Identity Authentication and the Controversy Around Facial Recognition
Facial recognition is alarming and needs to be controlled.
You might consider my saying that as hypocritical, because I have been one of many pioneers in building solutions that use facial recognition over the past decade. Still, I believe that facial recognition is a technology that needs to be regulated, controlled, and not used in many of the ways that it’s being employed today.
Why do I feel this way?
Take a critical look at the repercussions of mass surveillance using facial recognition technology in countries like China, Russia, and even democratic nations like the United Kingdom. While arguments can be made that mass surveillance cuts down on crime, the reality is far less altruistic or effective. Mass surveillance introduces a number of unwanted side effects including misidentification that leads to false arrests, convictions, and even death. And these are just a few examples.
Then consider companies like ClearView.ai, which enable anyone to identify anyone else with a picture taken with a mobile phone. While the founder of ClearView.ai claims that they only provide their service to law enforcement, there’s the issue of gender and race bias in facial recognition for identification. It’s well understood that face algorithms have more difficulty identifying women and people of color.
Consider too - there was a mobile application that took Russia by storm a few years ago. It was able to take a simple (i.e. taken without the subject’s knowledge) image with a mobile device and search across social media for a match with 70% accuracy. For each facial match, it correlated online and social media activity and made it all available to the searcher in seconds. Did you break up with someone you were really attracted to? Submit his or her picture to the app and identify ten people in your area that look like your ex. Find someone attractive on the train during your commute to work? Take a picture without their knowing and find out their name, the things they like, who their friends are, where they work, and where they live. The creators said their app would “revolutionize dating”. What it really did was commoditize stalking.
So, yes. Facial recognition on its own is scary. We’re witnessing its daily abuse and the ugly repercussions that result. But the same thing can be said about so many things that when used appropriately become fundamental to our quality of life. Imagine a world without transportation, electricity, or even fire. All three can be used as weapons, but when harnessed correctly, these technologies allow us to travel great distances, light the darkness, and cook our food. Looking at facial recognition only in the context of mass surveillance or obtrusive identification misses the point of what facial recognition can offer.
There’s a big difference between using a picture of someone taken with a mobile device and finding out who they are and using your face to authenticate your identity against your own face to approve a financial transaction, prove your COVID-19 status, or login to your network. It’s not identification, it’s identity authentication and it’s a key distinction.
There are a number of advantages to identity authentication using facial recognition. In the age of COVID-19, biometric sensors like fingerprint readers are ripe territory for transference when those sensors are used by more than one person. Facial recognition is touchless and can be done with the mobile device in your pocket. When used for authentication it’s much more accurate, as it’s not comparing you to others – it’s comparing you to yourself.
But why is it important that we use a biometric, such as face, to authenticate who you are? Very simply, it’s because our current methods of authenticating ourselves have failed. In many ways, they never really worked. Passwords, for example, are incredibly weak for identity authentication. Over 80% of the data breaches we read about are due to compromised or easy to guess passwords. Also, they’re difficult to use.
To prove my point, consider how many times you’ve clicked on the “forgot my password” link in the past month.
Even 2-Factor Authentication, or 2FA, has hit a wall. When the CEO of Twitter, Jack Dorsey, can have his Twitter account hacked even though he was using 2FA (quite easily, I might add), then 2FA is not the long-term answer.
Biometrics, including face recognition, provide a valuable service in that they can authenticate your identity and protect your privacy and security by ensuring that only you have access to your computer, your email, your bank accounts, your healthcare records, and so much more.
To reiterate, facial recognition is an alarming topic.
It’s scary because it’s being used inappropriately.
To address this issue, governments are creating legislation and passing laws controlling its use. This is a good thing. However, none of these laws sideline the use of facial recognition for identity authentication. In fact, we’re seeing more and more applications where facial recognition is key to enabling personal privacy and security.