"If even facial data is hacked, do we have to get plastic surgery."
Starting on the 23rd, the government piloted face authentication along with identity verification in the mobile phone subscription process. The three major mobile carriers and some budget phone providers will run the pilot for three months, then fully introduce it on Mar. 23 next year. The government and telecom companies said that "biometric data used for authentication is not stored," but consumer backlash is intense.
The face authentication system is provided through the PASS app operated by the three carriers. It checks whether the person holding the ID is the same as the person in the ID photo. The Ministry of Science and ICT said only the result of whether it is the same person is stored, and biometric data is not kept separately.
The Ministry of Science and ICT said that during the pilot period, mobile phone subscriptions will proceed even if face authentication fails, and that it will closely analyze failure cases to improve recognition accuracy. The ministry said it expects that introducing face authentication will fundamentally block burner phone openings that use forged IDs or name lending. Losses from voice phishing via burner phones reached 1.133 trillion won as of Nov. this year, and the aim is to prevent such crimes.
However, consumers ask back, saying, "Facial data is unique, immutable personally identifiable information, so once it leaks, recovery is virtually impossible," and "How can we trust the security system when all three telecom companies were hacked at once."
As of 5:58 p.m. on the 22nd, 31,906 people had endorsed a petition on the National Assembly e-petition site titled "Petition against mandatory facial recognition policy." The petition was posted on the 18th. The petitioner said, "The public should not be forced to provide irreversible biometric data as a condition for routine communications use," and "Stop pushing for mandatory biometric authentication and define it as an option." The point is to first introduce authentication methods that can substitute for biometric data and to conduct sufficient public debate and impact assessments for the entire population.
China has mandated facial recognition for mobile phone subscriptions since Dec. 2019. At the time, state-run CCTV warned that many apps were collecting and conducting transactions with facial data without consent, creating side effects.
Controversy erupted after talk emerged that foreigners would be excluded from face authentication targets. Tasks subject to face authentication now include new subscriptions, number porting, device changes, and name changes using resident registration cards and driver's licenses. That has prompted claims that foreigners without resident registration cards or driver's licenses are receiving preferential treatment. An official at the Ministry of Science and ICT explained, "Developing technology to read IDs requires more time for passports and alien registration cards," adding, "In the second half of next year, we plan to expand coverage to other IDs such as veterans' cards, disability registration cards, and alien registration cards."
Voices opposing face authentication are also coming from politics. People Power Party Spokesperson Jo Yong-sul said in a commentary, "For those who aim to commit crimes, facial recognition is not an insurmountable barrier," adding, "If they want to exploit it for crime, they can simply open a burner phone that has even passed facial recognition."
Experts also express grave concern about mandating face authentication without a public deliberation process. Jang Hang-bae, a professor in the Department of Industrial Security at Chung-Ang University, said, "It is understandable as a measure to strengthen security, but facial recognition has a high error rate, and from the public's perspective, there is anxiety about personal data leaks," adding, "It should be introduced in stages after securing safety with sufficient time, but it appears to be mandated in too short a period."
Lee Dong-hoon, a distinguished professor at the Graduate School of Information Security at Korea University, said, "Face authentication determines it is the same person if a significant portion of the numerous facial feature points match, so the authentication itself cannot be seen as collecting all facial data, but in security nothing is 100% safe," adding, "If the public feels uneasy, they should be given a choice; forcing it is not acceptable."