3 Privacy Concerns for Facial Recognition

Face Recognition

The market for facial recognition access control technology is growing exponentially. Estimated CAGR from 2019 to 2024 is 16.6%. In anticipation for the volume of popularity, it’s important to address the privacy concerns that accompany the technology. As informed consumers and developers, we can confidently evolve to create a safer and more secure environment for all.

This article discusses the major concerns around the use of biometrics data and face recognition, how Swiftlane’s privacy-oriented approach is changing the industry for good, and the importance of high data security and user privacy. First, we discuss 3 major privacy concerns with facial recognition access control technology.

1. Misuse of Biometrics and Facial Recognition Data

Misuse of face recognition technology is a concern when it comes to privacy. People are worried about the use of technology for mass surveillance. Further, they want to be sure they are not being exploited, and reasonably so. The Chinese government, for example, has employed face recognition as one of the technologies to perform mass surveillance on their citizens.

Chinese mass surveillance

According to wikipedia, chinese government has employed mass surveillance on citizens, using a combination of various technologies, including biometrics based identification of citizens. It includes:

  • Promote use of mobile apps that track the location of all citizens and share that data with the government
  • Use of facial recognition via surveillance cameras
  • Surveillance drones
  • Robot policy
  • Large scale big data collection and processing

The right to privacy is fundamental. Here are some suggestions to prevent misuse of biometrics data:

  • Avoid sharing biometrics data with companies that do not provide a clear ethics and privacy statement
  • Be aware and avoid buying camera surveillance systems that perform CCTV camera based facial recognition
  • Check the data sharing policies for any vendors or companies that use facial recognition based services

What companies to trust with facial recognition data

Companies like Apple hold very high standards of user data privacy. Apple’s face ID is currently used by over 350 million people globally, and growing fast. People love the convenience and speed of using facial recognition for unlocking their phones. At Swiftlane, we have built the company to enable similar positive experiences for physical identity and access control, while putting strong data security and privacy controls in place. Any technology is not inherently bad, but the actors and how people choose to use it.

2. Security Breaches

In 2019, more than 100,000 photos and license plates were stolen from the Border Agency database. Such security breaches raise concerns over whether increasing use of face recognition is jeopardizing Americans’ privacy.

While it is a valid concern, more education is needed on just how facial recognition works. The evolution of face recognition technology has shifted data storage to the cloud. In terms of cybersecurity, cloud-based storage is one of the safest realms to store data, significantly surpassing on-site network systems. Data stored in the cloud is encrypted which adds an additional layer of security to sensitive information.

Technologies using facial recognition can best alleviate the burden of consumer concerns with security breaches by switching to a cloud-based system. This switch turns any facial recognition technology into an advanced security system due to the benefits of cloud-based solutions.

Check whether the companies take data security seriously, and what level of investment they have made in order to protect security breaches. Here is what to look for:

  • Provider performs external white hat security testing, such a penetration testing
  • External audits for security measures and protocols, such a SOC 2 certification from the AICPA
  • Review the privacy and data security practices to understand who the company shares data with
  • The company has a robust system that protects against spoofing attacks, by holding photos of people to break through the system

3. Improper Data Storage and Sharing

Privacy concerns with facial recognition also have to do with improper data storage that expose face ID credentials to potential security threats. Many organizations still host their face recognition data in local servers. Unless you have a team of IT security experts to maintain network security 24/7, persistent hackers are more likely to gain access through this avenue.

As mentioned, facial recognition technologies are most secure when their data is stored in the cloud. However, if the data is not properly encrypted or the key to that encryption is exposed through improper storage, a cloud-based system does not make a difference. To ensure proper data storage, control of facial recognition cybersecurity should be given to the user administrator. Enabling consumer control increases accountability and makes it easier to inspect and identify malicious traffic. To ensure proper data storage, it’s important to put data security back into the hands of those who should be controlling it in the first place.

Increased Need for Facial Recognition Technology

COVID-19 has ushered a new era of touchless experiences all over the world. We now have touchless access control, touchless sanitizer dispensers and other new features in every facet of life. This technology is going to play a critical role in enabling a safer world going forward, and it’s important that people align themselves with companies that invest in protecting their privacy and data security.

Swiftlane Data Security and Privacy

The driving force behind Swiftlane’s inception was to develop a privacy-oriented approach to the use of biometrics and face recognition. Our goal is to provide a trusted, reliable identity provider for enabling positive applications of biometrics, while limiting access to this data to malicious actors.

Swiflane’s vision is to promote the positive use of technology by building our foundation on privacy and security. As such, our practices are the core of the company and integrated into everything we do:

  • Swiftlane does not participate in mass surveillance. We specifically provide access control applications. Think of it as Face ID from Apple, but for building door access.
  • Swiftlane’s business model does not depend on data sharing contracts. We do not sell user data, and don’t plan to be a data broker ever.
  • Swiftlane performs penetration testing from external white hat hacking firms to annually check our data security procedures.
  • Our system is SOC 2 certified and HIPAA compliant.
  • Swiftlane technology provides anti spoofing via 2D and 3D depth checks on a person’s face, to avoid attempts at access attempts by intruders.

Conclusion

Despite privacy concerns, face recognition offers many benefits when used in the right context, such as public safety, personal security, cybersecurity and convenience. It is normal to be apprehensive of new or relatively unknown technology, especially in the uncertain world we find ourselves in now. However, with proper information and application, facial recognition will ultimately enhance security. When used within the access control capacity, facial recognition provides a physically secure solution to building security. Further, face recognition access control integrates a spirit of hospitality to the security industry by prioritizing the user’s health as well. In times of crisis, the most resilient solutions are going to be the ones that use their skill and expertise to cater to the immediate needs of the people they serve. With that, we create a more cohesive future overall.