Black Hat: System links your face to your Social Security number and other private things

Soon it will be practicable to take someone's photo on a smartphone and within minutes know their Social Security number and a range of other private data like their personal interests, sexual preference and credit status, researchers will tell the Black Hat security conference this week.

The technique calls for linking faces of random individuals to images in databases that contain other information about them and using that information to project Social Security numbers, says Alessandro Acquisti, a professor at Carnegie Mellon University, who will present the research at the conference.

QUIZ: Black Hat's most notorious incidents

He says if he can arrange the logistics, he will demonstrate the technique at the show using an application on a smartphone that taps cloud-based databases and facial recognition software. He uses Social Security numbers as an example of what can be projected, but other information such as sexual orientation and credit ratings can also be inferred, he says.

The point, Acquisti says, is to show that a framework of digital surveillance that can go from a person's image to personal data exists today and will only get better as technologies improve, making privacy more scarce and making surveillance readily available to the masses. "This, I believe and fear, is the future we are walking into," he says.

He admits the method is far from foolproof, but that the individual pieces of technology are developing rapidly and could be ready for use in the real world in the foreseeable future. He is working on projections of how long it will take for the technologies involved to develop to the point of being reliable.

Acquisti bases his presentation on three pieces of research he and his team carried out. The first took the primary Facebook images that people posted to establish their identity. The team compared the Facebook images using PittPatt face-recognition software to identify other photos of the same person in another database, namely that of a popular dating service where people registered under phony names.

After the software made a match, actual people looked at the pictures to determine how accurate the matches were. They considered just PittPatt's best guess for each photo.

The software correctly identified 1 in 10 dating site members, which the researchers say is pretty good considering the experiment used just one photo -- the Facebook profile photo -- to identify the person with the known identity.

Plus, they only considered PittPatt's best guess. Had they considered the second and third best guesses, accuracy might improve as well, he says.

The second experiment photographed random college students and asked them to fill out a questionnaire. Meanwhile, the photo was compared to others in online databases to identify the students realtime and compile other photos of them.

The students checked the photos and found they were accurate about a third of the time.

The third experiment took the subjects' Facebook profiles and, from inferences made from the profiles, predicted the first five digits of their Social Security numbers and their interests and activities.

The last part is an implementation of a Social Security number-predicting algorithm Acquisti presented at Black Hat two years ago. Based on when and where a person was born, the algorithm predicts the first five digits, which are based on location. It can then guesses the remaining digits, but that could take 100 tries.

Read more about wide area network in Network World's Wide Area Network section.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securityprivacy

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?