FTC and EU Weigh in on Face Recognition Applications – Why Limiting the Use of This Technology Matters

August 1, 2012

Who should own and control data about your face? Should companies be able to collect and use your facial data at will?

Is it enough to let users can opt out of facial recognition, or should companies be required to collect your specific opt in before collecting your facial data? If a company has multiple services, is one opt in enough, or should they be required to seek your permission for every new type of use? Under what conditions should a company be able to sell and monetize their ability to recognize you?[i]

There are a lot of cool uses for facial recognition tools, but how informed are you about the risks? How do you weigh the pros and cons to make an informed choice about who can identify you?

Governments are paying greater attention to potential privacy threats

A preliminary report by the Federal Trade Commission (FTC) identifying the latest facial recognition technologies and how these are currently being used by companies has just been released. The report also outlines the FTC’s plan for creating best-practice guidelines for the industry that should come out later this year.

In Europe concerns over facial recognition technologies potential to breach personal privacy has resulted in a similar review.

This is great news for consumers as it signals a shift in the timing of privacy reviews from a reactive approach where guidelines have come after consumers have largely already had their privacy trampled, to a far more proactive approach to protecting consumers online privacy, safety, and security.

In response, companies like Facebook and Google are dramatically increasing their lobbying budgets and campaign funding

It is no coincidence that as government bodies increase their focus on consumer’s online privacy that the companies making the biggest bucks from selling information about you – and access to you – are pouring money and human resources into influencing the government’s decisions.

According to disclosure forms obtained by The Hill, “Facebook increased its lobbying spending during the second quarter of 2012, allocating $960,000, or three times as much as during the same three-month period in 2011”.

And a report in the New York Times noted that “With Congress and privacy watchdogs breathing down its neck, Google is stepping up its lobbying presence inside the Beltway — spending more than Apple, Facebook, Amazon and Microsoft combined in the first three months of the year.” Google spent $5.03 million on lobbying from January through March of this year, a record for the Internet giant, and a 240 percent increase from the $1.48 million it spent on lobbyists in the same quarter a year ago, according to disclosures filed Friday with the clerk of the House.

In addition to lobbying spend, these companies, their political action committees (PAC’s) – and the billionaire individuals behind the companies have exorbitant amounts of money for political contributions; chits to be called in when privacy decisions that could impact their bottom line hang in the balance.

Here’s what today’s facial recognition technologies can – and are – doing:

 

It only takes a quick look for you to identify someone you know; yet facial recognition technologies are both faster and more accurate than people will ever be – and they have the capability of identifying billions of individuals.

Although many companies are still using basic, and largely non-invasive, facial recognition tools to simply recognize if there is a face in a photo, an increasing number of companies are leveraging advanced facial recognition tools that can have far reaching ramifications for your privacy, safety, and even employability.

Advanced facial recognition solutions include Google+’s Tag My Face, Facebook’s Photo Tag Suggest, Android apps like FaceLock, and Visidon AppLock, and Apple Apps like Klik,  FaceLook, and  Age Meter, then there are apps like SceneTap, FACER Celebrity, FindYourFaceMate.com and DoggelGanger.com.  New services leveraging these features will become increasingly common – particularly if strict privacy regulations aren’t implemented.

Some companies use facial recognition services in their photo and video applications to help users recognize people in photos, or even automatically tag them for you. (You may not want to be tagged in a particular, photo, but if you allow photo tagging you can only try to minimize the damage, you can’t proactively prevent it).

Some services use facial recognition for security purposes; your face essentially becomes your unique password (but what do you do if it gets hacked? Change your face??).

What are the potential risks of facial recognition tools to individuals?

The Online Privacy Blog enumerates some of the risks in easily understood terms; here is an excerpt from their article The Top 6 FAQs about Facial Recognition:

Take the massive amount of information that Google, Facebook, ad networks, data miners, and people search websites are collecting on all of us; add the info that we voluntarily provide to dating sites, social networks, and blogs; combine that with facial recognition software; and you have a world with reduced security, privacy, anonymity, and freedom.  Carnegie Mellon researchers predict that this is “a world where every stranger in the street could predict quite accurately sensitive information about you (such as your SSN, but also your credit score, or sexual orientation” just by taking a picture.

Risk 1:  Identity theft and security

Think of your personal information—name, photos, birthdate, address, usernames, email addresses, family members, and more—as pieces of a puzzle.  The more pieces a cybercriminal has, the closer he is to solving the puzzle.  Maybe the puzzle is your credit card number.  Maybe it’s the password you use everywhere.  Maybe you’re your social security number.

Identity thieves often use social security numbers to commit fraud. Photo: listverse.com.

Facial recognition software is a tool that can put all these pieces together.  When you combine facial recognition software with the wealth of public data about us online, you have what’s called “augmented reality:”  “the merging of online and offline data that new technologies make possible.”   You also have a devastating blow to personal privacy and an increased risk of identity theft.

Once a cybercriminal figures out your private information, your money and your peace of mind are in danger.  Common identity theft techniques include opening new credit cards in your name and racking up charges, opening bank accounts under your name and writing bad checks, using your good credit history to take out a loan, and draining your bank account.  More personal attacks may include hijacking your social networks while pretending to be you, reading your private messages, and posting unwanted or embarrassing things “as” you.

The research:  how facial recognition can lead to identity theft

Carnegie Mellon researches performed a 2011 facial recognition study using off-the-shelf face recognition software called PittPatt, which was purchased by Google.  By cross-referencing two sets of photos—one taken of participating students walking around campus, and another taken from pseudonymous users of online dating sites—with public Facebook data (things you can see on a search engine without even logging into Facebook), they were able to identify a significant number of people in the photos.  Based on the information they learned through facial recognition, the researchers were then able to predict the social security numbers of some of the participants.

They concluded this merging of our online and offline identities can be a gateway to identity theft:

If an individual’s face in the street can be identified using a face recognizer and identified images from social network sites such as Facebook or LinkedIn, then it becomes possible not just to identify that individual, but also to infer additional, and more sensitive, information about her, once her name has been (probabilistically) inferred.

Some statistics on identity theft from the Identity Theft Assistance Center (ITAC):

  • 8.1 million adults in the U.S. suffered identity theft in 2011
  • Each victim of identity theft loses an average of $4,607
  • Out-of-pocket losses (the amount you actually pay, as opposed to your credit card company) average $631 per victim
  • New account fraud, where thieves open new credit card accounts on behalf of their victims, accounted for $17 billion in fraud
  • Existing account fraud accounted for $14 billion.

Risk 2:  Chilling effects on freedom of speech and action

Facial recognition software threatens to censor what we say and limit what we do, even offlineImagine that you’re known in your community for being an animal rights activist, but you secretly love a good hamburger.  You’re sneaking in a double cheeseburger at a local restaurant when, without your knowledge, someone snaps a picture of you.  It’s perfectly legal for someone to photograph you in a public place, and aside from special rights of publicity for big-time celebrities; you don’t have any rights to control this photo.  This person may not have any ill intentions; he may not even know who you are.  If he uploads it to Facebook, and Facebook automatically tags you in it, you’re in trouble.

Anywhere there’s a camera, there’s the potential that facial recognition is right behind it.

The same goes for the staunch industrialist caught at the grassroots protest; the pro-life female politician caught leaving an abortion clinic; the CEO who has too much to drink at the bar; the straight-laced lawyer who likes to dance at goth clubs.  If anyone with a cell phone can take a picture, and any picture can be tied back to us even when the photographer doesn’t know who we are, we may stop going to these places altogether.  We may avoid doing anything that could be perceived as controversial.  And that would be a pity, because we shouldn’t have to.

Risk 3:  Physical safety and due process

Perhaps most importantly, facial recognition threatens our safety.  It’s yet another tool in stalkers’ and abusers’ arsenals.  See that pretty girl at the bar?  Take her picture; find out everything about her; pay her a visit at home.  It’s dangerous in its simplicity.

There’s a separate set of risks from facial recognition that doesn’t do a good job of identifying targets:  false identifications.  An inaccurate system runs the risk of identifying, and thus detaining or arresting, the wrong people.  Let’s say that an airport scans incoming travelers’ faces to search for known terrorists.  Their systems incorrectly recognize you as a terrorist, and you’re detained, searched, interrogated, and held for hours, maybe even arrested.  This is precisely why Boston’s Logan Airport abandoned its facial recognition trials in 2002:  its systems could only identify volunteers 61.4 percent of the time.

Learn more about facial recognition technologies, how they work and what the risks are in these resources:

Three steps to protecting your facial data:

  1. There are many positive uses for facial recognition technologies, but the lack of consumer protections make them unnecessarily risky. Until the control and management of this data is firmly in the hands of consumers, proactively opt out of such features and avoid services where opt out is not an option.
  2. Voice your concerns to elected officials to offset the impact of corporate lobbying and campaign contributions intended to soften proposed consumer protections.
  3. Voice your frustration to the companies that are leveraging this technology without providing you full control over your facial data – including the ability to have it removed, block it from being sold, traded, shared, etc., explicitly identify when and how this data can be used either for standalone purposes or combined with other data about you, and so on. If a company does not respect your wishes, stop using them. If you allow yourself to be exploited, plenty of companies will be happy to do so.

Linda


[i] See The One-Way-Mirror Society – Privacy Implications of Surveillance Monitoring Networks to understand some implications of facial recognition tool’s use when companies sell this information.

Advertisements

Infographic – Mother, Can I trust Google?

June 3, 2012

This infographic by BackgroundCheck.org provides a great timeline of Google feature rollouts and some of their largest privacy breaches. It also suggests ways for users to reduce tracking of their online actions. It’s definitely worth a scan.

Contact us

Linda


It’s Official, Half of Cell Phones in U.S. Are Now Smartphones

April 16, 2012

New data from Nielsen shows that half (49.7%) of U.S. mobile subscribers have converted to smartphones, a 38% increase over February 2011, when only 36% of mobile subscribers used smartphones.

Nielsen’s research also shows that Android remains the leading cell phone platform with 48% of the U.S. smartphone market, followed by 32.1% who use an Apple iPhone, and 11.6% who remain Blackberry owners.

Up until last week, I was among the diehard Blackberry users, but I’ve purchased an iPhone and will never look back.

As a further indication of the imminent demise of Blackberry, their stock has plummeted.

Among consumers who acquired their smartphone within the last three months, 48% surveyed said they chose an Android and 43% bought an iPhone.

Not only was Blackberry absent, so was any mention of Windows phones.

In the now two-horse race, the rising frustration by developers and users of the Android platform indicates their market lead over Apple is far from assured. From a safety perspective, choosing Apple and Apple apps is the best bet.

Linda


Tech Use on College Campuses – 60% of Students Say they Wouldn’t Attend a School that Doesn’t have Free WiFi

December 22, 2011

It’s not news that this generation of college students is wired, but just how wired they are – and when they want face-time – can be seen in a new infographic showing research into technology use and preferences on campuses.

Asked which single website or online resource they couldn’t live without, only 3% picked Facebook, while 11% said Wikipedia and 36% said Google.

As for the most important software and applications for college students? Unsurprisingly, word processors are the most vital to 76% of students, but email came in second with 66% of students – so much for the theories that youth aren’t emailing. Scan the infographic to learn more….

Technology Use on the College campus
Via: Online Colleges Guide

Linda


Google Warns Users of Malware – Take Action

July 20, 2011

You’ve been warned to be skeptical of notices that pop up warning you of malware on your device that is actually malicious software trying to get you to download fake ‘anti-virus’ software. However, if you see this notification from Google at the top of your Google search results, believe it.

Noticing an unusual pattern of activity in Google search traffic, the company enlisted the help of outside security professionals in the companies sending the modified traffic to determine the computers were infected with malware.

Google’s online security blog says “This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called “proxies.” We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections.

We hope to use the knowledge we’ve gathered to assist as many people as possible. In case our notice doesn’t reach everyone directly, you can run a system scan on your computer yourself by following the steps in our Help Center article.”

Kudos to Google for being proactive and transparent about the issue as well as for providing clear, easy-to-follow steps users can take to fix the problem.

This is one more example of why everyone must keep their security software up to date.

Linda


Does your Vision for Technology Match Your Child’s?

July 13, 2011

“What would you like your computer or the internet to do that it can’t do right now?” was the question posed to kids ages 12 and under in a global study conducted by international research firm Latitudeo. The results are phenomenal, and beg the question of how in touch are you with where technology can take us?

Among kids ideas were:

  1. Removing the distinction between online and offline. Children across the world imagine technologies that “seamlessly meld online and offline experiences”
  2. Shifting from seeing to interacting.  Nearly 4 in 10 kids imagine immersive experiences in physical spaces (e.g., real or simulated travel) or devices that assisted physical activities (e.g., playing sports)
  3. Ditching the keyboard and mouse. Kids want to interact with technology more intuitively. Of those kids who specified an interface, only half suggested the traditional keyboard/mouse configuration, while 20% explicitly requested verbal/auditory controls, and another 15% wanted touchscreen interfaces.
  4. Humanizing devices. 77% of kids wanted a more dynamic, human-level responsiveness (often anthropomorphized as robots or virtual companions), and 43% drew themselves or another person interacting with their creations, seeing devices as merely an extension of oneself.
  5. Better access to knowledge. Kids envisioned instant access to people, information, and possibilities. One-third of kids invented technologies that would empower users by fostering knowledge such as speaking a different language or learning how to cook.
  6. The Urge to Create.  A quarter of kids’ inventions centered on art or design, envisioning entire platforms for creating games, Web sites, action figures, and so on. Kids’ interest in a host of design fields—industrial, landscape, fashion, Web, and more—reflects the visual richness of the online world, as well as the can-do creative drive that tech encourages.

That’s pretty cool stuff coming from the minds of under-12-year-olds. Now we just have to help them achieve these dreams in an environment that is safe, secure, and protective.

Linda


Privacy Policy Changes – Some Companies Get Notification Right

July 7, 2011

It’s time to demand honest, clear notices that come well in advance of Privacy Policy changes to give consumers an opportunity to opt out, protest, or take some other course of action.

Facebook users learned last week that their privacy had received another ‘haircut’. This latest round of Privacy Policy changes gives Facebook the right to sell your information to other companies in a clear profit-trumps-privacy equation.

Adding insult to injury, the company chose to minimize the press coverage – and number of consumers who would hear of the changes – by delaying their notice until after press deadlines on a Friday – for more information on the latest changes see Facebook privacy changes would share user data with other sites.

These practices are unacceptable. It’s time to demand a change.

Most companies, including flagships Microsoft, AOL, and Yahoo!, go to great lengths to protect your privacy, have clearly understandable policies that don’t change every time you turn around, and clearly respect their users.

Geni.com, a genealogy site, goes even further and embodies the proactive approach to policy changes. Not only do they make their privacy practices clear on their website, the following email was just sent to their users giving very clear, advance notice about changes to their privacy policy. It’s so impressive, I’ve attached the entire email; it is well worth your attention. Click the image to see in full size

Geni.com site richly deserves the accolades they’ve received from PC Magazine, TIME, and CNET for being a great website. Their advance notification of policy changes to each and every member (and they strengthened their privacy protections – what a thought!) has now earned them a far humbler, but rarely given, award – the LOOKBOTHWAYS seal of approval. Congratulations Geni on being a shining example of transparency and consumer respect.

We encourage all companies with a web presence to employ consumer safety and privacy best practices in every aspect of their development, testing, support, and within their consumer services.”

As a percentage of companies, those who exploit consumers are but a fraction, but the tremendous reach of Facebook, and others with less than stellar track records like Google, means that most of the US population  (and a significant number of global users) are adversely impacted by their actions.

Sending users an email notification of any upcoming policy changes is easy and ethical. Sites already store every registered user’s email address, and email provides an excellent opportunity to clearly explain changes – including graphic representations of complex concepts – and provide links to where they can learn more, or ask questions.

The Radicati Group estimated that the number of emails sent per day in 2008 were around 210 billion, so for most sites sending an email to all their users would barely be a blip. But for huge sites that feel sending several hundred million emails would be prohibitive, there is a clear alternative; use a notification screen in front of every user (once per user) at least one week in advance of the changes that requires their action, or the action of their parent, before proceeding. For those who did not log on during the notification week (or longer time period), the notification should be changed to inform them of the changes that did occur so they can take action at that time.

Will providing clear notification annoy some users? Of course, so do seatbelts but they protect consumers from clear risks.

You have the right to an informed online experience. You have the right to set your own terms for your online experience. You have the right to expect online products and services to guard your safety and privacy. Learn more about your rights in Your Internet Safety and Privacy Bill of Rights.

As consumers you can—and should—vote with your feet if the experience you’re having on a service doesn’t meet your expectations. Even Facebook has had to beat a retreat when enough consumers rioted.

Linda