Op-ed: Facial recognition: Privacy menace or security breakthrough?
The personal privacy implications could be immense, but the security advantages of facial recognition technology cannot be dismissed.
The science fiction novel of one generation can just as easily become the backdrop for everyday life in the next. Indeed, a number of Orwellian predictions have come to fruition in everything from CCTV surveillance to drone aircraft. Of course, today's citizens might also be giving Big Brother a helping hand when constructing elaborate online profiles and broadcasting their daily activities across social media platforms.
Now the rapid maturation of facial recognition software has brought new intrigue and urgency to the discussion. But as it makes its way into more products and more settings, the technology community still seems split over whether it will erode the final fibers of personal privacy or actually reinforce security perimeters along the way.
Privacy on trial
It's only natural that a company called Facebook would be the one to catapult the technology into the public consciousness. Facial recognition software was still very much reserved for the silver screen until the social media giant started incorporating it into online photo sharing. Upon further inspection, the company could be found making serious investments in the technology as early as 2010, but the controversy came to a head June 2011 as facial recognition features were unveiled in earnest to provide Facebook users with a list of recommended individuals to chose from when tagging recently uploaded images.
While the initial fervor died down after the Internet community learned how to opt out of the service, some questions were still left unanswered as to how Facebook is storing and using personal data. Most notably, U.S. Senator Al Franken launched his own privacy probe earlier this summer and encouraged the company to reform its default settings so that consumers would have to consciously decide to take advantage of facial recognition services through an opt-in agreement.
"Facebook could still do more to explain to its users how it uses facial recognition and to give them better choice about whether or not to participate in Tag Suggestions," Franken testified at a Senate Judiciary subcommittee hearing. "They could make clear to their users just how much data they have, and how they will and will not use their large and growing database of face prints."
The Norwegian Data Protection Agency (NDPA) has since placed an investigation into Facebook's facial recognition features on its agenda as well. According to PCWorld, the agency already has an intimate relationship with the social network after requesting a more detailed version of its privacy policy in 2011. This time around the NDPA will be coordinating with the European Union's Article 29 Working Party as well as the Office of the Irish Data Protection Commissioner – which is stationed just down the road from Facebook's international headquarters in Dublin.
But while Facebook represents one of the more recognizable applications of facial recognition software, regulators are also worried about its deployment in more covert operations. According to the Hill, Senator Franken has also been keeping a keen eye on a government pilot program that is amassing its own library of face prints. In his view, the technology could potentially be used for surveillance activities that help authorities identify and curb the activities of protesters at certain public assemblies.
"I fear that without further protections, this technology could be used on unsuspecting civilians innocent of any crime, or could be used to instantly identify someone walking down the street," Franken explained at the hearing. "I urge the FBI and Facebook to do more to protect people's privacy so that this new technology isn't abused."
It remains to be seen how the advisories issued by foreign and domestic regulatory bodies will factor into future deployments, but as the FBI initiative suggests, there remains a strong appeal to leveraging facial recognition for a number of legitimate security strategies.
A biometric breakthrough
Facial recognition is just the latest representative of an emerging class of technologies known as biometrics. Essentially, biological traits or characteristics are recorded and compared against a database profile to confirm or deny an individual's identity. This is most readily recognizable in access control systems that rely on iris or fingerprint scanning.
Biometrics' recent rise in popularity has come at a time when more basic security protocols are starting to show their shortcomings. For instance, the traditional username and password system is quickly falling out of favor as hackers have developed industrial-strength codebreaking tools. Of course, it doesn't help matters that everyone from the common consumer to government officials is having trouble crafting a password that doesn't contain his or her birthday or pet's name.
Although biometrics may not entirely replace password protocols for some time, the technology is already providing a perfect complement today. Security experts in a variety of fields have been breaching the merits of two-factor authentication, and something similar to a fingerprint scan and four-digit code seems to be one of the more plausible and effective combinations.
Facial recognition has joined the conversation with state and federal law enforcement agents and even airport security personnel piloting the technology in new initiatives. But according to Business Today, the corporate community is taking a shine to biometrics as well as it faces down a number of complicated questions regarding mobile device management.
One of the most pressing concerns is what may happen to sensitive company data if an employee misplaces a tablet at the airport or has his or her smartphone stolen from a jacket pocket. If the device is guarded by a two-factor authentication system leveraging facial recognition technology, there is far less fear that a malevolent operator could gain access to stored content.
Unavoidable questions
Facial recognition remains a luxury feature for most at present, with only a select few smartphones offering the technology to the mass market. But according to ABI Research, approximately one out of every five phones shipped at the end of 2012 will come equipped with the biometric capability. Within five years, ABI analysts expect 665 million properly equipped devices to ship annually.
If these numbers hold true and facial recognition technology evolves from a government gadget to a mainstream mechanism, the concerns raised by Orwell, Franken and others could soon be taking center stage.
Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
It’s really sad. There is so much misunderstanding about biometrics.
Providing your biometric characteristics through some kind of scanner is equivalent of typing in your USERNAME. It is NOT equivalent to the use of some item that only you got (something you have, a key) or providing some information only you know (a secret password).
Biometry can never substitute anything as an authentication mechanism. Biometry can be used for identification, not for authentication, simply because biometric characteristics are public information. Fingerprints, facials, iris, moving patterns, DNA — you leave it all over and everywhere, just for someone to pick up and misuse.
Comment by Knud Henrik Strømming on August 23, 2012 at 2:49 am
I have said all along – ever since 9/11 – every time you give up one of your freedoms, it will NEVER be returned. Homeland Security is one of the main proponents of facial recognition. I concede its value in capturing criminals, but with cameras mounted all over on street corners, security cameras, etc., I feel like my privacy is pervasively invaded. Even this message to you is subject to scrutiny. What happened to a person’s rights? They’ve been slowly eroded “for the better good”. I don’t agree that the better good is always in MY best interests. I feel like this with facial recognition. I’m losing another of my freedoms even while I recognize its benefits.
Comment by Jeannie Beared on October 3, 2012 at 12:35 pm