With the widespread popularity of face recognition applications, face information has become an important carrier for identity identification, access authentication, and verification in the digital era. However, this also gives criminals an opportunity to take advantage of it. Recently, the Guangzhou Internet Court announced a case of buying and selling citizens' personal information, in which the people involved used artificial intelligence to generate faces and forge face recognition authentication, thereby making illegal profits. There are two so-called "businesses" involved, one is called "head checking" and the other is called "passing face", let's see what's going on.
Beginning in September 2020, Zheng used an instant messaging software to form a group, and published advertisements to unspecified members of the public in the group, WeChat group, and QQ group, claiming that he could provide the so-called "head checking" business, that is, to find personal information such as personal high-definition ID cards** through ID numbers.
Duan Liqiong, President of the Third Comprehensive Trial Division of the Guangzhou Internet Court: The so-called "head check" is based on the needs of buyers, as long as the buyer can provide personal information such as name, ID number, etc., you can obtain the high-definition **, mobile phone number, home address and other personal sensitive information of the ID card containing face information of the search object.
According to Zheng's confession, he asked for about 15 to 20 yuan per piece of information from an unspecified family through social platforms for individuals corresponding to certain ID numbers. Ren, Dai, and Chen successively purchased citizens' personal information from Zheng through the group formed by Zheng with **50 to 100 yuan each**, and used artificial intelligence software to make fake face dynamic recognition**, which can complete actions such as nodding and blinking, which can be used to unblock accounts, verify the real-name authentication of some apps, and illegally profit from it.
Duan Liqiong, President of the Third Comprehensive Trial Division of the Guangzhou Internet Court: The "face-passing" business is to generate such facial information through the synthesis of software to generate a dynamic that simulates the dynamics of real people**. For example, what is needed in the face verification process now, looking left, looking right, opening the mouth, raising the head, etc., can be generated by the ** method of face synthesis. When entering the face verification link of the APP or account verification, as long as the clarity of the face in ** meets the corresponding requirements, the system will judge that it is a real person operation, so as to pass the face verification link and achieve the purpose of cracking the account.
According to the suspect's confession, after cracking the face recognition system, the criminals will enter other people's WeChat and other mobile phone application software accounts to obtain personal privacy and information such as relevant chat records, payment records, and movement tracks, and continue to go to the next home**. After trial, the court found that the four people involved in the case illegally processed more than 2,000 pieces of personal information and illegally gained more than 100,000 yuan, constituting the crime of infringing on citizens' personal information, and were sentenced to fixed-term imprisonment ranging from one year and two months to one year, and each was fined.
In this case, in addition to being criminally punished for infringing on citizens' personal information, the procuratorate also filed a civil public interest lawsuit for personal information protection with the court in accordance with the law on the grounds that the acts of the four defendants infringed on the public interest. It is reported that this is also the first civil public interest litigation case involving "face recognition" in the country.
According to the provisions of China's Civil Code, personal information protection and other relevant laws, face information is a person's biometric information, and face recognition information has an unchangeable nature compared with other personal information, so it is specially protected as personal sensitive information. The judge said that the illegal collection, sale, and use of the facial information of unspecified members of the public through the so-called "head checking" and "face passing" methods without obtaining the authorization and consent of the information subject infringed on the information self-determination rights of the unspecified public.
The victim was unable to verify that the four defendants were awarded public interest damages.
After trial, the court held that the four defendants illegally obtained citizens' personal information, forged face recognition**, cracked the face verification system, and violated the real-name network security management system. In the course of committing the infringement, the four persons involved in the case used the incineration function of a certain software to delete a large amount of information and transaction records, and the number of victims, their identities, the whereabouts of the information, and the use of the information cannot be verified. Although the victim in this case cannot be specified, the leaked personal information is still circulating in the online black and gray market, and there is a risk that the personality rights, property rights, and security rights and interests of unspecified members of the public will be violated.
In the judgment of the civil public interest litigation in this case, in addition to being sentenced to cancel the Internet accounts used for infringement, disbanding or withdrawing from the communication group used to teach criminal methods, paying a total of more than 100,000 yuan in public interest damages, and making a public apology, the four defendants were also ordered to compensate for their actions through warning education, public interest publicity, volunteer services and other means related to personal information protection, and to deduct the public interest damages according to the restoration effect of the acts.
Cybersecurity experts demonstrate the process of generating faces.
So, how did the suspect deceive the face recognition system by generating a dynamic face **?
Network security technicians told reporters that with the current artificial intelligence technology, even if there is only one face front**, artificial intelligence can also complete the image from other angles through deep learning Xi, obtain a three-dimensional face image, and then map the image to **.
Network Security Engineer Hu Gang: This is one of our intelligent face-swapping demonstration systems, on the left is a pre-made one, and on the right is the image of some randomly selected third-party characters, which is a static front. Through this AI completion technology, we have made up the ** that originally only had the front ** into**, and the originally static characters have been three-dimensional.
Be cautious when sharing** Protect sensitive personal information.
Face recognition, artificial intelligence, while we enjoy the convenience that these new technologies bring to our lives, we must also guard against their possible security risks. For example, we must be cautious when sharing**, especially when sharing **and** with clear faces on social media, because these ** may be generated and used for facial recognition verification, or some other illegal purposes. In addition, cybersecurity experts also reminded us that we must protect two types of sensitive information: one is our face, iris, voiceprint, fingerprint and other biometric information, and the other is important personal information such as ID numbers, bank card numbers, and physical examination reports.