Facebook, Apple, Wal-Mart and other companies that plan to use facial-recognition scans for security will be helping to write the rules for how images and online profiles can be used.
The US Department of Commerce will start meeting with industry and privacy advocates in February to draft a voluntary code of conduct for using facial recognition products, according to a public notice.
The draft will be ready by June.
Tech giants - at least, those with the most popular smartphones - have been interested in facial recognition technology for quite a while.
This past spring, Google filed a patent to let us unlock our phones by grimacing at them.
Google has said that Glass isn't going to get facial recognition until the privacy wrinkles get ironed out.
Of course, the foxes writing the rules for how the hen house is run doesn't bode well, privacy advocates say.
Christopher Calabrese, an ACLU (American Civil Liberties Union) lawyer in Washington, told Bloomberg Businessweek that voluntary standards written primarily by companies that benefit from it probably can't be trusted to keep people's privacy top of mind.
One of the more chilling scenarios involves secret surveillance, he said:
One of the most serious concerns about facial recognition is it allows secret surveillance at a distance. ... Suddenly, you’re really not anonymous in public anymore.
That's certainly not an unreasonable fear, given how the US city of San Diego, for one, has quietly slipped facial recognition into law enforcers' hands.
At any rate, what are the chances that facial recognition standards are going to fare better than other standards that have gone to die under the scalpel of technology companies?
I speak here of Do Not Track, a woebegone standard that, as Naked Security's Mark Stockley put it, has been dying the death of a thousand conference calls ever since stakeholder companies got involved.
If the self-regulation process succeeds then the companies' options about how to use facial recognition are narrowed.
And if the self-regulation process fails utterly then it's an open invitation for government to step in, which may well result in stronger regulation than self-regulation.
But, if the self-regulation process just takes a very, very long time then everyone can continue to use it in an unregulated environment, they have an opportunity to establish favourable de-facto standards outside the official process, and they can be seen to be 'playing ball' by being part of the official process
The point is, at least some of the companies who'll be whispering into the ear of the Commerce Department are the same ones who are filing facial recognition patents, selling Glass devices that will someday very likely be equipped with facial recognition, and/or have shown that they want their users to be automatically identified.
They clearly want facial recognition enabled far and wide.
Exactly how they plan to protect the privacy of the identities behind those faces remains to be seen, and that's why we'll be keeping a sharp eye on how these voluntary standards develop.Follow @NakedSecurity