Recently, Facebook announced the acquisition of face.com, its partner in face recognition for over two years. The company expects to take instant facial recognition to the next frontier... mobile phones.
As if you didn't know uploading photos to Facebook, Google+ or other social networks can be dangerous to your privacy.
But did you know it might even give your social security number away? Facial recognition software, public profiles and photographs on social networks, and cloud computing has made it possible to mine for private information, almost instantaneously.
The most important technical security conference series in the world, BlackHat USA, took place in Las Vegas on August 3-4, 2011. One of the key briefings: "How The Largest Real ID Database In The World Came To Be" a presentation by Prof. Alessandro Acquisti on how publicly available photos, like those available on Facebook, reveal sensitive information strangers online and offline, including their address, date of birth, marital status, sexual orientation, and even partial social security numbers.
When did this happen? Facial recognition software has been around for decades but it has now permeated into our daily lives. When you are taking a picture of your son's soccer team and your digital camera automatically focuses on your kid's face, it is using facial recognition software. You might also have noticed Google's Picasa, Apple's iPhoto, and Facebook know and can tag your photographs. These companies have acquired and deployed facial recognition software such as NevenVision, Riya, and PittPatt (Google), Polar Rose (Apple) and Face.com (Facebook). Meanwhile, uploading profile and other photographs online has become socially acceptable. In 2010, 2.5 billion photos were uploaded by Facebook users alone per month. Powerful cloud computing has made it possible to analyze and map this vast database to other publicly available data sources, and it is this convergence that has the potential to become particularly intrusive to our personal privacy.
In 2007, researchers at Carnegie Mellon University successfully de-anonymized and identified 10% of their subjects from match.com (where pseudonyms are common) using photos (and real names) from Facebook. In 2009, the same team used Facebook profile information to predict individuals' Social Security numbers. They successfully predicted the first five digits with about 30% accuracy in less than four attempts. In the same paper, Prof. Acquisti showed that he could predict an entire Social Security number with fewer than 1,000 attempts for close to 10% of people born after 1988.
The latest research and the subject of the BlackHat briefing is largely funded by National Science Foundation and U.S. Army Research Office and marries these two experiments. Therefore, it becomes possible to reveal social security numbers from online public profile photographs using PittPatt software (currently owned by Google) that Carnegie Mellon University originally developed.
Applications of this kind of technology exists in government surveillance programs in the U.S. and abroad. TV and movie viewers have many times seen it being used to nab terrorists in shows such as "24." In real life, Brazil is using "Robocop" style glasses in preparation of the 2014 World Cup. What is news is that such technology can be used and abused by private people using publicly available information.
What now? Opting-out is a limited option. Facebook and other social networking sites require real names and often encourage a publicly-searchable profile picture. The facial recognition software is also getting sophisticated so that it can better identify non-frontal photographs. On the regulatory front, Swiss and German privacy regulatory authorities have argued that Facebook's photo-tagging feature is not in compliance with the European Union's privacy laws. In June, the U.S. Social Security agency launched a new "randomized" numbering system, which will make such predictions more difficult for future generations. However, the key question is whether U.S. authorities will step in or if "Minority Report" style commercial application will become a reality much sooner than 2054.
Note: This article was previously published in Yahoo Voices. Author retains copyrights.
As if you didn't know uploading photos to Facebook, Google+ or other social networks can be dangerous to your privacy.
But did you know it might even give your social security number away? Facial recognition software, public profiles and photographs on social networks, and cloud computing has made it possible to mine for private information, almost instantaneously.
Courtesy: sxc.hu/Image ID: 1260785 |
When did this happen? Facial recognition software has been around for decades but it has now permeated into our daily lives. When you are taking a picture of your son's soccer team and your digital camera automatically focuses on your kid's face, it is using facial recognition software. You might also have noticed Google's Picasa, Apple's iPhoto, and Facebook know and can tag your photographs. These companies have acquired and deployed facial recognition software such as NevenVision, Riya, and PittPatt (Google), Polar Rose (Apple) and Face.com (Facebook). Meanwhile, uploading profile and other photographs online has become socially acceptable. In 2010, 2.5 billion photos were uploaded by Facebook users alone per month. Powerful cloud computing has made it possible to analyze and map this vast database to other publicly available data sources, and it is this convergence that has the potential to become particularly intrusive to our personal privacy.
In 2007, researchers at Carnegie Mellon University successfully de-anonymized and identified 10% of their subjects from match.com (where pseudonyms are common) using photos (and real names) from Facebook. In 2009, the same team used Facebook profile information to predict individuals' Social Security numbers. They successfully predicted the first five digits with about 30% accuracy in less than four attempts. In the same paper, Prof. Acquisti showed that he could predict an entire Social Security number with fewer than 1,000 attempts for close to 10% of people born after 1988.
The latest research and the subject of the BlackHat briefing is largely funded by National Science Foundation and U.S. Army Research Office and marries these two experiments. Therefore, it becomes possible to reveal social security numbers from online public profile photographs using PittPatt software (currently owned by Google) that Carnegie Mellon University originally developed.
Applications of this kind of technology exists in government surveillance programs in the U.S. and abroad. TV and movie viewers have many times seen it being used to nab terrorists in shows such as "24." In real life, Brazil is using "Robocop" style glasses in preparation of the 2014 World Cup. What is news is that such technology can be used and abused by private people using publicly available information.
What now? Opting-out is a limited option. Facebook and other social networking sites require real names and often encourage a publicly-searchable profile picture. The facial recognition software is also getting sophisticated so that it can better identify non-frontal photographs. On the regulatory front, Swiss and German privacy regulatory authorities have argued that Facebook's photo-tagging feature is not in compliance with the European Union's privacy laws. In June, the U.S. Social Security agency launched a new "randomized" numbering system, which will make such predictions more difficult for future generations. However, the key question is whether U.S. authorities will step in or if "Minority Report" style commercial application will become a reality much sooner than 2054.
Note: This article was previously published in Yahoo Voices. Author retains copyrights.
No comments:
Post a Comment