A hoax hit Facebook this week. Fake news about a fake app called Facezam claimed that the app could track down anyone by simply scanning their Facebook photos.
Thousands or millions of Facebook users fell for the hoax and freaked out. (A U.K. marketing agency created the hoax as a publicity stunt.)
The public reaction illustrates how confused people are about face recognition. In fact, everything the fake Facezam was said to do is easily done with real apps and sites.
The public is understandably hazy about the privacy and security risks of biometrics. Everybody knows biological features can be used to identify people. Police have been using fingerprints for decades, for example.
Technology has enabled a large number of new biometric identification systems that use fingerprints, iris scans, wrist vein scans, voice recognition and face recognition. But when it comes to the potential for privacy invasion, however, these various approaches are not equal.
Face recognition is 100 times more dangerous than all others
If you're concerned about biometric privacy violation, your concern should be focused heavily on face recognition.
There's a lot of public confusion, so I'm going to be extremely clear.
All biometric systems involve capturing biometric data, entering that data into a database, then capturing new data to run against the database looking for a match. They all work well for identifying individuals using computer analysis of their various body parts.
Most forms of biometric data are hard to capture. For example, explicit permission or knowledge is usually required to capture fingerprint, iris, vein and other biometric data. It's possible, for example, that your irises or veins have never been scanned even once.
Face recognition does not require permission or knowledge. Any photograph will do.
You have been photographed hundreds or thousands of times already. And with surveillance cameras, you're being photographed regularly. Every time you use an ATM, for example, you're having your picture taken, and that picture is associated in the bank's database with your name and bank account.
Photographs can be taken from a distance without the knowledge or permission of the target.
Other biometric data is private or more difficult to obtain without your knowledge or permission. For example, if you've been fingerprinted for a passport or by the police, you've agreed to it and those agencies will keep your data to themselves. If I provided you with somebody's fingerprints, you couldn't use that data unless you were a cop and had access to the database.
Pictures, on the other hand, are publicly available for anyone to access. Social networks, public picture sites and others make millions of people's biometric data (their snapshots) available to anyone in the world with an internet connection.
Sign up for CIO Asia eNewsletters.