Following the rumoured news of the iPhone 8 introducing the world’s first 3D facial-recognition camera, Alvaro Hoyos, CISO at OneLogin commented below how the debate over privacy vs. civil rights must be the main concern when it comes to using biometric technology and that Apple must take responsibility to ensure that this data cannot become compromised or used for any other purpose than originally intended.
Alvaro Hoyos, CISO at OneLogin:
“iPhone 8’s rumoured addition of facial recognition is just one of many competing biometric technologies that can be used for authenticating identities. In an age of inexpensive high-res cameras, social media plastering our portraits everywhere, and most people having at least one form of government-issued photo ID, there is plenty of data sources to work with. In contrast, other technologies such as fingerprints and iris scans, require more effort to create registries to work with.
We are already sliding down the slippery slope of privacy vs. civil rights and liberties issues. For example, the FBI already has access to the Massachusetts Department of Transportation database and can source driver’s license images for persons of interest. Setting that aside, people need assurances that their images will only be used for legitimate purposes. Similar to a court request to a cloud service provider, the request should be as narrowly scoped as possible. In the case of your personal image, the best way to prevent false positives is for searches not to be too broad and scope in images that are not relevant to a given analysis.
The crux of the issue is that data is used only for the intended purpose and whether there are sufficient legal protections to enforce this. Apple must protect this data. When you consider the current accuracy of facial recognition technology and how this differs based on age, gender, and ethnicity, this is not an area law enforcement should rapidly adapt without the proper legal safeguards in place.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.