More on Biometrics and Privacy


Last time I wrote about Biometrics and Privacy. Part of that involved the training of the networks needed to recognize individuals either for authentication or in images.

A good description of the process of "training" the networks to recognize the images is the third part of the Medium series I referenced then. As the article notes, one important part of effectively training a network is data. The more, the merrier. The author of the article comments, "In machine learning, having more data is almost always more important that having better algorithms. Now you know why Google is so happy to offer you unlimited photo storage. They want your sweet, sweet data!".

From a privacy standpoint, just using the data to train networks to recognize birds (the example from the article), doesn't appear to be an issue. I have no idea whether or not google, or Facebook or other sites do that. I couldn't find a comment either way in google's Terms of Service or Privacy Policy, but I could have overlooked something. Of course, users do not need to store their data on these sites, so I don't see any harm in them using the images to train the networks, particularly if the trained networks are made available to the community.

Some have argued that this kind of training is wrong because then the police could more quickly discover whether or not some "Waldo" is in a particular image. The kicker is the "more quickly" part. They could also hire, say, a gaggle of lookers through Amazon Mechanical Turk to do the looking for them. Once some networks are better trained to recognize people, it might be fun to compare the results of using Mechanical Turk with the results from the trained nets.

By Dake, Mysid [CC BY 1.0 (https://creativecommons.org/licenses/by/1.0)], via Wikimedia CommonsIn addition to the birds and figure-8 databases mentioned in the Medium article, NIST has databases of faces, text, and fingerprints that researchers can use for training networks.

So let's get down to some real nitty-gritty. Consider an augmented reality app for a smartphone. You walk down the street and point it at people, and it says "Carlos Sanchez" or "Mary Lund". There is already an open source one, but it takes multiple images of the individual to be able to do the recognition. Real-time access to a recognition app might be fun or scary. I don't want people I've never met, pass me on the street and say, "Hi, John". Or imagine if they could find more data and know that I'm visiting the city where they see me and I'm not at home. Maybe nobody is home. Maybe it is vulnerable to a burglary. That's a bit far-fetched with current privacy settings, but it could become a reality.

What do you think? Is this a privacy issue or not? Start the conversation in the comments below.

To your safe computing,
John McDermott

Related Training:

Cyber Security Training 

Written by John McDermott

John McDermott, CPLP, started his work in computer security in 1981 when he caught an intruder in a system he was managing. In recent years his consulting has included security consulting for small businesses. He is Security+ and CCP certified. In his 30 years with Learning Tree John has written and taught courses in programming, networking and computer security. He is the co-author of Learning Tree’s course System and Network Security: A Comprehensive Introduction. John is currently a learning and development consultant in northern New Mexico. He lives in a house made of earth with his wife, who is an artist.

Chat With Us