Korea's Biometric Data Dilemma
By Matthew Fennell, Senior Contributor
December 17, 2021 ㅡ Using biometric data is often the most secure and convenient way to unlock a device and access various accounts for those who own a smartphone. Fingerprint readers, iris scans, and facial recognition are fast becoming the preferred way for individuals to log in to their bank accounts, make online payments, or verify their identity. Yet, if biometrics are leaked, a complete recovery is impossible due to the uniqueness of the data. If your credit card number is stolen, you get a new card and cancel the old information. But how do you replace a fingerprint or facial features?
As biometric data is highly sensitive, it is no surprise that people in Korea were unhappy with the government recently sharing around 170 million photographs of passengers traveling through Incheon Airport with private companies. The Ministry of Justice and Ministry of Science and Technology transferred facial images of both Koreans and foreigners, along with their nationality, gender, and age, to private businesses for AI technology research. In Korea, this biometric data is crucial for the country's heavy investment in the development and commercialization of artificial intelligence, and in this industry, the more data, the better. With Korea utilizing its vast CCTV network to harvest biometrics, how concerned should we be that our data may fall into the wrong hands?
Korea's capability to collect biometric data is partly due to the number of closed-circuit television (CCTV) cameras in public places. With around 100,000 new cameras installed each year, over 1.3 million government cameras are now operating across the country. Compare this to the 565,723 working cameras in 2013, and there has been a 130% increase in CCTV coverage over the past seven years. Of all the government cameras in Korea, almost half were installed to protect property and avert fire, around 45% were fitted for crime prevention, and the remaining 5% were used for traffic enforcement and other data collection purposes. While many citizens support the use of CCTV, there are concerns about the increased harvesting of biometrics, especially considering the Incheon Airport data was given to companies for "AI learning" without consent.
So, just how easy is it for companies to gain access to biometric data? According to Dong Hoon Lee, a researcher at AI company Ziovision, strict legal regulations mean that private companies in Korea are extremely limited in compiling biometric data. Furthermore, research using biometrics is managed and controlled by government agencies or institutions like the Institutional Review Board (IRB). Government and privately collected data, such as that gathered from ADT's surveillance cameras, are strictly supervised, well protected, and not given to private companies without special legal authorization.
However, Lee also agrees that citizens should recognize the threat of data leakages and privacy infringement. Facial recognition data is essential to protect as it contains distinctively sensitive information. In fact, many US companies and research institutes have declared that they will no longer carry out facial recognition activities in response to data protection concerns. Despite worries about invasions of privacy, Korea is expanding its ventures into AI and applying the technology to real-life scenarios. For example, in January, a nationally-funded project will see Bucheon, a satellite city to Seoul, use artificial intelligence (AI), facial recognition, and thousands of closed-circuit video cameras to track the movement of those infected with coronavirus. The system will use AI algorithms and facial recognition technology to analyze images gathered by more than 10,820 security cameras. Opponents have expressed concerns that the government will keep and exploit such data beyond the battle against Covid-19.
As Korea increases AI-powered facial recognition for many other uses, from detecting child abuse at daycare centers to providing police protection, the threat of having this data fall into the wrong hands also increases. Although the risk of biometric identity theft is still relatively small, recent cases in Korea highlight that it is still a possibility. Just last month, criminals stole the fingerprints from an ID card of a landowner, used a silicone expert to replicate his print, and successfully carried out an illegal sale of a property. The threat of "spoofing," the practice of fooling a biometric security system using stolen or copied biometric information, is something that citizens in Korea may well have to get used to soon.
There is no doubt that AI technology can help prevent crimes, increase safety, reduce unnecessary human interaction, and support medical treatments. Korea has recently launched several initiatives, for example, the National Strategy for Artificial Intelligence, to advance Korea in AI, and biometric data collection is a central part of the process. Yet, as we start seeing actual crimes associated with biometric identity theft, the Korean government must take security threats more seriously and implement more robust protection to keep data safe.