A complex picture of your personal life can now be pieced together using a variety of public data sources, and increasingly sophisticated data-mining techniques. But just how accurate is that picture?
Last week in Las Vegas, at the computer security conference Black Hat, Alessandro Acquisti, an associate professor of information technology and public policy at the Heinz College at Carnegie Mellon University, showed how a photograph of a person can be used to find his or her date of birth, social security number, and other information by using facial recognition technology to match the image to a profile on Facebook and other websites. Acquisti acknowledges the privacy implications of this work, but he warns that the biggest problem could be the inaccuracy of this and other data-mining techniques.
Acquisti says that his current work is an attempt “to capture the future we are walking into.” In this future, he sees online information being used to prejudge a person on many levels—as a prospective date, borrower, employee, tenant, and so on. The Internet, he says, could become “a place where everyone knows your name”—a worldwide small town that won’t let you live anything down.
Beyond the obvious concerns about strangers knowing more than ever about you, Acquisti worries about what will happen when the technology makes mistakes. “We tend to make strong extrapolations about weak data,” says Acquisti. “It’s impossible to fight that, because it’s in our nature.”
A number of companies have already begun using social media to measure and track reputation. The Santa Barbara, California, company Social Intelligence, for example, performs social-media background screenings on prospective employees, promising to reveal negative information such as racist remarks or sexually explicit photos, or positive information such as signs of social media influence within a specific field. Other companies, such as Klout, track users’ level of social influence, allowing advertisers to offer special rewards to those with high scores.
But Acquisti’s research demonstrated the pitfalls of placing too much relevance on social networking data. His team took photos of volunteers and used an off-the-shelf face recognizer called PittPatt (recently acquired by Google) to find each volunteer’s Facebook profile—which often revealed that person’s real name and much more personal information. Using this information, the team could sometimes figure out part of a person’s social security number. They also created a prototype smart-phone app that pulls up personal information about a person after they are snapped with the device’s camera.
Gain the insight you need on security at EmTech Digital.