There’s an ongoing discussion in the media and society at large — and no small amount of controversy — involving facial recognition and facial authentication or identification. While the technology is similar, they have different uses and serve different purposes. Knowing the differences is crucial to understanding the ethical and legal concerns related to facial recognition.
ExamSoft has long been a leader in secure digital assessments, but when education went online due to the COVID-19 pandemic, one of our newer offerings, ExamID, came under scrutiny for its facial identification element. Our picture-matching technology was (and still is) often confused with more controversial facial recognition uses.
In an effort to clarify, I’d like to define the terms and give some examples of each. It’s important that the public and our clients know that ExamID uses facial authentication (or identification), not facial recognition.
Facial Recognition: Facial recognition has become controversial due to its use in police departments and other organizations where people are compared to others in a database. A recent article from Electronic Frontier Foundation notes, “Face recognition systems use computer algorithms to pick out specific, distinctive details about a person’s face. These details … are then converted into a mathematical representation and compared to data on other faces collected in a face recognition database.” This software is primarily used for security reasons. For example, law enforcement may use it to identify criminals or terrorists. The image of a suspect is compared to a database of other photos to identify the person in question — without that person’s consent.
Unfortunately, facial recognition software is not perfect, and some studies suggest that just under 10% of matches turn out to be false positives (HAKIN9). The false positives, along with the lack of consent or knowledge of surveillance, can cause problems for users of facial authentication or verification software when the two are confused. ExamSoft has found itself in the middle of that confusion.
Facial Authentication/Facial Verification: While facial authentication uses similar technology, the application is completely different. Facial authentication software is used to compare two photos of a single person — with their consent. It is used primarily for account protection (e.g., bank accounts, unlocking phones, and secure exams). Using facial authentication prohibits unauthorized users from accessing these accounts and the data therein.
A recent article from Forbes distinguishes the two well: “Facial authentication verifies an individual’s identity, whereas facial recognition often exposes it.”
ExamSoft’s ExamID uses facial authentication to ensure that the person taking an assessment is the person they say they are. The exam-day photo is only compared to that exam-taker’s baseline photo, a picture that they themselves take on their own device and that they approve for use. Not only does this promote academic integrity, it also helps provide accurate assessment data to our client institutions.
It’s important to mention that if ExamID cannot match the two photos, the client (not the exam-taker) is notified and provided the files to make any determination about academic dishonesty. Exam-takers continue with their assessment without error messages or notifications, delivering an equitable experience for all.
I hope this information helps explain the differences between facial recognition and facial authentication or verification — not only regarding secure exams, but as you move through the evolving digital landscape.
Thank you,
Eric Link
VP, Engineering
