Skip to Content

Privacy & Data

Washington Tackles Facial Recognition

/ Joseph Lorenzo Hall

Facial recognition is an increasingly prominent feature of digital life. Smartphones and cameras detect faces to improve focus and remove “redeye.” Image management software like Apple’s iPhoto and Google’s Picasa and social network services like Facebook can detect faces and find all photos with a specific face in them. Digital smart signs in retail establishments can count the number of faces that view advertisements; in some cases they can provide demographic information of the people who look at ads, and possibly target ads in real-time. And soon, you might be able to hold up your smartphone to find out the name (and home address) of the person sitting across from you on the bus.  Increasingly technology allows you to record and identify everyone around you in both public and private spaces.  Should we build legal and policy barriers to the use of this technology in order to preserve some anonymity in the world?

In recognition of the increasing prevalence of facial recognition technologies and the difficult privacy issues involved with facial biometrics, today the Department of Commerce’s National Telecommunications and Information Administration (NTIA) begins a process to examine privacy in facial recognition technologies. This is the second in a series of NTIA efforts to facilitate multistakeholder development of codes of conduct for pressing privacy issues. The Obama administration originally proposed this process as an element of federal privacy legislation: new law would create statutory privacy rights for individuals, and companies could petition the Federal Trade Commission to approve voluntarily-developed codes of conduct as compliant with the law. NTIA would be tasked with bringing together diverse stakeholders to help develop these industry-specific codes. While privacy legislation has stalled in Congress (the US remains one of the few developed nations without comprehensive privacy law), NTIA has pushed forward with trying to forge consensus practices on emerging privacy issues.  Unfortunately, without a baseline privacy law in place, companies have less incentive to adopt binding codes that could be enforced by the Federal Trade Commission through its authority to police unfair and deceptive business practices.

However, with facial recognition being an incredibly sensitive topic, many companies have already forsworn uses of the technology that violate consumer’s expectations. Industry in general has good reason to agree to wall off certain behaviors across the board (for themselves and their competitors alike) in order to engender public trust in these technologies.

CDT has been involved in the facial recognition debate since 2010, when we worked with the digital signage industry to build a privacy framework for smart signs. We have since developed a framework for facial recognition that breaks it down into two categories: facial detection, where the mere presence and location of a face in an image is noted, and facial identification, where highly unique features of a facial print are extracted and retained over time, and possibly linked to sources of external identifying information or consumer data.

While facial detection poses few innate issues for privacy, facial identification has serious implications for everyday privacy. A face print is a form of biometric, which means people cannot change their faces if they need heightened privacy (for example, when entering a reproductive health clinic). In addition, we cannot keep our faces secret (artists like Banksy, Daft Punk, and The Residents excepted). Moreover, there are no feasible user controls for obfuscating one’s face: wearing a mask can be highly socially unacceptable and, as Margot Kaminski observes, in many states anti-mask laws prohibit wearing masks except on special occasions and holidays.

Recently, there have also been indications of troubling facial recognition tools that may soon be widely available. For example, nametag.ws has been in the news for providing an app for Google Glass that, in principle, would allow the wearer to identify anyone they see on the street, including information from social network profiles and sex offender registries. Nametag.ws is specifically trying to buck Google’s prohibition against developing facial recognition apps for Google Glass, and to install nametag.ws’ app, users have to jailbreak Glass to run software not approved by Google. Yesterday, Senator Al Franken (D-MN) sent the company a strongly-worded letter that argues they should wait to launch their application until the NTIA process concludes and results in a code of conduct for facial recognition privacy.

CDT will be at the table in the NTIA process, working to craft strong protections for facial privacy and reasonable anonymity that also permit responsible innovation in this very exciting application area.

Related Reading

White document on black background.

CDT Files Comments with DOJ in Response to Advance Notice of Proposed Rulemaking on Bulk Sale of Data
White document on black background.

CDT’s Matt Scherer Testifies Before Connecticut Senate’s General Law Committee on Senate Bill 2, An Act Concerning Artificial Intelligence
Samir Jain Testimony for House Committee. White document on black background.

CDT VP of Policy Samir Jain Testimony Before U.S. House Energy & Commerce Committee on “Legislative Solutions to Protect Kids Online and Ensure Americans’ Data Privacy Rights”