- Facial scanning is the future of mobile security
- Fingerprint tech is dead
- New security systems still have some major bugs, especially racial and gender bias
- Unbiased facial recognition is the solution
When technology works well, it’s seamless - it just does what needs doing, invisibly, without users even knowing it’s happening. That’s the allure of voice recognition tech like Amazon’s Echo or Apple’s HomePod. And that’s what’s behind the hype surrounding Amazon’s grab-and-go shopping experiment. When it works, it just works - no hassle, no fuss, and no fiddly-bits to get in the way.
Mobile security is moving in that direction, too. If you’ve ever forgotten a password or had to inscribe an unlocking pattern with only one hand, you know just how frustrating security can be. And since one or both have happened to nearly everyone with a mobile, we’re pretty sure you’ve felt that sudden surge of anger when the tech was all hassle and no miracle. There’s got to be an easier way, right?
Indeed there is. A new generation of biometric scanners promise smartphone security and incredible ease-of-use, replacing the fumbling and compromised safety we’ve become accustomed to. New systems for Apple’s iPhone X, and soon for Android-driven mobiles, will deliver on that magic tech promise of invisible, effortless function.
Facial scanning is the future of mobile security
The future of smartphone security is facial scanning. That may sound like tech more likely to secure the backdoor at Buckingham Palace than your new mobile, but developers are taking this approach very seriously. That tech is pretty much ready for market, too, and surprisingly inexpensive. But to understand why it’s the future, we need to take a look at the past.
There’s something of an iron-clad law in security: the easier it is to use, the less secure it really is. Really ‘unbreakable’ passwords, for instance, can be hard to remember; the ones you can remember easily are probably pretty simple to break with ‘brute force’ attacks. The same is true for the patterns you draw between the dots on your mobile. That’s why fingerprint scanning for phones, laptops, and other devices was a breakthrough - in theory at least. With a simple touch, you could have easy-to-unlock security.
But… fingerprint tech is dead
In practice, that ease-of-use and security were never really there. As Joseph Steinberg reported for Forbes back in 2013, “Just one day after the new fingerprint-scanning Apple iPhone-5s was released to the public, hackers claimed to have defeated the new security mechanism.” Despite Apple’s claims that the fingerprint security was paired with facial recognition to prevent the use of fake fingerprints, fingerprint security just wasn’t… well… secure. It still isn’t, by the way, at least not on mobile platforms. And the iPhone has now dropped fingerprint security altogether.
Worse still, fingerprint scanning isn’t even easy to use. The placement of the tiny sensors on the front of a mobile makes them more available in certain positions than others, and moving them to the back, as Samsung and others did, generated mountains of complaints about ergonomics. Their placement on Apple’s laptops is a little better, as their many users can attest. Edoardo Maggio, writing for Business Insider UK, quips that “The most recent MacBook Pros have a fingerprint reader, but that still requires you to actively reach out for the designated area on the keyboard, tap, and unlock the device. It's not annoying by any means, but face scanning is still a noticeable step ahead.”
As Maggio notes, engineers and designers have a solution, and it just may bend - if not break - that iron-clad law. With advanced facial recognition, your mobile can unlock itself without you doing anything, and still provide the security you need.
New security systems still have some major bugs, especially racial and gender bias
Early attempts at this tech for smartphones were less than impressive. The Samsung Galaxy S8, for instance, unveiled just last year, will unlock for a selfie. As Ron Amadeo warned the readers of Ars Technica last March, “Galaxy S8's face recognition can be tricked with a photo.” Drawing on evidence from a video posted by Marcioanophone, Amadeo reported that by simply showing the facial recognition tech a selfie on another phone, it could be tricked into unlocking. Clearly, that’s not the kind of security we’re looking for.
One solution is to multiply the kinds of authentication necessary to unlock your phone. But if two, three, or four user inputs are needed - facial scans, fingerprints, passwords, etc. - ease-of-use is destroyed. Mobiles need to be secure and simple to unlock, all or nothing in this case. And a super secure system that no one uses isn’t very safe, is it?
Another problem bedevilling facial scanning is biased code. Joy Buolamwini of MIT’s Media Lab recently exposed the racial and gender shortcomings of facial recognition tech. Because of mostly white, male engineers and programmers, using mostly white, male images to train the software, it’s startlingly bad at judging the gender and identity of people of colour, especially women. As Steve Lohr explains for The New York Times, “...the darker the skin, the more errors arise — up to nearly 35 percent for images of darker skinned women”. And Lauren Goode tells readers of The Verge that “Gender was misidentified in less than one percent of lighter-skinned males; in up to seven percent of lighter-skinned females; up to 12 percent of darker-skinned males; and up to 35 percent in darker-skinner [sic] females.” That’s a problem that needs a serious, substantive solution.
Unbiased facial recognition is the solution
But the tech is being refined (we hope), and designers and engineers are certainly aware of these shortcomings after high-profile iPhone X failures in China. The future will include better facial recognition tech to verify identity, and so far, the results are pretty good - if you’re white and male. While not perfect even then - Apple’s Face ID can be tricked by close relatives, for instance - it’s easy to use and accurate enough to improve on fingerprint tech. That’s an important combo. Facial recognition doesn’t need to be perfect (it does need to be unbiased, though), but rather ‘just good enough’ and very easy to use. And because systems like Face ID require nothing more than for users to look at the screen, they deliver that elusive ease-of-use, too. As Maggio describes, Apple’s “Face ID uses a flood illuminator to project around 30,000 dots onto your face, which create a depth map of your face's unique shape. An infrared sensor then double checks that the image it acquired corresponds to your face each time you try to access your phone, and if it does, you're in.” In theory, this should take no more time than a simple swipe.
We need mobile security - there’s simply no question about that. But to induce us to use it, developers need to make it as painless as possible. As early attempts demonstrate, however, racial and gender bias is an ongoing problem for the tech. We hope this issue is resolved quickly, and with improvements to this innovative technique, a new era of smartphone safety just might be here.