Germany declares Facebook facial recognition illegal

Originally posted 08/04/2011 on lubbockonline.com

It looks like Facebook is learning the lesson Walmart learned when it comes to doing business in Germany. Germany is not the U.S. Matthew Shaer reports in the Christian Science Monitor that Facebooks facial recognition 'feature' has been declared illegal in Germany.

I don't know how much affect this will actually have on Facebook. It will depend on what kind action Germany decides to take and Facebook's response. Honestly, even if Germany successfully blocked Facebook, would Facebook care? The German government might feel the pressure more than Facebook. There will probably be some type of compromise, but I honestly don't see Facebook giving up it's facial recognition software completely.

Biometric authentication: You can't misplace your thumb

On October 1st the Babbage blog at the Economist took a look at biometric security measures. I'm a long time opponent of using biometrics for general security. In certain applications they're ok, but the potential problems make them a poor choice for the general public. I agree with the blogs author when he says they are Dubious Security.

What is the problem with biometrics? Well, the upside is that you can't lose, misplace or forget your body. The bad news is, fingers, hands and even eyes can be removed, whether or not you agree to it. But the problems exist whether or not your body parts remain connected:

The downside is that biometric screening can also work without the user’s co-operation or even knowledge. Covert identification may be a boon when screening for terrorists or criminals, but it raises serious concerns for innocent individuals.

Covert identification is a nice way of saying they're secretly comparing scans of body parts - usually faces - with pictures or scans on file. This may seem like a good idea. In theory you can find wanted criminals this way, but I've never heard of them actually catching anyone that way. Meanwhile we don't know if they're keeping copies of the images they scan or if they are, why. But more troubling than that is the possibility of false positives. It can be a real pain to convince the authorities that you were born and raised in Dubuque when their fancy scanner has identified you as Osama bin Ladens second in commmand.

There is even a case of mistaken identity cited in the blog:

The eye-opener was the arrest of Brandon Mayfield, an American attorney practicing family law in Oregon, for the terrorist bombing of the Madrid subway in 2004 that killed 191 people. In the paranoia of the time, Mr Mayfield had become a suspect because he had married a woman of Egyptian descent and had converted to Islam. A court found the fingerprint retrieved from a bag of explosives left at the scene, which the Federal Bureau of Investigation (FBI) had “100% verified” as belonging to Mr Mayfield, to be only a partial match—and then not for the finger in question.

As it turned out, the fingerprint belonged to an Algerian national, as the Spanish authorities had insisted all along. The FBI subsequently issued an apology and paid Mr Mayfield $2m as a settlement for wrongful arrest.

Maybe I need to get misidentified by the FBI. I could use a cool $2m. I'm sure that Mr. Mayfield won't be the last to be wrongully identified by biometric data. It is the nature of biometric data that it cannot give a 100% certain identification. Thus there is always the possibility of false positives, and over time they are going to happen. But biometric data isn't alone in fallibility. ID's can be forged, people fall prey to social engineering. But biometric authentication has an air of infallibility that the others don't, and that is what makes it so dangerous as a means of authentication.

Obama supports DNA sampling when arrested

Politico's Josh Gerstein tells us that, "President Obama backs DNA test in arrests." In an interview with John Walsh on America's most wanted the President professed his strong support of gathering DNA of everyone arrested for a felony crime:

"It's the right thing to do, and then, as you well know, John, this is where the national registry becomes so important, making sure that, not only are we getting these DNA tests done state by state, but then, nationally, everybody's talking to each other. That's how we make sure that we continue to tighten the grip around folks who have perpetrated these crimes."

It's a great sentiment. The problem is, that when it comes to DNA testing upon arrest, it's wrong. In the interview John Walsh says that it's no different that taking fingerprints or an arrest photo. But that is not true.

DNA samples, unlike fingerprints, don't just identify you. They have the potential to reveal health issues, genetic relationships (siblings, parents), and possibly potential behaviors. You may give up the right to protect this information if you are convicted, but to take it upon arrest flies in the face of "guilty until proven innocent." Requiring DNA sample of people who have been arrested, but not indicted, let alone convicted, says the exact opposite. It assumes you are guilty until the DNA sample proves you innocent. That is not the way justice is served in the U.S.

See the portion of the interview that talks about DNA (about halfway through on Youtube.

See the entire interview on amw.com