Six degrees of the system "bump", is face recognition really safe?
Author:Changjiang Daily Time:2022.07.24
Recently, the first trial of the face recognition of people has caused social attention.
In this case, Li received a call claimed to be a police call, downloaded two apps on the website provided by the other party, and went to the bank to get a debit card at the bank as required by the other party, and transferred 40 to the card 40 to the card 40. For more than 10,000 yuan. When Li found the money on the card was transferred, he realized that he was right. Later, Li reported the case to the public security organs, and the police of the police station confirmed that she had encountered telecommunications fraud. Li believes that in the process of being deceived, the bank also has certain responsibilities, and then brought the bank to court on the grounds of "debit card dispute".
On June 30, the case ushered in the first trial judgment. The court believed that during the process of being deceived, there was a significant fault in operation, and the bank fully fulfilled the obligation of face recognition, mobile verification code confirmation, and artificial phone confirmation. responsibility.
As soon as the verdict came out, it caused discussion among people from all walks of life.
It is worth noting that in this case, Li's face information was easily obtained by the scammer, and successfully "hit" the face recognition protection system of the human face 6 times.
Face recognition, is it safe?
What is the system of "bumping"?
At 10:30 on June 19, 2021, Li, who was in Beijing, received a call from the "Police Officer Chen", saying that her passport was suspected of illegal entry in Harbin City, Heilongjiang Province, and asked Li to report to the Harbin public security organs. "Police Officer Chen" knows Li's ID number, so that Li Mou believes it true. Subsequently, the phone was transferred to the mobile phone of "Police Officer Liu" who claimed to be the Harbin Public Security Bureau. The URL provided by "Police Officer Liu" shows that Li's suspected anti -money laundering case, Li's ID number and household registration information were accurate.
In order to "wash the crime", Li has downloaded the two mobile phone applications of "Public Security Protection" and "attention" in accordance with the requirements of "Police Officer Liu". In the "attention", Li and "Police Officer Liu" shared the mobile phone screen to "ensure" it is my operation. Under the guidance of "Police Officer Liu", Li set up a call transfer and SMS forwarding to transfer his mobile phone calls and text messages to the mobile phone number of "Officer Liu".
"Police Officer Liu" asked Li to apply for a bank card on the grounds of "investigating personal property". Li Mou applied for a debit card in a nearby bank, and at the same time opened the online bank and mobile banking, and then transferred his personal savings to the new debit card for a total of 429,000 yuan.
The wrong Li Mou logged in to the mobile banking and found that the deposit in the debit card was missing and then reported to the public security organs. During the investigation, the police found that during the transfer process, the scammer "hit" the face recognition system six times, and the 6 operations showed "successful biopsy".
Zhu Wei, deputy director of the Communication Law Research Center of China University of Political Science and Law, told reporters that during the video call process, simple face recording was almost impossible to "bump" the face recognition system, that is, the scammers did not use Li to "attract attention" A simple face showed "hit the library".
"It may be activated software." A person who had participated in a state -owned commercial bank face recognition security verification project told reporters that after getting a face -to -face video, it is possible to model the face with activation software. Open "face recognition system. "In the video, the victims are likely to have made a movement system that often requires the subjects to make the face recognition system."
It is worth noting that face recognition is not the only lock for commercial banks to verify the identity. When large transfer, modification of passwords, and application for mobile banking, the bank's verification method has face recognition, mobile verification code certification, and manual telephone verification. Unfortunately, because of the words "Police Officer Liu", Li settled on the mobile phone. He did not receive a mobile phone verification code sent by the bank and verified phone calls from the bank customer service. These telephones and text messages were intercepted by the scammers.
Is the bank responsible?
According to incomplete statistics from reporters, similar cases are not only Li. All cases point to a question: What responsibilities should banks bear in telecommunications fraud?
In Li's case, the bank's judgment of the bank was not responsible, causing some different opinions. Li's lover Ma is the agent of Li in the case. Ma work in the banking system. He believes that the verification model of "face recognition+SMS verification code" set by the bank is to ensure that the user himself operates transfer by himself. In the case of completely unknown Li, the bank should be responsible for poor control. "This is like this. I originally agreed that I needed to go to the bank to transfer money. Now others are faked in me. The bank does not find it, so the loss caused by me should not be completely borne by me."
Lao Dongyan, a professor at the Law School of Tsinghua University, told reporters that she did not agree with the bank's completely without responsibility. Lao Dongyan believes that if you go to the bank to apply for deposits, etc., if you do not agree with the collection, you will not be able to handle the corresponding business. "In other words, the face recognizes a system introduced by banks. Banks and technology companies are risks common manufacturers. Of course, they should bear some responsibilities. In addition, from the effect of prevention, let the bank bear part of the responsibility, which helps to help, which will help, which will help help. Forced the financial system to improve the security level and check the loopholes. "
The court of first instance stated in the judgment that Li was "obvious" in the process of being deceived. In this regard, some people believe that this is a typical telecommunications fraud case. Both banks and individuals have no fault, and individuals are just victims. Zhu Wei told reporters that face recognition is not absolutely safe, and scammers and guardians are under development and cannot be determined that banks have faults; but he also believes that if individuals are "obvious", they are not established. "Personal reserve households believe that the other party has the accurate ID number and household registration information, and believes that it is true. This is related to some of the servers who store personal information." Zhu Wei insisted that the residents were victims and were not over the wrong party. Essence The above -mentioned banks told reporters that "biopsy" is to distinguish the real face and imitation products. If the scammer models the face information of Li's face, he deceives the identification system and cheated 6 times. Then the "biopsy" Just like it. "Perhaps it is legal to use a SMS verification code and artificial phone calls to perform identity verification, which has fulfilled its obligations. But technically, the loopholes of the" biopsy '"are still obvious." Li Mou's fault should not set up telephone call transfer and SMS forwarding, and the bank's verification code and artificial telephone cannot be connected. Face recognition has become the only verification method. "Multiple verification methods should be used as much as possible to avoid using only one." The person said.
How to guarantee face information security?
Shortly after Li's case, my country's personal information protection law passed the review. In this law, face information is included in the biometric information and is protected by sensitive information. However, some people in the legal community believe that the current personal information protection law does not have separate protection measures for more special face information. As a long -term exposed biological characteristics, the face is easily obtained, and protection should be increased.
In 2020, after the sales of monitoring programs appeared in the sales office in Jinan, Tianjin and other places in Shandong, and extracted and identified the face information of the visiting customers, some house watchers were forced to wear a helmet to see the house to protect the face. At that time, the security problem of face information caused many people's alertness.
La Dongyan has always believed that it is necessary to protect biometric information separately. "The current legal protection of face information is mainly subject to personal consent, which means that individuals must bear all consequences after informed consent. In addition, in many scenarios, people are forced to agree. If they do not agree, they cannot use services normally. Obviously, individuals should not be allowed to bear all risks and responsibilities. "La Dongyan said.
Zhu Wei believes that face information as a kind of biometric information has clearly stipulated in the personal information protection law and civil code. The principle of protection of face information is not different from the principles of other personal sensitive information. The right to enjoy the subject of personal information is the same. "The significance of establishing a new law is not great. More importantly, the relevant departments formulate a detailed list, which stipulates which type of unit and in what scenario in the scenario. The equipment re -registered, recorded and approved is not far away. "Zhu Wei said.
(Source: Rule of Law Daily WeChat Public Account People's Daily Client)
【Edit: Fu Sakura】
For more exciting content, please download the "Da Wuhan" client in the major application markets.
- END -
The city's borrowing!Guangzhou Zengcheng's first community library branch opened
Read thousands of books and walk thousands of miles, a person develops a good read...
Tomb Pupae and Ancestral Hall Next: Xuzhou Han Portrait Shi Guan South Pavilion (1)
Cheng Tian JingzuThe ancestral hall, also known as the temple and the stone room, ...