Facial Recognition Technology and What It Means for Data Privacy and Protection

Imagine walking into a store, picking up a pint of milk, heading to the cash desk, shooting the cashier a smile, and going on your merry way.

No card, no cash, no phone; just your face as a tool.

This might not be a far cry from what the future holds thanks to facial recognition.

Today, cameras are no longer just vessels to take pictures and record videos with. Instead, they are being fitted with biometric technology which can identify humans and perform key activities, like unlocking a smartphone or, more amazingly, making payments.

Take the recent news story of a man who was caught at a music festival via facial recognition. Technology picked the suspect out of thousands of revelers – crazy, right?

In other news, Europeans have blasted Facebook for providing them the chance to “turn on” the app’s facial recognition feature, only to find out later on that the message was sent in error.

It’s safe to say that facial recognition is causing a stir in a lot of different industries.

What Is Facial Recognition?

Typically used as a security system, facial recognition uses technology to verify a person’s features via a digital image stored in a database. The technology essentially examines the elements on someone’s face and matches it against images already stored to identify said person.

Though it has been around since 2009, the technology has only recently made waves in the retail world and for smartphone developers.

Take Alibaba, the Chinese version of Amazon, that lets people pay with a smile using facial recognition in its stores.

That scenario at the start of the post doesn’t seem so far off now, does it?

But perhaps the most popular place we’re seeing facial recognition pop up is in the world of smartphones. We just have to look at the latest iPhone X with its built-in Face ID capability to see where things might be headed.

This particular feature uses biometric authentication to let iPhone users unlock their devices simply by looking at the screen. It’s kind of like the finger-print Touch ID system that was used on previous iPhones, but the Face ID element now also lets users access Apple Pay, the App Store, iTunes, and other third-party apps by just showing their face.

When the new iPhone was released, Apple itself put forward a hefty claim. They said there was a 1 in 1,000,000 chance that someone could open up another person’s phone using Face ID – a pretty vast improvement from the 1 in 50,000 chance of someone having the same fingerprints as you.

It’s not just used for access rights either.

Let’s head to the city of Shenzhen in China for a moment. Here, facial recognition is used to identify jaywalkers in CCTV footage before showcasing their faces on a big screen in an attempt to shame them.

Compared to simply using your face to unlock a phone, this seems a little more dramatic, right? Kind of like it’s been taken straight from the pages of 1984.

Basically, facial recognition is being used in many different ways because it’s more convenient. I mean, just looking at your phone is a much easier way to unlock it than having to hold your finger down on a button or type in a password.

But, while we’re constantly told we’re all unique and no two faces are the same, how secure is facial recognition really? It may well be more convenient, but does convenient mean secure?

In an attempt to trick Face ID, Wired Magazine bought hundreds of expensive masks and brought biometric hackers on board to see just how secure this new technology was on the iPhone X.

Guess what? They failed to beat the system, but that doesn’t mean there aren’t other security and privacy issues.

You Can’t Hide Your Face Away

While our passwords are predominantly kept a secret (unless you’re careless enough to leave them lying around or make them so easy even a 3-year-old could guess them), our faces are on show for everyone to see all the time.

Tech aside, we use our faces to verify ourselves to friends, family, and colleagues every single day.

But here’s the difference: when we’re verifying ourselves in real life, our faces are also combined with our traits, like our voice or our personality, which adds an extra dimension to the party.

With tech-based facial recognition, this isn’t the case – yet.

Say, for example, you’ve been captured by criminals and they want to hack into your smartphone to get some really juicy information you’ve got stored there. If you’ve got a password, they might have to work a little harder than normal to get into it, but with facial recognition they just need to hold the phone in front of your face.

Disappointingly easy, right?

There are steps being made to eliminate the chance of this happening (though hopefully you’ll never be taken captive by criminals in the first place). Face ID now uses machine learning to analyze expressions to figure out whether you really want to unlock your phone.

If that sounds crazy, it’s probably because it kind of is. What it basically means is that Face ID won’t work if you’re not awake or conscious, or simply not facing your phone.

But apart from the probably very minimal chance of someone getting captured by criminals who want to gather intel from their smartphone, there are other very real worries that come with facial recognition, like:

• Where is the face data stored?
• Who can access the data?
• What else will the data be used for?

This just shows that, despite the advances in tech bringing weird and wonderful benefits, there are also significant concerns surrounding it, particularly because the data being used and held is biometric (or extremely sensitive) data.

Because of this, data privacy is one of the biggest worries.

Think about it: no data is completely safe, so your very unique and sensitive face data could potentially be accessed and used by third parties without your consent if the system is hacked.

But perhaps the creepiest part of it all is the fact that Face ID and other facial recognition technologies operate in an “always on” manner. This means the technology is automatically activated as soon as it sees your face.

No buttons. No confirmations. Just your face.

Which means, in a weird and even more 1984-style way, it is always watching you through your front facing camera.

It’s constantly collecting live data that needs to be stored somewhere, which raises the ultimate privacy question: are we constantly being watched and who is watching us?

Is There an Answer to It All?

With data as sensitive as this, there’s always going to be growing pains. Over the next two years, the technology we know now might be completely extinct and something else entirely might have become a front runner in the facial recognition world.

But for now, all we know is that businesses that use facial recognition need to acknowledge how they capture data and what they use it for. At the moment, the best way for them to do this is to combine strong knowledge (which is something like a password; something you know) and inherence (which is something like facial recognition or an iris scan; something you are).

This two-factor security method will minimize the chance of hackers getting access to devices, but this starts right at the very beginning. For facial recognition to be completely effective as a security measure, it needs to be embedded from the development stage and a built-in part of the technology.

So, next time you see a camera, smile. You never know who might be watching.