Biometrics in Social Media Apps: Opportunities and Risks

From start-up companies to large technology firms like Google, Facebook, Amazon, Apple, etc. are increasingly leveraging biometrics in their products and services. They understand prospects of this technology and value of biometric data. Biometric data they collect today may worth a fortune in future, so business organizations are mixing biometrics with their services wherever they can.

On the other hand, user adoption of biometrics is an increasing trend. From banking to photo sharing and social media, biometrics has not only transformed how people authenticate their identity, but has also opened doors for utilization of this technology in many other applications and use cases.

When integrated with services used by millions, e.g. social media apps, photo / video sharing, etc., biometric technology pose risks as well as opportunities. It can be used to create new user experience as well as to collect enormous amount of biometric data. This article discusses about biometric technology, its impact, increasing use in social media and risks as well as benefits associated with it.

In tangible world, we need to authenticate our identity at many places. We can prove who we are by showing a physical ID like driving licence, passport, etc. This way of identity verification / authentication is widely used in human intervened identity authentication and works pretty well.

But in digital space, presenting physical IDs or documents will hardly be a feasible way of identity authentication. Would you show your ID every time you login to your email account? Instead, a more convenient approach of proving your identity or ownership in digital space (e.g. your email account) would be to provide something that only you know, for example, passwords, PINs, secret questions, etc.

The requirement for identity verification / authentication is placed to control access to a secure facility or service, so that only eligible or authorized individuals / entities can pass the authentication challenge. It may be a secure physical facility or a digital one, for which the process of authentication needs to take place. Sometimes you may need to have your identity verified for law enforcement, background check, travel, etc.

Authentication serves as a barrier to check an individual’s eligibility or authority to a service, facility or ownership. The process of authentication / identification may be apparent, i.e. it can be seen happening, e.g. checking physical IDs, asking questions, entering passwords, or scanning face / finger etc. or it may take place in the background without user awareness, e.g. in biometric surveillance, monitoring, etc.

Over the internet, multiple measures can be taken into accounts when placing the process of identity authentication. Knowing right PIN or password may not be enough for some service providers depending how stringent the service provider want to keep the process. A service provider may choose to restrict your login request, even if credentials are correct if the request seems to be coming from an unusual location, device, insecure network, etc.

For a long time, passwords seemed like a perfect method of identity authentication on the internet and information systems. You could setup a secret string and provide it to prove your ownership over a digital space every time you need to access it. It worked like digital lock and key, in which nobody knew the secret pattern of your key, except you.

Over time, the number of internet based services has grown exponentially, so has the numbers of passwords. Password based exploits and cyber-attacks have become more sophisticated than ever. Once posed as the ultimate tool for information security, they now look more like a weak link in it. Now technology firms, services providers as well as users are betting on biometrics as the new weapon against the information security threats.

Today, biometric security measures are used for high security access control, law enforcement, border control, etc., where high level of security is desired. In physical facilities, biometric security measures, along with human supervision can further strengthen the security. Biometric network security is leveraged for implementation of information security practices in computer networks. Biometric login has begun to replace PINs / passwords for logging into information systems and even the high security banking and financial apps.

Despite the impressive growth, it was not easy for biometric technology to find the gap among already prevailing traditional methods of identification. People had been using traditional method of identification for ages and they were comfortable with that. Now, biometrics is being seen as the future of identification and authentication.

Social media is one of the most popular services over the internet. Social network or Social media network is a network of virtual social connections / communities served via a web / mobile application, where people can share ideas, information, career interest, entertainment, etc. It mostly runs on user generated / posted content like photos, videos, text, etc. Facilitator of the social media network does not have much role in content part except its representation, control and commercial interests.

Social media service has gone through notable changes since its inception and has become more influential over time. Now with the rise of smartphones, social media facilitators are largely targeting these devices due to several benefits they offer. Users can be in touch with their social media network, even when they are mobile.

Mobile devices come equipped with a variety of sensors, which can detect location, movement, proximity, etc. and use it for their commercial interests as well as offering a new way to communicate with social media connections (e.g. people near me based on GPS location). Modern smartphones also come equipped multiple biometric recognition abilities like face, voice, fingerprint, iris recognition, which allows social media facilitators to use them for different purposes including security, authentication, user recognition, etc.

Now with increasing use of biometrics for authentication, security and other applications, social media platforms are eyeing to leveraging biometric data of users.

Social media apps may contain a lot of personal and sensitive data, which, if compromised, can have many negative impacts on a user. Securing this information is as important as securing an email account or an ecommerce account. Before the rise of biometric authentication, social media apps used password / PIN based authentication.

Entering passwords on touch screen devices is hardly a user friendly experience, if users can recollect today’s complex passwords at all. Biometric authentication on mobile devices has solved this problem and has improved the authentication process dramatically.

Biometrics in social media network can also be used to protect user privacy. When Facebook introduced face recognition in December 2017, it enabled users to get notified when someone posts their photo on the network or their face is found in any photo. Following that, users could request a deletion of the photo if they wanted to.

Prior to the introduction of face biometrics on the social media network, Facebook users were only notified when their photo was tagged by someone. Face recognition technology also informs users if someone uses their photo in his/her profile picture to help detect impersonations. It also makes it possible for the visually impaired to have screen readers tell them who’s tagged in friends’ photos.

Most social media companies offer it as a free service. Top social media players like Facebook, Instagram, Twitter, LinkedIn, etc. offer their services free of cost and never charge end-users for their services. These companies serve billions of users around the world, for example, Facebook has more than 2.20 billion monthly active users followed by YouTube, the world’s most popular video sharing platform which has 1.9 billion monthly active users.

However, serving billions of users around the world has its own challenges and require a lot of efforts including hardware, software, manpower and many other resources, which costs a lot of money. Social media platforms cannot operate without being profitable; however, this profit is not earned directly, i.e. in the name of social media services. Revenue of social media companies depend on their reach. More users they have, more personal data they can collect and they can partner with other companies for serving ads, campaigns, promotions and charge them for it.

Biometrics in social media opens new window of opportunity and help companies with more focused personalized advertising, paid promotions and campaigns. They can propose the use of technology to their partners and highlight how it is more beneficial than traditional advertising. As of now, most social media companies which have rolled out or rolling out the face recognition feature are in defensive mode due to common outrage against the technology and new biometric data privacy laws like BIPA in the United States, GDPR in European Union, etc.

Though social media platforms are said to run on content posted by users, they do capture a lot of data generated out of user activities. Now with widespread use of smartphones for activities which earlier required a PC, it has become easier for social media platforms to collect device and activity data, which was not available previously.

Social media apps can be created to collect real time information from large groups of individuals in order to harness the wisdom of crowds in a variety of decision processes. For example, the Google Latitude application collects mobile position data of uses, and uses this in order to detect the proximity of users with their friends.

Digital world is up to suck every bit of information it can. Internet based services wants to know websites you visited, searches you performed and many more types of personally identifiable information (PII). Smartphones want to collect your location history, the places you have been to, apps you used, even your sensor data and screen-on time. This data collection usually goes unnoticed as most user tracking activities take place in the background.

Biometric data is unlike any other types of PII. Many elements of non-biometric PII may change over time, making it unusable at some point of time. For example, data collected out of online activity, IP addresses, etc. may change over time, making it obsolete. People may even change their locations and even name, but biometric data is for forever. It is once collected, can be used forever to identify or track a subject. So collection of biometric data is arguably the most invasive form of data collection.

However, social media platforms legalize their data collection actions by making user click “Agree” button of their lengthy, complex and full of legal jargons “Terms of use” text. An average user does not bother to read those “terms of use” published with fine print and beyond comprehension of most users.

Since users post a lot of photos and videos on social media sites, face recognition has become the most preferred biometric modality of social media platforms. However, use of face recognition technologies can potentially lead to privacy invasion. Facebook, the largest social media platform, is a good example of such privacy invasion.

Social media giant Facebook has been facing a $35 billion class action lawsuit regarding alleged misuse of facial recognition data in the U.S. state of Illinois. According to this lawsuit, which was filed by Facebook users in the state of Illinois, users never consented for their photos to be scanned with face recognition nor were they informed that how their biometric data will be used and for how long it will be stored.

Growing concern about the increasing use of biometric technology for biometric data collection, user tracking and surveillance are being recognized by the authorities. In May 2019, San Francisco became the first city in the United States to ban the use of facial recognition technology by police and city agencies. This ban came into effect when the city’s Board of Supervisors voted 8-1 in favour of the ban.

Now when the ordinance is in effect, government agencies will have to disclose any use of face recognition technology and any planned use have to go through Board of Supervisors approval processed.

Originally developed for enabling communication and sharing among people, social networks have become more influential than any other internet based service. They have been praised for spreading ideas, connecting people, influencing innovations, etc. On the other hand, they are also alleged for causing disruption, spreading rumours, changing election results, etc. Social media itself is neutral; it is largely up to people how they use it.

Now social media platforms are leveraging biometrics to expand their horizon. Biometrics on social media is being used for security, privacy control, creating new user experience and more. Social media has become a powerful tool that can influence creation as well as disruption, and with biometrics it becomes more powerful than ever.