So much has been written in the last few days about using facial matching for identity verification.
But did we (the industry) get it right? So a few ideas for you to consider.
- This isn’t private industry versus public institution. – We know that both have a vested interest in understanding more information about people in general. Whether you are the product, or the consumer, data is the coin of the realm. The question here is about control of that data. What are your rights as an individual to control the use of your data? More over, how will you exercise your agency over your data, including biometrics.
- The technology is actually pretty good. It’s actually much better than has been reported. Not that everyone uses the best technology available, but when they do, results are pretty good.
With that said, it’s pretty good because testing continues and shows where improvements are needed. But, the concept of false identifications is highly relevant to the way in which this technology is used.
For example, let’s say we want to identify who is walking past a camera in a crowd from a large set of possible data points.
NIST sets the threshold for this as 0.3% meaning that their analysis wants to know what percentage of the time a match fails below this minimum threshold. So far, this is a pretty hard test to meet and we see failing this threshold 9%+ of the time; so not a great test.
But, if what you’re trying to do is understand if the person looking at their computer is the person who setup their personal identity, such as the way that the government was using the system, then the failure rate is usually less than 3% of the 0.3% threshold; so 90 in one million will fail when comparing it to 1.6 million other people. (NIST FRVT Cognitec 006 dated 2022-02-10)
The point of this later test is that someone trying to impersonate the identity owner would fail 99.999% of the time.
So there is a lot of dissention out there about this technology, with some good reasons. But the point here is that the path forward for understanding and respecting these views can be better understood as acknowledging that the individual has personal rights as to when and how their data is used.
To this point, if private or public institutions wanted to use this technology only in ways which helped protect the individual interests then the acceptance could be much greater. But, when it is used in an uncontrolled, unknown manner, it rightfully creates tension for all involved.
So, there is data here that is worth looking at.
First is the NIST Facial Recognition Verification Test (FRVT). This is an ongoing evaluation of the technology to look at accuracy and equity. Check out NIST here.
FRVT 1:N Identification (nist.gov)
If you want to understand others views on the accuracy of facial recognition, check out these resources:
What NIST Data Shows About Facial Recognition and Demographics – Security Industry Association
Comment on LinkedIn
https://www.linkedin.com/pulse/facial-matching-identity-verification-bill-weber/