For most people, facial recognition technology has already permeated their daily lives. While over 80% of phones sold in the US have the capability to verify users through biometric information, including facial scans, at least 90% of businesses also use biometric technology. In fact, face scanners are among the most common types of biometric authentication on both corporate devices and services.
This rise in facial recognition technology shows no sign of slowing down. Over the next four years, the market for facial recognition technology is forecast to grow by at least 15% annually.
Security Benefits of Facial Recognition
The most obvious benefit of facial recognition technology — and the key reason it has skyrocketed in popularity over the last few years or so — is security. Unlike other forms of authentication that use passwords, facial recognition inherently ties someone’s identity to their person.
With cybercrime on track to cost the world $10 trillion by 2025, and over 80% of cyber attacks starting with stolen or compromised credentials, having more secure methods of authentication is vital. Considering that at least 60% of people reuse passwords across sites and accounts, and the most common password this year was 123456, authentication needs to move away from passwords as fast as possible.
However, that’s not to say that facial recognition is foolproof, either. Research by the security firm McAfee demonstrated how, through machine learning technology, facial scanners could be, at least theoretically, bypassed. Nevertheless, facial recognition is still vastly more secure than password-based security even when two-factor authentication is enabled.
Driven partially by this clear cybersecurity use case, by July of this year, facial recognition startups raised $500 million compared to only $622 million in the entirety of 2020. As a result, biometrics is one of the fastest-growing technology sectors right now. And with a booming market, there will also come a plethora of new use cases beyond just authentication.
Microsoft, for example, has recently patented a “wellness insights service” for employees. This service would use facial scans alongside biometric data such as blood pressure and heart rate combined with data from Microsoft’s Office apps (i.e., audio and video meeting data or even information on how hard employees press the keys on a keyboard) to generate an employee’s “anxiety” score.
The Risks of Biometric Surveillance
Like any fast-growing technology, there are huge potential risks associated with the integration of facial recognition technology into our everyday lives. Much of this risk comes from the likelihood that private companies will silently collect and store “faceprints” alongside other data — eroding user privacy significantly.
In June this year, the social media giant TikTok caused quite a stir when it stated, in its privacy policy, that the company will now capture and collect “biometric identifiers and biometric information,” which will include “faceprints and voiceprints.” Mostly unchangeable and increasingly linkable to other pieces of personal information, the more companies collect facial prints, the greater the risk of fraud for individuals becomes.
For authoritarian regimes, the growing capability of facial recognition technology also offers the prospect of implementing tighter social control. In China, a nationwide system of facial recognition technology, running through over 200 million cameras, already logs facial scans from every citizen in the country. Scarily, this technology has allegedly been used to racially profile ethnic minorities such as Uyghur Muslims, singling out individuals for incarceration or discriminatory treatment.
In the US, where facial recognition use by both private and public sector organizations is a growing issue, the legal environment is still dramatically lagging facial recognition’s evolution into a ubiquitous technology. Barring highly effective local laws such as Illinois’ Biometric Information Privacy Act, there is scant regulation of how biometric data should be collected, stored, or used. Critically, on a federal level, there is no law that regulates its use.
However, proposed legislation such as the National Biometric Information Privacy Act of 2020 may eventually curtail some of the risks this legal vacuum currently poses. Even greater coverage at the state and local level would go a long way to protect consumers from abuses of their facial data — often far beyond a law’s immediate jurisdiction. For example, when it lost a $650 million lawsuit under the Illinois act mentioned above, Facebook globally stepped back from its own biometric data collection through automated photo-tagging and similar processes.
Awareness Is Key
Facial recognition has a strong use case as a secure method of authentication, provided it’s deployed in a way that doesn’t compromise user privacy. This is why here at Abine, we have integrated a decentralized identity framework into our Blur platform, anonymizing user biometric information while maximizing security. However, as the use of facial recognition expands even further, tighter legal regulation and individual awareness of its use are critical.
Otherwise, there is a real risk that our faceprints may end up in the same databases that data brokers store other elements of our personal information, such as our home addresses and even family information.
With our face on track to becoming our new Social Security number, individuals need to be wary of any service that collects facial data. Ultimately, the fewer organizations have access to your face print, the safer you will be.
Rob Shavell is CEO of Abine / DeleteMe, The Online Privacy Company. Rob has been quoted as a privacy expert in the Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.