Recent study shows technology’s power to access sensitive personal data
By Oregon Tax News
Those concerned about privacy may want to think twice before posting pictures to their Facebook or Google+ personal page. Researchers from Carnegie Mellon University in Pittsburgh were able to access sensitive personal information from a single photo—thanks to cutting edge facial recognition technology recently purchased by Google.
The remarkable study comes as facial recognition technology is about to be widely available in consumer products. This Christmas, for example, consumers will be able to purchase television set-up boxes that equip televisions to recognize a viewer’s face and tailor programming based on that person’s viewing history. According to industry experts, similar products are just the beginning. This comes at a time when Congress this year has proposed three different privacy bills (Do Not Track Online Act, Children’s Online Privacy Protection Act, and Commercial Privacy Bill of Rights Act), none of which cover the concerns behind online facial recognition software.
In the last 20 years, research has yielded significant improvements in the ability of computers to recognize full frontal facial features and correctly match that information with individuals. In 1993, the failure rate was 79 percent. By 2010, that rate had decreased to .29 percent. The improved capability and other advances have tech companies scrambling to integrate facial recognition into products and social networking services that will transform some of our basic activities.
The Carnegie Mellon study, however, shows the potential dark side to facial recognition technology, demonstrating the relative ease with which sensitive personal information can be retrieved and possibly stolen from a single web camera photo.
In the study, participating students were photographed with a laptop web camera. The photos were then uploaded to a database with hundreds of thousands of Facebook profile photos. In mere seconds, roughly one-third of the photographed students were correctly matched with their Facebook photo.
The study went a step further.
Nearly 25 years ago, the Social Security Administration changed its system for generating new social security numbers, inadvertently making it easier to predict someone’s number from basic information. Once Carnegie Mellon researchers identified students, they were able to access and match publicly available information. In just four attempts, they successfully predicted the first five digits of students’ social security numbers nearly 30 percent of the time—all from a single photo.
The study raises growing concerns about the impact facial recognition technology could have on personal privacy. Earlier this summer, Facebook came under fire when it integrated facial recognition into its social networking service. The network’s 750 million users were automatically “opted-in,” many of them unaware. The move sparked criticism from Members of Congress and privacy advocates who say Facebook has been using uploaded photos to build an image database for automated online identification unbeknownst to its users.
Google, which has previously been reluctant to integrate facial recognition technology into its products, now appears ready to move forward. Having recently launched Google+, its alternative to Facebook, Google last month purchased Pittsburgh Pattern Recognition (PittPatt), whose facial recognition software was used in the Carnegie Mellon study. Google, however, has pledged to implement strict privacy safeguards for its facial recognition-enabled products before rolling them out. Google is trying to get ahead of privacy concerns before there is a public backlash or Congressional action.