16 Jan 2019

2009 vs 2019 10-year challenge: Facial recognition makes for hackers' paradise

6:48 am on 16 January 2019

Opinion - It's fun to compare old selfies and new but, as Paul Brislen* writes, facial recognition technology means it leaves you vulnerable.

Biometric verification. Modern young woman with the phone. The concept of a new technology of face recognition on polygonal grid is constructed by the points of IT security and protection

Photo: 123rf / Oleshko Artem

I love a good meme. My favourite is, "How do you find your Russian hacker name? Easy, it's your mother's maiden name with the last four digits of your credit card number".

LOL. Yucks. Share with your friends.

Of course, that would be a stupid thing to do - because your mother's maiden name is one of those identifiers that very important institutions use to identify you as you.

Banks, Inland Revenue, one day probably your healthcare provider - these kinds of organisations want to both secure your data and make it as easy as possible for you to deal with them.

That's why they have a list of pre-approved questions that will help identify you: it's information you know that's not commonly shared.

Keeping such information safe is essential because someone could pretend to be you and access that information.

It's the same with your credit card or bank account numbers - you don't want to share them too publicly because someone might like to use them to buy things with. This is not uncommon and many of us have had that call from the bank asking if we're currently shopping for sneakers in Belgium (thanks, but, I wasn't) or similar.

Keeping your bank details safe is second nature to most of us, although there are some who still think having a PIN that matches their birth date is good sense.

Now, however, the same principle applies to your face.

Already we're seeing software applications and services that are accessed using that most unique of identifiers.

When you pass through the electronic gates at the airport, chances are you'll be photographed hundreds of times so the computer can compare your current face with the one in your passport.

If you use the latest iPhone you can log onto it not with that old-fashioned fingerprint (rolls eyes, laughs out loud at the steam-powered users forced to actually touch their phones) but instead just by pointing in the direction of your visage. If that's you, you can log in. Very cool indeed.

No caption

Photo: 123RF

If you bank with ANZ you can take that one step further and log into your mobile banking app using Apple's Face ID service. This is incredibly convenient because you generally have your face with you when you're using your phone so that's one less password to worry about, one less PIN, one less button to press.

Of course, you can't readily change your face - so if you do end up sharing your facial features too often you can end up in a world of trouble. Privacy concerns abound.

And so it is we see this month's cool social media meme take us into an interesting conundrum.

Users are cheerfully posting photos of what they looked like ten years ago with what they look like today. 'So many wrinkles', 'so much grey hair', 'hey, where did my dashing good looks go', etc.

It's fun, it's entertaining, but are we in fact helping to train software to better recognise people from photos that might be quite out of date?

The short answer is: you bet we are, and we're doing it willingly.

This isn't the first time this issue has appeared. This time last year we were all busy looking at famous portraits to see which artist's rendering we most looked like.

Google put out an app that let users take a photo and then compare with art. Meanwhile, in the background, Google and its algorithm got ever so much smarter at looking at faces.

Sure, Google immediately said 'oh no, this is just for fun, we aren't storing or doing anything with these images', but even if you take Google at its word, I bet someone else thought it was a great idea. This year's crop of images is freely available to anyone who has a computer (here, have a look for yourself) and a penchant for teaching computers how to read faces.

On the one hand this is a good thing. Being able to log into services securely, being able to process through an airport quickly, having a computer understand what you're saying to it through all those visual cues everyone broadcasts when they have face-to-face conversations, identifying genetic conditions through facial features, having better faces on computer animated movies, this is all good and has a positive effect.

The flip side is better facial recognition for CCTV cameras to track us, better ways to recreate our faces for nefarious uses, better ways to steal our data. We already struggle to retain our privacy - will any of this help us do that, or pull the lid off for all to see?

When your account is hacked you can try to reclaim it, and hopefully once all is done and dusted you can carry on with your life.

When someone hacks your face it's going to be very difficult to claim back your identity.

* Paul Brislen is a technology commentator