“Many Americans don’t realize they’re already in a facial recognition database,” Jennifer Lynch, a staff attorney with the Electronic Frontier Foundation, said Wednesday in a hearing on the technology. Addressing Senator Al Franken and the Subcommittee on Privacy, Technology, and the Law, Lynch pointed out that there is a painful disconnect between how little personal action is required to capture a face and how much personal information can be associated with it. All that, thanks to the Internet. As it is, Lynch said, “Americans can’t take precautions to prevent the collection of their image.”
Senator Franken called the hearing out of concern for the speed at which facial recognition technology is progressing as its use remains unregulated. Dr. Alessandro Acquisti, a professor at Carnegie Mellon University, said facial recognition could soon become a casual pursuit as computers get smaller, more powerful, and cloud computing costs come down. “Within a few years, real-time, automated, mass-scale facial recognition will be technologically feasible and economically efficient,” Acquisti wrote in a statement; for companies, for friends, and for law enforcement.
Facial recognition has two characteristics that alarmed most members of the panel. First, faces (unlike other common information gatekeepers like passwords or PIN numbers) can’t be changed for protection. Second, neither permission nor interaction is required for one person to capture the face of another. If they’re in public, their visage is fair game. Facial recognition “creates acute privacy concerns that fingerprints do not” because of the ease of collection, Franken said.
But facial recognition itself is less of a concern than the supplementary data that drives it. Several panelists described scary and intrusive applications of facial recognition: a random person takes a photo of another and an app pulls up their address and the names of family and friends; a camera in a pharmacy recognizes your face and asks loudly whether you need more Imodium—and here’s a dollar-off coupon toward your purchase. “It’s the aggregation that frightens people,” said Dr. Nita Farahany, a professor at the Duke University School of Law. “We don’t stop the flow of information, or say certain applications are limited or permissible.”
Representing the aggregation-happy end of the facial recognition spectrum was Rob Sherman, a privacy manager for Facebook. Franken took Facebook to task for its use of facial recognition, used in its “Suggested Tags” for photos. Franken pointed out that the page explaining the feature made no mention of the fact that it uses facial recognition technology, and that information was buried six clicks deeper in the Help Center. Franken asked Sherman if his reading of the Learn More and Help sections were correct. “I’m not sure about clicks,” Sherman said.
“And you’re the head of this?” Franken said.
Sherman insisted that while Facebook did collect facial imprints of its users for suggested tags (the feature has been taken down temporarily for maintenance), they were only used to suggest tags between people who are already friends with each other. The stakes are low. Presumably, if you upload an incriminating photo of your friend and suggested-tag them, the resulting fallout is a problem with your friendship. Facebook will have no part in it.
Sherman also stated that the files could not be read outside of Facebook’s proprietary software and so they did not pose a risk to privacy. Franken asked Sherman if Facebook would consider keeping the software private in order to preserve the sensitive facial imprints of its users. Sherman said that while he couldn’t make promises as to how Facebook will do its business five or ten years down the road, the company is in close communication with privacy groups like EPIC and the EFF. If Facebook makes changes that are of concern to user privacy, it’s certain to hear about them, according to Sherman. …