Age of Convergence Puts Your “Face Identity” at Risk

The U.S. FTC (Federal Trade Commission) wants you to know the risks associated with living in an age of converging technologies, specifically cloud computing, social networks and face recognition. Based on a ground breaking study last year from Carnegie Mellon University (CMU), a group of researchers at the University’s Heinz College demonstrated the ability to recognize and then predict an individual’s “…sensitive personal data directly from their face in real time,” and did so with a photo captured from a smartphone App developed by the group.

Over the course of three progressive experiments, the group successfully demonstrated starting with total anonymity (any face in the crowd) it was possible to end up with very sensitive information about that person, including name, address, social security number, etc. using a process they call data “accretion.” This is all done mind you, with the current state of technology convergence using off-the-shelf hardware and software.

For the FTC’s part, the government agency sponsored a new report on the topic “Protecting Consumer Privacy in an Era of Rapid Change ” with a March 2012 update to work published in 2010 on the subject. This includes a Final Report section that articulates best practices for companies that collect and use consumer data and outlined a privacy framework that includes recommendations to Congress for possible further privacy legislation. The group said they are also retaining their previous “privacy by design” recommendations with updates that include:

• Do Not Track-consumer tools to turn tracking off and alert vendors of customer’s intent
• Mobile Privacy Protection-improved self-regulation (including accessible Ad disclosures, workshops, etc.)
• Addressing Data Brokers with Targeted Privacy Legislation
• Large Platform Providers (ISP’s) invited to FTC sponsored workshop on privacy in May
• Self-regulatory Codes (sector specific codes of conduct)

So under these recommendations the FTC is calling on operators of digital signage and kiosks to inform the public of when and how personal images (photos etc.) are being used, as well as if and when facial recognition technology is being deployed. It also suggests deleting any collected personal data when not needed to perform specific tasks.

Also published in the FTC report was an implied warning for those who do not heed the call of self-regulation. It listed a litany of enforcement actions taken by the agency including activities against both Google and Facebook. Other efforts since 2010 include actions against online advertisers over not honoring “opt outs,” mobile App vendors violating child online privacy laws, and several more.

Given the astonishing results generated by the study and continued pervasiveness of the technology, the future of privacy remains at risk. The question now is self-regulation or legislation that steps in to fill the gap in current law struggling to keep pace with technology’s rapid progress.

One thing is certain; the future of augmented reality is fast approaching and convergence with cloud-based data banks loaded with an individual’s social details is already well-seated in the mobile space. Just how much we intend to share with these public outlets that wield the power of instantaneous face recognition may be in direct competition with the value advertisers place on knowing just who, and more importantly, how-to advertise to the eyeballs looking at the digital sign. (Pssst… hey buddy, want a 20 percent off coupon? Just let me take your picture…) and so it goes.

Steve Sechrist is a senior analyst and editor for Insight Media. Reach him at steve@insightmedia.info