Security Experts:

The Impending Facial Recognition Singularity

The radical changes taking place in privacy and security, both for better and for worse, are driven by the rapid adoption of facial recognition technologies and the exploding use of social media to share personal photos.

With respect to my particular interest in privacy and anonymity, these changes are mostly for worse. Facial recognition systems are becoming cheaper, better, easier to use, and more widely deployed, while social media platforms are creating an ocean of easily identifiable faces that are widely accessible.

The majority of online social platforms incorporate facial recognition in their service. If your face is online, it is almost certainly being tagged and identified by these systems. As a result, keeping your face off these sites is increasingly difficult. Even if you resist the urge to post photos of your vacation or selfies, someone else probably is. If you are tagged, your facial profile and identity are paired in a database. As more and more photos are uploaded, the accuracy of the recognition improves. The systems will have examples of your face in full sun and in darkness, forward-facing and in profile, with and without sunglasses, hats, makeup, etc.

Facial RecognitionThe result is that you will be identified every time your picture appears. If you use a real photo as your avatar, then your accounts will be connected, even if you use different names, account IDs, and email addresses. Even if you post an untagged photo of yourself to a site, the surrounding text will probably allow the system to know that you are in the picture somewhere; and after a hand full of pictures, it will be obvious to the computer which face is yours. On the opposite side of the spectrum however, an account with absolutely no photos might prevent identification, but it will stand out as fake. 

The offline situation is no better. Cameras are becoming so inexpensive that they are built into all kinds of things. Cameras can be a cheap and easy way of allowing computers to sense and react to their environment. For example, cameras have been built into thermostats, smoke detectors, door bells, and toys. Overtime, all of the camera equipped IoT devices have created an Internet of Cameras (IoC). When paired together, government and private cameras provide almost complete coverage of our lives. Soon we will be seen and recognized everywhere we go. We are about to see what David Brin's “Earth” looks like in the real world.

Once we are reliably recognized everywhere we go, both online and off, we will have reached the facial recognition singularity.

Taking on an alias or protecting your privacy, when there is constant and universal facial recognition, will be nearly impossible. This is already causing major problems for intelligence organizations attempting to travel across controlled borders while using an alias. While an ATM recognizing you and making sure your face matches your card could be great for security, having every shop you pass identify you and memorize your patterns of movement would be a huge invasion of privacy. Both are coming, and it is likely that only a few businesses will end up powering the vast majority of these facial recognition services. This adds the possibility that all of this data will be correlated, even if collected at unrelated businesses or locations.

I imagine that governments and law enforcement will be one of the most aggressive users of these systems. The ability to identify individuals, both online and off, is one of the greatest tools in their belt. It has the potential to greatly improve security, but can also harm civil rights when abused. Because the images of our faces are freely shared or captured in public places with no expectation of privacy, it will be difficult to rein in the development and use of facial recognition by governments. 

Policies and regulations may provide some protection, but the security, convenience, and targeted advertising provided by facial recognition is likely to overpower privacy concerns. I often encourage people to limit the number of tagged photos of themselves uploaded online, because that forms the initial core of recognition data. Unfortunately, trying to prevent yourself from getting fully profiled is like telling the tide not to come in; it is only a delaying tactic. Privacy regulations may be the only long-term way to ensure that these facial databases are not used in an excessively abusive way.

RelatedNew iPhone Brings Face Recognition (and Fears) to the Masses

RelatedHuge US Facial Recognition Database Flawed: Audit

view counter
Lance Cottrell founded Anonymizer in 1995, which was acquired by Ntrepid (then Abraxas) in 2008. As Chief Scientist, Lance continues to push the envelope with the new technologies and capabilities required to stay ahead of rapidly evolving threats. Lance is a well-known expert on security, privacy, anonymity, misattribution and cryptography. He speaks frequently at conferences and in interviews. Lance is the principle author on multiple Internet anonymity and security technology patents. He holds an M.S. in physics from the University of California, San Diego and a B.S. in physics from the University of California, Santa Cruz. In his spare time Lance grows high-end pinot noir grapes in the Russian River Valley AVA.