Skip to content ↓ | Skip to navigation ↓

As new technologies develop, it’s worth reminding ourselves that just because we can do something doesn’t mean that we should. Often a new technology can bring plenty of new opportunities to do amazing things, but that doesn’t mean that it cannot also be ripe for abuse.

That’s certainly the case with facial recognition technology, where some law enforcement agencies have rushed to build networks of databases of law-abiding people’s faces (perhaps from driving licences or passport information), scouring them to find criminals, but failed to satisfy their legal and statutory requirements to inform the public about what they were doing.

The huge number of CCTV cameras and the growing adoption of police body cameras, which could be combined with facial recognition technology and cellphone tracking, have the potential – argue some – to “redefine the nature of public spaces.”

In a nutshell, how would you feel if it was even easier for the authorities to track where you were, hour by hour, as you walk around a city? And that you, as a law-abiding citizen, handed that ability on a plate to your government simply by applying for a driving license.

The problem is only made worse when studies reveal that facial recognition can often make mistakes, or show a tendency to be more error prone when dealing with subjects of different races and gender.

You can change your passwords, but you can’t (barring wearing a wooly balaclava or wide-brimmed sombrero – which might very attract undue attention by itself) hide your face.

I was thinking about this issue today when I read reports that a man who has been on the run from the authorities for more than 24 years has been apprehended because of facial recognition technology.

In 1992, Robert Frederick Nelson escaped from a Minnesota federal prison, and adopted the bogus identity of Craig James Pautler.

The Nevada branch of the Department of Motor Vehicles (DMV) says that 64-year-old Nelson was finally caught in June, having been on the run for 25 years. When Nelson attempted to get his state identification card in his real name renewed, a facial recognition system found that he had previously held a Nevada driver’s license in the name of Pautler.

As you can tell by his latest police mugshot, he doesn’t seem to be too pleased to have been caught.

No-one will probably be too upset (other than Mr Nelson) by the outcome of this case, but the fact remains that his apprehension is based upon the authorities applying facial recognition technology against a database of faces that were predominantly law-abiding. Indeed, at the time that the DMV collected “Craig James Paulter”‘s face, they did not believe him to be a suspicious or criminal character.

This is just one case, of course. But consider that the United States Department of Homeland Security is pushing forward with a plan to require all Americans leaving the country to have a facial recognition scan, expanding on existing biometric checks targeting foreigners.

Six US airports – Atlanta, Boston, Chicago, Houston, New York, and Washington DC – are already running a pilot program of facial recognition scans, and more airports are expected to jump aboard in the future.

Yes, this may bring us more security – but does the benefit outweigh what we lose in terms of privacy, as we shift ever onwards towards a surveillance state?

If you have an opinion on how facial recognition technology should be controlled and the best practices for defending the data it collects, leave a comment below.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

SANS White Paper: Security Basics
  • James_2014

    Presumably the case for facial recognition would grow if the number of successful cases grows. My local beat officer knows all the faces of the bad boys- and that contains the CCTV to be used after an incident rather than continuous monitoring. At the moment I dont feel happy with it – but if crime got so bad we had to maybe I would change.

  • disqus_Tgv8PPb9Oy

    I’m of two minds about the airport scanning idea. Why should any law-abiding citizen have to put up with having his or her face scanned? There is no presumption of guilt for any of the people getting on the plane, and, if there were, then the police should have arrested that person earlier, so I don’t want such a program operating. On the other hand, if my face is scanned when I leave, then if there is any question of my identity upon attempting to return my scan should eliminate any problems along those lines, so it could be a useful program. On balance, though, I tend to lean toward the “Get your scanner out of my face” opinion.

  • DaB

    As alluded to in the article, where this is going is obvious: ALL actions/behavior outside the opaque walls of your home will be deemed Public, no privacy whatsoever. And subject to minute scrutiny for automated evaluation whether you’re going to buy something, are angry, a dissenter, of one political party or another, automatically guilty of violating some obscure or literally translated rule/regulation/law w/o any human judgement or basic rights, what you’re doing, who you’re associating with, how you spend your time/resources/$, what you believe, ad nauseam. There’s examples of each of these in limited form already, and they’re all data based, categorized & you’re labeled as XY or Z, and it’s for sale or on demand by NSL. All done in the name of fear/security or money, the individual be damned.

    So, when should we not click on our smartphone’s access code in public? After all, that’s public info now if you do it there, isn’t it???!!…….

<!-- -->