Regulation of facial recognition may be needed, US senator says
The growing use of facial recognition by law enforcement agencies and companies raises privacy concerns, Franken says
IDG News Service - Congress may need to pass legislation that limits the way government agencies and private companies use facial recognition technology to identify people, a U.S. senator said Wednesday.
The growing use of facial recognition technology raises serious privacy and civil liberties concerns, said Sen. Al Franken, a Minnesota Democrat and chairman of the Senate Judiciary Committee's privacy subcommittee. Franken, during a subcommittee hearing, called on the FBI and Facebook to change the way they use facial recognition technology.
Biometric information, including facial features, is sensitive because it is unique and permanent, Franken said.
"I believe that we have a fundamental right to control our private information," he said. "You can change your password, you can get a new credit card, but you can't change your fingerprint, and you can't change your face, unless you go to a great deal of trouble."
There are no U.S. laws limiting government agencies or private companies from using facial recognition, witnesses said. The FBI and the U.S. Department of Homeland Security already have huge biometric databases and are adding facial data, and Facebook users are uploading 300 million photos a day, said Jennifer Lynch, an attorney with the Electronic Frontier Foundation.
"Many Americans don't even realize that they're already in a facial recognition database," Lynch said. "Facial recognition allows for convert, remote and mass capture of identification and images."
Facial recognition allows surveillance agencies to identify a person's friends and associates in addition to identifying them, she said. She called on Congress to pass a law to regulate the use of facial recognition by law enforcement agencies.
At the hearing, Franken focused on an FBI pilot program in Maryland, Michigan and Hawaii and on a Facebook feature that tags pictures using facial recognition. The FBI and Facebook can serve as good examples to other organizations if they handle facial recognition technology appropriately, he said.
He called on Facebook to turn off its tag suggestion feature by default, instead of having it on by default, as it has in the past. But Rob Sherman, manager of privacy and public policy for the social-networking site, resisted that suggestion. Facebook has suspended the feature while it reworks it, but will bring it back soon, Sherman said.
On by default is appropriate, "because Facebook itself is an opt-in experience," Sherman said. "People choose to be on Facebook because they want to share with each other."
Facebook takes steps to limit the use of the facial data, he said. Only friends on Facebook can use the software to tag each other in photos, and Facebook users can prohibit the site from tagging them in photos, he said. In addition, the facial recognition templates are encrypted and only work with Facebook's proprietary software, limiting their usefulness to other organizations, he said.
Franken also called on the FBI to limit its use of facial recognition technology. In materials about its pilot program in three states, the agency uses pictures of political rallies as places where the technology could be used, and Franken said he's concerned that law enforcement agencies will use the technology to track people at legal protests and other gatherings.
The FBI has limited its use of facial recognition to criminal cases, said Jerome Pender, deputy assistant director of the information services branch of the FBI's Criminal Justice Information Services Division. The FBI has limited its pilot program to using facial recognition to match faces to a database of known criminals, and the database doesn't contain mug shots of law-abiding people, he said.
The FBI is moving slowly on its use of the technology to identify "grey areas" where privacy concerns may pop up, Pender said. The agency is open to making changes to the program, he said.
Franken also called on the U.S. Federal Trade Commission to require private companies to get permission before identifying a person with facial recognition.
While some witnesses at the hearing raised concerns about facial recognition, others said it's already a useful tool for law enforcement agencies. Facial recognition helps police identify criminals much more quickly than fingerprinting and it can help police and prisons avoid the mistake of releasing the wrong person, said Larry Amerson, sheriff in Calhoun County, Alabama.
Lawmakers need to strike a balance between privacy and law enforcement needs when they consider how to regulate facial recognition, Amerson said.
While Franken and the EFF's Lynch raised concerns about civil liberties, Nita Farahany, a law and genome sciences professor at Duke University, discounted concerns that the use of the technology by law enforcement agencies could violate the Fourth Amendment of the U.S. Constitution, protecting U.S. residents against unreasonable search and seizures.
Facial recognition is generally done at a distance and does not create an unreasonable search, Farahany said. U.S. courts have not protected residents from being observed at a distance, she added.
"No physical contact, proximity or detention of an individual is necessary for law enforcement to obtain a face print," she said. "A face print is a form of identifying information that is the bread and butter [of] law enforcement."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!