Human face carries important personal identity information. With the development of technology, face has become the “important data” to identify personal identity. In the new generation of mobile phones launched by major mobile phone manufacturers, face brushing unlocking has replaced fingerprint unlocking, and some payment systems have also adopted face recognition technology. At present, face recognition is undoubtedly one of the hottest and widely used technologies in the wave of artificial intelligence, which provides convenience for life, travel and social security.
Is it safe to brush your face
Brush your face and eat by your face Today, with the development of face recognition technology, the imagination has been infinitely close to reality. According to the forecast of foresight Industry Research Institute, China’s face recognition market as a whole will grow rapidly in the next five years, realizing multi industry applications. It is estimated that China’s face recognition market will exceed 5 billion yuan by 2021.
In addition to the concerns about privacy, the public’s concerns about the other direction of face recognition technology come from the security of the technology itself. Previously, Zhejiang primary school students found that printing photos can replace “brush face”, deceive the news of Fengchao express cabinet in the community, which seems to be the portrayal of its “unreliable”.
Compared with the concerns about privacy, the concerns about the security of “face brushing” technology itself are suspected of panic. In fact, the main reason why express cabinets can be cheated by photos is that there is no live body detection technology added to them. “Nowadays, it’s very rare to use face recognition technology that dares to” let it out “even without living body detection.”.
From the point of view of technology itself, face recognition is divided into two technical schemes, 2D and 3D. Taking Alipay and WeChat’s “brush face payment” as an example, both of them use 3D face recognition technology. They will detect through the combination of software and hardware to determine whether the collected faces are alive or not, and can effectively prevent video and paper from impersonating.
Different scenes, different boundaries
Commercialization scenario: in the case of satisfying the “informed consent” of the subject of personal information, in view of the higher information security risks and the potential wider information connotation of face information, enterprises should carefully evaluate whether the use behavior follows the principle of “legality, legitimacy and necessity” to avoid being questioned “how to kill a chicken with a butcher’s knife”.
Application scenario based on public interest: similar to the traditional view on the restriction of portrait right in law, the rights of natural persons on their face information can also be restricted to a certain extent based on the need of social public interest. However, considering the possible threat to racial equality and freedom of speech caused by excessive use of face recognition technology, it is generally believed that when using this technology in public places, it is recommended to observe the principle of authorization, the principle of legal reservation and the principle of proportionality.
Compliance of face recognition technology application
① Identification of the nature of photos containing face images
In the information security technology personal information security specification, facial recognition features, together with personal genes, fingerprints, voiceprint, palmprint, auricle, iris and so on, constitute “personal biometric information” under personal sensitive information. The degree of protection and related compliance requirements are higher than general personal information. In June this year, the National Information Security Standardization Technical Committee issued the “requirements for the protection of biometric information in information technology security technology (Draft)”, in which biometric data is defined as “biometric features of biometric samples, biometrics, biometric models, biological properties and original description data, “Face” is one of the physiological features that can be used to recognize individuals. However, it is not clear whether the photos carrying face images will be recognized as personal sensitive information in China.
Photos containing face images do not naturally constitute biometric information / personal sensitive information with a higher degree of protection in nature, but are subject to higher compliance requirements only when they are processed by specific technologies to make them have the attribute of identifying personal identity.
② Commercial use of face recognition technology
The “network security law” requires network operators to collect and use personal information, and clearly indicate the purpose, method and scope of the collection and use of information, with the consent of the recipient. The face image and image information collected by the monitoring equipment for the purpose of safety supervision is further applied to the commercial precision advertising marketing, which exceeds the normal expectation of consumers for their personal information use.
Therefore, if the face images and images acquired by enterprises for security monitoring purposes are subsequently used for other commercial purposes, it is necessary to ensure the informed consent requirements of the personal information subject. In addition, the enterprise shall also take reasonable measures to prevent unauthorized access to or acquisition of the said information, and comply with the minimum requirements reasonably necessary for the retention period.
③ Restrictions on the use of face recognition technology in public places
On the one hand, the government based on the construction of smart city, such as the installation of face recognition devices in the subway and other public transport hub sites, or the collection and use of face information for the purpose of administrative law enforcement, is the guarantee of public safety, and even can promote the convenience of public travel. On the other hand, in an increasing number of public surveillance scenes, individuals can not refuse to obtain face recognition information, which also increases the risk of personal information being abused.
Although the above scenario is for the use of public power, the balance of interests reflected in it still has a certain reference significance for enterprises deploying monitoring equipment in public places. When processing face recognition information, enterprises should consider the legitimacy and necessity of behavior, actively formulate and comply with sensitive information processing policies, so as to explicitly inform the information subject and obtain proper authorization from the information subject, and ensure that the collection and processing of the information should only be limited to the necessity of their business purposes, And evaluate the possible impact on personal privacy before the online monitoring technology.
④ Discrimination in face recognition
With the increasing demand for the legitimacy and transparency of personal information processing in China, when enterprises completely rely on automatic algorithms to process face recognition information and make decisions that significantly affect the rights and interests of the subject of personal information, in order to avoid the impact of possible algorithm discrimination on natural persons, it is suggested that:
(1) Fully inform the use of face recognition information;
(2) The working principle of AI automatic algorithm and what features AI will use to evaluate the data subject;
(3) Obtain the consent of data subject for collecting face recognition information and subsequent AI processing behavior;
(4) The appeal method is provided to the subject of personal information to protect the right of the affected subject to question the conclusion made by the automatic decision.
Limited by the current situation of technology development, the deviation of original data and the bias of algorithm designers, the use of face recognition algorithm increases the risk of making discriminatory decisions by means of tagging judgment, and these risks will be borne by the people who are in a relatively disadvantaged position. In the absence of supervision, effective safeguard measures, transparency and accountability mechanism, the application of face recognition algorithm will accelerate the existing inequality. What is worrying is that with the help of complex and obscure algorithms, discrimination is often carried out in an imperceptible way.
The law of our country protects the features of face recognition strictly
The convenience brought by face recognition can not be ignored, but the development of technology has no boundary, but the use of technology must have a boundary, but the boundary is fuzzy. There is no obvious specification for which scenarios can be applied and which fields can be extended. Therefore, when it goes beyond the boundary, naturally there are many disputes.
China’s laws and regulations on portrait collection mainly focus on entry-exit management, ID card processing, criminal investigation, road traffic safety management and other laws and regulations. Public security organs and other relevant government departments have the power to forcibly collect biometric information such as portrait and fingerprint of data subjects. For example, Article 3 of the ID card law stipulates that the registered items of the ID card include the photo, fingerprint information, etc.
In addition to the mandatory occasions for collecting images, face recognition is being widely applied to the public management areas such as train station / Airport “brush face”, school classroom monitoring, daily attendance of enterprises and institutions, as well as the authentication of financial institutions such as banks, and the verification of the three party payment by Alipay. Online beauty and P-map. Whether the above behaviors meet the requirements of “network security law” and relevant information protection laws and regulations is worth thinking.
In fact, from the point of view of face recognition technology, in addition to the facial recognition features stored in the database for the first time, the facial features collected in the subsequent face recognition can only be used for proofreading without storage. Not collecting or reducing the collection of unnecessary personal sensitive information is also in line with the “necessary” principle of data collection in the network security law, and can also reduce the security risk of data leakage.
Face information, as an important biological information of human body, has been applied to payment, entertainment, security, education and other fields of life with the development of technology. Technology is a double-edged sword. As a high-tech, face recognition brings convenience to people’s life. At the same time, people can not ignore the information security, privacy leakage and other issues, let alone ignore the legal risks.
Editor in charge: CT