Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response

I Think I Know You

Created: 18 Aug 2011 21:52:19 GMT • Updated: 23 Jan 2014 18:19:32 GMT • Translations available: 日本語
khaley's picture
+2 2 Votes
Login to vote

 

An increasing number of photo sharing and social networking sites have facial recognition software to help users identify and “tag” people in photos. I don’t have much use for this type of feature; for me looking at old photos is more about pleasant discoveries than efficient searches. But I can see where people would find it useful. Whether you like the feature or not, it does provide compelling proof that the technology, while less than perfect, is viable and cheap. After all, this feature is implemented in essentially free software.  
 
Facial recognition software is also popular with law enforcement agencies as a way to catch criminals and terrorists.  In fact, they are already using it to  catch the  bad guys. And given the ongoing investment from government(s), we are going to see facial recognition systems that are bigger, better, and faster in the coming years.  More on that in a future blog.
 
The use of facial recognition software does not stop there. Passwords can be guessed. Hardware tokens can be lost or stolen. But how about your face? There are companies creating software that use your face as the ultimate security token.
 
Like it or not, we are going to see some amazing applications of facial recognition software in the next few years. Think augmented reality (such as the Terminator, who can look at someone and have their info displayed on top of what his eyes see; we’ll just be using a smart phone, at least at first).  We’ll also see electronics that greet us by name (like the billboards in the movie “Minority Report.”)  As amazing as it sounds, we have reached a point where we need to reference (not so) old science fiction movies to comprehend our immediate future.  
 
This is our immediate future. Or maybe it’s the present. Present enough that at the BlackHat conference, Alessandro Acquisti from Carnegie Mellon University presented a paper called, “Faces of Facebook: Privacy in the Age of Augmented Reality.” (PDF)
 
You can read the paper at the link above, but to summarize: by using cheap hardware (a $35 webcam, a smart phone), they were able to identify anonymous users from a dating site, identify people walking across the CMU campus, and in some cases, figure out a person’s Social Security number using “off-the-shelf” facial recognition software. The title of the study should tell you where they got the names and photos used to match the pictures they took with their webcam.
 
While this study is somewhat proof of concept, it raises huge privacy issues. And we may not have that long to work those issues out. The study makes the point that rapid advancement have been made in facial recognition technology. Commercially available software is already very effective. Big investments have been made to push the technology forward and it’s only a matter of time before we can point our smart phones at someone and know everything about them without ever having met them. This will create dramatic changes in how we interact with each other.  I’ll leave the issue of how those changes affect us to the sociologists.  
 
As for dealing with the privacy issues this raises, I wonder if we are already too late.  
 
As with every other privacy concern that has been raised by technology advances in the last few years, many people simply will not care. They will like the fact that others will have the ability to know everything about them just by pointing a phone at them. And they won’t care that billboards will be able to identify them and call them out by name. Others won't even think about the potential implications of this type of software. It won’t be a concern for them unless and until something bad happens to them as a direct result of the technology.
 
And what about those of us with reservations about how this type of software will be used?  Are we already too late? Has the technology already far outrun our ability to control or legislate its usage?  
 
Maybe we are stuck with this technology. As with tracking cookies, stored search results, and aggregated personal information, this may just be the way of the future. What do you think? Send me a tweet at @kphaley and let me know your thoughts.