FIDO Alliance Executive Director Andrew Shikiar is drawing a distinction between facial recognition and facial authentication in a new article on TechTalks. In doing so, he argues that the use of on-device facial authentication is much safer and far less problematic than the unmonitored use of facial recognition in large-scale mass surveillance systems.
The article comes in the wake of several high-profile incidents that have drawn the ire of privacy advocates. For example, Clearview AI scraped social media to build a database with billions of images without any form of consent, while the ongoing protests against police brutality have prompted major corporations like Microsoft, Amazon, and IBM to halt the sale of facial recognition to law enforcement.
Shikiar acknowledges those concerns, and indicates that facial recognition providers and government regulators still need to overcome many social and technological hurdles (including racial bias) if they want to deploy facial recognition without violating people’s human rights. However, he also believes that those issues don’t necessarily apply to facial authentication. In that regard, Shikiar defines a facial recognition system as one that scans a face and then searches for a match in a much larger database.
Facial authentication, on the other hand, can come in one of two forms. A match-on-server system operates much like Shikiar’s description of facial recognition, and has many of the same drawbacks. Though it is not used for surveillance, the user’s biometric information is still stored on a central database, and databases are always vulnerable as far as cybersecurity is concerned.
A match-on-device system, meanwhile, is a one-to-one affair that matches a scan to a single face that is already registered to a device. In those cases, the user’s biometric data is never exposed because it never leaves the device or enters the cloud, and it is stored on an encrypted chip that keeps it safe even if the device is lost or stolen. As a result, match-on-device tech is less likely to be compromised, and less likely to lead to broader social side-effects.
Shikiar goes on to note that Apple and Microsoft have already popularized match-on-device authentication with features like Face ID and Windows Hello, respectively. He concludes that legislators should try to preserve facial authentication when constructing new facial recognition regulations.
September 2, 2020 – by Eric Weiss