Efforts to create a code of conduct for companies planning to use facial recognition technologies reached a tough spot as privacy advocates walked out from the talks.
The U.S. government wants to create a code of conduct for companies using and creating facial recognition software. Talks with privacy groups regarding this code have been ongoing for more than a year, but nine privacy advocacy groups have now decided to walk out from the National Telecommunications Information Administration's (NTIA) multi-stakeholder process for developing a code that would protect users' privacy.
The groups oppose this NTIA process, arguing that it has insufficient privacy controls for ever growing databases that are able to easily identify millions of U.S. citizens through facial recognition. As many as nine privacy groups are now walking out from such talks, putting a stop to negotiations.
In a joint statement, the privacy advocates explain why they chose to end such talks, as they failed to reach common ground with software makers and the U.S. government for building a privacy framework that would properly protect people when it comes to facial recognition technologies.
"We believe that people have a fundamental right to privacy. People have the right to control who gets their sensitive information, and how that information is shared. And there is no question that biometric information is extremely sensitive," the statement explained. "You can change your password and your credit card number; you cannot change your fingerprints or the precise dimensions of your face. Through facial recognition, these immutable, physical facts can be used to identify you, remotely and in secret, without any recourse."
The Electronic Frontier Foundation (EFF) further noted in a separate post that the federal government and state and local law enforcement continue to build increasingly larger facial recognition databases, ignoring the sensitivity of such facial recognition data. The advocacy group points out that the FBI rolled out its NGI biometric database in 2014, with as many as 14 million face images, and plans to reach 52 million images in 2015.
While Europe and two U.S. states, namely Illinois and Texas, require specific opt-in for commercial face recognition systems, U.S. communities such as San Diego, California, actively use mobile biometric readers to capture images of people on the street or even in their homes, identifying them and enrolling them in face recognition databases.
"These databases are shared widely, and there are few, if any, meaningful limits on access," the EFF argued.
The EFF explained that people should at least be able to walk on public streets without the risk of having companies track their movements and identifying them by name through facial recognition. The privacy group says it wasn't able to reach common ground even on this basic matter during the talks.
The commercial use of face recognition is of particular concern for privacy advocates, as it carries the potential of sharing the data collected with the federal government and law enforcement agencies.
According to the blog post, the EFF learned several years ago that standard warrants the FBI issues to social media companies such as Facebook require copies of all photos users upload, as well as those they are tagged in. With facial recognition software unrestricted by privacy limits, the FBI could end up requesting access to face recognition data instead.
By walking out from this process after 16 months of talks, privacy groups hope they will spark a reevaluation of how effective the NTIA's multi-stakeholder processes are in providing effective rules for consumer privacy.