Xiao Guo and Yifan Zhang
With the ongoing trend towards digitization and informatization globally, Facial Recognition Technology (FRT) has emerged as a prevalent force in the 21st century, experiencing a significant surge in practical applications, thereby triggering a fresh wave of market expansion.
Nevertheless, this development is accompanied by potential risks and crises.
Globally, prominent software and information technology corporations have implemented facial recognition technology across various facets of daily life, including smartphone unlocking, payment transactions via face scanning, and user login verification.
These applications all involve collecting, storing, identifying, and comparing facial data from individuals.
However, the extensive adoption of facial recognition technology in multiple sectors has inadvertently led to the indiscriminate gathering and storage of facial data, posing a significant challenge to the security of facial data.
In the realm of data globalization, face recognition data has progressively emerged as a pivotal global security concern, characterized by the intricate interplay of widespread technology utilization, cross-border data flows, the globalization of security threats, and the prevalence of transnational criminal activities.
Regarding the extensive implementation of the technology, numerous prominent technology corporations are globally advocating for the utilization of face recognition technology, and their offerings have achieved widespread adoption across various countries and regions.
Additionally, smartphone producers are integrating face recognition capabilities into devices marketed globally, thereby facilitating the generation and storage of face recognition data transcending national borders.
Concurrently, face recognition technology has gained extensive application in various international collaborative endeavors.
Specifically, within domains such as border administration and Interpol’s criminal investigation, facial recognition data may be exchanged among different nations, amplifying data security concerns’ international dimension.
Regarding the cross-border movement of data, in recent years, multinational software and information technology enterprises have experienced significant expansion, establishing branches of data centers both domestically and internationally.
In these centers, facial data, once collected at the user-facing front-ends of software or applications, is securely stored within the databases of the respective equipment terminals.
A significant quantity of facial recognition data is securely stored in a centralized manner within the data center.
Nevertheless, it is imperative that the security measures of the database are rigorously implemented, as any shortcomings in this regard could render the system highly vulnerable to unauthorized access, ultimately resulting in the potential for data breaches.
Concurrently, inappropriate actions or malicious conduct by insiders may also give rise to data breaches, encompassing unauthorized access, illicit downloads, and the profit-motivated resale of data, thereby posing significant risks to individual users.
With respect to the globalization of security threats, facial recognition algorithms may exhibit vulnerabilities.
These systems frequently become the target of spoofing attacks, which involve the employment of AI-generated photographs, videos, or 3D masks with the intention of deceiving the recognition systems and impersonating individuals for the perpetration of transnational fraudulent activities.
The accuracy of the algorithm may also be affected by environmental factors, such as light, angle, and occlusion, leading to misrecognition or failure to recognize, thus making the security of data less reliable.
The face recognition system itself may have software vulnerabilities, such as failure to update the operating system on time, database vulnerabilities, etc., which allow attackers to invade the system and steal face recognition data.
Network security concerns have the potential to result in data breaches, where sensitive and unencrypted information could be intercepted during the transmission process over networks.
Additionally, systems may be vulnerable to cyber-attacks, including Distributed Denial of Service (DDoS) attacks and SQL injection attempts, which could compromise the integrity and confidentiality of data.
Regarding cross-border data crime, it is noteworthy that cross-border facial data is frequently stored within cloud servers or databases, making them susceptible to potential attacks by hackers.
Cybercriminals have the capability to unlawfully obtain facial data via cyberattacks, subsequently engaging in the illicit sale of such information to nefarious actors or exploiting it for other unauthorized purposes.
Unlawful individuals may utilize stolen facial data to fabricate the identities of others and engage in criminal activities such as fraud and theft.
The counterfeited facial data can be employed to obtain other people’s bank account information, credit card information, and so on through the facial recognition system and subsequently conduct illegal transfers or consumption.
Face data is characterized by transnationality and the diversity of data centers. These characteristics determine that the security of face data necessitates global participation in governance.
On the one hand, numerous governments have acknowledged the significance of safeguarding face recognition data security and have embarked on enhancing international collaboration efforts.
In the United States, with regards to the cities of Pittsburgh, Philadelphia, and Virginia, the implementation of facial recognition technology necessitates prior legislative sanction.
Additionally, the states of Massachusetts and Utah mandate that law enforcement agencies submit a formal, written request to the respective state agency that administers the database prior to conducting any facial recognition searches.
The prevailing circumstances dictate the nature of the task at hand, and in the current context, it is imperative that law enforcement agencies from diverse nations forge a close collaboration to undertake joint investigations and operations aimed at combating cross-border data offenses.
By facilitating the exchange of intelligence, evidence, and technical expertise, we can enhance the capacity and efficacy of our collective efforts in combating such crimes.
On the contrary, in addition to cooperation between governments, it is imperative that the reinforcement of business-to-business cooperation remains an ongoing endeavor.
Numerous technology companies and enterprises have commenced recognizing the paramount significance of safeguarding face recognition data, and have subsequently implemented a series of measures aimed at bolstering data protection.
Apple, the company, has initiated the implementation of encryption, anonymization, and various other methodologies to safeguard the personal information of its users.
The Face ID technology employed in the iPhone X and subsequent models ensures that the user’s facial data is encrypted and safeguarded by a unique key, which is exclusively utilized within a secure environment and cannot be transmitted or accessed by any applications installed on the device.
Additionally, Face ID imposes a limitation of five unsuccessful authentication attempts, subsequent to which, a passcode becomes mandatory for access.
Additionally, international organizations hold a pivotal position in fostering global collaboration pertaining to the security of facial recognition data.
Esteemed entities such as the United Nations and the International Telecommunication Union have commenced to scrutinize the advancements and implementations of facial recognition technology, subsequently establishing a comprehensive array of pertinent standards and guidelines.
The European Union has emerged as a pioneering force in the realm of data protection, exemplified by its enactment of the General Data Protection Regulation (GDPR).
This regulation meticulously outlines stringent norms pertaining to the gathering, utilization, and safeguarding of facial recognition data, thereby establishing a robust framework for safeguarding individual privacy rights.
The European Union has also embarked on collaborative endeavors with various countries and regions in the realm of data protection, aiming to foster the standardization process of global data protection measures.
The ongoing deepening of international cooperation and exchanges regarding face recognition data security, as well as the efforts to combat cross-border data crimes, are instrumental in advancing and safeguarding human rights and ethical principles.
This collaborative approach aids in guiding the development of the software and information industry within the framework of the rule of law, thereby enhancing the efficacy of face data utilization and fostering an international framework for face data security.
*The writers are scholars at Baize Institute for Strategy Studies, Southwest University of Political Science and Law,China.
*The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of the publication.
 has emerged...read more){kind=link}