The facial recognition technology market is growing rapidly as organizations use this technology for a variety of reasons, including verifying and/or identifying individuals to grant them access to online accounts, Authorize payments, track and monitor employee engagement, target specific ads for shoppers, and much more.
In fact, the global facial recognition market size is forecast to reach $12.67 billion by 2028, up from $5.01 billion in 2021, according to Insight Partners. This increase is also driven by growing demand from governments and law enforcement agencies who use this technology to assist in criminal investigations, conduct surveillance or other efforts. other security.
But as with any technology, there are potential downsides to using facial recognition, including privacy and security issues.
Privacy concerns around facial recognition technology
The most important privacy implication of facial recognition technology is its use to identify individuals without their consent. This includes the use of applications, such as real-time public surveillance, said Joey Pritikin, product manager at Paravision, a computer vision company specializing in facial recognition technology. or through a collection of databases that are not legally constructed.
Tracy Hulver, senior director, digital identity product at Aware Inc., agrees that it is important for organizations to let users know what biometric data they are collecting and then get their consent.
“You have to make it clear to the user what you are doing and why you are doing it,” he said. “And ask if they agree.”
Stephen Ritter, CTO at Mitek Systems Inc., a provider of mobile photography and digital identity verification products, agreed that consumer notification and consent are critically important.
“Whether we’re delivering apps or user experiences directly to consumers, or we’re delivering technology to banks, marketplaces, or whatever company is delivering apps to end users, , we require proper notice, meaning that consumers are very well informed about the data we will collect and can consent to it,” said Ritter.
UNDERSTAND: Mobile device privacy policy (TechRepublic Premium)
In surveillance applications, people’s main concern is privacy, said Matt Lewis, director of commercial research at security consulting firm NCC Group.
Facial recognition technology in surveillance has improved dramatically in recent years, he said, meaning it’s fairly easy to track a person as they move through the city. One of the privacy concerns about the power of technology is who has access to that information and for what purpose.
Ajay Mohan, principal, AI & analytics at Capgemini Americas, agrees with that assessment.
“The big problem is that companies have collected huge amounts of personal and financial information about us [for profit-driven applications] basically just follows you around, even if you don’t actively approve or allow it,” says Mohan. “I can go from here to the grocery store, and all of a sudden, they’re scanning my face, and they can track it to see where I’m going.”
In addition, artificial intelligence (AI) continues to drive the capabilities of facial recognition systems in terms of their performance, while from an attacker perspective there is emerging research that is leveraging AI to create the “home keys” on the face, ie the AI generation of one according to Lewis.
“AI also allows for additional facial feature detection beyond recognition — that is, it can determine the mood of a face (happy or sad) and can also estimate an individual’s age and gender. based entirely on their face image,” says Lewis. “These developments certainly raise privacy concerns in this space.”
Doug Barbin, managing director at Schellman, a global cybersecurity evaluator, said: “In general, facial recognition captures a lot of information depending on the amount and source of data, and that’s what that the future needs to be concerned with.
“If I manually do an image search on Google, will it return images tagged with my name or images previously identified as I am identifiable without any text or any context? That creates privacy concerns,” he said. “What about medical records? A huge application of machine learning is being able to determine health status through scans. But what is the cost of disclosing an individual’s status? “
Security issues related to facial recognition technology
Any biometrics, including facial recognition, are not private, Lewis said, which also leads to security concerns.
“This is an attribute, not a vulnerability, but in essence it means that biometrics can be copied and that presents security challenges,” he said. “With facial recognition, it is possible to ‘spoof’ a system (disguise as a victim) using a 3D image or mask created from an image of a victim.”
Another property of all biometrics is the statistical matching process — users never bring their faces into the camera in exactly the same way, and user features may differ depending Depends on the time of day, cosmetic use, etc., says Lewis.
Therefore, the facial recognition system must determine how likely the face shown to it is that of an authorized person, he said.
“This means that some people may be similar to others in ways that are sufficient for them to be authentically others due to similarities in characteristics,” Lewis said. “This is called the false acceptance rate in biometrics.”
Because it involves storing face images or patterns (mathematical representations of face images used for matching), the security implications of facial recognition are similar to any other information. to which personal identification, for which recognized encryption methods, process protections and policies must be applied, he said.
UNDERSTAND: Password Breach: Why Pop Culture and Passwords Don’t Go Together (Free PDF) (TechRepublic)
“Additionally, facial recognition can be vulnerable to what we call ‘presentational attacks’ or use physical or digital spoofing, such as masks or deepfakes,” Pritikin said, “So, Proper technology to detect these attacks is critical in many use cases.”
John Ryan, partner at law firm Hinshaw & Culbertson LLP, says people’s faces are key to their identity. People who use facial recognition technology are at risk of identity theft. Unlike passwords, people cannot simply change their faces. As a result, companies that use facial recognition technology are targets for hackers.
So companies often enact storage and destruction policies to protect this data, Ryan said. In addition, facial recognition technology often uses algorithms that cannot be reverse engineered.
“These barriers have been very helpful so far,” he said. “However, governments at the state and federal levels are concerned. Some states, such as Illinois, have enacted laws to regulate the use of facial recognition technology. There is also legislation pending at the federal level. “
Pritikin says that his company uses advanced technologies, such as Presentation Attack Detection, which protect against the use of tampering data.
“We are also currently developing advanced technologies to detect deep spoofing or other digital manipulation of the face,” he said. “In a world where we rely on faces to confirm identity, whether it be in person during a video call, understanding what is real and what is fake is an important aspect of security and privacy — even when facial recognition technology is not being used.”
