I have been thinking lately of the minister and novelist Frederick Buechner, who recounts once in a book that, in the middle of his morning routine, bleary-eyed and sleep-drunk, he sometimes looks up from the sink and into the mirror.
“What bothers me is simply the everlasting sameness of my face,” he writes. “Those eyes, that nose, that mouth—the variations of expression they’re capable of is really so restricted. The grimmest human tragedy can furrow the brow little more than the momentary pain of the dentist's drill.”
He thinks of his family, his friends, all the people in his life who know him in large part through his countenance. “I am forced to conclude,” he says, “that to an alarming degree I am my face.”
Facebook has also been thinking about faces. Last summer, the company’s artificial intelligence team announced that its facial-recognition software passed key tests with near human-level accuracy. Last week, it presented a further development: Yann LeCun, the AI team’s director, boasted that a different algorithm could identify people 83 percent of the time even if their faces were not in the picture. The program instead works from a person’s hairdo, posture, and body type.
Buechner’s statement is phrased generally, but it’s no less profound in the domain of computer security and identity. We are our faces, in a way we are not our Twitter profiles, social-security numbers, or even legal names. Although vast amounts of data are collected about most Internet users, they’re tied to what are essentially bureaucratic identifiers, like browser cookies or email addresses. Almost everything that represents me online is ultimately a jumble of numbers and letters, and nearly all of it—with some cost or sacrifice—can be changed. Even victims of fraud or domestic violence can apply to the government for a new social-security number.