Concerns Raised by Facial Biometrics

Coupling Biometrics, Social Media Creates Anxiety over Privacy

By , September 15, 2011.
Concerns Raised by Facial Biometrics

A

See Also: 2015 Insider Threat Report

s facial recognition technology becomes more prominent, such as on Facebook, serious gaps in privacy and consent are causing privacy professionals to worry.

"Facial recognition technology can be used without the knowledge or the consent of the individual, to be totally oblivious," Beth Givens, founder and director of the Privacy Rights Clearinghouse, a privacy advocacy organization, says in an interview with GovInfoSecurity.com (transcript below). "Yet, once you identify that person based on the unique characteristics of their face, you could then match it with other databases."

Use of facial biometrics could affect a wide-range of people. For example, Givens says, protesters could easily be identified at an assembly. Shoppers could be targeted based off of their shopping habits. And customers at banks could be given preferential treatment.

To make her point, Givens cites a study conducted by Carnegie Mellon University, in which researchers, using only a photo of a person's face and information made publicly available online, identified a person's birth date, personal interests and Social Security number.

"Once you know a person's name, birth date, and social security number, you have enough information to commit new account fraud or identity theft," Givens says.

For information security officers in banking, government and healthcare, using biometrics as a possible tool to protect their critical data is fine if such applications are backed up with solid privacy and security policies and practices, Givens says.

In the interview, Givens explains that use of facial recognition technology could:

  • Violate privacy rights by not getting an individual's consent.
  • Result in unequal treatment of consumers by businesses.
  • Encourage stalking and violence.

Givens founded the Privacy Rights Clearinghouse in 1992. She developed the clearinghouse's Fact Sheet series that addresses a wide variety of privacy matters. Givens also authored the encyclopedia entries on identity theft for Encyclopedia of Privacy, World Book Encyclopedia and Encyclopedia of Crime and Punishment. She also authored The Privacy Rights Handbook: How to Take Control of Your Personal Information (Avon, 1997) and co-authored Privacy Piracy: A Guide to Protecting Yourself from Identity Theft (1999). She contributed a chapter on consumer and privacy rights to the 2006 book, RFID: Applications, Security and Privacy.

Privacy Rights Clearinghouse

ERIC CHABROW: Before we discuss your concerns with facial recognition technology, please take a few moments to tell us about the Privacy Rights Clearinghouse.

BETH GIVENS: We're not a new organization. We were founded nearly 20 years ago, before the Internet actually, and before a lot of these emerging technologies came on the scene. We started as a California-only non-profit consumer education and consumer advocacy group. Since the advent of the Internet and when our website went online in 1996, we are now a nationwide group with a two-part mission. We do consumer education. We are kind of a "Dear Abby" of privacy in that we invite people to contact us with their questions and their complaints. We learn a lot just by talking directly with people. Then secondly, we are involved in some advocacy privacy in the California state legislature.

Facial Recognition Threats

CHABROW: The Privacy Rights Clearinghouse cautions that facial recognition technologies, especially as it becomes more sophisticated, may be one of the greatest privacy threats of our time. How so?

GIVENS: I have kind of a mantra in terms of privacy rights and that is: individuals deserve transparency and they need control. Those two key words - transparency and control - say a lot. Facial recognition technology can be used without the knowledge or the consent of the individual, to be totally oblivious, totally invisible to the individual and yet once you identify that person based on the unique characteristics of their face, you could then match it with other databases. You could connect online information to off-line information. There are a lot of possibilities in terms of where that simple capture of one's face will lead.

CHABROW: Can you give an example to that?

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE NCUA's IG to Review October Breach

As the NCUA Inspector General announces plans to investigate an October breach of sensitive...

Latest Tweets and Mentions

ARTICLE NCUA's IG to Review October Breach

As the NCUA Inspector General announces plans to investigate an October breach of sensitive...

The ISMG Network