Skip to content


The face is the ultimate biometric data

When people ask me why I don’t want to post my photo on internet or any digital document, I usually reply with the (semi-) joke that the face is biometric data and that as such, I don’t want to diffuse it just like they probably wouldn’t want to diffuse their DNA details or their fingerprints (although the later might sadly become a habit with all the fingerprints readers getting included into the latest smartphone “just for you security because we know you’re too limited to remember a proper password”).

The face is biometric data

However, with the recent story about that silly (18 year old) “kid” (yay, when the objective is to get the public’s pity he’s a young kid, a few days before he was a brilliant young entrepreneur lending GoPro cams, go figure…) who videotaped the city of Nancy from a drone and doesn’t understand the privacy implications of this (not to mention the security ones – I mean the physical harm of getting your skull crushed by a drone falling from 30-50 meters high), I gave it some more thought. And I came to the conclusion that photo being some usual biometric data is indeed a semi-joke, as it is in fact the ultimate biometric data, as I’ll detail below.

The face is officially recognized as one of the best ways to identify people (says Captain Obvious)

It’s been used for a very long time in ID documents, notably in the French ID card from its beginning in 1912-1917 (article in French), along with the fingerprints.
On a side note, the ID card became mandatory in 1940 under the Vichy administration (that’s the administration who collaborated with the Nazis). I’m not saying that having a picture of everyone was a fascist’s dream, but… well at least that could have been. It became non-mandatory again in 1955, although I wish you good luck to open a bank account without an ID card or a passport…

It’s about as unique as DNA

Two people may have two very similar DNAs just like 2 people may have very similar faces, in both cases it’s possible yet very unlikely. Even though you probably know a couple of persons who do look a bit alike among your friends, you probably have no pair that you really can’t distinguish (and if you do, I suppose they are twins – probably real twins, who do share about the same DNA?). Elvis doubles get a haircut like him, clothes like him, mimic his facial expressions, etc, but even though they tend to look alike, you can tell they’re not the real thing not just because you know the original is dead and used to sing much better, but also because he didn’t have exactly the same face.

It can be recognized by machines…

This wasn’t the case a couple of decades ago, which is why the general public still seems poorly aware of this, or at least of its implications, but facial recognition is quite trivial nowadays. Well, not trivial, but the tools to do it easily do exist (example). Basically, what you see in NCIS is fairly accurate in that respect.
Facebook does it (unless you configure it otherwise, they detect faces in the pictures you upload and are able to suggest friends’ names that match). The RATP (the company that runs the Paris metro system) planned to do it on its CCTV system, but they backed off when the general public became aware of the project and was quite upset about it.

…And it can be directly recognized by people too

And that’s a very unique feature for a biometric data. Usually it takes some computer, or at least (historically) a very thorough manual examination (like, to manually compare a fingerprint to a series of known fingerprints) to identify biometric data. With faces, computer recognition is possible as we saw, but humans are very good at recognizing faces too. And when they aren’t, it’s a proper medical condition called prosopagnosia.

It changes with time… but we know how! (well, partially)

A limitation of the face compared to DNA or fingerprints is that it changes in time. You may think at first that this breaks down the house as an ultimate biometric data, but it’s not really the case. Because those changes are, in a good proportion, deterministic. Don’t you recognize your old good friends from high school or even below, even when you haven’t seen them in a decade or more? Well, the computer should be able to too. Ongoing research on face aging simulation looks quite promising.
Clearly, this changing face will remain a weakness compared to DNA and such. But it’s quite a moderate one, because not only we are/will be able to predict face aging quite accurately, but also because we usually have recent enough pictures: predicting the aging of a few years, or even a decade, is much less of a challenge than predicting how a 20 year old young adult will look like when he retires at 70.

It can be taken from a large distance…

To get a DNA sample, you need to touch the person (or get an object they used, like a glass). Same goes for fingerprints. This is of course not the case of pictures. The picture of the iris – for iris recognition would be a bit intermediate as I suppose you need to get decently close to obtain a good enough iris scan.

…And by the average Joe

You don’t have people around you taking your DNA samples and fingerprints and reporting them to a central authority on a regular basis, do you? Well, with faces, you often do! Tourists, the photo-maniac at your diner (at your table… or not), the narcissistic idiot taking a “selfie” with you in the remote background, etc, etc: lots of people take lots of photos without caring much about people included by accident… And then they most often upload them “into the cloud”. I.e., their smartphone, which is actually often smarter than them, sends your face on the servers of some big data mining corporation such as Google, usually with geolocalization data and the timestamp.

Last but not least, it’s super cheap

Not only it’s as good as DNA and fingerprints, it’s also cheaper than the former and about as cheap as the later:
– cost of a photo: ~0.
– cost of facial recognition software and facial database: similar to DNA recognition and database, I suppose, but it’s a one-time or fixed cost.
The cost to use that is then about the same if you want to identify one face or a few thousands of them. Not really the case with DNA, with which each sample requires some reagents to be analyzed (even though those tend to quickly get cheaper)

Conclusion

Don’t give your face to people and entities you wouldn’t give a DNA sample and fingerprints to.
(yes, that’s a quite abrupt, but I guess that’s a nice summary)

Updates

2014-07-09

Quite an interesting read: Fashion that will hide you from face-recognition technology by Lauren Davis.

Posted in privacy.


4 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Franck Dernoncourt says

    Unsurprisingly: N.S.A. Collecting Millions of Faces From Web Images -> http://www.nytimes.com/2014/06/01/us/nsa-collecting-millions-of-faces-from-web-images.html

  2. David Dernoncourt says

    “The Era Of Automatic Facial Recognition And Surveillance Is Here ”
    http://inhomelandsecurity.com/the-era-of-automatic-facial-recognition-and-surveillance-is-here/

  3. David Dernoncourt says

    Other interesting thoughts:
    “Most biometric identities can easily be stolen and reused”
    http://www.infoworld.com/article/3060856/security/the-dark-side-of-biometric-identification.html



Some HTML is OK

or, reply to this post via trackback.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA