REAL-TIME FACIAL RECOGNITION PROTOTYPE

Pipeline (high level only). Ingest → detect → embed → match, all with audit hooks. Detection runs at the edge to avoid streaming PII; embeddings are ephemeral for non-matches; retention and export are locked behind policy toggles so the demo can’t silently grow into a system.

Latency budget. Targets are split: camera→embed under 40ms for smooth UX; embed→match under 60ms; end-to-end below 120ms on commodity GPUs. When budgets burst, the system must degrade gracefully (lower FPS, not higher false positives).

Evaluation plan. Report DET/ROC curves, not vibes; measure demographic differentials explicitly; log false-positive costs in scenario context; and publish repeatable test harnesses. If thresholds aren’t met, the answer is “no,” not “almost.”

Privacy & security. Default to on-device processing, minimize retention windows, encrypt at rest/in transit, and document what’s not kept. Access is role-based, with kill-switches that disable matching without taking the camera stack down.

Governance & consent. Clear signage, informed opt-in, operator training, and red-team drills for abuse scenarios (function creep, post-hoc search, selective enforcement). Every action must leave a trace in an immutable log so audits are real, not theater.