Face recognition and social media meet in the shadows
Researchers obtain partial SSNs and other sensitive information starting with just a Facebook profile photo. Richard Power interviews Alessandro Acquisti.
By Richard Power
August 01, 2011 — CSO —
Facebook will reach likely reach one billion users this year or next.
The privacy and security implications of this astonishing amassing of personal information are mind-boggling.
Imagine having access to the political views, sexual preferences, relationships, tastes, foibles, emotional states, workplace attitudes, etc. of a billion people.
An effort to collect such data on behalf of a government, or a corporation, or a geopolitical alliance, or an industrial sector, or even a seemingly benign world organization, would meet with fierce opposition. It would be difficult if not impossible; it would require lawyers, money and yes maybe even guns.
But in the era of social media, a extraordinary and rapidly growing number of us have been willingly posting such sensitive information (or at least the keys to unlocking it) online and accessible either directly or indirectly to marketers, stalkers, reporters, law enforcement, private investigators, human resource personnel, and rivals in love, business or politics, whether by subterfuge or inference or subpoena, whether legally or illegally, whether ethically or unethically.
It is all out there now, not just spread all across cyberspace in fragmented segments; no, happily, willfully offered up in an organized way.
Consider for example the Facebook profile photo.
No matter how tightly you zip up your Facebook account, people who you have not "friended" are going to come across your profile photo. And isn't that the point for most of us, not just to share status updates, photos, videos "likes" and comments with our current circle of friends and colleagues, but to expand that circle?
Indeed. But what if a stranger on the street could snap a smartphone photo of you, and then run it against profile photos in FB, and then learn not only your name, and your date of birth, your circle of friends and other such data, but was then able to take some of that data and "guess" your Social Security number from it, and then, of course with that Social Security number that stranger would have unrestricted access to the most sensitive details of your financial and medical information.
Well, it is possible, as The Economist (which broke this story) recounts:
"By mining public sources, including Facebook profiles and government databases, the researchers could identify at least one personal interest of each student and, in a few cases, the first five digits of a social security number. All this helps to explain concerns over the use of face-recognition software by the likes of Google and Facebook, which have been acquiring firms that specialise in that technology, or licensing software from them. (Google recently snapped up Pittsburgh Pattern Recognition, the firm which owns the programme the researchers used for their tests.) Privacy officials in Europe have said they will scrutinise Facebook's use of face-recognition software to help people 'tag', or identify, friends in photos they upload. And privacy campaigners in America have made a formal complaint to regulators. (Facebook notes that people can opt out of the photo-tagging service by altering their privacy settings.)" The Economist, 7-28-11