The Senate Judiciary Committee’s Subcommittee on Privacy, Technology and the Law met on Wednesday to discuss the promise and pitfalls of facial recognition technology. Led by its chair, U.S. Sen. Al Franken, D-Minn., the committee questioned privacy advocates as well as representatives of the FBI, the Federal Trade Commission and Facebook, about how the technology is being used and what privacy issues it raises.
In its discussion, the committee focused on potential problems with facial recognition technologies, including the fact that people can’t change their faces to protect their identity, and the ease with which a person’s face can be captured without permission.
One of the overall concerns regarding facial recognition is its relationship to data aggregation. As companies begin to aggregate data, a individual faces could be connected to medical histories, financial records, political involvement or other details.
“The thing people really care about is data aggregation,” Nita Farahany, a Duke University professor of law who testified at the hearing, told TechNewsWorld. “Their concern is about the triangulation of their face [with other data] as a way to access a lot more information about them. I think that’s what people really worry about — how others can use their face to get instant access to lots of information.”
Facial data on its own is not so much the problem for privacy advocates. It’s how that information gets combined with other data, who has access to it, and how it’s used.
“Having information alone is not particularly frightening, but people worry about who has access to that information,” said Farahany.
Facebook, in particular, came under fire from Sen. Franken for making facial recognition an opt-out rather than an opt-in feature. So far, Facebook has only used the technology for making photo tag suggestions, and it insists that its use of it is benign and helpful.
The technology is used only to suggest photo tags among people who are already friends on the site, so it does not invade peoples’ privacy, Rob Sherman, a privacy manager with Facebook, argued at the hearing.
Facebook’s facial database is limited to internal use by Facebook, he added, and is not available to users outside the site.
“The reason I’m not worried about this is that we know what Facebook does and doesn’t do with facial recognition,” Parry Aftab, executive director of WiredSafety and a member of Facebook’s international safety advisory board, told TechNewsWorld.
“We know how really important the privacy of individuals is to the company. The people who manage the network see privacy as absolutely crucial. There are real people behind Facebook who care a lot about it and want to protect people,” she maintained.
What happens if another company buys Facebook, however, or if its policies eventually change? wondered Chris Sumner, cofounder of The Online Privacy Foundation.
“They might be nice today, and that doesn’t mean they won’t be picked up by another company,” Sumner told TechNewsWorld. “Right now, these are all separate companies, but if you start bringing them together you have a powerful inventory of people’s faces.”
How long Facebook’s facial information lasts and where it goes when it’s presumably deleted are other as-yet-unanswered questions.
“Facebook is the classic example of data aggregation,” said Farahany. “It has a tremendous amount of information that people voluntarily share, and they’re creating a dossier that’s much richer than what we’re voluntarily sharing with them, including information about attendance at political rallies, physical locations, etc. They claim that untagged photos are deleted from the template, but I would like to see more evidence that this is true.”
Putting on a Happy Face
Facial recognition technology has many positive uses, however, including tracking down criminals or missing children.
“Facial recognition is a technology that everyone has,” said Aftab. “All of the big networks have powerful facial recognition tools. It works for good purposes, like helping to find registered sex offenders. It can be very helpful.”
The governmental scrutiny of facial recognition, according to Aftab, is similar to that aimed at any new and unknown technology.
“Whenever governmental groups look at new technology like facial recognition, they look at everything that can go wrong with it,” she said. “But facial recognition [is a part of] all sorts of new technologies we’ll be seeing over the next few years — all of the rich technologies to find friends and missing children. Facial recognition will only make it easier to do those things. It just has to be used by the right people in the right way.”
Most likely in the short term, the regulation of facial recognition will have to take place within companies, in the form of best practices and privacy policies.
The Federal Trade Commission is currently putting together guidelines for privacy practices, and at the moment there is no pending legislation to regulate the use of facial recognition technology — just ongoing discussions like Wednesday’s hearing.
“Facial recognition is a very tech-forward technology,” the FTC’s assistant director in the division of privacy and identity protection, Mark Eichorn, told TechNewsWorld. “It instinctively raises alarm bells with people. Companies that roll out facial recognition technologies have to be sensitive to those kinds of concerns. They have to implement privacy policies from the beginning.”