Advances in image processing and analysis as well as machine learning techniques have contributed to the use of biometric recognition systems in daily people tasks. These tasks range from simple access to mobile devices to tagging friends in photos shared on social networks and complex financial operations on self-service devices for banking transactions. In China, the use of these systems goes beyond personal use becoming a country's government policy with the objective of monitoring the behavior of its population. On July 05th 2021, the Brazilian government announced acquisition of a biometric recognition system to be used nationwide. In the opposite direction to China, Europe and some American cities have already started the discussion about the legality of using biometric systems in public places, even banning this practice in their territory. In order to open a deeper discussion about the risks and legality of using these systems, this work exposes the vulnerabilities of biometric recognition systems, focusing its efforts on the face modality. Furthermore, it shows how it is possible to fool a biometric system through a well-known presentation attack approach in the literature called morphing. Finally, a list of ten concerns was created to start the discussion about the security of citizen data and data privacy law in the Age of Artificial Intelligence (AI).
翻译:在中国,利用这些系统不仅仅是个人使用,而是成为一国政府的一项政策,目的是监测本国人民的行为;2021年7月05日,巴西政府宣布购置了将在全国使用的生物鉴别系统;在中国、欧洲和一些美国城市的相反方向,已经开始讨论在公共场所使用生物鉴别系统的合法性,甚至在其领土上禁止这种做法;为了更深入地讨论使用这些系统的风险和合法性,这项工作暴露了生物鉴别系统的脆弱性,重点是表面模式;此外,它表明如何通过在被称为变形的文献中采用众所周知的演示攻击方法来欺骗生物鉴别系统;最后,为了开始讨论在人工智能时代的公民数据和数据保密法(AI)。