A woman strolls into a grocery store, thinking about grabbing some apples. Before she even reaches the produce aisle, a security camera has scanned her face. Whether the system is checking for shoplifters or simply logging her arrival, her face has joined a digital ledger, a trace she can’t easily erase. Retailers, banks, airports, stadiums and office buildings are doing the same.
But what if the woman’s facial information is stolen or misused? If a cybercriminal steals her password, she can change it. If they acquire her credit card number, she can cancel the card. But she can’t reset or revoke the appearance of her cheekbones.
Facial recognition systems don’t keep actual images. They convert a face into a mathematical template that maps the positions and proportions of the face’s features. When another camera scans a person later, the system checks their live face against these templates to confirm an identity.
In my work as a cybersecurity professor at Rochester Institute of Technology, I have found that even though templates are more secure than photos – which anyone online can capture and manipulate – templates, too, can be stolen. Once that happens, these digital keys create a lifelong vulnerability. If a facial recognition database is breached, the “locks” that a template opens – accessing a bank app, getting through security at an airport, entering an office building – can’t be reset. A person’s face is permanent, and so is the threat.
The threat isn’t theoretical. Biometric data has been stolen in data breaches. In 2024, biometric data from a facial recognition system used at bars and clubs in Australia was hacked. And in 2019, biometric data from a pilot facial recognition system set up by U.S. Customs and Border Protection was breached in an attack on a subcontractor’s network. It’s not clear whether anyone’s stolen biometric data has been exploited, however.
Catching a ballgame? Security cameras might be catching and digitizing your face.
AP Photo/Matt Slocum
Tracking your face
All biometric identifiers carry risks. Fingerprints and iris scans, however, are typically used in controlled situations, such as unlocking a person’s phone or allowing someone to enter a building. In these cases, a person has to deliberately look at a scanner. Cameras in public spaces, in contrast, can capture faces as people walk by, from a distance and without the people whose faces are scanned realizing it.
If a fingerprint or iris database is breached, a thief still needs to physically present that finger or eye, or a fake of it, to a scanner. However, someone could match a stolen facial template against images from surveillance cameras or photos circulating online, making it easier to identify a person of interest or track someone’s movements and activities.
There’s also a big difference, technically and ethically, between keeping a face on a phone versus…
