As a kind of biometric technology, face recognition technology is widely used by many banks and financial technology institutions because of its unique advantages and the difference of individual facial features. Recently, the Postal Savings Bank Beijing Branch announced that it is building an intelligent data application service system of “face recognition + customer tag” to continue to promote the integration of big data applications and customer financial services. In addition to the postal savings bank, major commercial banks have deployed face recognition technology. However, what is more worrying is that face recognition technology has a certain privacy risk, and how to store and use user fingerprint, voiceprint, facial features and other information after being collected, and how to prevent data leakage remain to be solved and standardized.

Face recognition as a “new favorite”

At the end of December 2017, the central bank issued the notice of the people’s Bank of China on improving personal bank account services and strengthening account management, which clearly stated that “when providing personal bank account opening services, qualified banks can explore biometric technology and other safe and effective technical means as auxiliary means to verify the identity information of account opening applicants”. So far, face recognition has finally obtained the “birth certificate” and become the new favorite of banks. Recently, the postal savings bank, one of the largest banks in new Jinguo, officially announced to build an intelligent data application service system of “face recognition + customer tag” and continue to promote the integration of big data applications and customer financial services. At present, six major state-owned banks, including China agriculture, industry, construction, communications and postal savings bank, as well as major commercial banks such as Minsheng Bank, Shanghai Pudong Development Bank and Ping An Bank, have deployed face recognition technology.

Mobile phone name recognition technology is to recognize facial information, but it does not have much privacy. But it is related to the information of the person who is registered, including the name, age, ID number, address, phone number and other basic information. Wang Shiqiang, senior researcher of sack Research Institute, introduced that at present, many apps such as banks can log in through face recognition. However, technology is a double-edged sword. Once the relevant face information is collected by bad people, it is unclear whether it will be used to do illegal and criminal things.

Information security risks remain to be solved

Face recognition does bring people a lot of convenience in life, but what is more worrying is that face recognition technology still has a certain privacy risk. Recently, Tan Jianfeng, member of the CPPCC National Committee and founder of Shanghai Zhongren Network Security Technology Co., Ltd., mentioned in a proposal entitled “suggestions on strengthening big data risk prevention and control and ensuring national security with information security” that there are serious risks in the application of big data in specific fields, such as face recognition Biometrics and other applications are very insecure in Internet identity authentication. “You can change the password if you lose it, but the biological information is non renewable. Once it is leaked, you can’t have a second face.” Tan Jianfeng said.

Sun Yang, director of the financial technology center of Suning Financial Research Institute, said in an interview with the Beijing Business Daily that the face recognition technology has the problems that pictures are spread in public without permission, pictures are stolen to analyze personal facial and physiological characteristics, pictures are forged and modified by PS software to create rumors The combination of face recognition data with time and location will expose personal whereabouts. Face recognition data can also be used to analyze personal emotional information through image recognition and emotion analysis technology, which involves personal privacy. From the legal point of view, Wang Deyi, a lawyer from Beijing xunzhen law firm, pointed out that the biggest feature of the field of face recognition is that it is in a state that can not be relied on, lacks industry norms, and legislation can not catch up with the needs of technological development. When the rights and interests of users are damaged, it is likely that it is difficult to obtain evidence for technical reasons, and there is no legal basis to claim against the relevant responsible subjects. It is hoped that relevant departments will put legislation in the field of biotechnology on the agenda, determine the reasonable scope of technology use, and delimit the boundary of rights and responsibilities.

It is recommended to develop a data protection list

How to standardize the field of face recognition? Sun Yang further pointed out that standards and specifications should be formulated for the collection, preservation, use and sharing of personal data and data elements. It is necessary to formulate laws on personal privacy protection through the national legislature, and strictly regulate the security protection of data and information from a very detailed level. For example, it is not allowed to share personal contact information with marketing agencies at will, and it is not allowed to force the collection of some personal information if using app, minimize the collection of personal data, and obtain the explicit consent of individuals when collecting personal data Personal data storage time must be clearly minimized, personal data storage must be de identified, personal sensitive information must have a perfect access control mechanism, individuals can initiate personal information deletion, etc.

Wang Shiqiang also reminded that the supervision should issue clear regulations to license relevant enterprises engaged in face recognition technology. For enterprises using relevant technology, it is prohibited to use face information to engage in illegal business. Before collecting information, it is clear to agree on the scope of use, such as logging in and using only users. It is suggested to formulate a data protection list from the government level, strictly control the application of data in key fields such as biology and medicine on the Internet, and cut off the source of risk; Strictly manage the information collection of Internet enterprises. Only necessary data collection can be carried out according to the characteristics of enterprise products, and no additional excessive collection of user data is allowed.

Leave a Reply

Your email address will not be published. Required fields are marked *