PITTSBURGH, Pennsylvania - August 1, 2011 - A picture of your face is all it takes for Alessandro Acquisti at Carnegie Mellon University (CMU) to access a wealth of personal information. He and colleagues used PittPatt facial recognition software, which was developed at CMU and recently bought by Google, to match people with their Facebook profiles and gather names, birth dates and other demographics for one in three test subjects.
The researchers then used this data to correctly predict the first five digits of the subject’s social security number, using a technique they developed in 2009. In principle it should be possible to identify the full number, but the sample size of 93 was too small to do this accurately.
This kind of identification relies on people sharing their information on social networks in the first place, but of course many happily do this. What they may not realize is that information from different networks or even their friends can be linked, building up a surprisingly rich picture of their identities. "It's like a domino effect," says Acquisti, who will present his research at the Black Hat security conference in Las Vegas this week. "It has become truly difficult for us to tightly seal our personal information."
Acquisti has also developed an augmented reality smartphone app that can perform facial recognition in real time, then overlay relevant online information in a matter of minutes. He says there are no plans to release the app to the public, but adds it wouldn't be too hard for someone else to replicate it. "My fear is that it's absolutely inevitable because data is already public for most of us."
So what happens when such an app is on the market, or even incorporated into a smart pair of glasses? Acquisti imagines a near future in which you could walk into a bar and scan through the crowd, telling you their names, interests or even their credit scores. "It impacts the way you're going to approach and interact with a person before you've even met (him or her)," he says.
Some people will be horrified by this vision, but then they probably aren't using social networks in the first place. Acquisti says others are more enthusiastic about the benefits software, but may not have thought through the consequences. "People trade off privacy for immediate gains," he says. "Often we don't see the cost of revealing too much information until it's too late."
