South Wales Police are conducting a face recognition trial that could scan every one of the 170,000 visitors expected to show up in the city for Champions League final. IT security experts from ESET and AlienVault commented below the privacy and security implications of the plan.
Mark James, IT Security Specialist at ESET:
“We live in a difficult time at present regarding security and privacy and those boundaries overlap frequently. On one hand law enforcement agency’s need all the help they can get to keep us safe in this economically fragile state. On the other hand, we have a right to privacy, we should be able to do what is legal without concern that our privacy is being compromised or violated but where does that line exist? In a situation where police have the ability to get a heads up regarding potential “people of interest” does that mean that they could stop a potential terrorist issue if they apprehended those concerned? What happens when they are just going to watch football? What happens if the recognition software blips or miss identifies someone?
But those are not the only concerns, how is this data being protected, what is it being used for and will it be deleted afterwards should be the questions and answers available for all to see. Any threat should be avoided if possible and if not, dealt with speedily but there must be limits. Protocol needs to be adhered too and this data could be very valuable if it fell into the wrong hands. We already have far too much of our private data bouncing around the internet without more joining it.”
Javvad Malik, Security Advocate at AlienVault:
“Police forces have a big task protecting the public, and therefore it makes sense they are relying more on technology to assist in finding suspects. However, security and privacy needs to be addressed on how the data is collected, processed, stored, and deleted. Without doing so, it is possible the data could end up in the wrong hands. Secondly, as with any new technology such as facial recognition, it hasn’t reached peak maturity, so inevitably there are false positives and negatives that need to be taken into account, and the automated system should not be relied on solely.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.