Your face on Facebook is key to personal info

@CNNMoneyTech August 5, 2011: 7:40 AM ET
facebook-homepage.jc.top.jpg

LAS VEGAS (CNNMoney) -- In the futuristic movie Minority Report, computers scan faces to display targeted advertisements to individuals when they walk down the street.

That stuff of the future is becoming possible today with the advent of facial recognition software, online databases and -- most importantly -- Facebook.

But ads aren't the only possible use for the new technology. Bad guys could tap into these new resources to steal your identity.

A team at Heinz College at Carnegie Mellon University, led by professor Alessandro Acquisti, was able to use facial recognition software available online to match photos of people taken on mobile phones to their Facebook photos, names, social security numbers, date of birth, and place of residence.

Acquisti demonstrated the technology at the Black Hat cybersecurity conference in Las Vegas on Thursday.

"Your face is a conduit between the online and offline world," said Acquisti. "Soon, anyone may run face recognition anywhere. It raises the issue of what privacy will mean."

Why your Facebook ID is marketers' Holy Grail

The ability to match photos taken of people to their sensitive personal information in real time is made possible by the convergence of several factors.

Facial recognition technology is improving rapidly. Google (GOOG, Fortune 500), Facebook, Apple (AAPL, Fortune 500) and others have all recently purchased facial recognition tools that allow people to tag one person in a photo and have the software automatically find that person in all other photos.

Over the past several years, Google acquired facial recognition services Neven Vision, Riya, and PittPatt and deployed face recognition to its online photo service Picasa.

Apple acquired Polar Rose and added face recognition to iPhoto. And Facebook licensed technology from Face.com to enable automated tagging.

More people are identifying themselves on social networking sites. Facebook now has more than 750 million accounts. Those users love sharing photos, with more than 2.5 billion photos uploaded to Facebook each month last year, according to the social network.

"Facebook is becoming a de facto database of unregulated Real IDs," said Acquisti.

Smartphones = computer your pocket. Many of these devices are connected to cloud computing services over the Internet. That means they are able to access processing power that can run millions of face comparisons in a matter of seconds.

Too much information. A 2009 study by the group at Heinz College proved that information users tend to put on Facebook -- such as age, gender, birthday and place of residence -- provide enough data to guess Social Security numbers with a high degree of certainty.

And in an experiment the group at Heinz conducted more recently, they were able to take a photo of a person's face and match it with the subject's social security number within four guesses 28% of the time.

That's terrifying if facial recognition software gets into the wrong hands. But the good news is that the technology is not that good yet.

For instance, facial recognition software currently works much better with a clean, frontal photograph. With uncooperative strangers on the street, attackers are unlikely to get a good match.

There may be legal barriers as well. Germany's data protection supervisor asked Facebook this week to disable its facial recognition software, claiming it violated the European Union's privacy laws.

But Acquisti said he was certain a Minority Report scenario was coming, and much sooner than the year 2054 when the movie takes place.

"Facial recognition of everyone, everywhere, at anytime is not yet reality, however this is where we're going," he said. "We better be prepared." To top of page

  • -->

    Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.