New computer technologies shown to expose personal information
By Ben Coxworth
August 3, 2011
Facial recognition software, social networking and cloud computing ... they're all technological advances that alone have thrown up questions regarding privacy. According to a recent Carnegie Mellon University study, however, the three technologies can be combined to learn peoples' identities and other personal information about them, starting with just a photograph of their face.
"A person's face is the veritable link between her offline and online identities," said Alessandro Acquisti, associate professor of information technology and public policy, and leader of the study. "When we share tagged photos of ourselves online, it becomes possible for others to link our face to our names in situations where we would normally expect anonymity."
Acquisti's team used "off-the-shelf" PittPatt face recognition software, cloud computing, and publicly-accessible information from social networking sites to identify individuals based both on photographs posted online, and on photos that the researchers took themselves in the real world.
In one experiment, they were able to accurately identify people whose pictures were posted on an online dating service, where the members only use pseudonyms to identify themselves. In a second experiment, they were able to identify students walking on the campus grounds, by taking photographs of them, then matching those up with their Facebook profile photos.
In a third experiment, they were able to predict personal interests and in some cases even the first five digits of the social security numbers of students, starting with nothing but a photograph. Apparently, knowing a student's date and place of birth was sufficient to guess their social security number "with great accuracy."
Overall, they were able to identify about one third of the people whose photos they analyzed.
The Carnegie Mellon team even created a one-off augmented reality smartphone app that displayed personal information about individuals in real time, as the phone's camera was trained on their face.
"The seamless merging of online and offline data that face recognition and social media make possible raises the issue of what privacy will mean in an augmented reality world," said Acquisti.
His team's findings will be presented this Thursday at the Black Hat Briefings security conference in Las Vegas.