A 16-month effort to set guidelines for use of facial recognition technology that satisfy consumers’ expectations of privacy and meet existing state laws went up in flames on Tuesday.
That’s when all nine civil liberties and consumer advocate groups participating in talks with trade associations on a voluntary code of conduct for US businesses to use facial recognition walked away from the table.
Not a single industry representative would agree on the most basic premise: that targets of facial recognition should opt in before companies identify them.
They’d been at it since February 2014, when the US Department of Commerce’s National Telecommunication and Information Administration (NTIA) brought together industry representatives and privacy advocates to come up with voluntary guidelines.
The nine pro-privacy advocates, including the Electronic Frontier Foundation, the American Civil Liberties Union, the Center for Digital Democracy and other consumer advocates, put up a joint statement explaining their move.
From the statement:
At this point, we do not believe that the NTIA process is likely to yield a set of privacy rules that offer adequate protections for the use of facial recognition technology. We are convinced that in many contexts, facial recognition of consumers should only occur when an individual has affirmatively decided to allow it to occur. In recent NTIA meetings, however, industry stakeholders were unable to agree on any concrete scenario where companies should employ facial recognition only with a consumer's permission.
According to The Washington Post, the camel’s back broke last Thursday, at the NTIA’s 12th meeting on the issue.
Insiders told the newspaper that this is how it went down:
First, Alvaro Bedoya, the executive director of Georgetown University's Center on Privacy and Law, asked if companies could agree to making opt-in for facial recognition technology the default for when identifying people - meaning that if companies wanted to use someone's face to name them, the person would have to agree to it. No companies or trade associations would commit to that, according to multiple attendees at the meeting.
That’s right: not a single company would agree that consumers should have the say-so in facial recognition.
But while this industry/advocates collaboration on voluntary guidelines has fallen apart, the images companies are collecting without any federal direction haven’t gone anywhere.
Face-slurping companies include tech giants Facebook, Google and Apple.
For its part, Facebook is facing a class action lawsuit over facial recognition, started by an Illinois man who claims the social network violated state privacy laws by not providing him with written notification that his biometric data was being collected or stored.
Also in the mix are retailers, such as Wal-Mart, which love to spot who’s looking at what and for how long inside their stores.
In the UK, things are very similar: Tesco, the UK’s largest supermarket chain, in 2013 announced it was to install facial recognition technology in all 450 of its petrol station forecourts – all the better to target-market at you, my pretty.
The companies trying to hammer out guidelines in the US have turned away not only from the basic premise of opt-in, but also from a specific, concrete scenario of opt-in that was offered up by Justin Brookman, the director of the Center for Democracy & Technology’s consumer privacy project.
According to The Washington Post, Brookman sketched out the concrete scenario like so:
What if a company set up a camera on a public street and surreptitiously used it [to] identify people by name? Could companies agree to opt-in consent there?
The results were the same: not a single company went for opt-in, even under such specific circumstances.
Privacy advocates have said that their withdrawals from the multi-stakeholder process will be a fatal blow to the perceived legitimacy of the NTIA’s efforts, now that it’s just the foxes – as in, the companies implementing facial recognition – guarding the hen house (the hens being all us being surveilled).
But the NTIA says the talks will go on.
An agency spokesperson said this to The Washington Post:
NTIA is disappointed that some stakeholders have chosen to stop participating in our multi-stakeholder engagement process regarding privacy and commercial facial recognition technology. A substantial number of stakeholders want to continue the process and are establishing a working group that will tackle some of the thorniest privacy topics concerning facial recognition technology. The process is the strongest when all interested parties participate and are willing to engage on all issues.
The privacy advocates said in their letter that the barest minimum privacy expectation should be that we can simply walk down the street without our every movement being tracked and without then being identified by name, all thanks to the ever-more-sophisticated technology of facial recognition.
Unfortunately, we have been unable to obtain agreement even with that basic, specific premise. The position that companies never need to ask permission to use biometric identification is at odds with consumer expectations, current industry practices, as well as existing state law.
It might look good, at least on the surface, that the industry representatives are apparently playing ball by not walking away from the official guidelines-setting process.
But it’s hard to imagine anything privacy-positive coming out of that process now that the privacy advocates have walked away.
And without any guidelines, these companies will continue to use facial recognition in an unregulated environment.
Image of face tagging courtesy of Shutterstock.com .
13 comments on “Privacy groups walk out of US talks on facial recognition guidelines”
It is when such things happens politicians should get their asses in gear and make strict regulations BEFORE things gets out of control. This is a crystal clear case when where the participant can’t agree, they must be overriden. But as always, the pociticians will probably prove them selves incompetent and hestitate implementing good rules before it really is too late.
And where do you think these politicians get their campaign funds? They aren’t going to advocate against these corporations until their hand is forced.
Time to start wearing a mask in public I guess. Hmm which one, V, Burka/Ninja, Halloween style, or just a hoodie with glasses and a fake beard. Maybe a mask of some of these CEOs that are anti-privacy, and commit petty crimes until they get arrested for them.
What to do about companies that want to check up on what customers are checking out in their stores? How about coordinated online campaigns where a crowd meets at the store and checks out products like KY or else something no one really wants. Everyone can hold up the item to the cameras and educate onlookers about what is going on.
I’m a big fan of massive disinformation campaigns. It can ruin information collections if done right.
Guy Fawkes, of course.
This is definitely a thorny issue, but I have a solution. It’s likely the opt-in option is difficult and impractical to implement, so make it opt-out, but require that companies FINANCIALLY COMPENSATE each person who’s face they recognize with their software and each time that recognized image is displayed somewhere.
@ annanyms: Piece-a-cake. Have lovely young ladies, topless and carrying clipboards, follow customers around and make notes. That would have the additional advantage of putting more peeps to work, especially the lovely young ladies who are, in general, unemployable because they spend so much time staring at themselves in a mirror.
I doubt it would create increased demand for notepaper or pens, though.
@MSC: I’m with you and suggest $100bazillion would be appropriate compensation.
Is no one stopping to think about those who’s faces cannot be displayed for safety reasons? There are hundreds of thousands of us, if not millions.
For that reason alone, facial recognition should never be legal.
I know I’m not alone, in that my life depends on my face and location never being made public. No amount of compensation is worth my life.
OPT IN ONLY!
How can I copyright my face?
I’ve seen the future and it was a sea of masks worn by all
It’s only an extension of the Mark 1 eyeball, and if it helps to catch criminals I’m all for it. I don’t care who identifies me doing lawful activities.
Then you can opt-in.