The Bright and Dark Sides of Computer Vision:
Challenges and Opportunities for Privacy and Security
(CV-COPS 2019)

Long Beach, CA — Sunday June 16, 2019

In conjunction with the 2019 IEEE Conference on Computer Vision and Pattern Recognition

Overview

Computer vision is finally working in the real world, but what are the consequences on privacy and security? For example, recent work shows that vision algorithms can spy on smartphone keypresses from meters away, steal information from inside homes via hacked cameras, exploit social media to de-anonymize blurred faces, and reconstruct images from features like SIFT. Vision could also enhance privacy and security, for example through assistive devices for people with disabilities, phishing detection techniques that incorporate visual features, and image forensic tools. Some technologies present both challenges and opportunities: biometrics techniques could enhance security but may be spoofed, while surveillance systems enhance safety but create potential for abuse.

We need to understand the potential threats and opportunities of vision to avoid creating detrimental societal effects and/or facing public backlash. Following up on last year's very successful workshops at CVPR 2017, and CVPR 2018, this workshop will continue to explore the intersection between computer vision and security and privacy to address these issues.

Call for Papers and Extended Abstracts

We welcome original research papers and extended abstracts on topics including, but not limited to:

  • Computer vision-based security and privacy attacks
  • Biometric spoofing, defenses and liveness detection
  • Impact of ubiquitous cameras on society
  • Captchas and other visual Turing tests for online security
  • Privacy of visual data
  • Privacy-preserving visual features and representations
  • Reversibility of image transformations
  • Secure/encrypted computer vision and image processing
  • Wearable camera privacy
  • Attacks against computer vision systems
  • Copyright violation detection
  • Counterfeit and forgery detection
  • Privacy implications of large-scale visual social media
  • Other relevant topics


Research papers should contain original, unpublished research, and be 4-8 pages (excluding references). Research papers will be published in the CVPR Workshop Proceedings and archived on IEEE eXplore and the Computer Vision Foundation websites.

Extended abstracts about preliminary, ongoing or published work should be up to 2 pages (including references). Extended abstracts will be published and archived on this website.

All submissions should be anonymized and will undergo double-blind peer review. Papers and abstracts must be formatted according to the CVPR guidelines and submitted via the Conference Management Toolkit website. Accepted submissions will be invited for oral or poster presentation at the workshop.

Full Paper Submission Deadline: March 28th (firm deadline - no extensions possible).
Full Paper Author Notification Date: April 15th.
Full Paper Camera Ready Deadline: April 18th.
Extended Abstract Submission Deadline: April 12th.   April 14th.

Invited Speakers

Nicolas Papernot

Nicolas Papernot
Google Brain, Vector Institute

Emiliano De Cristofaro

Emiliano De Cristofaro
University College London

Suman Jana

Suman Jana
Columbia University

Program

  • 7:30 - Breakfast
  • 8:55 - Welcome
  • 9:00 - Invited Talk: Membership and Property Inference Attacks against Machine Learning Models, Emiliano De Cristofaro (UCL)
  • 9:40 - Oral Presentations
    • RRU-Net: The Ringed Residual U-Net for Image Splicing Forgery Detection (poster #131)
      Xiuli Bi, Yang Wei, Bin Xiao, Weisheng Li
    • Bag-of-Lies: A Multimodal Dataset for Deception Detection (poster #132)
      Viresh Gupta, Mohit Agarwal, Manik Arora, Tanmoy Chakraborty, Richa Singh, Mayank Vatsa
  • 10:10 - Coffee Break
  • 10:45 - Oral Presentations
    • Privacy-Preserving Action Recognition using Coded Aperture Videos (poster #133)
      Zihao Wang, Vibhav Vineet, Francesco Pittaluga, Sudipta Sinha, Oliver Cossairt, Sing Bing Kang
    • AnonymousNet: Natural Face De-Identification with Measurable Privacy (poster #134)
      Tao Li, Lei Lin, Fengqing Maggie Zhu, Chris Clifton
    • Privacy-Preserving Annotation of Face Images through Attribute-Preserving Face Synthesis (poster #135)
      Sola Shirai, Jacob Whitehill
    • Privacy Preserving Group Membership Verification and Identification (poster #136)
      Marzieh Gheisari, Teddy Furon, Laurent Amsaleg
    • DP-CGAN : Differentially Private Synthetic Data and Label Generation (poster #137)
      Reihaneh Torkzadeh Mahani, Peter Kairouz, Benedict Paten
  • 12:00 - Lunch
  • 13:30 - Invited Talk: Towards formally verifying neural networks, Suman Jana (Columbia University)
  • 14:10 - Poster Session: Extended Abstracts
    • Decentralized Learning of GANs from Multi-Client Non-iid Data [pdf] (poster #138)
      Ryo Yonetani, Atsushi Hashimoto, Yoshitaka Ushiku
    • On the Robustness Human Pose Estimation [pdf] (poster #139)
      Naman Jain, Sahil H Shah, Abhishek Sharma, Arjun Jain
    • Blind Visual Motif Removal from a Single Image [pdf] (poster #140)
      Amir Hertz, Sharon Fogel, Rana Hanocka, Raja Giryes, Daniel Cohen-Or
    • Towards Self-Enforcing Privacy Protection for Surveillance System [pdf] (poster #141)
      Kok Seng Wong, Anuar Maratkhan, Tu Nguyen, Fatih M Demirci
    • VizWiz-Priv: A Dataset for Recognizing the Presence and Purpose of Private Visual Information in Images Taken by Blind People [pdf] (poster #142)
      Danna Gurari, Chi Lin, Yinan Zhao, Anhong Guo, Abigale Stangl, Jeffrey Bigham
    • Hiding in Plain Strokes: Handwriting and Applications to Steganography [pdf] (poster #143)
      James Hahn, Adriana Kovashka
    • Reconstructing Network Inputs with Additive Perturbation Signatures [pdf] (poster #144)
      Nick Moran, Chiraag Juvekar
    • Image Obfuscation with Quantifiable Privacy [pdf] (poster #145)
      Liyue Fan
    • Knockoff Nets: Stealing Functionality of Black-Box Models [pdf] (poster #146)
      Tribhuvanesh Orekondy, Bernt Schiele, Mario Fritz
    • On the Sensitivity of Adversarial Robustness to Input Data Distributions [pdf] (poster #147)
      Gavin Weiguang Ding
    • Secure Face Matching Using Fully Homomorphic Encryption [pdf] (poster #148)
      Vishnu Boddeti
    • MaxEnt-ARL: Mitigating Information Leakage in Image Representations [pdf] (poster #149)
      Proteek Roy, Vishnu Boddeti
    • Understanding Adversarial Robustness Through Loss Landscape Geometries [pdf] (poster #150)
      Joyce Xu, Dian Ang Yap, Vinay Uday Prabhu
    • Detection of Adversarial Inputs through Entropy of Saliency Maps [pdf] (poster #151)
      Dian Ang Yap, Joyce Xu, Vinay Uday Prabhu
    • Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning [pdf] (poster #152)
      Ahmed Salem, Apratim Bhattacharyya, Michael Backes, Mario Fritz, Yang Zhang
  • 15:00 - Oral Presentations
    • Defending Against Adversarial Attacks Using Random Forest (poster #153)
      Yifan Ding, Liqiang Wang, Huan Zhang, Jinfeng Yi, Deliang Fan, Boqing Gong
    • Towards Deep Neural Network Training based on Encrypted Data (poster #154)
      Karthik Nandakumar, Nalini Ratha, Sharath Pankanti, Shai Halevi
  • 15:30 - Coffee Break
  • 16:00 - Invited Talk: A Marauder's Map of Security and Privacy in Machine Learning, Nicolas Papernot (Google Brain, Vector Institute)
  • 16:40 - Oral Presentations
    • Fooling automated surveillance cameras: adversarial patches to attack person detection (poster #155)
      Simen Thys, Wiebe Van Ranst, Toon Goedemé
    • Dropping Pixels for Adversarial Robustness (poster #156)
      Hossein Hosseini, Sreeram Kannan, Radha Poovendran
    • Evading Face Recognition via Partial Adversarial Tampering (poster #157)
      Puspita Majumdar, Akshay Agarwal, Richa Singh, Mayank Vatsa
    • Regularizer to Mitigate Gradient Masking Effect during Single-Step Adversarial Training (poster #158)
      Vivek B S, Arya Baburaj, Venkatesh Babu Radhakrishnan
  • 17:40 - Closing Remarks

Organizers

David Crandall

David Crandall
Indiana University

Jan-Michael Frahm

Jan-Michael Frahm
University of North Carolina at Chapel Hill

Mario Fritz

Mario Fritz
CISPA Helmholtz Center for Information Security

Apu Kapadia

Apu Kapadia
Indiana University

Vitaly Shmatikov

Vitaly Shmatikov
Cornell Tech

Program Committee

Eshan Adeli

Ehsan Adeli
Stanford University

Tousif Ahmed

Tousif Ahmed
Indiana University

Vishnu Boddeti

Vishnu Boddeti
Michigan State University

Karla Brkić

Karla Brkić
University of Zagreb

Ayan Chakrabarti

Ayan Chakrabarti
Washington University in St. Louis

Cunjian Chen

Cunjian Chen
Michigan State University

Kathrin Grosse

Kathrin Grosse
CISPA

Rakibul Hasan

Rakibul Hasan
Indiana University

Roberto Hoyle

Roberto Hoyle
Oberlin College

Sanjeev Koppal

Sanjeev Koppal
University of Florida

Emanuela Marasco

Emanuela Marasco
George Mason University

Tempestt Neal

Tempestt Neal
University of South Florida

Seong Joon Oh

Seong Joon Oh
Clova AI Research, Naver

Tribhuvanesh Orekondy

Tribhuvanesh Orekondy
Max Planck Institute for Informatics

True Price

True Price
University of North Carolina at Chapel Hill

Raymond Ptucha

Raymond Ptucha
Rochester Institute of Technology

Gang Qian

Gang Qian
ObjectVideo Labs

Michael Ryoo

Michael Ryoo
Google Brain and Indiana University

Yoichi Sato

Yoichi Sato
University of Tokyo

David Stutz

David Stutz
Max Planck Institute for Informatics

Qianru Sun

Qianru Sun
National University of Singapore

Tomasz Trzcinski

Tomasz Trzcinski
Warsaw University of Technology

Tom Yeh

Tom Yeh
University of Colorado at Boulder

Ryo Yonetani

Ryo Yonetani
OMRON SINIC X