Facial recognition is used for public surveillance and enterprise entry management. The 2 are very totally different; however each features endure from a serious disadvantage. Individuals don’t belief facial recognition.
Surveillance is the first downside – it’s intrusive and insufficiently safe. It’s non-consensual and utilized in public areas by unknown individuals for unknown functions. Entry authentication is extra constrained. It’s utilized in discrete buildings by particular person recognized operators for a recognized goal, and is consensual.
Facial recognition and surveillance
The first issues over surveillance-focused facial recognition are the nonetheless lingering recollections of Edward Snowden’s revelations of widespread and hidden NSA and GCHQ surveillance. That is mixed right now with the dearth of consumer consent for the gathering and use of private pictures, their storage in unknown databases, and their use by unknown entities for unknown functions.
Clearview and GDPR is an instance of the latter concern. Clearview web-scraped a big picture database which it sells on to the FBI, DHS and native police departments within the US. A number of European nations have levied fines (totaling greater than €60 million) for breach of GDPR’s lawfulness, equity, and transparency rules. Clearview hasn’t paid the fines, and with no formal institution within the EU, these fines can’t be enforced. It did, nonetheless, settle a case within the US.
Surveillance by facial recognition is nearly at all times in a public setting, so it’s one-to-many. There’s a database and plenty of cameras (normally numerous cameras – an estimated a million in London and greater than 30,000 in New York). These cameras seize pictures of individuals and evaluate them to the database of recognized pictures to determine people. The proprietor of the database could embody watchlists comprising ‘individuals of curiosity’, so the power to trace individuals of curiosity from one digicam to a different is included.
However the strategy of capturing and utilizing the pictures is nearly at all times non-consensual. Individuals don’t know when, the place or how their facial picture was first captured, and so they don’t know the place their knowledge goes downstream or how it’s used after preliminary seize. Nor are they normally conscious of the facial recognition cameras that report their passage by way of the streets.
Moreover, the surveillance course of itself has repeatedly confirmed insecure. The long-lasting instance dates to 2018 and Mexico Metropolis. A hacker working for the Sinaloa drug cartel obtained maintain of an FBI agent’s telephone data, hacked Mexico Metropolis’s surveillance system, and was in a position to monitor, threaten and kill the agent’s informants. Commercial. Scroll to proceed studying.
Though this dates to 2018, the DOJ OIG used it in a July 2025 report, noting the essential safety downside has not been solved however actually exacerbated by trendy know-how. The Guardian commented (June 27, 2025), “The report mentioned that latest technological advances ‘have made it simpler than ever for less-sophisticated nations and legal enterprises to determine and exploit vulnerabilities’ within the world surveillance financial system.”
Extra not too long ago, on November 3, 2025, lawmakers Ron Wyden and Raja Krishnamoorthi wrote to the FTC demanding an enquiry into Flock Security (an operator of license plate-scanning cameras) for not requiring MFA. The letter notes, “A search by Congressional employees of a public software operated by the cybersecurity firm Hudson Rock documenting accounts compromised by a type of malware generally known as an ‘infostealer’ reveals that passwords for a minimum of 35 Flock buyer accounts have been stolen.”
In brief, lax safety practices inside police departments permits criminals to realize entry to LEA surveillance cameras. These identical lax safety practices probably happen elsewhere and with various kinds of surveillance cameras. Evaluating this to the Mexico Metropolis incident, it may doubtlessly enable criminals to trace the progress of particular person autos.
However simply as trendy know-how can automate this weak spot, so can trendy know-how harden it.
Hardening the surveillance infrastructure
ZeroTier is a software program outlined overlay community outdoors of the info heart. It’s an encrypted end-to-end, peer-to-peer mesh overlay community. The encryption relies on cryptographic identities ultimately gadgets. Since it’s software program, the make or mannequin of the gadget is irrelevant. Within the video world, the cameras may come from any producer.
Seen as a software program agent put in in every gadget, the agent builds a tunnel to different specified gadgets. Working at layer 2, it will probably multipath and hop between bodily networks. It’s at all times up, safe and strong.
On October 23, 2025, ZeroTier introduced a partnership with Energetic Safety, a agency that makes a speciality of navy C5ISR methods (the S is for Surveillance, together with video surveillance of terrorist or legal gangs ‘of curiosity’ on the road). Safe and versatile peer to look networking has extensive potential for navy and federal software, however right here we’re specializing in the safe connection between digicam and distant database. The adoption of ZeroTier by a protection contracting agency might be considered as a vote of confidence within the know-how.
(JP Rike, CTO at Energetic Safety, instructed SecurityWeek, “I can’t specify who’s utilizing us, however we’re used on either side of the Atlantic by a number of totally different militaries.”)
Within the view of Energetic Safety, it’s the present video surveillance structure that’s the threat (confirmed again in 2018 in Mexico Metropolis and nonetheless extant within the Flock incident), not the person digicam. Utilizing ZeroTier’s networking, the risk will not be completely eradicated however is minimized to insignificance. Within the Energetic Safety use of ZeroTier, each single digicam is cryptographically unbiased of all others. If anybody digicam is hacked, the attacker will get solely the only feed with no chance of lateral motion to different cameras and different feeds – a repeat of Mexico Metropolis can be prevented.
That is essential. Cameras are put in in all places and in growing numbers. They’re being put in for public security, however the hazard is the methods may very well be hacked and accessed by criminals. The Energetic Safety / ZeroTier answer minimizes this risk. If a digicam is hacked, the legal can solely entry the one video stream – that legal couldn’t hop between a number of cameras to comply with a goal. If the video stream is hacked, it’s encrypted.
This technique doesn’t get rid of the general public mistrust of ’surveillance’, nevertheless it does assist make sure that solely these eyes approved to see the surveillance can accomplish that.
Facial recognition for entry authentication
The second use of facial recognition is for id authentication inside secured areas (primarily, however not restricted to, places of work, knowledge facilities and different discrete buildings – it may even be a personal dwelling home). It’s the biometric credential (one thing you’re, relatively than one thing you have got and may lose, or one thing you recognize and may neglect) that enables quick access for these approved to enter and transfer round inside buildings.
Alcatraz.ai is among the corporations providing a facial biometric authentication answer, however with a distinction.
“Once we got down to begin the corporate in 2016,” explains Tina D’Agostin, CEO of Alcatraz, “we knew the dialogue round public surveillance had created privateness issues. So, we got down to create a really privacy-first structure.” In a nutshell, what she means by ‘privacy-first’ facial recognition is facial recognition with no facial pictures saved anyplace.
“Once we enroll a brand new consumer,” she continued, “we take a facial illustration, a map of the face, which principally turns into a digital blob merely comprising zeros and ones.” This blob might be likened to a cryptographic hash: each is exclusive however meaningless by itself and can’t be reverse engineered to its unique supply. “We don’t retailer any picture – it’s transformed into this mathematical illustration.”
This units it other than the facial recognition of public surveillance methods. It is usually consensual (because the consumer chooses to work for the employer), it has a restricted and recognized goal (authentication solely), and it’s privacy-focused (no facial picture is captured, saved or transmitted anyplace).
When a consumer, an worker or approved customer, wants authentication to enter a constructing or restricted space throughout the constructing, a digicam rescans the face and recreates the identical face-map-blob. If it matches the saved blob, the consumer is granted entry. Whatever the particular person’s bodily id (title), that particular person is authenticated.
Alcatraz can also be effectively set to assist AI-inspired good buildings’ predictive safety. It already consists of fundamental parts. It detects tailgating entry makes an attempt (the place a non-authenticated particular person makes an attempt to slide by way of instantly behind an authenticated particular person). This predicts an issue and instantly prevents entry to the second particular person.
Present capabilities may very well be enhanced sooner or later. It may be aware of the time and door accessed by an authenticated particular person, although it is just conscious of the blob and never the particular person’s bodily id. It may then leverage event-scoped sample evaluation to assist safety groups anticipate anomalies, maybe by way of repeated failed entry makes an attempt, or uncommon, maybe after-hours entry to a given door.
This is able to allow predictive entry safety. There’s nonetheless no facial picture recorded, nor any people-tracking, nor watch-lists concerned – only a sample of occasions that would warrant additional investigation by the safety staff, combining each private privateness and enhanced predictive constructing safety.
Abstract
Most individuals are cautious of facial recognition methods. They’re thought-about personally intrusive and privateness invasive. Capturing a facial picture and utilizing it for unknown functions will not be one thing that’s routinely trusted. And but it isn’t one thing that may be ignored – it’s a part of trendy life and can proceed to be so.
Within the two main functions of facial recognition – entry authentication and the surveillance of public areas – the latter is the least acceptable. It’s used for the aim of public security however is basically insecure. What exists now might be, and has been, hijacked by criminals for their very own functions. There’s a chance that it may very well be utilized by a future authoritarian authorities for dystopian functions. And all we are able to do is make it as safe as attainable in order that solely approved individuals, whoever they’re, can use it.
The entry authentication goal is simpler to deal with. Companies are striving to develop non-intrusive facial recognition methods for entry management. It’s a friction-free technique of authentication, so is engaging for enterprise. It’s consensual and for a specified goal. And Alcatraz has already mixed these benefits with a privacy-focused technique of facial recognition that requires no seize or storage of any facial picture past an unintelligible blob of information.
Associated: OneFlip: An Rising Menace to AI that Might Make Automobiles Crash and Facial Recognition Fail
Associated: Meta Agrees to $1.4B Settlement With Texas in Privateness Lawsuit Over Facial Recognition
Associated: IRS to Finish Use of Facial Recognition to Determine Taxpayers
Associated: EU Knowledge Watchdogs Need Ban on AI Facial Recognition
