The use of facial recognition by law enforcement authorities, school districts and others has been a hot-button issue of late. Concerns that the technology violates privacy rights and inordinately misidentifies people of color have even led some cities, such as San Francisco and Oakland, to ban police and other government agencies from using it.
However, despite the objections of lawmakers and privacy advocates, facial recognition systems continue to be developed by the security industry at an exponential rate, aided by advancements in deep learning technology and video analytics. Some end-users, such as the Lockport School District in New York, have even continued to move forward with plans to implement facial recognition in the face of overwhelming opposition, believing that the security it provides far outweighs any potential threat to the privacy of students and staff members.
According to Kevin Freiburger , Director of Identity Programs at identity verification solutions provider Valid, facial recognition can and has proven successful at preventing fraud and identity theft. In fact, in 2018, he says one state that uses Valid’s facial recognition system identified 173 fraudulent transactions and that they were able to stop the issuance of driver’s licenses in those instances. In addition, it was later determined that 53 of those transactions involved residents who had had their identity stolen and someone else was trying to obtain a license in their name.
“The technology itself definitely adds value when used properly,” Freiburger says. “Where these bans are coming from, people don’t understand the technology very well and I think education would help with that. The fear is that the federal government might use this technology to try and mine state government license databases to track down people that have residence challenges in the U.S. That is a feared use case that is driving some of the bans of the technology across many markets.”
Others like Sean McGrath, Digital Privacy Expert at ProPrivacy, a provider of privacy education and reviews of various privacy tools, feel the pitfalls of using facial recognition outweigh any potential good the technology could be used for. “As you look at the stories that are coming out, I think that the current focus by legislators and the media on the technology itself is a bit of a red herring,” he says. “We probably need to take a step back and take a macro view of the wider impact of an increasing use of surveillance on civilians. Once you look at the bigger picture and you look at the history of surveillance technology and how it has been used to surveil populations, it quickly becomes apparent, in our opinion, that legislation might not be enough and that there might not be a place for facial recognition in most verticals.”
Even with well-intentioned municipalities that put strong restrictions on the use of facial recognition by police and other government agencies, McGrath says that it will be hard for legislation to keep pace with the advancement of technology. “Legislation, in a conventional sense, is much too cumbersome and slow to be able to deal with these types of technologies, so by the time any meaningful legislation is passed, we are already on version 6.5,” McGrath warns. “If you take it at face value, yes, there are positive use cases, but as soon as you apply it to the real world and how the legislative branch works, the genie is out of the bottle by the time anything can be done to keep a handle on it, particularly for government agencies.”
Freiburger says one of the biggest misconceptions about facial recognition is the notion that hackers could wreak havoc if they were to somehow steal the biometric data gathered by facial recognition systems without any accompanying information.
“When you create a biometric template, you’re taking the source photo that you’ve taken of someone – a driver’s license photo, captured by security camera footage, or whatever it is – you run it through a vendor’s algorithm and it outputs the template that gets matched,” he explains “That data itself, after it goes through that algorithm, is just binary data that means nothing. It is literally just a bunch of ones and zeros and if you store the template – the mathematical representation of the face – separately from the identifying information, such as the biographic information or source photo, that matching template data is basically worthless if it ever gets compromised. Good systems that are designed well and secure always take the match data and they store those separately from the identifying information.”
Besides storing biometric and identifiable information separately from one another, Freiburger recommends those thinking about leveraging facial recognition systems in their own applications to provide education to their stakeholders and to be transparent about what it is going to be used for.
“If I’m a school and I want to use this, I don’t want to do it in an ambiguous way,” he adds. “I want to make it very obvious to parents and students that, ‘hey, we’re using these photos so you can check out in the lunch line, it’s not used for any other purposes,’ and that there is a sharing policy for those photos. You want to make sure you don’t share this information with anyone else, it’s simply used for the point-of-sale system when you check out in the lunch line.”
However, McGrath says it is not hard to imagine government entities and others leveraging facial recognition beyond their stated purposes. “The biggest thing for me is function creep and the fact that these tools are largely invisible and that the scope for their use easily expands beyond what their original intent was,” McGrath adds. “In the case of a school, it is all well and good to say we’re implementing technology to improve safety at points of entry to ensure ‘person x’ and ‘person y’ are not coming onto the school grounds, but it is not a quantum leap to see how that starts to be used in different ways.”
McGrath says the secure storage of biometric and other data will become a paramount concern for schools and other government agencies that move forward with facial recognition. “It is almost a mathematical (certainty) that, at some point… some of this data is going to fall into the wrong hands,” he says. “So, it is really about bolstering how that data is stored and encrypted.”
Moving forward, Freiburger believes that some of the fears that currently surround facial recognition will be assuaged similar to the way people at first objected to the use of fingerprint readers, which have now become ubiquitous in smart phones and other applications.
“People said, ‘oh, there’s going to be latent fingerprints on windows and doors and when a crime is committed later they’re going to pick up latent fingerprints and identify the wrong individual.’ What the public didn’t realize is that the biometric data is used in a broader investigation,” he says. “Just because there is a facial match doesn’t mean it is the same person, it could be a false positive or you could get false negatives where you don’t catch the match. If it is a match, you use that with other tools like any good detective would – it is not a binary yes or no, it is a probability.”
McGrath warns, however, that if checks and balances are not placed on the technology in short order that the nation is headed towards a dystopian future. “If it is not checked quickly… we could be moving towards that 1984 scenario,” he concludes.
About the Author:
Joel Griffin is the Editor of SecurityInfoWatch.com and a veteran security journalist. You can reach him at firstname.lastname@example.org.