Investigation on the abuse of face recognition
Nearly half of the app’s face recognition evaluations did not solicit user opinions separately, and many scenic spots and communities forced to "brush their faces"
On January 21, residents of a community in Chaoyang District were brushing their faces into the corridor.
Beijing News reporter Li Kaixiang photo
On November 19, 2020, Shanghai, the 22nd China Retail Industry Expo, face recognition, face shopping, AI mind reading.
Picture/IC PHOTO
The domestic “first case of face recognition” that has received much attention went to a second instance not long ago.
Once again the topic of "brushing face" has entered the public eye.
From this "first case of face recognition" to Jinan house inspectors wearing helmets entering the sales office,
These incidents reflect that there has been a lot of controversy in the use of face recognition.
At the same time, people have become wary of this life-changing technology.
Recently, Xinjing Think Tank conducted an evaluation on 78 popular apps.
The evaluation found that 67 apps support face recognition.
In apps that support face recognition,
46.27% of APPs do not have a clear agreement for the use of face recognition, and no user consent is obtained in the face recognition function.
In addition, the Xinjing Think Tank found through investigations that there are varying degrees of abuse of face recognition technology in shopping malls, scenic spots, communities, office buildings, and government agencies.
on-line
Measured 67 popular apps 90% of them confuse face information with general information
The Xinjing think tank survey found that most of the currently commonly used apps have the "face recognition" function, which is mostly used for face-swiping login and identity authentication; some social apps can also determine whether the user has a live broadcast during face-swiping authentication. Practicing qualifications; financial apps further provide functions such as facial payment and facial transfer.
Xinjing Think Tank selected the top 10 popular apps in finance, life, social, travel and tourism, e-commerce, office, and government affairs based on the number of app downloads on the iPhone device app list based on Qimai data. The "2019 Mobile Government Service Development Report" selected 8 local government APPs and a total of 78 APPs as the evaluation targets.
The evaluation is only for the APP's own functions, and the use of related face recognition technology to call third-party functions is not regarded as the APP's own functions.
Xinjing think tank combed and found that among the 78 apps, 11 apps did not support the face recognition function, and the privacy clause did not mention facial recognition related information.
Subsequently, the Xinjing Think Tank tested 67 APPs that support face recognition in terms of facial recognition purposes, usage methods, privacy policies, and data storage methods.
Nearly half of APPs did not seek user consent separately before face recognition
Regarding the choice of verification methods, 96% of APPs not only support face authentication, users can also choose other verification methods such as passwords and fingerprints.
If the user has enabled face recognition, 97% of the apps support turning off the "face recognition" function, and only 3% of the apps do not support the user turning off the "face recognition", and the user must pass the "face recognition" for identity verification.
In terms of the use of facial recognition, the "Privacy Policy" appears before the use of these 67 apps, and users are required to click "Agree", which means that they have read and agreed to all the contents of the "Privacy Policy".
These privacy policies often already include allowing the collection of user facial information and other biometric information. Therefore, when the facial recognition function is activated later, some apps have not obtained the user’s consent and have not set the user to check the relevant agreement content again. The user agrees directly by default.
The test found that among the 67 apps, 31 apps all operated in this way, that is, they did not obtain the user's "consent" twice.
The user can activate the face recognition function with a single "click".
In addition, there are 31 apps that open face recognition. Although there are clear terms related to face recognition, users can click to view the agreement, but it does not clearly emphasize the "consent" link, allowing users to check, but weakens and blurs A process that requires user consent and authorization.
Among the 67 apps tested, only 5 apps showed "User License Agreement" and "Usage Agreement" when the user clicked to enable face recognition, and it also clarified whether the user "agrees" to obtain the person. Related information such as face.
95.52% APP confuses face information with general information
At the same time, it is worth noting that although the privacy policy includes the collection of facial recognition and other information, 95.52% of the apps in the evaluation did not highlight the form, making users clearly aware that biometric information such as facial information was collected , But confuses "face information" with general personal information such as names.
For example, in the information collection content of the "Privacy Policy" of the China Construction Bank APP, it is mentioned that "Our bank will collect your basic personal information, identity information, property information, communication information, biometric information, mobile phone number, and signature information. Help you complete the e-banking registration. If you refuse to provide this information, you may not be able to open e-banking or use our bank’s services normally.” It can be seen that the bank compulsory collection of biometric information and other general personal information.
In terms of data storage and protection, only 2 APPs have special protection for facial biometric information, while the other 65 APPs attribute the protection of facial information to personal information protection.
For example, the China Construction Bank APP mentioned in the "Privacy Policy", "Our bank will take all reasonable and feasible measures to protect your personal information." The clause does not mention what personal information is there, and it is not sensitive to human faces. Information takes special protection measures.
Regarding the information of third-party companies that provide facial recognition technology that everyone is very concerned about, the "Privacy Policy" of the 67 apps evaluated did not clearly indicate the specific information of third-party technology companies that support facial recognition technology, including their names and qualifications.
Finally, in terms of allowing users to delete personal information, out of the 67 apps evaluated, it was found that 56 apps did not mention how users delete personal information, and 6 mentioned “delete information can be requested under special circumstances”. Paragraph 5 mentions "Personal information will be deleted when the account is cancelled."
Phenomenon 1
Offline scenic spots promote "face-sweeping" on the grounds of electronic upgrade
A few days ago, Xinjing Think Tank conducted a questionnaire survey on the abuse of face recognition.
The survey found that more than 80% of respondents chose "public consumption places" for the option of "Where should not use face recognition", the largest proportion.
However, in commercial consumption places, the use of "face recognition" seems to be becoming a trend.
Recently, netizens provided clues that from 2021, users with annual travel tickets in Xiangyang City will "swipe their faces" to enter the scenic spot, and the annual travel tickets will be changed to electronic annual tickets.
Why does the scenic spot adopt the "face-brushing" approach to the park, and how to save the collected personal information?
Regarding this issue, a reporter from the Beijing News called Hanjiang Zhixin Technology Co., Ltd., which handles the annual Xiangyang tourism ticket.
According to the staff of the company, the Xiangyang Scenic Area adopts the "brushing face" approach to the park, one is to promote Xiangyang tourism electronic.
After the scenic spot system is upgraded, the previous entry method with physical cards has been upgraded to the "face-swiping" entry method; second, the previous physical card comparison is not very convenient, and face recognition can be quickly compared.
Regarding whether visitors can refuse to use face recognition to enter the park, the other party replied, “Now is a transitional period. You can buy physical cards at the scenic spot window, but all subsequent physical cards will be cancelled and you can only enter the park by swiping your face. You can only purchase an electronic card if you purchase an annual pass, and you must enter relevant personal information."
Regarding how to save and manage annual ticket user information, the staff member introduced that user information is stored separately in a dedicated computer. The company has 3 employees responsible for the entry and management of user information.
According to reports, as early as 2018, 65 well-known domestic scenic spots including Gubei Water Town in Beijing, the Terracotta Warriors and Horses in Xi’an, and Huashan Mountain in Shaanxi have already launched AI "face-swiping tour" tourism projects. Face to buy tickets to enter the park.
Compared with these public face recognition functions, some face recognition is hidden in the dark of commercial places, and the latter may be more worrying.
Not long ago, the "home buyers wearing helmets to see houses at sales offices" that caused a heated discussion on the Internet was because many sales offices installed cameras and sales staff used facial recognition technology to "kill familiarity", which led to the implementation of price discrimination.
Behind the widespread use of these facial recognition technologies is the substantial increase in the number of domestic related companies.
As of October 2020, according to the company's data and statistics, there are a total of 10,443 companies across the country whose names, products, brands, and business scope cover "face recognition."
After the test of the new crown epidemic, "recognition without taking off the mask" has become a highlight of many equipment supply brands.
This also means that in the future, consumers are more and more likely to be "stolen" of facial information.
Phenomenon 2
"Face recognition" is regarded as the "standard configuration" of smart property
In recent years, in some cities, face recognition access control is becoming the standard for so-called "smart properties".
A staff member of Beijing Jinchan Nanli Community told the Beijing News reporter that the installation of face recognition is mainly to respond to the requirements of smart property management and to upgrade the access control system; it is also to make the community safer.
Because ordinary access cards are easy to re-engrave, and face recognition can effectively prevent outsiders from entering the community.
However, the staff member said, “Now the access card can still be used, and you can enter the community through face recognition and access card.” At the same time, the staff also said that the use of face recognition access control, property personnel, door security has not reduced , It also increases the cost of buying equipment.
It can be seen that although face recognition systems have been installed in some communities, the entry method has not undergone a fundamental change, and it does not seem to have a significant impact on changing the efficiency and cost of property management.
Regarding face recognition access control, many residents expressed that they are more worried about the safety of personal information and that their information will be leaked.
"I would rather spend a few more seconds to swipe my card, and don't want to increase the risk of face information leakage." A resident of Beijing Jinchannanli Community told the Beijing News reporter.
In large and medium-sized cities in China, the addition of face recognition systems in residential communities is becoming a new trend.
Since 2020, some communities in Lanzhou have begun to install face recognition access control systems.
According to local media reports, up to now, 1961 sets of front-end sensing devices such as smart access control, car prohibition, and face capture have been deployed, covering 168,900 residents of the community.
But not all cities support face recognition in the community.
At the beginning of December 2020, the "Tianjin Municipal Social Credit Regulations" was voted through, and for the first time in the country, the collection of facial recognition information was publicly prohibited.
After that, the neighborhood committee asks residents to decide for themselves whether to continue using face recognition to enter and exit the community.
As of December 24, 2020, among the more than 600 residents of Wenhua Village, nearly 50 households have proposed not to use the face recognition access control system.
In December 2020, the "Hangzhou City Property Management Regulations (Revised Draft)" proposed that "property owners are prohibited from entering the community through fingerprints, face recognition and other biological information", which also caused the issue of face recognition in the community to receive wider attention.
In the face recognition abuse questionnaire survey conducted by Xinjing Think Tank, 68.64% of the respondents believed that face recognition should not be used for community access control.
Phenomenon 3
"Swipe face government affairs" need to be alert to system loopholes
In recent years, local governments have continuously promoted the digitalization of government affairs.
This is a convenient move.
But in reality, the necessity and safety guarantee of using face recognition technology have become prominent issues.
The face recognition abuse questionnaire survey conducted by Xinjing Think Tank shows that 28.81% of the respondents believe that face recognition is compulsory in government services (such as government apps).
A few days ago, netizens provided clues to Xinjing Think Tank that there is a "face recognition" number machine in the administrative service hall of Rugao, Nantong City.
A reporter from the Beijing News interviewed the administrative service hall on this telephone. The staff of the hall replied that the "face recognition" technology was adopted, "mainly for the convenience of everyone to get numbers."
Does "Face Recognition" take a number, does it mean that you can only take the number of the person who reads the face?
In this regard, the staff member said, "No, if someone else holds your ID card, the agency is also possible."
As a result, netizens questioned the necessity of "swiping the face to get an account number".
According to reports, by 2019, more than 170 cities have opened services such as “swiping their face” for individual taxation, inquiries on provident funds, certification of pension eligibility, and online payment of penalties for traffic violations.
Among them, the Yangtze River Delta has made the fastest progress.
The "face-brushing government affairs" service has indeed brought convenience to the citizens, but there are also some places where the online service system is not perfect, and there are loopholes in the operation link, which brings the public the risk of property loss.
In December 2020, the media reported that some property owners in Nanning, Guangxi, when they commissioned a real estate agency to sell their houses, they were suspected of encountering fraud.
They all use the "Yong e Deng" APP for real estate transfer registration, which is an online business processing platform launched by Nanning City.
According to the monitoring data of the public opinion system of Qianlong Think Tank, the news of the incident of "the owner's face-washing house in Nanning, Guangxi was transferred" is very popular, and it has entered the top 10 "face recognition" events in 2020.
This case fully exposes that when some government service agencies use face recognition technology, they are still not complete in terms of standardization and protection, and even have major security breach risks, which require vigilance.
In response to the current abuse of face recognition technology, Xue Jun, a professor at Peking University Law School, told Xinjing Think Tank that we must develop a new social regulatory system that adapts to the high-tech era.
Use technical guidelines, safety assessment guidelines or technical specifications to effectively regulate the use of face recognition technology.
B02-B03 edition writing/Beijing News reporter Wang Chunrui