As if there weren't enough insecurity about Social Security numbers, now there's more reason to worry: University researchers have found that using facial recognition software and social media profiles — like those on Facebook and Twitter — can make it easier to figure out individuals' SSNs.
"It is possible to identify strangers and gain their personal information — perhaps even their Social Security numbers — by using face recognition software and social media profiles," Carnegie Mellon University said, in announcing the findings of CyLab researcher Alessandro Acquisti and his team.
This is familiar territory for Acquisti's team; last year, their research found that online information about a person's date of birth and place of birth could allow identity thieves to guess that person's Social Security number.
In their recent research, Acquisti, an associated professor of information technology and public policy, and CMU postdoctoral fellows Ralph Gross and Fred Stutzman, used three technologies: an "off-the-shelf face recognizer" (the PittPatt technology, recently purchased by Google, and one that began in Carnegie Mellon's labs), cloud computing and "publicly available information from social network sites" to "identify individuals online and offline in the physical world," the university said in a press release.
"Since these technologies are also accessible by end-users, the results foreshadow a future when we all may be recognizable on the street — not just by friends or government agencies using sophisticated devices, but by anyone with a smartphone and Internet connection."
The researchers say "smartphone" because they also created a smartphone app to "demonstrate the ability of making the same sensitive inferences in real-time. In an example of 'augmented reality,' the application uses offline and online data to overlay personal and private information over the target's face on the device's screen."
Scary, indeed. "The seamless merging of online and offline data that face recognition and social media make possible raises the issue of what privacy will mean in an augmented reality world," Acquisti said.
The results of the Carnegie Mellon study will be presented this week at the Black Hat security conference in Las Vegas.
As for the PittPatt technology itself, and Google's acquisition of it, the search giant says it has no plans to use it with its recently launched Google+ or any other services.
Google spokesman Chris Gaither said in a recent statement to the Washington Post, “We’ve said that we won’t add face recognition to our apps or product features unless we have strong privacy protections in place, and that’s still the case.”
- Facebook's 'tweaked' photo changes are no big deal
- Why overusing Social Security number is risky
- Red Tape: Study: Roughly 1 in 15 adults lie about SSNs, DOBs on credit applications
- Red Tape: Odds someone else has your SSN? One in 7