When it comes to advocates for user security and privacy, Facebook may not be the first tech giant that springs to mind. But the company seems desperate to find an acceptable use case for facial recognition, one that will not see a backlash from its vast user base. And so it’s little surprise, that the company seems to be experimenting with its own version of Apple’s “FaceID” using its own technology and algorithms.
The in-development technology, which is intended to lock its Messenger application after use, was uncovered by Jane Manchun and shared on Twitter. If it’s unclear why Facebook would not use the device’s own biometric tech as WhatsApp does, then see the point above. We have seen continual speculation when it comes to Facebook and facial recognition, including viral challenges and even testing algorithms on staff.
There are a couple of immediate issues with the plan, though, notwithstanding declining trust in Facebook. Even with assurances that a yes/no authentication decision does not leave the device, this will raise privacy concerns as to why the company needs to go its own way. There is also an issue with giving biometric enrolment permission to multiple vendors and not relying on a limited set of service providers. Every new security arrangement is a potential vulnerability.
Facebook might be better advised to revisit its decision to stall end-to-end encrypting Messenger itself, and leave access security to the functioning biometric tech on the device itself. The company has made a play for the privacy space, promising users that the end-to-end encryption that WhatsApp has done more than any other platform to popularise, will be coming to Instagram and Messenger. But it has now cycled back on those plans, as reported on Forbes.com by my colleague Kate O’Flaherty. “Due to the significant issues in adding the technology to an existing system,” she explains, “end-to-end encryption on Facebook Messenger could be years away.”
The other issue, of course, is that “FaceID” is an Apple product. And so if this is not simply Facebook exploring a lock on Messenger that relies on iOS or Android device security, the “working title” will need to be changed quickly now.
Facebook knows full well that there is serious commercial value in capitalising on the two billion users and hundreds of billions of images on its platform. Along with Google, it has the potential to develop better performing facial recognition than anyone else, simply given its access to training data linked to user details.
The company lost its Supreme Court review request last week over its use of facial recognition, and there is an indirect backlash over the claims in the U.S. that a vendor has scraped billions of images from the platform for its own purposes.
We can expect more details to come out in the coming days as Facebook responds to the speculation. There’s every chance this is an experiment that won’t make it into a final product, but if Facebook senses this is the acceptable application to step into the facial recognition realm without a negative user response, that won’t be the case.
With 1.3 billion monthly Messenger users, this is a compelling opportunity to explore. Apple takes great pride in the technology sitting behind its FaceID. Its performance is based on the hardware deployed, rather than just an algorithm using the camera itself. The challenges with using a fixed camera are “liveness” testing—is this a person or a photo, as well as defeating other spoofing attempts and working in low light conditions. If Facebook can develop a normal camera alternative to hardware biometrics that works well in real world conditions, that will be huge commercially.
Facebook has been approached for any comments on the “FaceID” report.
Disclosure: the company I lead, Digital Barriers, develops facial recognition technology for security and surveillance applications. It does not currently provide that technology for any form of device access control.