Comment: Callsign on the new Gov.uk app
October 2021 by Callsign
Following the announcement that the government is set to launch a new Gov.uk app, please find comment below from Ian Welch, COO at Callsign on why facial recognition as a standalone authentication method is problematic.
“The proposals for a new Gov.uk app should be welcomed for simplifying digital access to public services. However, I believe that the app shouldn’t force users to use static biometrics such as facial recognition to login.
This is because, facial recognition, when used as authentication method, can potentially exclude pockets of the population based on their inherent characteristics. Recently, Uber drivers found their accounts being closed after facial recognition technology failed to authenticate them. Public services by their very nature should be inclusive of all, but there is a risk that using facial recognition in particular will be exclusionary and perpetuate inequality.
Most worrying is that static biometrics are a simple “yes or no” question, asking “is this a user’s face/fingerprint?”. If for some reason, that answer is no, people won’t be able to access important public services. If the backup plan is a password, then we’re back to weak and easy-to-compromise security methods.
The government must also consider a growing awareness of privacy. Only 38% of UK consumers feel comfortable using static biometrics, such as fingerprint ID or facial recognition, to confirm their identity when using a service or buying a product. Using static biometrics means holding personally identifiable information, meaning that if compromised, a criminal could have access to your face and fingerprint.
The government should look to layer passive behavioural biometrics with device and location data to remove a single point of failure. Layering passive authentication methods allows users to access services such as the Gov.uk app quickly, easily and securely. The use of this technology would help to preserve privacy and build trust with the public.”