collude with the server, which is not the case here.

Communicating around the content

It was 2007 and text messaging was in the vogue, at least where I lived. Not sending messages over instant messaging apps such as Signal or WhatsApp, but Short Message Service (SMS). This was the time when I had one of my earliest mobile phones. It did not have internet connectivity. SMS and calling were its main functions.

Sending and receiving SMSes was a habit. Some days a few tens of messages and on other days a little more than hundred messages. SMSes were not free. We were able to pay a small lump-sum to have the privilege to send a few thousand SMSes over a month.

As useful as text messages were, there were times when we had to call each other. Calls were much more expensive. For someone still in school, with no income, saving costs was the priority. So we had to figure out a way to use the calling function of our mobile phones without having to pay for them. This was possible, as long as we did not need to speak over the phone. You might wonder, what might be the use of calling without speaking. Read on.

Lets say I was to travel to a book exhibition by train with my friend Sam. Sam lives a few kilometres away from my place and we board the train at different train stations. Sam boards the train at station A and I board the train at station B. Sam wants to make sure that we board the same train so that we can have a pleasant chat during the journey. We had decided that we will board the first carriage of the train in the direction of travel. We still needed a way to make sure we do not board different trains, especially as there was one train every 5 minutes on that particular route.

As Sam boarded the train before me, we decided that Sam will give me a “missed call” when he boards the train. A missed call is an intended termination of a call before the recipient answers it. I might miss an SMS without noticing it and we wanted to save costs by not speaking when he called. The missed call was a good solution for us.

We had recognized that we can communicate more than one message through missed calls. That is, the utility of missed calls went beyond 1-bit messages. We added another variable. The length of the ring before the call was terminated. When Sam boarded the train, he would give me a missed call that was terminated after the first ring. This missed call was sufficient for me to decide when to leave home. However, it was possible that I might walk slower than expected or might have to wait to buy train tickets. This meant that another nudge from Sam about the location of the train before it arrives at station B would help me.

Sam would give me another missed call. When the train had left the station preceding station B. This time he terminated the call after two rings. The second call was to alert me that the train was nearing station A and that I should rush had I not already arrived at the platform.