Is AI Facial Recognition Good or Bad? by John R. Patrick
Written: April 2023
Last week, I explained the basics of how facial recognition works. There are many pluses and minuses about use of the technology. I would now like to share a couple of examples of my personal encounters with facial recognition.
One use case of facial recognition is to use smartphones to verify an online account. I learned about this the hard way with Coinbase, a digital currency exchange headquartered in San Francisco, CA. I have been a long-time believer in Bitcoin and began accumulating it in 2013. In the summer of 2017, the price of Bitcoin began a steep climb to an all-time high, and it was time to sell some. As growth of transaction volumes on the Coinbase exchange became exponential, Coinbase implemented a new security protocol. This was a good idea, but in my case, it created a problem.
Coinbase informed me they had locked my account until I conformed to the new protocol. I applaud the focus on security, but their new identity verification process was extremely frustrating. The process involved several steps. First was to take a picture of my driver’s license. Second was to take a selfie. Third was to upload the two pictures to Coinbase where they applied an algorithm to compare the two pictures. The subsequent email from Coinbase said there was a problem with the pictures, and I needed to go through the process again. After quite a few attempts, I concluded there was a bug in the process. Meanwhile, Coinbase had grown from one million accounts to ten million accounts, and their customer support line was in constant overload. My account was locked, and I could not sell any Bitcoin.
Eventually, after dozens of attempts, I got through to a manager who agreed to look into the problem. He said my two pictures did not match. I explained the driver license photo was taken eight years earlier, and what I look like in the selfie was in fact different. I had aged by eight years. I further explained the driver license photo was taken in Florida but, in the summer, when the problem arose, I lived in Connecticut. I proposed a number of workaround solutions to the problem, but Coinbase said the only solution was for me to go to Florida and get a new driver license. I had another reason to go to Florida for a week, I got a new license, and this solved the problem.
As it turned out, Coinbase did me a large favor because the price of Bitcoin rose dramatically during the two weeks my account was locked. The Coinbase process was not flawed, but the technology used to compare the facial images was not leading edge. Had they used the technology Google used to tell the difference between a cat and a dog, there would have been no problem.
My Mother and Father made it a habit to make regular visits to the place of employment of their three sons. Part of this was moral support, part curiosity, and part to provide bragging material to share with their friends back home. I was always proud to greet them and provide a tour of where I was working and introduce them to my superiors and colleagues. One such visit took place in 1970. At the time I was in the United States Army and was stationed at MacDill Air Force Base in Tampa, FL. I was assigned to the United States Strike Command (STRIKE). STRIKE was an acronym for Swift Tactical Retaliation In any Known Environment. STRIKE, now called STRICOM, consisted of members of all branches of the military plus some civilian contractors.
I was part of the information technology unit. All personnel were required to have a top secret security clearance and, once cleared, were given a pink badge with our picture on it. Mom and Dad arrived right on time, and I escorted them into the STRIKE HQ building. I motioned for them to follow me through a door which led to top secret computer room where we maintained a database of all the airfields in the world. Two security personnel were behind the counter. I did not know either of them. I said, “I am taking my mother and father into the computer room where I work”. They saw my pink badge, said yes sir, and released the electric lock on the door. I remember being surprised they did not ask for any identification of my parents. This was the opposite of the security at Coinbase. It would not have been the first time an immediate family member had bad intentions and even be a known supporter of terrorism or espionage.
That was 1970. In July 2018, my wife and I visited the Amazon HQ building in Seattle, WA with my nephew who works there. We were asked for an identification card, and we looked into a camera which took our picture. I don’t know what Amazon did with the images it captured, but I know what they could do with it using its facial recognition technology called Amazon Rekognition.
In November 2018, JetBlue Airline, in partnership with The United States Customs and Border Protection (CBP), announced the roll-out of its “first fully-integrated biometric self-boarding gate” at New York’s John F. Kennedy International Airport (JFK). The company said customers flying to certain international destinations from Terminal 5 at New York-JFK can board with a dual lane biometric self-boarding gate, which uses facial recognition technology to verify travelers with a quick photo capture. All the passenger needs to do is approach the boarding ramp, look into a camera, and receive the green light to board the aircraft with no boarding pass. The picture is matched to existing images which come from passport applications, visa applications, or interactions with CBP at a prior border encounter.
JetBlue said, “Since the program’s initial launch in 2017, more than 50,000 customers have participated in biometric boarding on more than 500 flights across four cities. There is no pre-registration required. Customers can simply step up to the camera for a photo match and make their way onto the aircraft.” JetBlue said further,
The success of JetBlue’s biometric boarding program is a testament to the airline’s ongoing work to create a personal, helpful and simple experience, said Ian Deason, Senior Vice President of Customer Experience, JetBlue. The boarding touchpoint is an area that needs innovation and we feel biometrics will change the future of air travel as we look to create a more seamless journey throughout the airport.
The Department of Homeland Security is going full speed ahead with facial recognition technology. DHS is using the data to identify travelers attempting entry presenting travel documents not belonging to them or presenting altered travel documents. The goal is to prevent illegal immigration.
The convenience of walking onto an airplane without needing a boarding pass may be of great value to many people but the sky is not all blue. Privacy groups and Senators have warned Government agencies and airlines for years using face recognition technology on travelers can violate their privacy. Passengers are beginning to show surprise and alarm. In April 2019, a lengthy exchange on Twitter between a traveler who was concerned about her privacy and a spokesperson for the JetBlue went viral,
I just boarded an international @JetBlue flight. Instead of scanning my boarding pass or handing over my passport, I looked into a camera before being allowed down the jet bridge. Did facial recognition replace boarding passes, unbeknownst to me? Did I consent to this?
There are many questions at hand. Where did you get my data? How is it protected? Which airports will use this? How do I opt-out? What inconvenience will I experience if I opt-out?
Both agencies and airlines seemed to assume no pushback from passengers when they implemented boarding-pass-replacing-panopticon. They believed convenience would win out, they seemed to assume, not expecting people to mind having their face scanned. It is “the same way you unlock your phone”, they thought. But now that “your face is your boarding pass” the invasive nature of the system is much clearer.
The debate about facial recognition is part of a much larger dialog about privacy and beyond. In addition to facial recognition, the dialog is about the Internet and social media. Policymakers and politicians want to know what information is collected, how it is collected, what is done with it, and how to delete a person’s history. In Europe, the EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The regulation, implemented in 2018, will fundamentally reshape the way in which data is handled across every sector, from healthcare to banking and beyond. Debate in the United States was late in getting started but there will be legislation at some point. Facial recognition and privacy concerns are a totally different story in China. I will write about that next week.