Facial Recognition Advances: Why You Should Worry

Some people thought I was being paranoid last year when I sounded the alarm about Facebook and facial recognition software. It turns out, though, I was more of a Pollyanna than a paranoid. At the time, I thought that random identification of people using software to analyze photos was still in its infancy and not a major threat.

It turns out, though, that the technology is far more advanced than I realized. Facebook this week purchased Face.com, an Israeli company with technology that helps people tag photos on the Web by figuring out who is in the pictures. Even more telling – not to mention alarming – is the FBI’s plan to build a national database of faces. Additionally, a study by researchers at Carnegie Mellon found that they could predict someone’s social security number with reasonable accuracy using off-the-shelf facial recognition technology. Yikes!

(Image courtesy of dailmail.co.uk)

At a time when we as a society can’t resolve issues about the privacy of data, issues that have been simmering for years, the emergence of facial recognition technology is very troubling. “Facial recognition blows up assumptions that we don’t wear our identities on our person; it turns our faces into name tags,” Ryan Calo, director of privacy at Stanford’s Center for Internet and Society, told the San Francisco Chronicle.

The Constitution protects us from arbitrary arrests, and although police sometimes arbitrarily demand ID, that is only supposed to happen when there is probably cause. What then happens when a surveillance camera captures your face, and that “name tag” ties the image to your identity.

Picture demonstrators in Egypt. If government thugs can identify them by simply using a camera and a computer, would people feel safe protesting in Tahrir Square. Less alarming, but still annoying, is this: Marketers will have the potential to know what store you shop in even if you never take out a credit card; turning your face into the equivalent of a Web site’s cookie.

Think I’m Being Paranoid Again?

Tagging faces isn’t new for Facebook and it has long partnered with Face.com, the supplier of that technology. But by buying the company, Facebook makes clear its intention to double down on face recognition as a tool to build traffic and revenue.

The more data on users that Facebook supplies to advertisers and third-party app developers, the more money it makes. The company has already collected billions (I’m not exaggerating) of photos; given its terrible record of abusing our privacy, what are the odds that Facebook will say no to a lucrative deal that monetizes that store of carefully-tagged pictures?

Even if Facebook were scrupulous about user privacy, that data store would be a very tempting target for hackers, given how fragile security at even major financial institutions appears to be these days

Then there’s the FBI plan, first publicized last year by Nextgov.com. The FBI will activate a nationwide facial recognition service in select states that will allow local police to identify unknown subjects in photos, bureau officials told Nextgov, one of the first sites to publicize the database, last year.

“Often law enforcement authorities will ‘have a photo of a person and for whatever reason they just don’t know who it is [but they know] this is clearly the missing link to our case,’ said Nick Megna, a unit chief at the FBI’s criminal justice information services division. The new facial recognition service can help provide that missing link by retrieving a list of mug shots ranked in order of similarity to the features of the subject in the photo.”

That’s probably a reasonable use of technology. But as I’ve been saying, think how it could be abused.

Although it’s far from perfect, the Carnegie Mellon study showed that facial recognition software already works surprisingly well: “It is possible to identify strangers and gain their personal information — perhaps even their social security numbers — by using face recognition software and social media profiles,” the researchers said. According to the study:

“In one experiment, [the] team identified individuals on a popular online dating site where members protect their privacy through pseudonyms. In a second experiment, they identified students walking on campus — based on their profile photos on Facebook. In a third experiment, the research team predicted personal interests and, in some cases, even the Social Security numbers of the students, beginning with only a photo of their faces.”

In speaking of this to some friends, I mentioned that I ask people not to tag my photo on Facebook. One replied: “But Bill, all someone has to do is Google your name and your picture from LinkedIn will come up.”  Not to mention my picture from posts here and on other sites.

Uh oh…