NIST has been working on a "Digital Identity Guidelines" document for a while, with the second draft being prepared for its final review:
nist.gov/news-events/news/2024…
It looks like they want to include facial recognition as one of the options, but they insist that any solutions will need to take privacy into account.
I'm glad they're considering that, but I don't see any mention of relatively simple methods for fooling these systems, as discussed in this article (among others):
vice.com/en/article/hackers-fo…
Hackers Fool Facial Recognition Into Thinking I’m Mark Zuckerberg
Using a new technique, researchers say they can make AI systems misidentify people by adding small bits of data to the images.Todd Feathers (VICE)
ansuz / ऐरन
in reply to ansuz / ऐरन • • •see also "We Broke Into A Bunch Of Android Phones With A 3D-Printed Head" which can be read in full if you disable javascript:
forbes.com/sites/thomasbrewste…
We Broke Into A Bunch Of Android Phones With A 3D-Printed Head
Thomas Brewster (Forbes)ansuz / ऐरन
in reply to ansuz / ऐरन • • •they're accepting public comments until October 7th, 2024.
I'm not American, nor do I have any particular industry experience with facial recognition other than a broad knowledge that biometric authentication is very often a terrible idea.
Perhaps someone on fedi who has a bigger stake in this wants to draft some open letter or something? I will happily add my signature to anything that raises these concerns in a well-considered manner.
I'll probably write something short if nothing substantial is organized before that deadline, but it would probably be more effective coming from a broader coalition.
#NIST #infosec