Facial Recognition (AI): Yes! Privacy exposed: No!
In a world reconfigured by digital natives using internet explorers, social networks, TV, on-demand movies, and online payments, security and privacy challenges emerge, with tracker Facial Recognition (AI)s everywhere, such as cookies, IP & Mac addresses, and global positioning systems.
Facial recognition is an advanced technology capable of identifying or authenticating a person by comparing a fresh person’s face just captured live with the very same face stored on a mobile application, or on a server. It is basically a mathematic algorithm method that analyses templates or anonymous identifiers resulting from a person’s unique facial shape, eyes, nose, lips, geometrical structure.
Logical steps for facial recognition are face detection, face capture and face match.
Facial recognition is the solution of choice to secure many applications
With the increasing threats from cyber-criminals and cyber-terrorists, facial recognition, due to its very strong security capabilities and the opportunity to have cameras available everywhere on devices and down the streets, is a serious application to authenticate human beings in various situations: access to a facility (Plant), access to an event (Olympic Games), access to an airport or a train station, sitting in a plane, sitting in a train, access to a critical corporate or government application, pay tickets, and many other use cases of your life.
For instance, facial recognition is a perfect tool to search for potential terrorists in a crowd attending an event such as the Olympic Games. And it will be used more and more to secure payments (corporate treasurers or private usage), to secure access to critical applications (a police officer to access a national ID, or crime database,), or to vote in the next elections.
Data privacy is the main concern when storing biometric data on servers
For instance, if we take the use case of a big event such as the Olympic Games, a certain key advantage of facial recognition is to recognize a person among a crowd, without the person being even aware.
Nevertheless, in such a case, the risk is to identity a person by having stored their personal data before the identification is made. Such a method is currently not respecting European Directive GDPR and should be reserved to a few specific cases, but not be used for mass identification tracking.
From a society standpoint, we do not want to expose deeply private details stored in servers for tracking and monitoring people, further taking the risk of hacker intrusion on the database, stealing real faces for criminal purposes, and therefore resulting in an ID theft.
Key advantages for facial recognition in terms of security, but to avoid privacy leaks, data stored must be anonymously
For sure, stored biometric data such as face templates are at risk and may be consulted by third parties or hacked, if not properly protected.
The largest concern with facial recognition has then to do with privacy and mass surveillance. The danger is that face recognition can be used for bad purposes of recreating a person’s identity and pay or play on social networks, on the internet, on travel sites and others.
But fortunately, by way of an exception, a solution can protect personal details with a platform transforming data into a non-reversible model.
Authentication Vs Identification
At this stage, we need to make a strict difference between “Identification” and “Authentication”, which leads to a very different treatment of privacy. “Identification” means “Who are you?” and requires a comparison between the live face and recorded personal data. This must be understood as a show-stopper for mass deployment of facial recognition.
Alternatively, “authentication” is a smart method to provide higher security in our society; it means “are you the person you say you are?”
Authentication does not require the storing of personal details or criminal background and works very effectively.
There are advanced solutions to authenticate a person completely anonymously while protecting personal details and privacy. Such solutions are using sophisticated hash techniques to immediately transform live biometrics into a non-readable and non-hackable data storage format, thereby sustaining compliance with European Directive GDPR (General Data Protection Regulation) by providing an anonymized database with no customer details data recorded and stored.
Anonymous authentication is a smart response to biometrics use cases
The Cyber Startup Observatory spoke to Christopher Richard and Yves Chemla from United Biometrics who both said: “A key advantage of our solution is that artificial Intelligence facial recognition is anonymous and the desensitized transformed biometric data can be stored anonymously. With this process, if hackers enter the system, they will not be able to match the stolen biometric information with individuals, which is a strong wall to protect privacy and persons. Furthermore, all our biometrics data can be revocable, this method being the ultimate way to protect personal data.”
Christopher RICHARD and Yves CHEMLA are Co-Founders of UNITED BIOMETRICS. United Biometrics is an IBM and AIRBUS Certified Partner architecting and developing a strong multi-factor authentication platform solution for Banks, Governments & Defense, Enterprises, Carriers and Internet Players losing money or service capacity caused by large cyber-attacks and intrusions. The platform can hold millions of users and support massive traffic in real-time.