Using publicly available data, it is now possible to identify strangers and gain their personal information – even their Social Security numbers – by using facial recognition software and social media profiles, according to a new study to be presented tomorrow at the Black Hat Security Conference in Las Vegas.
Professor Alessandro Acquisti from Carnegie Mellon University and his research team studied the implications of the combining, or "mash-up," of three technologies: face recognition, cloud computing (an Internet technology) and social networks. The team studied the possibility of using publicly available Internet data and commercially available facial recognition software to reveal more information about a person than was intended.
Further, "Apple has acquired Polar Rose, and deployed face recognition into iPhoto. Facebook has licensed Face.com to enable automated tagging. So far, however, these end-user Web 2.0 applications are limited in scope: They are constrained by, and within, the boundaries of the service in which they are deployed. Our focus, however, was on examining whether the convergence of publicly available Web 2.0 data, cheap cloud computing, data mining, and off-the-shelf face recognition is bringing us closer to a world where anyone may run face recognition on anyone else, online and offline – and then infer additional, sensitive data about the target subject, starting merely from one anonymous piece of information about her: the face."
Now using a new commonly used Internet technology called "cloud computing," it is possible to easily run millions of facial comparisons in a matter of seconds.
Acquisti said the study "suggests that the identity of about one-third of subjects walking by the campus building may be inferred in a few seconds combining social-network data, cloud computing and an inexpensive webcam." He called it the "democratization of surveillance."
Then, using a technique he developed in a 2009 study and data gathered from the Facebook profiles of the subjects he identified, the research team could correctly predict the first five digits of the person's Social Security number 27 percent of the time after just four attempts.
Since these same tools are available to anyone, the results of the study may foreshadow a future in which there is no privacy. With the mass deployment of security cameras, smart phones and other data imaging devices, anyone could be identified almost anywhere. Not only could individuals be identified by friends and neighbors, but by government agencies as well. Anyone with a smartphone and Internet connection will be able to establish who someone is, where they live, how much they earn, a credit score and whether they've ever gotten a ticket. All that from a person's face.
