Photo by Cindie Hansen, Unsplash
Photo by Cindie Hansen, Unsplash
When criminals combine biometric templates with other leaked data, such as logins for social media profiles or home addresses, they can build “super-profiles” connected to many of a person’s activities.
Republished with permission from The Conversation, by Jonathan S. Weissman, Rochester Institute of Technology
A woman strolls into a grocery store, thinking about grabbing some apples. Before she even reaches the produce aisle, a security camera has scanned her face. Whether the system is checking for shoplifters or simply logging her arrival, her face has joined a digital ledger, a trace she can’t easily erase. Retailers, banks, airports, stadiums and office buildings are doing the same.
But what if the woman’s facial information is stolen or misused? If a cybercriminal steals her password, she can change it. If they acquire her credit card number, she can cancel the card. But she can’t reset or revoke the appearance of her cheekbones.
Facial recognition systems don’t keep actual images. They convert a face into a mathematical template that maps the positions and proportions of the face’s features. When another camera scans a person later, the system checks their live face against these templates to confirm an identity.
In my work as a cybersecurity professor at Rochester Institute of Technology, I have found that even though templates are more secure than photos—which anyone online can capture and manipulate—templates, too, can be stolen. Once that happens, these digital keys create a lifelong vulnerability. If a facial recognition database is breached, the “locks” that a template opens—accessing a bank app, getting through security at an airport, entering an office building—can’t be reset. A person’s face is permanent, and so is the threat.
The threat isn’t theoretical. Biometric data has been stolen in data breaches. In 2024, biometric data from a facial recognition system used at bars and clubs in Australia was hacked. And in 2019, biometric data from a pilot facial recognition system set up by U.S. Customs and Border Protection was breached in an attack on a subcontractor’s network. It’s not clear whether anyone’s stolen biometric data has been exploited, however.
Tracking Your Face
All biometric identifiers carry risks. Fingerprints and iris scans, however, are typically used in controlled situations, such as unlocking a person’s phone or allowing someone to enter a building. In these cases, a person has to deliberately look at a scanner. Cameras in public spaces, in contrast, can capture faces as people walk by, from a distance and without the people whose faces are scanned realizing it.
If a fingerprint or iris database is breached, a thief still needs to physically present that finger or eye, or a fake of it, to a scanner. However, someone could match a stolen facial template against images from surveillance cameras or photos circulating online, making it easier to identify a person of interest or track someone’s movements and activities.
There’s also a big difference, technically and ethically, between keeping a face on a phone versus handing it over to a database. On modern Apple devices and many Android systems, biometric data used to unlock the devices is stored locally in a dedicated hardware chip and is not shared with the manufacturer or cloud services for authentication. As a result, a breach of corporate or cloud systems would not expose these device-level biometric templates.
Some street and security cameras in public are passive, just watching as people pass by, with no long-term records. But others may be following people’s steps, linking faces to databases and creating a persistent digital trail. The risk rises when organizations use systems to track particular people across multiple databases. Airport systems could compare a traveler’s face against passport or airline databases. Stadiums may compare faces against local security watch lists or law enforcement lists. The company that manages Madison Square Garden has used facial recognition to bar entry to lawyers at firms that represented people who sued the company.
Some large retail chains, such as Wegmans and Target, also use facial recognition systems in their theft prevention efforts. Every new capture adds another permanent record.
Many companies do not have expertise in cybersecurity and rely on third-party vendors to manage their data. If those centralized systems are breached—or the datasets are linked across platforms, vendors or data brokers—your face can become a sort of persistent identifier, which can be used to expose or track you. In some cases, when combined with other compromised data, your captured face can lower the barrier to impersonating you.
When a Person’s Face Meets Their Data
A face can function like a “primary key”—a unique and stable identifier that connects records. If one database links a facial template to an email address, and a data breach connects that email to financial or personal records, an identity thief with a stolen template could access all that information.
And combining a template with AI tools such as deepfakes or three-dimensional face models could, in some cases, allow a criminal to impersonate an individual in systems that require proof of a live face, slipping into a forged digital identity like slipping into a costume.
When criminals combine biometric templates with other leaked data, such as logins for social media profiles or home addresses, they can build “super-profiles” connected to many of a person’s activities. Because the face acts as a permanent linking key, this level of identity theft is difficult to reverse.
How to Minimize the Threat
People are still figuring out how to live with widespread biometric collection. The convenience of smoothly passing security checks or making purchases is appealing, but it often comes with a permanent risk to privacy and security.
To lessen the threat, organizations can follow several data privacy best practices. They can keep only information that is necessary, erase the rest quickly and encrypt every mathematical template. They can store only encrypted templates rather than raw photos. They can use safeguarding techniques, such as the latest liveness detection techniques, to help ensure that their systems are interacting with real people rather than photographs, masks or deepfakes. And they can adopt a privacy-by-design approach, which means they will keep data only as long as necessary, clearly document how it’s used and restrict who has access.
Consumers can take steps as well. In places with privacy laws, such as California, Illinois and the European Union, people can submit a data access request to see what biometric data a company holds and, in some cases, ask for its deletion. They can also ask retailers anywhere what data is collected, how long it is kept and how it’s protected.
Jonathan S. Weissman, Principal Lecturer of Cybersecurity, Rochester Institute of Technology
This article is republished from The Conversation under a Creative Commons license. Read the original article.
The Conversation is a nonprofit, independent news organization dedicated to unlocking the knowledge of experts for the public good. We publish trustworthy and informative articles written by academic experts for the general public and edited by our team of journalists.
Help Support Factkeepers!
{"id":null,"mode":"form","open_style":"in_place","currency_code":"USD","currency_symbol":"$","currency_type":"decimal","blank_flag_url":"https:\/\/factkeepers.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/factkeepers.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":500,"top_media_type":"none","featured_image_url":false,"featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Leave a tip","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"Factkeepers.com","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"Help Support Factkeepers","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for being a supporter!","payment_confirmation_title":"Factkeepers.com","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to donate? You can change this amount to anything you would like.","initial":{"instruction_type":"normal","instruction_message":"How much would you like to donate? You can change this amount to anything you would like."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to donate? You can change this amount to anything you would like."},"invalid_curency":{"instruction_type":"error","instruction_message":"How much would you like to donate? You can change this amount to anything you would like."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to donate this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to donate this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to donate this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
{"date_format":"F j, Y","time_format":"g:i a","wordpress_permalink_only":"https:\/\/factkeepers.com\/why-facial-recognition-data-is-a-dangerous-key-to-your-identity\/","all_default_visual_states":"inherit","modal_visual_state":false,"user_is_logged_in":false,"stripe_api_key":"pk_live_40P3DgGDAHEP1QtJ0nOU4nms5JYHI8GbQ05dYiB1S8OPP5oMSIpOCCeeIawOyeW6bWDkDMWdUeggbhxOQTSA6aedu00ROAbhXBd","stripe_account_country_code":"US","setup_link":"https:\/\/factkeepers.com\/wp-admin\/admin.php?page=tip-jar-wp&mpwpadmin1=welcome&mpwpadmin_lightbox=do_wizard_health_check","close_button_url":"https:\/\/factkeepers.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/closebtn.png"}
