Facial Biometrics 101 with the ASIS SASC
Facial biometrics are measurements of facial characteristics that can be used to identify an individual. The ASIS International Security Applied Sciences Community (SASC) realizes that there is a vast amount of vendor rhetoric, as well as legal and policy concerns due to the use of facial biometrics, not only in the United States but across the globe. The SASC Community expects this One-Pager and more expanded Fact Sheet will provide ASIS International members and security practitioners with a better understanding of the technology, its applications, and challenges.
Types of Facial Biometric Uses
Current uses of facial biometrics in the security field seem to fall into three basic categories:
- Investigative Use
- Real-Time Use for Situational Awareness
- Use Related to Access Control
Each of these uses are constrained by limits of the technology and the legal environment. Facial biometrics have been better accepted and more successful in some applications, compared with others.
Investigative Face Matching (N:1). This technology is used to scan many faces across recorded video to match to a database of single face. For example, face matching is used to help security track where a person of interest is in a building, a stadium, theme park, or even a city. Retail applications are using this technology to help identify buying trends, such as why a person went to a specific vendor in a stadium, why a person went to a specific slot machine in a casino, where the intoxicated person bought their last beverage, or for creating an enhanced customer experience through opt-in loyalty programs. This technology is also being used for business intelligence when two or more company stakeholders overlap such as this example of security and marketing.
Real-Time Facial Recognition (1:N). This technology is used to scan individual faces in real-time to match against a database of on face or many. Real-time facial recognition is the facial biometric technology which has received the greatest public attention and challenges from civil rights groups; largely over issues like accuracy, bias, and absence of consent-based enrollment. It is currently being challenged in courts in some jurisdictions. The three most common complaints are around the structure of the algorithm and issues of bias in samples used for AI taught training, the accuracy limitations (largely caused by poor comparative images or by limitations in the real-time image capture), and the person’s consent to the real-time recognition.
Facial Authentication (1:1). This technology is used for Identity and Access Management (IAM)/Access Control where a single face is matched to a database of a single face. It differs from both facial matching and facial recognition in that there is, generally, both a process of enrollment, and subject cooperation under controlled circumstances in the application of the biometric. Facial authentication has grown in popularity in recent years as employers wanted a more secure credential than an access card, or as a second factor of authentication. Touchless IAM systems may also offer alternatives that that many end users are searching for in the Post-COVID 19 era.
Common Concerns About Facial Biometric Use
The concerns about facial biometrics use seem to fall into the following categories:
- Accuracy: Is the technology accurate enough relative to the security purpose?
- Bias: Did the training of the analytic create bias or omit bias?
- Expectations of Privacy: Does the individual have an expectation of privacy which society accepts as reasonable that is implicated by the use of facial biometrics?
- Tracking/Geoslavery: Does tracking one’s facial biometrics constitute a form of geoslavery changing the privacy interest?
- Individual Interest: Are one’s facial biometrics a protectable interest?
Facial biometrics use will continue to grow in the security industry, as well as penetrate other siloed stakeholders. The future of how well this is received will be based on how well it is used, and the development of rules and benchmarks for application. Until those standards are established, security practitioners need to carefully analyze their use of facial biometric solutions and document their decisions.
Jon Polly, PSP, IC3PM is the chief solutions officer for ProTecht Solutions Partners, a security consulting company focused on smart city surveillance. He has worked as a project manager and system designer for city-wide surveillance and transportation camera projects in Raleigh and Charlotte, North Carolina; Charleston, South Carolina; and Washington, D.C. He is a member of the ASIS International Security and Applied Sciences Community.
Don Zoufal, CPP, is safety & security executive for CrowZ Nest Consulting, Inc., and a current member and former chair of the ASIS International Security and Applied Sciences Community. For more information on the community and to get involved in its work, visit its page on ASIS Connects.