As Internet giants Facebook Inc. and Google Inc. race to expand their facial-recognition abilities, new research shows how powerful, and potentially detrimental to privacy, these tools have become.
Armed with nothing but a snapshot, researchers at Carnegie Mellon University in Pittsburgh successfully identified about one-third of the people they tested, using a powerful facial-recognition technology recently acquired by Google.
Prof. Alessandro Acquisti, the study's author, also found that about 27% of the time, using data gleaned from Facebook profiles of the subjects he identified, he could correctly predict the first five digits of their Social Security numbers.
The research demonstrates the potentially intrusive power of a facial-recognition technology, when combined with publicly available personal data. The study was funded largely by a grant from the National Science Foundation, with smaller sums from Carnegie Mellon and the U.S. Army.
Paul Ohm, a law professor at University of Colorado Law School, who has read Prof. Acquisti's paper, said it shows how easy it is becoming to "re-identify" people from bits of supposedly anonymous information. He said.
"This paper really establishes that re-identification is much easier than experts think it's going to be."
For his study, Prof. Acquisti used a webcam to take pictures of student volunteers, then used off-the-shelf facial-recognition software to match the students' faces with those in publicly available Facebook photos. He said.
"We call it the democratization of surveillance."
The professor said the study also shows how Facebook, with its 750 million users, whose names and profile photos are automatically public, is becoming a de facto identity-verification service.
A Facebook spokesman said that Facebook profiles don't always contain pictures of people's faces. He said.
"Users can choose whether to upload a profile picture, what that picture is of, when to delete that picture."
Google Chairman Eric Schmidt discussed his concerns about Facebook at the D: All Things Digital conference in June.
Facebook is "the first generally available way of disambiguating identity," he said. "Historically, on the Internet such a fundamental service wouldn't be owned by a single company. …I think the industry would benefit from an alternative to that."
Google has been racing to create a rival social-networking service. In June, it launched Google+ to compete with Facebook. In July, Google acquired Pittsburgh Pattern Recognition, or PittPatt, the facial-recognition technology that was used in the Carnegie Mellon study.
Facebook rolled out its facial-recognition service world-wide in June. The service lets people automatically identify photos of their friends. Facebook users who don't want to be automatically identified in photos must change their privacy settings.
A Google spokesman said the company won't introduce facial-recognition technology "to our apps or product features" without putting strong privacy protections in place. At the D conference, Mr. Schmidt said Google had withdrawn a facial-recognition service for mobile phones that it considered too intrusive.
The race to acquire facial-recognition technology reflects the technology's sharp improvement in recent years. The number of matching photos that were incorrectly rejected by state-of-the-art recognition technology declined to 0.29% in 2010 from 79% in 1993, according to a study by the National Institutes of Standards and Technology.
Peter N. Belhumeur, professor of computer science at Columbia University said.
"It's certainly not science fiction anymore."
One big reason for the leap forward: the wide availability of photos that people have uploaded to the Internet through social-networking sites. Previously, publicly available pictures of individuals were mostly limited to driver's-license photos, school portraits or criminal mug shots, all of which were difficult to obtain.
In the Carnegie Mellon study, 93 students agreed to be photographed using a web camera attached to a laptop. The shots were immediately uploaded to a cloud computer and compared with a database of 261,262 publicly available photos downloaded from Carnegie Mellon students' Facebook profiles.
In less than three seconds, the system found 10 possible matching photos in the Facebook database. The students confirmed their face was among the top results more than 30% of the time.
Prof. Acquisti said.
"The research suggests that the identity of about one-third of subjects walking by the campus building may be inferred in a few seconds combining social-network data, cloud computing and an inexpensive webcam."
He then tried to discover whether he could predict sensitive information from the Facebook profile of individuals he had identified. He exploited the fact that, after 1987, the Social Security Administration started assigning Social Security numbers in a way that inadvertently made it easier to predict them based on the person's birthdate.
Drawing from knowledge of the Social Security numbering system used in a previous experiment, Prof. Acquisti was able to predict the first five digits of the subject's nine-digit Social Security numbers 27% of the time, with just four attempts.
"The chain of inferences comes from one single piece of anonymous information—somebody's face."
The last four digits of the number also are predictable: In a 2009 paper, Prof. Acquisti showed that he could predict an entire Social Security number with fewer than 1,000 attempts for close to 10% of people born after 1988.
In June, the Social Security agency launched a new "randomized" numbering system, which will make such predictions more difficult for future generations. An agency spokesman said that even under the old system "there is no foolproof method for predicting a person's Social Security number."
As a demonstration of his latest project, Prof. Acquisti also built a mobile-phone app that takes pictures of people and overlays on the picture a prediction of the subject's name and Social Security number. He said he won't release the app, but that he wanted to showcase the power of the data that can be generated from a single photo.
COMMENTARY: I get the shivers just knowing that anybody with a smartphone camera and face recognition software can take my picture, and quickly find out who I am, then be able to research the internet or image databases for an abundance of personal and private information about me--instantly.
In a blog post dated July 31, 2011, I profiled Social Intelligence Corporation, a Santa Barbara-based company that conducts social media background checks for employers. Social Intelligence uses special software that searches social network sites like Facebook, Twitter and LinkedIn and other internet sites for everything we ever posted online such as wall posts, tweets, images, music and video files. Social Intelligence then analyzes our online posts and content for any negative or derogatory content or comments we made (bad mouthing former employers, political views, expletives, etc.) then furnishes an employer a social media consumer report that employers then use in their hiring decision-making. This supposedly weeds out "undesirables".
Recruiters and employers are now using criminal background checks, consumer credit reports, and social media consumer reports to determine if job applicants are hireable. Scary isn't it? It's a miracle people are able to get a job.
Unfortunately, recruiters and employers use this information to make pre-judgements about individuals, and if we don't pass the "social media sniff test", we're unhireable, and according to the FTC (which approved Social Intelligence Corporation's technology), there's not a damn thing we can do about it. Yet.
Face recognition software presents an even scarier intrusion into our private lives because complete strangers can findout who we are, including the most intimate details of our private lives, and we would never know.
Even if we take precautions to post our pictures online or use pseudonames instead of our real names, if someone, even a friend posts a picture of us online, and just happens to include our name (e.g. "This is me and my friend Mary Picolino"), the whole world will know who we are in an instant.
If you've been following my posts, you know I am an advocate of both online and offline privacy, and believe that misuse of these intrusive technologies are now reaching the danger point, and something must be done.
If Google believes iin its mantra of "Never Do Evil", then I hope they will recognize just how intrusive PittPatt's face recognition technology is, and put it away, store it somewhere in a drawer, and never make it available to the public.
I can understand the use of facial recognition for security purposes, such as permitting access to high security establishments CIA, NSA,. military bases, records and files, but to just provide it to anyone is damn dangerous.
I was going to post a list of facial recognition applications software, but I have decided not to promote or encourage the use of this type of software, and swear by the allmighty Gods, never to use facial recognition software. Our deepest fear has finally arrived--the Era of Big Brother.
Courtesy of an article dated August 1, 2011 appearing in The Wall Street Journal Technology
Comments