Apple’s policies are restrictive. App developers can’t use the face features without user permission, nor can they use them for advertising, marketing or making sales to third-party companies. They can’t use face data to create user profiles that could identify otherwise anonymous users.
The facial expression data is pretty crude. It can’t tell apps what the person looks like. For example, it can’t tell the relative size and position of resting facial features such as eyes, eyebrows, noses and mouths. It can, however tell changes in position. For example, if both eyebrows rise, it can send a crude, binary indication that, yes, both eyebrows went up.
The question to be answered here is: Does a change in the elevation of eyebrows constitute personal user data? For example, if an app developer leaks the fact that on Nov. 4, 2017, Mike Elgan raised his left eyebrow, has my privacy been violated? What if they added that the eyebrow raising was associated with a news headline I just read or a tweet by a politician?
That sounds like the beginning of a privacy violation. There’s just one problem. They can’t really know it’s me — they just know that someone who claimed to have my name registered for their app, then later that a human face raised an eyebrow. I might have handed my phone to a nearby 5-year-old, for all they know. Also, they don’t know what the eyebrow was reacting to. Was it something on screen? Or maybe somebody in the room said something to elicit that reaction.
The eyebrow data is not only useless, it’s also unassociated with both an individual person and the source of the reaction. Oh, and it’s boring. Nobody would care. It’s junk data for anyone interested in profiling or exploiting the public.
Technopanic about leaked eyebrow-raising obscures the real threat of privacy violation by irresponsible or malicious face recognition.
That’s why I come not to bury Apple, but to praise it.
Turn that frown upside down
Face recognition will prove massively useful and convenient for corporate security. The most obvious use is replacing keycard door access with face recognition. Instead of swiping a card, just saunter right in with even better security (keycards can be stolen and spoofed).
This security can be extended to vehicles, machinery and mobile devices as well as to individual apps or specific corporate datasets.
Best of all, the face recognition can be accompanied by peripheral A.I. applications that make it really work. For example, is a second, unauthorized person trying to come in when the door opens? Is the user under duress? Under the influence of drugs, or falling asleep?
I believe great, secure face recognition could be one answer to the BYOD security problem, which still hasn’t been solved. Someday soon enterprises could forget about authorizing devices, and instead authorize users on an extremely granular basis (down to individual documents and applications).
Sign up for CIO Asia eNewsletters.