SUMMARY
Facial recognition to be used by Facebook for confirming humanness of suspected fake or bot accounts
Privacy experts wary of Facebook’s claims after numerous privacy-related gaffes in the past two years
Will Facebook be liable to share facial recognition data in government requests?
Despite numerous high-profile controversies ranging from influencing elections to fake news to privacy concerns and data leaks, Facebook is seemingly unmoved. The company is planning to roll out a facial recognition feature, that has many privacy experts concerned.
The upcoming feature will be used by the company for confirming the identities of some Facebook users. And while it’s still in testing, it has managed to raise an alarm among rights activists and internet privacy experts.
The upcoming feature was first detailed by tech blogger and app researcher Jane Manchun Wong who tweeted about it. While explaining the new feature, a Facebook spokesperson told Venture Beat that the feature instructs users to hold their phone at eye level and position their face within a circle on the screen, and slowly turn their head. It added that the feature will only be used to verify users when Facebook’s systems suspect that it’s a fake or a bot account.
Facebook is calling its facial recognition feature video selfies, which doesn’t exactly convey the full extent of what it does. Moreover, this is likely to mislead many unsuspecting users, who might think this is just a selfie that’s being uploaded to Facebook. Worrying, new or unfamiliar users are most likely to be displaying suspicious bot-like behaviour that Facebook is looking to stamp out.
Facebook claims it will only store the facial recognition data collected for one month. But there are bigger questions. For one, did Facebook really need to add this feature? There are other methods to determine whether a user on the internet is a bot or a human, technically known as the Turing Test. Google’s CAPTCHA method is the best example and is a public domain, open-source system.
Will the facial recognition data will be under the purview of law enforcement and government requests for user data in legal and national security cases? Will facial recognition apply to users in India?
Update | 11:00, November 07, 2019
In response to Inc42’s questions, Facebook has said that the face recognition test is one of the steps that it uses to determine that a real person is operating an account rather than a bot. “It does not use facial recognition. Instead, it detects motion and whether a face is in the video,” said a Facebook spokesperson.
The social media company has also clarified that it already asks for additional information from the accounts that it suspects of being fake and asking for sharing a selfie video will further help it in verifying such accounts. “This is something we’re currently testing and it’s part of our work to help keep fake accounts off Facebook. Similar to a CAPTCHA challenge, the goal is to help us determine in real-time that a person, not a bot, is operating an account,” the spokesperson said.
Is Facebook Even Trying To Be Secure?
However, despite claims that the data will be deleted after one month, many have questioned the company given its track record of blatant lying about user privacy. Despite numerous promises, Facebook is far from a secure place with security breaches, hacks, and violations of privacy norms commonplace.
In September 2019 US Senator Ron Wyden even suggested that Facebook’s CEO Mark Zuckerberg should face imprisonment for lying to American citizens about Facebook’s privacy lapses. Wyden said Zuckerberg has repeatedly lied to the public about privacy and other CEOs are jailed for lying when it has a direct impact on financials.
Just days later, Facebook was in the news for a data breach in which phone numbers linked to hundreds of millions of Facebook accounts were found to have been left on an unprotected server, which could be accessed by anyone.
WhatsApp And Instagram Not Secure Either
Facebook-owned Instagram and WhatsApp too have been in the limelight for issues concerning the privacy of the users.
Recently, in an Instagram breach, it was found that user photos and videos can be viewed by a series of mouse clicks on any web browser which exposes the persistent URL of private posts and stories cached on Facebook servers, thus making the private posts of users visible to anyone.
While Facebook was still dealing with all these issues, WhatsApp got caught in the epicentre of a political spying scandal with the now-infamous Pegasus spyware breach. Media reports had then brought out that Israeli spyware Pegasus snooped on phones through Whatsapp, with academicians, lawyers, journalists and activists in India and other parts of the world targetted.
Now, the question here arises that when Facebook is already surrounded by all these privacy-related controversies, why should any user trust the company with their facial recognition data? In a world where facial recognition is being used to identify criminals and for mass surveillance, such data poses grave risks and has a higher potential of being exploited. Not to mention, if the feature is misused by any entity, be it private or government, the company might find itself standing in courts and answering questions from lawmakers once again.
