I don’t even fucking know why do I need to do this as an assigment, as if my life is not hectic enough you bloody piece of shit
Focus: Data security of facial data
Introduction
Hello, so today I am going to walk you down a topic that is getting increasingly relavent to our daily lives, and that is the facial recognition technology. Basically, the AI program can tell or confirm your identity and match various data related to you simply by scanning your face. Since we all have different faces, facial recognition technology is used as a very powerful tool to authenticate users. Also, this type of algorithm can have a really impressive accuracy. Facebook has an algorithm called DeepFace, and it can achieve a recognition accuracy of 97.25%, according to techreport. For other type of algorithms, the accuracy can even reach 99.97%, that’ s only 0.03% short of totally accurate.
Since it’s highly accurate and useful, it’s implemented in various scenarios like when you going through airport TSA, logging into bank account, or simply unlocking your phone. To make these algorithms work, the facial data naturally need to be stored in some fashion, whether it’s on your phone or in a server somewhere in the globe. For example, when you go through TSA, the personnel scans your face and compares it with the data that is supposed to be you in their database. Such databases contains the facial data of millions or even hundreds of millions of citizens, and they serve a very vital purpose of identifying each individual. In commercial cases, such databases could be linked to user’s accounts, benefits, or even funds.
Because this kind of algorithms are very powerful, many companies and governments uses tool that contains such algorithm to help in its authentication process. This trend is particularly prominent in China during the covid era. I lived in China during that time, and almost every part of my daily life involves some kind of face recognition. I needed to scan my face before all those mandatory covid testings, and need to scan again whenever I need to access those test results. If I want to buy something, I need another scan to authorize the payment. It was a mess, and some people even suspected that there might be even more recognition happening behind the scenes for mass surveillance of those “ill” person.
With this wide of usage of our facial data, you would certainly hope that they are being stored in a secure way. However, as of June of 2024, there are no nationwide regulations in US to enforce the secured storage of biometrics data, including facial recognition data. While individual states have their own regulations over this issue, there are still over 20 states that do not have such regulations in place at all. Internationally, EU’s GDPR addresses this issue pretty well. As for China, it introduced Personal Information Protection Law in late 2021, possibly due to the large scale of misuse during covid times.
Securing facial recognition data can be of vital importance, other wise they risk being stolen or misused by criminals. If such thing happens, the damage could be huge. Typically, criminals can use that data in a way that enable them to pretend to be you and access your things, like your bank account or social media. This is called identity theft, and in 2021, 24 million of US residents had been victim of this malpractice.
Companies that adopt such technologies can easily be targeted by this type of attacks. In fact, An Australian company called Outabox, which provided facial recognition kiosks for scanning customers in pubs and bars for measuring temperatures during covid era and identifying individuals in self-exclusion programs for gambling, just experienced a data breach in March this year. More than a million user’s biometric data is leaked, in combination with their drivers license, club memebrships, addresses and more. In US, a major incident involved Clearview AI, a company that collects facial images from social media and other websites to create a facial recognition database used by law enforcement. In 2020, Clearview AI experienced a data breach where hackers gained unauthorized access to its entire client list, including the number of accounts and searches each client had made. These incidents raised significant concerns about the security of biometric data and the potential for misuse.
So, what should be done to make the current situation less dangerous?
First, we should be more vigilant on our side. To begin with, it’s very important for us to be aware of the technology itself, how it’s used, and where it is used on. When using commercial softwares, we need to read and understand the terms and conditions carefully before consenting to have our face scanned. In this case, even if we got exploited, we know our rights from those conditions and can fight back. Also, we should review and adjust prvacy settings from time to time to reduce the presence of our sensitive data as much as possible. For example, if you used a social platform before and it asked you for your facial data, you need to make sure that your data is removed from their server if you decide to stop using that platform.
For companies, they must ensure that their data security measures towards facial data are robust from breaches and unauthorized access. To achieve this, common techniques include encryption, strict access control that governs both the user of the platform and the personnels inside the company. Also, they should adhere to a principle called “minimum usage”, which means that they should only use facial data when all other forms of data cannot perform that task. In fact, the Chinese regulations specifically mentioned this point, and Chinese companies are adopting this principle in their daily operations. Most importantly, compnaies should make their data usage practice transparent. They need to inform customers what data is being collected, how their data is being used, with whom it is shared, and many more aspects.
As for governments, those which do not have such regulations in place should establish comprehensive regulations governing the collection, use, and storage of facial recognition data as soon as possible. The data usage is only going to get more and more, and a regulation to stop misuse is crucial. To enforce those rules, regulatory bodies should be created or empowered to monitor and enforce compliance with these regulations, ensuring that companies adhere to data protection standards. Lastly, governments should conduct public education campaigns to inform citizens about their rights related to facial recognition technology and the measures in place to protect their data, as well as the tools available for them if something wrong happens.
In conclusion, facial recognition technology is a very powerful tool that can empower almost every industry. It certainly is expected to expand in the coming years, but with it comes greater risk of data being exploited by hackers, and once exploited, the damage can be huge. Governments, companies and us as customers should all contribute ourselves to make sure that such technology is developing on the right track, use the technology to make our lives better, instead of worse.
That’s my podcast, fuck you, goodbye.
Ref
Comments are closed