facial recognition
myth busting

Is facial recognition insecure?

Facial recognition access control matches a face’s characteristics against a template in a database. That template must have been enrolled and authorised in the database first, then a matching process follows where identifying points are verified against the authorised template.

white-bg-block

: 

Expensive Biometrics

When we think of biometrics, sometimes the first thing that may come to our minds are the highly sophisticated devices that you may find in a sci-fi film. We may also think that this technology is extremely expensive and will cost a fortune. This cannot be further from the truth.

facial recognition

Facial recognition access control matches a face’s characteristics against a template in a database. That template must have been enrolled and authorised in the database first, then a matching process follows where identifying points are verified against the authorised template.

steal a photo

The data is stored as a biometric template, rather than a picture of your face. All data is encrypted using 256bit encryption. Essentially a hacker would require 2256 different combinations to break a 256-bit encrypted message, which is a huge challenge even for the fastest computers. If they were trying to steal your identity, they would find it far, far easier to lift an image from your social media than to break into the database with your facial biometric template and backwards engineer it to a photo.

GDPR compliant

Any facial template that is created through companies using biometric access control is covered under the GDPR (General Data Protection Regulation). This means that the collection, storage, use and retention of the data must be carefully thought through. A PIA (privacy impact assessment) should be undertaken to ascertain whether it is a reasonable impingement of a person’s right to privacy.

children

Yes, but under the GDPR there is a special category of ‘vulnerable data subjects’ and children or Individuals can be vulnerable where circumstances may restrict their ability to freely consent or object to the processing of their personal data, or to understand its implications. You must undertake a Data Protection Impact Assessment to help you identify and systematically analyse, identify and minimise the data protection risks of a project or plan. Ask us for further information.

facial detection

Facial detection merely identifies a face – with some CCTV camera systems the view can then zoom in to see the face in more detail. Facial recognition implies trying to identify whose face it is. Normally by comparison with a database. For private organisations, this database would consist of enrolled facial templates given when new users are added, with their consent, to a closed system. The data templates are encrypted and are not shared outside the system.

data privacy

In the UK it’s the Information Commissioner’s Office (ICO); organisations that process data should be registered with them. If you’re unsure whether you should be there is a simple and effective self-assessment tool that you can use to check. For Ireland it’s the Data Protection Commissioner; you can find advice on their website.