Will Facial Recognition Compromise your Privacy?

Facial recognition is a technology that grows stronger every day. In fact, today it is part of a large percentage of our daily life when we interact with it through actions as simple as unlocking a cell phone. In countries such as China, for example, its application is massive in cities, reaching the point of being a requirement for procedures such as registering a cell phone SIM card.

There are companies that implement these systems to validate the entry of their personnel to restricted areas, and even the Police use it as a surveillance tool in protests and sports events. From all its applications, citizen security is one of the most delicate fields when talking about this technology.

So is it worth implementing these types of technologies, despite their risks?

We should remember what the system does is to look at the faces of the people who are within the camera lens and, if it registers that there is one that coincides with that of someone they are looking for, it issues an alert.

It is expected that in the future this database will be strengthened with the faces that appear in the photographic file of national and international law enforcement agencies within seconds.

Regarding the possible false positives that this system may generate, it has been proven the system will only attend to alerts that indicate a facial coincidence that exceeds 90% of probabilities.

Who owns the data?

The face, fingerprints, voice, and iris of a person are classified as biometric data. These parameters are sensitive in nature so that in principle no one is obliged to supply them and no service can be denied for the same reason. For example, if your company asks for your fingerprint to authorize your entry, you do not have to give this information if you do not want to and the company is obliged to grant you an alternative mechanism.

There are some cases in which the authorization of the owner is not required for the treatment of this type of data, such as the information required by a public or administrative entity in the exercise of its legal functions or by judicial order, and cases of medical or sanitary emergency.

It is important that people have knowledge of this right because if a biometric data falls into the wrong hands, they run the risk of supplanting their identity. There may even be a case where criminals steal a company's biometric database and sell it on the Deep Web’s black market.

The data is normally used in companies for personnel authorization to restricted areas, and by some stores to detect people who are in their “blacklist”. Generally, these databases are encrypted to protect people's information, but it is very possible that false positives are generated, so it cannot be considered to be sufficient evidence to determine the person responsible for a crime.

How is the data classified?

The public data, for example, are those related to the civil status of a person and their profession or trade, among others. Its collection and treatment do not require authorization from the owner.

In contrast, sensitive data is that which can affect the privacy of the owner or generate discrimination. Within this group are political and religious orientations, in addition to biometric data. Data serves as authentication methods and here these could be classified into "what I know" (a password, a PIN or a pattern), "what I have" (a "token", some coordinates or a magnetic card) and "what I am" (fingerprints, face, voice, and iris).

The EU plans to ban this technology on the street

An 18-page document shows the intention of the European Union to ban, for five years, the use of facial recognition technologies in public areas. With this proposal, an attempt would be made to establish a period to find out how abuses could be prevented that could eventually derive from the use of this technology.

Furthermore, the EU Commission plans to introduce new rules that reinforce existing regulations related to this issue. If the ban is approved, exceptions could be made for projects associated with security, research, and development.

The article has been written by Dr. Raul V. Rodriguez,

He can be reached on LinkedIn.