Facial recognition systems were the stuff of science fiction and spy novels just a few years ago. Now, the technology has been widely deployed, and privacy advocates are raising alarm bells. A facial recognition system captures a picture of a person’s face, analyzes the person’s profile, and uses algorithms to match it to other pictures and bits of information that are stored in massive data warehouses. While these systems offer clear benefits to businesses and government agencies, they present one of the biggest threats to privacy in modern history. Here are some ways that this technology is used today, the top privacy risks associated with facial recognition systems, and the legal challenges that organizations face when using these systems.
Uses for Facial Recognition Systems in the Public and Private Sectors
Organizations that are driving demand for facial recognition systems include law enforcement agencies, technology companies, and retail establishments. Here are some ways that they benefit from the technology.
Improved Physical Security
When someone commits a crime, police officers have limited time to identify and capture the criminal. By using facial recognition systems, law enforcement agents can scan large crowds and pick up the trail of criminals before they skip out of town.
Human trafficking is a growing problem in many cities. Children and adults who go missing are often victims of elaborate trafficking operations. Police use facial recognition systems to find missing persons and arrest human traffickers. Many human trafficking victims cross the borders in the United States, which is one of the reasons why facial recognition systems are so popular with the U.S. Customs and Border Protection agency.
Convenient, Non-Contact Identification
Politics and public safety are often at odds in today’s society. When a law enforcement agent stops a person for questioning about a crime, no one really knows whether the stop is a case of biased profiling or a legitimate interrogation action. With facial recognition systems, police can quickly narrow down their search to a specific person. They don’t need to physically stop a group of look-alikes with intimidating, interrogation tactics just to find out that none of them were responsible for any crimes.
Biometric-Based Data Security
Cyber attacks are on the rise, and hackers take aim at financial technology (FinTech) companies the hardest. Besides encouraging users to create strong passwords and implementing two-step authentication methods for account access, FinTech companies turn to biometric-inspired data security solutions such as facial recognition systems to prevent fraud.
The retail market is more competitive than ever before. To gain an edge, many stores personalize advertisements and services to gain loyal customers. For instance, a person enters a store, and the retailer’s facial recognition system identifies the customer based on her facial contours. The system can link the person’s picture to other images and data in the person’s social media account. The information can be used to give the customer personalized messages about sale items that she likes and give her directions to those items while she shops in the store.
What Personal Data Is Collected?
Most people’s personal privacy doesn’t hinge on a single piece of data. When a system collects several pieces of data and combines them with other available information, the person risks exposure. Here are some of the data that facial recognition systems collect.
Facial recognition systems collect and store data on a person’s facial features primarily. This data is compared with other available data sets to create a visual portfolio of your unique profile.
Besides taking note of your facial features for instant identification, facial recognition systems can record your location data. This data is date stamped and can be used for illegal tracking purposes.
Facial recognition systems that are equipped with machine-learning and artificial intelligence technologies do more than just capture your mugshot. They can detect facial expressions and determine your state of mind at a given period of time.
What Are the Privacy Risks?
Taking someone’s picture without his or her consent and posting it online is considered an invasion of privacy. The use of facial recognition systems has far wider implications.
While law enforcement agencies sing the praises of facial recognition systems as an easy way to identify crime suspects, recent research about these systems should make everyone take pause. According to a study that Wired published, facial recognition systems are not as effective at correctly identifying Black females as they are at identifying Caucasian women and men. For a Caucasian woman, these systems have a one in 10,000 chance for an error. A Black female has a one in 1,000 chance of being falsely identified by facial recognition systems.
Supports Illegal Searches
Police officers who use facial recognition systems to catch up to suspects could use a flawed product to gain probable cause for conducting an illegal search. If the person protests the illegal search on the spot, he or she could be arrested and jailed for disorderly conduct.
Collected Data Vulnerable to Cyber Attacks
It’s great that FinTech companies are beefing up their security with biometric data access. However, the collected data about a person’s unique face can be hacked and used to gain access to banking accounts and e-wallets.
Legal Challenges of Using Facial Recognition
The legal hurdles surrounding the use of facial recognition systems relate to the processing of this sensitive data without the public’s knowledge or consent. The very nature of some of the facial recognition activities warrant secrecy such as when a police officer is working on a human trafficking case. However, the secret use of facial recognition systems to collect and store data about the general public leaves the door open for misuse. Here are some examples of laws and legal cases that challenge the free collection, storage, and use of facial recognition data.
Regional and National Privacy Regulations
While the use of facial recognition systems are becoming more widespread in countries such as the United States, China, and Singapore, many countries are banning its use. European nations already have the General Data Protection Regulation that bans the processing of biometric facial recognition data without legal clearance and the consent of EU citizens. A Swedish school put the regulation to the test with a pilot study of student attendance that was conducted using facial recognition software. The school didn’t get permission from the students to perform the facial recognition activities, and it was fined over $20,000 for the infraction.
State Privacy Protection Laws and Bans
In 2015, Facebook was challenged with a lawsuit after it collected and stored facial recognition data without the consent of some Illinois Facebook users. Illinois has a decades-old law that prohibits the collection and storage of biometric data without the express consent of the person who’s under surveillance. While Facebook fought back, the tech giant lost in court and will pay half a billion dollars in settlement money to the Illinois users whose facial recognition data was stolen.
In many cases, cities are more proactive about stopping the use of facial recognition systems than most states. San Francisco, Oakland, and Boston have all banned the use of facial recognition software by city agencies, which include police departments.
Whether one likes it or not, facial recognition systems are here to stay. Now, legislative agencies must do the hard work and generate updated laws that catch up to a modern, technology-driven society.