Biometrics: Safe or Spooky?

 

Biometrics in the form of facial identification and recognition is sweeping the globe. The latest craze in advanced technology is garnering a lot of buzz. At its core, facial authentication is used as a means of protecting ones privacy, acting as a secure barrier from curious hackers. But a well-intentioned innovation in technology is quickly slipping into a dangerous territory, and taking on a name of its own. 
So what exactly is the difference between facial authentication and facial identification? Are the two interchangeable? And most importantly, is it a safe technology or a spooky post-apocolypic reality? 

 

What is Facial Authentication?

Facial authentication has become exponentially more popular in recent years. It’s been used to open our smartphones, tablets, and even our computers, and is designed to add an extra layer of security to our devices. It utilizes these devices’ native sensing technology mixed with various third-party biometric algorithms that leverages device cameras. Some of this technology is even rapidly developing to be able to pick up on any of your sudden movements by having you nod, smile, or continuously move during its scanning phase.

This type of biometrics technology is known as “match on device” and is not to be confused with “match on server.” They are often mixed up by users when describing the two, because it stores the details of someone’s most personal features, in order to recognize their identity. The big difference to note is that the “match on device” feature never searches the cloud, or even leaves the device it is engaging with. Its only purpose is to confirm someone’s request to their smart device, like their cell phone, laptop, or tablet. This is unlike the alternative option, “match on server,” which is a much more critial use of this innovation, because it implies the users' biometric data is being stored elsewhere and is potentially subject to breaches, theft, or other privacy violations. Data protection laws, such as Europe's GDPR, place severe limits on any institution's storage of biometric data, which needs to be specifically motivated.

 

What is Facial Identification?

Facial identification, which can often be confused with facial authentication, is a bit of a different approach to this developing technology. While authentication is a secure method of privacy, aimed at matching one-to-one, identification is one-to-many and therefore often used as a surveillance method to spy on citizens. Facial recognition technology, in certain circumstances, can be developed by scanning hundreds of millions of faces from social media profiles or identity documents, even without people’s consent. In some cases, those faces are then run through facial analysis programs to search for potential matches for criminals. This use of this technology is becoming increasingly more concerning, especially for people of color. It opens up a wider window to racial profiling and incorrectly charging an innocent person for a crime.

Other reasons why facial identification can be worrisome include: 

  • Technical Inaccuracies. This technology is still very much in its beta stage, and comes with its own set of hiccups. It could be quite a while until we see facial recognition technology that we can rely on.
  • Lack of User Consent. In many cases, like the example explained above, CCTV’s that are installed in public places do not require citizen’s permission when collecting facial data.
  • Identity Fraud. Hackers are becoming savvier, and fooling a facial recognition system certainly hasn’t become impossible.
  • Unethical Use. when data is collected without the user’s consent, it poses the question of how ethical this technology is, especially when its original purpose was to protect our privacy. 
  • Data Theft. If these systems are hacked into, it can compromise the data of thousands (or even millions), of people.   

Unlike facial authentication, whose sole purpose is to create a level of security while preserving user convenience, facial identification is a much blurrier territory.  

 

Telling the Two apart

Needless to say, while these two applications run on substantially the same technology, they are world’s apart on their actual aims. Facial authentication is used as a secure unlock or login, with no need to remember a password or a code. It’s used as an extremely effective means of privacy, protecting consumers from being hacked or their accounts from being taken over by fraudsters. 

Facial identification, while also mostly well-intentioned, comes with its own set of trials and tribulations. The privacy is insecure, the consent is not always given, and its use often comes with every questionable and downright unethical uses.

Knowing the difference between the two, and understanding what to look out for is the first step in protecting your identity in a technology-driven world. Facial authentication, when used properly and with consent in place, proves effective and convenient, and its foundational similarity with facial identification on the technical side should not worry those who embrace it.