Re: Wait a minute
FR has never been reliable.
The Met and other UK police have abandoned trials because there were just too many false positives. Sure, you "catch" people, but no better than flipping a coin.
At one point it had been deployed for two years and not one arrest had resulted from the facial recognition side of it.
Look around, everyone's been saying that FR is useless. Of course it is.
"Liberty believes South Wales Police has used facial recognition the most of the three forces, at about 50 deployments, including during the policing of the Champions League final in Cardiff in June 2017, where it emerged that, of the 2,470 potential matches made, 92% (2,297) were wrong."
It's basically tolerated, because it's just so shite that it's not really a privacy threat at all.
The second someone says "my incredibly-high-processing-requirement, fixed-biometric-base, easily-fooled, statistically-insignificant, false-positives-as-well-as-false-negatives, computer-vision-based system is secure", just laugh at them. Fingerprints - not so easily fooled, but still computer-vision based and thus far from infallible. DNA just about qualifies but isn't as perfect as you think. Facial-recognition - laughable, on the same realm as "vocal-signature-recognition". Even iris-recognition isn't really that good and is incredibly inconvenient.
If you see it used in Hollywood movies, it's a load of junk (because they only use stuff that looks pretty, not what people actually *use*).
If you can pay with it in a casino, it's probably at least somewhat effective (e.g. credit card smart chips, etc.)
If you wouldn't trust your servers using it to encrypt their bootloader, steer clear (i.e. literally everything except long passphrases and security keys). Even there, far from perfect.
Can you imagine putting facial recognition as the "admin" login to your company's private servers, for example? You wouldn't last long.