Unlocking your phone: how should we treat fingerprint and facial recognition?
Ever since the iPhone 5s has introduced their customers fingerprints as the main methods to unlock everything, the biometrics have grown significantly on the phone. Before the biometrics hardware on the phone, we only had pass-code and dot-connecting graphs. After Apple’s huge effort in utilizing fingerprints security, every flagship smartphone after is equipped with facial recognition, fingerprints and even vocal recognition by default.
With the better development of biometrics, the user’s privacy along with these new technologies is also a growing concern to everyone. If anyone has access to your phone, they basically have access to your whole life. For example, they can use your credit card using Pay method or go phishing using your phone number. Even though the iPhone has abandoned fingerprints on their recent major updates, it is still widely used by other companies. So this leads to the question: which is safer to both users and users’ privacy?
The etymology of the word biometrics comes from the ancient Greek words: “bios” — life and “metros” — measure. Biometrics is the science and technology used to uniquely identify individuals based on their physical, chemical or behavioral traits. Biometric systems are assuming that many of the physical, chemical and behavioral human traits are distinctive to each individual, that they can be accurately captured using sensors and devices and that they can be represented in a format appropriate for automatic decision making in regards with the identity of the individual. [1]
The differences between the biometrics security and the traditional security method are that biometrics are developed on someone’s physical appearance or genetics which are unique to each person but traditional security relies mainly on one’s memory. However, you can’t forget about your physical traits and it’s much harder to be stolen.
For personal security, it is sometimes very unreliable to just use facial recognition because you could be wearing glasses or a hat and fingerprints because your hands can be dirty or there’s water on your fingertips. So the traditional password is kept as the backup plan if the biometrics fail.
Since fingerprints are unique to everyone and impossible to simulate without getting any physical evidence. As mentioned in <An introduction to biometric recognition>[2], the accuracy of matching fingerprints is very high and reliable.Even twins have different patterns of ridges and valleys on the surface of a fingertip. It is safe to lock your phone with your own fingerprints. The price of embedding a fingerprint-based biometric in a phone has become affordable in a large number of applications. There are ultrasonic fingerprint ID from Samsung, under display fingerprint scanner from Oppo and the Touch ID from Apple. You can record more than one finger tip because multiple fingerprints of a person provide additional information to allow for large-scale recognition involving millions of identities.
From the view of the users, their fingerprints are only stored in their phones and completely useless besides from unlocking their phones.
However, there is no guarantee that the fingerprint scanner works at any time. For example, when Samsung first launched Galaxy S10[3], they had some serious fingerprint recognition issues about their ultrasonic fingerprint sensors. While the phone cannot disable the fingerprint sensor, it has to be the app developers to disable the payment authentication using fingerprint sensor. Not only this led to the possible loss of users’ property (anyone can access the owner’s bank application), but also caused many safety issues for the app developers[4].
Under Frye’s approach, it would have been extremely difficult to question the long-standing technique. Of course, fingerprinting was accepted by the relevant scientific community, especially if that community was defined as fingerprint examiners[5]. Due to the copyright of each company, the customers are only convinced that their fingerprint information is safe to be stored in the phone. However, if there’s any possible mistake, users won’t be able to notice after something terrible has happened.
In 2017, Apple released iPhone X which also brought the world of fingerprints to another level -> facial recognition. More and more phone makers are using their front cameras as the only device for detecting facial recognition.
Face recognition is a non-intrusive method, and facial images are probably the most common biometrics characteristic used by humans to make a personal recognition.
Every phone has a front camera which allows the facial recognition to work without adding additional hardware and increasing the cost of making the phone. So following the big trend of face ID, many manufacturers are just using the 2-Dimension picture to decide whether the phone’s owner is trying to unlock it.[6]
For the reason why Apple trusts their faceID so much and even replaces the touchID with it, new iPhones have a very obvious bar at the front. There are many sensors in it so that the phone can generate a 3-D structure of your face so that one can not fool the camera by just using a photo. With Apple’s intention, the image/3-D structure is stored only in your phone storage and whenever they use it to verify, they would use a public key and a private key to determine if your face matches the stored structure.
Facial recognition also provides more convenience over the fingerprint sensor such as when your hands are dirty or sweaty, the fingerprints sensor usually fails due to the changed pattern. But facial recognition can recognize you and unlock your phone easily even if you wear a hat or take off your glasses.
Although facial recognition saves users a lot of time authenticating, the downside of this technology being widely used is also concerning. Users are unaware of the potential issues about facial recognition and prompted to record their face right after they get their new phones. It is possible that the recorded image / 3-D model can be sold to some other company or for internal uses without the user knowing because the final interpretation right belongs to the phone manufacturers.
From the macro-ethics view, it is also concerning how the company tests their technology. It is known that people can write a ‘web crawler’ to take pictures on social media which is publicly available. As social media and user-generated content took over, photos of regular people were increasingly available. Researchers treated this as a free-for-all, scraping faces from YouTube videos, Facebook, Google Images, Wikipedia and mugshot databases[7]. Without the user knowing, their faces could be used thousands of times by someone to test out the facial recognition technology. There are many facial images for research uses available but there are also restrictions and the amount can be limited. It’s always easier and inexpensive to just go online and grab them all. However, this is a raising problem as using other’s profile picture illegally.
To sum up, both of the new and easy biometrics have made our phones secure and convenient to unlock. Whilst trading some of our privacy for the less-than-one-second unlocking phone, we also need to be aware of the potential problems hiding behind the advantages.
Reference:
[1]Pocovnicu, A. (2009). Biometric Security for Cell Phones. Informatica Economică, 13.
[2]A. K. Jain, A. Ross and S. Prabhakar, “An introduction to biometric recognition,” in IEEE Transactions on Circuits and Systems for Video Technology, vol. 14, no. 1, pp. 4–20, Jan. 2004.
[3]Statement on Fingerprint Recognition Issue. (2019). Retrieved May 02, 2020, from https://news.samsung.com/global/statement-on-fingerprint-recognition-issue
[4]Cheng, Y. (2019). 三星S10指纹识别漏洞真相 [Web log post]. Retrieved May 01, 2020, from https://zhuanlan.zhihu.com/p/87464262
[5]Mnookin, Jennifer L. “Fingerprints: Not a Gold Standard.” Issues in Science and Technology 20, no. 1 (Fall 2003).
[6]Android facial recognition is more secure than you think [Web log post]. (2020, February 14). Retrieved May 01, 2020, from https://www.techrepublic.com/article/android-facial-recognition-is-more-secure-than-you-think/
[7]Solon, O. (2019, March 12). Facial recognition’s ‘dirty little secret’: Millions of online photos scraped without consent [People’s faces are being used without their permission, in order to power technology that could eventually be used to surveil them, legal experts say.]. Retrieved May 01, 2020, from https://www.nbcnews.com/tech/internet/facial-recognition-s-dirty-little-secret-millions-online-photos-scraped-n981921