Got privacy concerns about facial recognition? You're not alone. Read on to get the facts on this evolving biometric technology.
The problem with headlines is they are just that: headlines. They don’t show the full picture and when it comes to headlines about facial recognition, they can often be rather misleading. While the headline itself may be accurate it can give the wrong impression about facial recognition, suggesting that it invades privacy, it’s prone to errors, it can be hacked with a photograph, or that it’s biased against certain sets of people.
Ten years ago, some of these points may have had an element of truth to them as the technology was still being developed and improved, as it is even now; however recent findings from the National Institute of Standards and Technology (NIST) have shown that in the last decade the best algorithms on the market have almost entirely eradicated the majority of these issues.
Many of the problems to which the headlines allude relate to the use of facial recognition in identifying people among many others – scanning a crowd to pick out a known criminal or banned fan – to take the recent example of the courts banning South Wales Police using these systems concerts and football or rugby matches.
It is right that these systems are held up to the highest standards of scrutiny to protect our privacy and civil rights and that any issues with these systems are fully understood and addressed by the people developing and using them.
These issues, however, aren’t really applicable when it comes to one of the other main uses of facial recognition: identity verification.
When it comes to verifying that someone is who they say they are, biometrics are fast becoming the new standard. Keys, swipe cards, and fobs are all very well but are all prone to loss, theft, or loan to other people. With biometric access control such as fingerprint scanners or facial recognition cameras, you can’t ask someone to clock in for you.
Facial recognition is the next natural step when it comes to using biometrics to verify a person’s identity, but these headlines have started to perpetuate some myths about the system, so here is some clarity.
Myth: Facial Recognition Can Be Fooled By A Photograph
While some early versions of facial recognition software could be fooled by someone holding up a photograph, the latest anti-spoofing and liveness detection technology means that this is no longer the case. The biometric template used by the system is created at the point of enrolment and can only come from an actual person and not from a 2D photograph, video screen, or even a mask.
Myth: Facial Recognition Can Be Used To Steal Your Identity
While the advantage of biometrics for identification is clear, it’s completely understandable that people are concerned about the security of this information.
Last year, the BBC reported that a biometric security company was successfully hacked by cyber-security researchers. The ethical hackers had been able to convert around half a dozen samples of data using the company’s software to recreate visible fingerprint patterns. This is not possible in Almas systems, as the data is encrypted right there in the scanner, so there is no point of interception possible.
Similarly using our fingerprint or facial recognition scanners, at no point is an image of your fingerprint retained other than in the enrolment process. Focussing on the minutiae of your finger or unique points on your face, this scan is used to create a digital, mathematical, biometric template, which is then securely encrypted. While the template can verify that you are who you say you are, it cannot be used to recreate your fingerprint or face scan in any form.
Myth: Facial Recognition Is Inaccurate
As with any technology, not all systems are created equal. In the studies conducted by NIST, while some of the algorithms tested only had a 70% accuracy rate, or had problems identifying women or those from ethnic minorities, the best achieved accuracy of over 99.8% across all demographics. The institute anticipates that this will improve yet further as researchers expand and refine the datasets used by the deep-learning technology.
It’s worth mentioning, however, that the success and accuracy of any facial recognition system are dependent on how it is used and where it is located. The camera will need to clearly see the face presented for verification, so good lighting is important. Similarly, it should be positioned in such a way that accidental verification does not take place from someone passing behind. While the set-up of a facial recognition access control system may take a little work, the benefits are more than worth it.
Myth: Facial Recognition Systems Are Linked To The Authorities
Here we refer back to the difference between identification and verification. While some public CCTV systems may have had facial recognition tied in to them as part of a trial for identification (such as in South Wales), it has been deemed that there is currently insufficient legal and policy framework for this to be permitted.
When it comes to access control and verification as you might use within your company, all data is stored locally and securely, and not accessible outside the company.
Myth: Facial Recognition Is Slow
Early versions of the technology may have struggled to correctly identify subjects in a timely manner, but as cameras and computers have improved over the last 10 years, Almas facial recognition scanners can accurately detect and identify a face in less than 0.2s
Biometric data such as fingerprints and facial recognition scans are classed as “sensitive personal data” under the General Data Protection Regulation (GDPR) under which all UK and EU companies are bound. The secure, encrypted biometric templates are simply data items held in addition to other personal details held by a company, and as such be treated similarly.
Under the GDPR:
*Data should be collected for a valid reason, fairly and transparently, with the subject’s permission
*It must be stored safely and securely
*It should only be used for the purpose for which it was collected
*It should be retained for only as long as it is relevant and reasonable
*You can request to see all data held by the company and have the right to have the information deleted.
Anyone considering implementing a biometric access control system needs to understand the implications within the framework of the GDPR
We always recommend performing a Privacy Impact Assessment (PIA) to establish a firm foundation and framework for the installation and operation of biometric access control and provide a template for customers.
Fact: Facial Recognition Is A Fast, Accurate, Secure, Contactless Access Control System
As we outlined in one of our previous articles, the future is biometrics when it comes to time & attendance and access control. Biometrics can’t be borrowed, stolen, or left at home, and are truly unique to each person.
Moving forward as we adjust to the “new normal” post-Covid, minimising points of physical contact is vitally important. Facial recognition removes the need for physical contact, whether it be a card, a fob, or a fingerprint, and provides easy access control and logging. Know exactly who is on your site, and when.