Facial recognition data is a key to your identity -- if stolen, you can’t just change the locks - UPI.com

A digital facial recognition and thermal scanner is placed at the entrance of a supermarket in Beijing in 2020. File Photo by Stephen Shaver/UPI | License Photo

A woman strolls into a grocery store, thinking about grabbing some apples. Before she even reaches the produce aisle, a security camera has scanned her face. Whether the system is checking for shoplifters or simply logging her arrival, her face has joined a digital ledger, a trace she can't easily erase. Retailers, banks, airports, stadiums and office buildings are doing the same.

But what if the woman's facial information is stolen or misused? If a cybercriminal steals her password, she can change it. If they acquire her credit card number, she can cancel the card. But she can't reset or revoke the appearance of her cheekbones.

Facial recognition systems don't keep actual images. They convert a face into a mathematical template that maps the positions and proportions of the face's features. When another camera scans a person later, the system checks their live face against these templates to confirm an identity.

In my work as a cybersecurity professor at Rochester Institute of Technology, I have found that even though templates are more secure than photos -- which anyone online can capture and manipulate -- templates, too, can be stolen. Once that happens, these digital keys create a lifelong vulnerability. If a facial recognition database is breached, the "locks" that a template opens -- accessing a bank app, getting through security at an airport, entering an office building -- can't be reset. A person's face is permanent, and so is the threat.