Facial recognition is the tip of the spear in the assault on your privacy
CIOREVIEW >> Cyber Security >>

Facial recognition is the tip of the spear in the assault on your privacy

Harvey Boulter, Chairman, Communication Security Group
Harvey Boulter, Chairman, Communication Security Group

Harvey Boulter, Chairman, Communication Security Group

Clearview AI, a US company specializing in facial recognition software is under fire for infringing on personal privacy by creating a database of over 3 billion images scraped from sites such as Facebook, Google and YouTube. This comes as three of the world’s largest tech companies, Microsoft, IBM and Amazon, have announced they will ban law enforcement from using their facial recognition technology, or are exiting the area completely, in the wake of ongoing anti-racism protests.

Of course facial recognition technology is far from perfect, with significant issues around low-accuracy, particularly for people of color, and the fact that many systems rely on a human backstop which can be less than 50% accurate – issues that can and should be addressed. Alongside this however, it is also important to examine how and why facial recognition is used, and how that affects our civil liberties.

Technology can often be a double edged-sword; used for the greater good, or wielded with even greater malignancy. As explained in an investigation by the Center on Privacy & Technology at Georgetown Law, “The benefits of face recognition are real. It has been used to catch violent criminals and fugitives.” However, the paper, titled “The Perpetual Line-up: Unregulated police face recognition in America” goes on to differentiate between “A face recognition search conducted in the field to verify the identity of someone who has been legally stopped or arrested… and real-time scans of people walking by a surveillance camera. The former is targeted and public. The latter are generalized and invisible.”

To see where this ‘always on’ monitoring can lead, we can of course look to China, where they have built what they call “the world’s biggest camera surveillance network” integrated with AI. “We can match every face with an ID card and trace all your movements back one week in time. We can match your face with your car, match you with your relatives and the people you’re in touch with. With enough cameras, we can know who you frequently meet,” explains a representative of Dahua Technology, which has sold millions of facial recognition cameras. In China, the information collected is used to create a citizen social credit score, an invasive, controlling system as I have detailed in a previous article.

While not to be compared with China, the US is only one of many nations sleepwalking into a facial recognition privacy disaster. Clearview AI has rightly been called out, not just for their actions in trampling over the privacy rights of individuals and the company policies of Google et al, but for their inability to protect that data. In February of this year Clearview AI confirmed that an intruder had “gained unauthorized access” to its complete list of customers, user account and search numbers. Lawyer for Clearview AI, Tor Ekeland dismissed the hack, saying “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”

This cavalier response drew the ire of U.S. Sen. Ron Wyden, who responded, “Shrugging and saying data breaches happen is cold comfort for Americans who could have their information spilled out to hackers without their consent or knowledge.” The senator continued; “How we can trust a company with massive privacy responsibilities when it can’t even protect its own corporate data?”

This speaks to very real concerns about how our digital personas are protected or exploited, and to what extent personal digital privacy even exists. An entire marketing and advertising business model has grown around scraping, analysing, selling and exploiting our personal data. The general public has traded their privacy and personal data for convenience and freemium tools. For example, Facebook and WhatsApp all the way through to the likes of the supposedly secure Signalare free at the point of use because the user is the product, and their personal data is being monetized.

Senator Wyden continues; “Companies that scoop up and market vast troves of information, including facial recognition products, should be held accountable if they don’t keep that information safe,” while for FCC Commissioner Geoffrey Starks, “the handling of our data is one of the most defining civil rights issues of our generation, and facial recognition is currently one of the most troubling.”

It is clear that action is required, with Microsoft President Brad Smithurging lawmakers to develop federal regulations for facial recognition tools; "We need to start teasing this issue apart, to understand it better and move just beyond a binary conversation of: permit it or ban it… and think about: what is the right way to regulate it?"

However, is action likely? Many of these considerations should have previously been applied to the current digital landscape, but that opportunity has been missed. The evidence for this is under our noses, daily. The word’s most used messaging app WhatsApp is owned by Facebook, and has a privacy policy that allows them to access a huge range of data, including operating system and browser information, IP address, location data, information from third party services, who you are messaging and calling and what groups you belong to. Back in 2016 Facebook made clear their intentions to access data from WhatsApp, and share that data with a “Facebook family of companies.”

What should we do then, as individuals and business leaders, to fight this creeping tide that erodes our personal privacy, and endangers our businesses? Of course, putting pressure on our elected representatives is important. As is voting with your dollar by supporting the right businesses. But the first and most important action is to take personal responsibility. Look at your organization today, and assess how seriously you currently take protecting it, your employees and customers, and all that data. If your team is using inappropriate tools, such as freemium messaging apps like WhatsApp or Signal, then focusing on the dangers of facial recognition is like fretting about rain coming through the windows of a house with no roof.

Cellcrypt is the world’s trusted communication network, used by government and enterprise globally. Cellcrypt offers the highest level of end-to-end, certified encryption for voice, messaging, conference calling and attachments. The network integrates with existing IT infrastructure, with mobile and desktop clients and offers optional add-ons ranging from regulatory compliance auditing to private stacks that provide full management control, and secure gateways for PBX extensions.

We are also proud to be supporting businesses affected by the coronavirus, with unparalleled discounts on licenses and full enterprise solutions. Businesses needing to transition to telework will be able to employ Cellcrypt rapidly to lessen the strain, costs, and vulnerabilities during this emergency. Please visit our specially set uppagefor more information, and to learn more about how Cellcrypt is contributing our military-grade business solutions during this public health crisis and beyond.

Read Also

Keeping It Real With Your Security Vendors

Robert Pace,VP/CISO, Invitation Homes

Cyber Grc: Core Enabler Of Strategic Cybersecurity

Jamie Sanderson, Director of Cyber Governance, Risk, and Compliance,AES

Your Maiden Grc Implementation Voyage

Eric Bonnell, Senior Vice President, Second Line of Defense Risk Manager, Focus on Privacy and Business Resilience, Atlantic Union Bank

One Source of Truth for Our Frontend

Matthew Hensrud, Senior Director, Platform Engineering and Vadim Komisarchik, Senior Director, Interface Engineering, Freshly

Ubiquitous Retail Banking

Kevin Stehl, Vice President of Marketing, Product and Digital, SECU Credit Union

Effective Defense for New Attack Vectors

Lonnie Carter, SVP, Information Security Manager, Ameris Bank