GIF Image: Mission Control Media/Gizmodo
The widespread use of facial recognition technology is almost upon us. A new iPhone is on the horizon, and it might not even have a fingerprint reader—instead, you could be unlocking your phone with your face.
Facial recognition is not new. It’s been a sci-fi staple for decades, and its practical roots are in the 1960s with Palo Alto researchers on RAND Tablets manually mapping out people’s features. Even back then we could give a computer enough data to be able to match a person to a their photograph. The group, led by Woodrow William Bledsoe even managed to calculate a compensation for any tilt, lean, rotation and scale of the head in a photograph.
Data inputs stayed pretty rudimentary, with manual input of details being replaced by the Eigenfaces in the ‘80s and ‘90s. This would be the start of computer vision systems leveraging the kinda freaky power of big data.
Our ever-increasing ability to process huge amounts information underpins the advances we’ve seen in the last few years. Today, facial recognition has scaled from unlocking phones to tracking criminals. Cameras at a beer festival in Qingdao, China, caught 25 alleged law-breakers in under one second. This sort of efficiency guarantees the technology could go mainstream, and in turn, be exploited. It probably makes sense to pause and ask: where can it go wrong?
Earlier this month, reports emerged that Samsung’s Note 8 facial recognition feature could be tricked by photos of the person’s face. Hopefully, Apple’s is less spoofable. What can happen when we combine the large amount of facial biometrics data with a potentially imperfect system? What sort of societal implications would there be if you were recognized by someone, anywhere and everywhere you went? For this week’s Giz Asks, we connected with experts in law, technology and facial recognition to find out.
Joseph Lorenzo Hall
Center for Democracy & Technology’s Chief Technologist in Washington DC
Like all biometrics, facial details are not secret and can’t easily be changed. And privacy enthusiasts can’t engage in self-defense such as covering your face (in most cultures). That means that biometrics are not a full authentication factor since they’re often easy to capture and spoof (even fingerprints for phone unlock have to fall back on something secret like a passcode). So, if these systems don’t include “liveness” checks, it’s conceivable that a decent image of someone’s face could be used to gain unauthorized access.
It’s pretty easy to match facial patterns against public data and we’re certain to see systems that allow submitting of a facial pattern through an API to get basic details and then a la carte data broker data (these systems exist now for identifiers like email). I would not be surprised to see dark web services in the future offering details about people based on facial patterns (imagine if a criminal is casing a locale for a robbery… They would probably love data that indicates which security guard has a home mortgage under water and more susceptible to influence and facial pattern would be very easy to capture remotely.)