Slashdot Mirror
How Face Recognition Can Uncover SSNs
nonprofiteer writes "Building on previous work showing that social security numbers are not random, CMU researchers ran experiments in which they predicted students' social security numbers after taking a photo of them with a cheap webcam. Using off-the-shelf facial recognition technology and data-mining publicly available Facebook photos and profile information, they were able to come up with the social security numbers of several of the students. (More impressive, as they note that 60% of the students were foreign, and had no SSNs, leaving them a pool of less than 50)."
The writeup made it sound like you could look at a crappy snapshot of a person and magically discover their SSN. What actually happened is that they trolled the Facebook profiles for their hometown and date of birth to discover the SSNs, the webcam was just to match up the person sitting at a terminal currently with their Facebook profile. The story is basically: Off the shelf facial recognition software seems to work pretty good, even with a crappy webcam.
I read the internet for the articles.
Life lesson: those who fear that they will lose their freedom if they lose their privacy are usually so busy defending their privacy that they do not have freedom.
Here's the thing. There's maintaining your privacy, then there's shutting yourself out of the world because you're trying to protect a part of your privacy that aren't very defendable. To some people, having a Facebook profile is like walking on a public street. People on the street know what their name is and know what they look like. Protecting the privacy of their name and likeness would be cutting them off socially. In a very real sense, that sort of privacy would be a loss of their freedom.
You may draw the line somewhere else. I know that I do. But, for some people, just wouldn't be free if they had to worry about a stranger knowing their name and face or even some of their habits.
As for the SSN thing, the government is to blame for not assigning numbers properly. The numbers themselves aren't necessarily a problem.
Actually, it's the fault of the banking industry for comandeering a government number for a purpose other than what it was intended. An SSN was not supposed to be a unique identifier for anyone other than Uncle Sam as they go to collect Social Security tax money and then pay it back out.
The problem is not using the SSN as a unique identifier (well, that's not the only problem - the fact that they're not actually globally unique makes that a bit of a problem too), it's using SSNs as proof of identity. Banks tend to assume that if you know someone's SSN, then you are that person, in spite of the fact that the SSN is public information. It's like designing an system where you can log in with a username and no password - and usernames are prepended to every message.
I am TheRaven on Soylent News
I find this article title to be silly.
What they do is use facial recognition to match people to their Facebook profile, then use the details stored there to obtain the SSN.
Up next:
- How names and surnames can Uncover SSN - How giving people your email address can Uncover SSN. - How running a facebook search can Uncover SSN
Researchers demonstrated a clearly fatal flaw in SSNs. They have shown beyond a shadow of a doubt that the current SSN system is unsuitable for usage. They did this years ago ... and nothing has changed. It's not a political talking point. There's no proposed solution sweeping in to correct the problem. SSNs still are the gateway to every American's private information, and there's no sign that this will stop being the case, despite clearly-fatal flaws.
I welcome anything that makes this scary enough for people to demand that SSNs be immediately deprecated. This article is just the same researchers shouting louder, but the system does need to change.