Facial recognition: Nowhere to hide

Originally posted 08/10/2011 on lubbockonline.com

Jaikumar Vijayan reports on Computerworld.com that at the Black Hat hackers conference security researcher Alessandro Acquisti presented a disturbing paper on facial recognition, social sites like Facebook, and privacy.

The research involved taking pictures and applying facial recognition software - of the shelf software, not custom software written for the research. They did use a custom program to extract images from Facebook and a dating site - all from the same city - and then used the facial recognition software to identify the people in the pictures. The results were interesting:

In all, about 5,800 dating site members also had Facebook profiles. Of these, more than 4,900 were uniquely identified. The numbers are significant because a previous CMU survey showed that about 90% of Facebook members use their real name on their profiles, Acquisiti said. Though the dating site members had used assumed names to remain anonymous, their real identities were revealed just by matching them with their Facebook profiles.

Ok, more than interesting. Disturbing. They pulled the pictures from Facebook and a dating site, but what if they had sat in the mall taking pictures of people walking past, then compared those photos to Facebook? What if they had been stalkers taking pictures of potential victims?

Thoughtless implementation of facial recognition software could be very dangerous. What happens when the only way to hide is to actually change your face? People trying to escape abuse, people in the witness protection program, or others needing or wanting to escape will find it much harder, if not impossible, without changing their face. That is...unfortunate.

Germany declares Facebook facial recognition illegal

Originally posted 08/04/2011 on lubbockonline.com

It looks like Facebook is learning the lesson Walmart learned when it comes to doing business in Germany. Germany is not the U.S. Matthew Shaer reports in the Christian Science Monitor that Facebooks facial recognition 'feature' has been declared illegal in Germany.

I don't know how much affect this will actually have on Facebook. It will depend on what kind action Germany decides to take and Facebook's response. Honestly, even if Germany successfully blocked Facebook, would Facebook care? The German government might feel the pressure more than Facebook. There will probably be some type of compromise, but I honestly don't see Facebook giving up it's facial recognition software completely.

Facebook recognizes you

Originally published 06/10/2011 on lubbockonline.com

On Tuesday the Facebook Blog's Justin Mitchell announced that to make tagging work better Facebook is using face recognition technology. The idea that Facebook is using face recognition on all the photos uploaded by all of it's 600,000,000 users concerns me. That Facebook is automatically opting us all into it annoys me. It should annoy you, too.

Facebook has created a huge database of unchangeable identifying information on it's users. If that doesn't bother you, think about how many databases get breached every year. If you want a worst case scenario, look at the Sony breach timeline at attrition.org. That's an average of a hack about every 3 days. Now think about the science of special effects makeup, a breach at Facebook, and your face being available on the black market.

Today this isn't a big deal, but what about 5 years from now? Then again, maybe it is a big deal today. Just about any scenario we can come up with sounds like something from Mission: Impossible, but what happens if a terrorist organization gets ahold of facial recognition data from Facebook. I'm not talking about pictures with your face tagged with your name. I'm talking about the data and algorithms Facebook uses to identify your face in pictures. With that data it could be possible for a terrorist to become anyone in Facebooks database, if only to get into the country. But what happens if they disguise themselves with your face and use it to buy bomb parts? Place a bomb while allowing your face to be seen by security cameras?

It's not very likely at this point, but do you want information that can identify you - information that cannot be changed, or not cheaply or easily, at any rate - being gathered by anyone, let alone, Facebook?

update:Michael Santarcangelo reports on the Security Catalyst blog that Google may be getting a very similar technology and does an excellent job of explaining the dangers.