Biometrics technology like fingerprint readers and voice software are well-known aspects of advanced data security techniques. Following that trend in enhancing user experience and safety, Facebook recently purchased its own facial recognition software, but it may be that the social media site got more than it originally bargained for.
The merger of Face.com and Facebook was originally lauded by the software company on its blog, bringing both 'faces' together. However, data security questions immediately began to arise, not just due to privacy concerns but the fact that KLIK, Face.com's mobile app, may have come with a dirty little secret.
Peeking on privacy
The concerns surrounding facial recognition are twofold, according to the San Francisco Chronicle. First, there's the problem that different degrees of accuracy could result in false identification, and then the issue of privacy control wherein anyone can find any person in any image by face alone.
Data security fears with Face especially are bolstered by the dual acquisition by Facebook of both the company's online features and its mobile app. This software allows smartphone users to log in to social media sites, access email and various other applications using recognition software instead of a traditional password.
Wired reported recently though that KLIK has already been hijacked in the past. The magazine said researchers found a loophole in the program, designed to assist in photo uploading, which potentially let anyone hack a user's connected social networking accounts. The issue seemed to be associated with token storage, according to specialist Ashkan Soltani, the researcher who discovered the problem. Face's cloud security protocols weren't sufficient to safeguard login information saved from various other sites, allowing these values to be viewed by third parties.
Even though many users like uploading images with Instagram or other dedicated photo sharing networks, not everyone wants these pictures associated to their personal accounts. Wired reported this was in part due to a fear of having employers or government officials tie an identity back to a person based on facial recognition software, but the privacy issue could go a step further to turning this biometric into a data security risk.
The National Science and Technology Council, in association with the Committee on Homeland Security, investigated biometric technology and released a report specifying how in-depth and thorough these software packages have to be in order to actually provide security rather than just the facsimile of it. A variety of images from different angles as well as tokenization methods should be used in verification practices, according to a release on the technology.
Not the first
While concerns over privacy and security continue to surround Facebook, it isn't the first company to employ the biometrics technology and won't be the last. Samsung recently released its new Galaxy S III with biometric security features, and Reuters reported that Intel will debut a line of television services similar to Microsoft's Kinect that will provide advertising experiences specific to those watching.
Understanding the best way to apply this technology will keep consumers and companies safe from data breaches while better protecting business continuity. The benefits of increased data protection through facial recognition software could be enhanced with correct implementation, but considering that most Facebook users will be accessing the site and its Face software from a basic PC or smartphone, it's unlikely that federal validation protocols will be used.