Is Webcam Facial Recognition Secure Enough?

Webcam facial recognition has potential, but is also a privacy concern.

The corporate conference room is a place for confidences, a place where the leaders of an organization should feel free to throw around ideas about a company’s future, its response to a crisis, and its plans for innovation. It should be a venue where thoughts are expressed safely in the knowledge that their contents won’t leave the room.

Yet, as digital communications technologies take a more central position in these high-level discussions and remote colleagues are beamed into meetings via video conference, we are encountering new questions around privacy.

Advanced features such as webcam facial recognition represent the next generation of biosecurity online, but recent video conferencing-related data breaches have raised doubts over the security of facial recognition in video conferencing technology.

Big Tech Targets

Though in truth we have yet to experience a video conferencing security hack on a large scale, not all fears are just technophobia. Video darling Zoom recently suffered a minor setback when it was revealed that a vulnerability in Zoom’s application for Mac could potentially allow hackers to gain control of a user’s webcam and get a look inside a home or office.

The source of much of our online security fear is based on the actions of the providers, not rogue hackers.

As far as we know that vulnerability was never exploited, but other gaps in security have led to more serious consequences. Google, for instance, was forced to shut down its Google+ platform late last year after an API bug exposed the private data of 500,000 users. Twitter and Facebook have also been hit by similar types of security deficiency, although neither resulted in any reports of stolen data.

Arguably, the source of much of our online security fear is based on the actions of the providers, not rogue hackers. Such is the continued fallout from Facebook’s Cambridge Analytica scandal that reviews of Facebook’s otherwise impressive Portal video conferencing hub are always accompanied by caveats about the company’s history with users’ private information: If Facebook allowed so many users to have their data exposed and used, what might they do with access to recordings of our faces, voices, and other data? Those doubts have spilled over to Google, which faced similar queries upon launching its video-focused Nest home hub. However, those fears have so far been proven unfounded, and facial recognition still stands as a potentially major evolution in online security.

Next-Generation Security

Facial recognition security will face perhaps its biggest public test at the 2020 Olympic Games in Tokyo, which is expected to draw around 40 million tourists. Japanese authorities will use facial recognition cameras at every venue during the two-week event to verify the identity of everyone who enters. The same tech has been trialed at U.S. customs points, but has never been used on such a grand scale.

Facial recognition technology relies on a database of known faces to which it matches live images using facial measurements.

The ability of facial recognition AI to do large-scale scanning stems from its accuracy in distinguishing one human face from another. The technology relies on a database of known faces to which it matches live images using measurements such as the distance between features, height of cheekbones, depth of eye sockets, and width of nostrils. The 3D nature of this imaging requires detailed infrared and multiple viewpoint cameras, but those are now so affordable to manufacture they are included within commercially available webcams.

That brings us to the corporate boardroom and the risk versus reward of bringing webcam facial recognition into potentially sensitive business meetings.

Webcam Facial Recognition

Facial recognition has most often been used as a security measure in the business world. Devices such as Logitech’s BRIO camera can be paired with platforms like Microsoft’s Windows 10 feature Hello to bring a biological element to two-factor authentication. Wider use, such as in Cisco’s Spark Room Kit, is generally limited to storing and recalling user preferences and video calling histories. Keep in mind that in both these cases facial recognition is made possible by an app, perhaps in conjunction with a feature of the camera, such as an infrared sensor. The camera cannot perform facial recognition without the appropriate software.

The fear with any use of this tech is that while we are looking into these next-generation cameras they will be looking back at us–and remembering all they see. Theoretically, the tech poses an increased threat when it is built into a boardroom video conferencing system because the system can identify who is speaking, who is present, and match information with identity.

The reality is that it’s unlikely webcam facial recognition AI poses any higher threat to users’ privacy than traditional video conferencing does.

Google and Facebook answered those voicing privacy concerns by promising that all information would be stored locally and not run through their main servers. That requires a leap of faith on the part of the user, but we’re used to the leaps of faith–and compromises–required to use services like Google and Facebook. There is also the perceived threat that smart applications could use stolen images of our faces to impersonate us online. Again, a few clever tech demonstrations aside, this eventuality has yet to come to pass.

While the question of where data gathered by video conferencing systems is stored is an important one, so is the question of where the data of users of any service or application is being stored. The reality is that it’s unlikely video conferencing system and webcam facial recognition AI poses any higher threat to users’ privacy than traditional video conferencing does. In fact, the ability to instantly identify everyone present in a video meeting should only increase security by ensuring that participants are who they say they are. Video conferencing expands our ability to gather quickly and discuss the urgent, sensitive, and speculative aspects of business. Facial recognition should only make that process safer.

Subscribe to VC Daily