Facial Recognition: When Convenience and Privacy Collide
The use of facial recognition in the United States public sector has received a great deal of press lately, and most of it isn’t positive. There’s a lot of concern over how state and federal government agencies are using this technology and how the resulting biometric data will be used.
Many fear that the use of this technology will lead to a Big Brother state. Unfortunately, these concerns are not without merit. We’re already seeing damaging results where this technology is prevalent in countries like China, Singapore, and even the United Kingdom where London authorities recently fined a man for disorderly conduct for covering his face to avoid surveillance on the streets.
In the United States, San Francisco recently banned the use of facial recognition by law enforcement and other agencies due to its impression of “spying” on residents. At the same time, airports are adopting the technology to replace boarding passes. The president recently signed an executive order requiring its use to identify 100 percent of international travelers including US citizens.
In addition to consumer concerns fostered by the notion of constant government surveillance, there are other factors that have led to the public outcry against the technology’s use. These include:
- Less accuracy and higher bias, particularly when applied to women and minorities, when certain facial recognition technology is outdated.
- Distrust in the security of data privacy and the potential loss of both personally identifiable as well as biometric information due to a data breach.
- Lack of understanding or adequate (and honest) explanation of how and where the technology will be used (e.g. open areas vs. areas deemed private).
- Plain old, general creepiness.
Again, these concerns are valid. The issue of data privacy alone has already stopped the implementation of several face recognition systems. For example, the Lockport School District in New York state attempted to roll out a facial recognition system for all of its students. Parents, teachers and privacy advocates protested. Eventually, the New York State Education Department put the brakes on the project until a privacy assessment could be conducted to ensure that student data could be properly protected.
It’s clear why there is so much concern about putting facial recognition technology in the hands of those in authoritative positions. However, many of those who protest its use in the public sector see no problem using it in lieu of a password to secure their mobile devices. Why is that?
The answer to that question comes down to who owns, manages and uses the biometric face matching data.
Apple, Android and Match-On-Device
Apple pioneered biometric authentication for personal use. It started with the inclusion of TouchID fingerprint authentication on the iPhone. It was so successful that TouchID rapidly spread to other Apple devices such as the iPad and the MacBook. Samsung and other Android devices quickly followed suit with their own fingerprint authentication. Apple took it even further with FaceID facial recognition, which is now the standard for the iPhone and iPad, and the competition did the same.
There is little argument that the majority of iPhone and Android phone users are comfortable using their fingerprint or face to authenticate their identity to unlock their phone, log in to websites and even make financial transactions. Yet, these are often the same people who do not want government agencies using similar technology. The key to understanding this phenomenon is to understand why and how Apple and its competition implemented biometric authentication in the first place.
Apple did not implement TouchID for security purposes. This is clear because you can easily bypass it in favor of a PIN or password. In fact, the use of fingerprint is entirely optional. The real reason Apple put a fingerprint reader on the iPhone was for user convenience. It is much faster to unlock a phone with a fingerprint than it is with a PIN or password. Arguably, it is more secure because someone can’t look over your shoulder while you enter a PIN or password. FaceID is even more convenient because it doesn’t require putting your finger on the sensor. To be clear, the first reason that fingerprint and face matching are acceptable to mobile users is not because of security but because of convenience.
The second reason people trust mobile biometrics is because PINs and passwords are difficult to use and are notoriously ineffective. The vast majority of data breaches - over 80 percent - are due to compromised and easy-to-guess passwords. In the name of security, we’ve resorted to using passwords that are random, long, and impossible to remember. Using a fingerprint or our face instead of a password is much easier.
The final reason people trust mobile biometrics is that the biometric data is stored securely on the device itself. When matching with a fingerprint or face on an iPhone or Android device, it’s referred to as match-on-device. In other words, all of your fingerprint or face biometric data never leaves your mobile device and is not stored in a remote location managed by Apple, Google, or a government agency.
However, match-on-device biometrics is hardly a perfect solution. One of the core problems is the biometric data stored on the device does not necessarily authenticate the owner of the device. Many of us have multiple fingerprint or face biometrics stored on our personal devices - often including spouses and children. If you use a biometric to unlock your phone or make a transaction, any enrolled fingerprint or face can be used. This includes anyone who uses your phone.
Centrally Managed Biometrics
Government agencies worldwide have been using centralized biometric databases for many years. A lot of these databases contain hundreds of thousands and even millions of identities and their associated biometrics, which often includes facial recognition data. Centralized face recognition systems are important tools that have a long, successful history with law enforcement and customs and immigration agencies. It would be very difficult for these agencies to do their jobs and keep their constituents safe from criminals and terrorists if facial recognition systems were kept out of their reach. That being said, it’s also these centralized databases that represent the biggest risk for authoritarian abuse.
They also pose the biggest risk for exposing sensitive biometric data if they’re breached. When you consider the number of data breaches that affect the privacy of hundreds of millions of identities it’s clear why the public is becoming very concerned about where and how biometric data is stored and used.
A balance must be struck between personal privacy, security, and public safety. It’s that balance that is often difficult to reach.
Face matching, and biometrics in general, can be used for a number of both private and public sector applications ranging from identifying criminals and terrorists to securing a corporate network and building. In private industries, facial recognition can be utilized for both logical (e.g. network, file access, transaction, etc.) and physical (e.g. building, door, elevator, etc.) security. As previously mentioned, passwords are still the biggest cause of data breaches which is why replacing passwords, PINs, and key cards with biometric authentication is already in practice in many companies. In most cases, the results have been exceptional.
The Advantages of Biometrics for Security
Despite the reservations, biometrics doesn’t have to be so dire or scary. In fact, facial recognition can be used effectively to prevent a lot of problems. The Lockport school project could be a great example of how the proper use of this technology can lead to many benefits. If applied correctly, Lockport would be able to keep pedophiles and other people of threat out of their facilities, make sure that children are not taken by the wrong people, and that faculty members are who they claim to be.
While there are a variety of use-cases for each biometric modality, when looking at the best option for school systems, facial recognition has many advantages. Children, faculty, and parents don’t need to interact with special hardware such as fingerprint readers. Alerts could automatically be generated the moment an incident occurs such as someone entering the school who shouldn’t be there.
However, to achieve these benefits the Lockport schools should rethink their planned implementation. Several factors should be taken into account, such as:
- Where the biometric (i.e. face) data is stored.
- How the biometric data is protected.
- How the biometric data is used.
- What policies are in place regarding identities that are no longer affiliated or need to be managed by the school.
Proper Storage and Use of Biometric Data
Biometric storage is an important and popular topic. Biometric and personal information that is centrally stored must be encrypted, isolated, and protected.
Biometric data should never be stored with other personally identifiable information such as names, birthdates, etc.
Instead, biometric data should be stored anonymously using an opaque key that maps back to the identity. In this way, if the biometric data is ever compromised, it will be useless as there’s no way to map it back to a specific individual. Any association of identities (e.g. spouses, parents, children, employers, known associates, etc.) should also be mapped anonymously, using opaque key pairings.
In the case of law enforcement, only specific identities should ever have their biometrics linked back to their personal information. For example, if someone is identified using a camera placed in a public place for safety purposes, unless that person is known to be a danger to the public, their information should not be linked and exposed.
This would require strict and legally enforced policies and procedures as well as external oversight to ensure public trust. We have similar requirements and policies when it comes to other law enforcement tools such as search warrants, wiretapping, and surveillance. The use of biometrics as a public safety tool should have no less strict laws dictating policies and procedures.
Privacy and Data Security
Privacy is always an ongoing task, and in this case, is multifaceted. All information, whether biometric or otherwise, needs to be encrypted and isolated. Access needs to be unidirectional. In other words, any biometric matching needs to occur in a software platform that acts as a “black box” and doesn’t expose the data to any other software processing. Thus the biometric data would be quarantined and not open to retrieval. It’s also important that when an identity is removed from the platform, so is the biometric data.
When looking for a platform that would host the entire solution, enterprises, government and others in the public sector should seek one that’s hosted and managed by a trusted third-party with the appropriate experience, certifications, monitoring, and security measures and certifications. This acts as a protection to the consumer of the biometric authentication service as well as the identities being managed by it.
Finding the Balance
It’s easy to understand the justifiable concerns over the use of biometrics such as facial recognition. I’ve outlined several, but not all, of the key elements required to use such tools effective for both government agencies as well as private industry.
There’s no “magic bullet” nor a “one size fits all” solution. However, simply dismissing biometrics as a whole because of privacy or authoritarian concerns is not a valid argument either.
With effective biometric data security and appropriate policies and procedures to ensure privacy, the use of biometrics such as facial recognition can dramatically reduce data breaches, protect our personal information, and keep us safer in a dangerous world.