The facial recognition databases are coming. Why aren’t the privacy laws? | Kyle Chayka

951

facial-recognitionOnline dating is kind of like going on a shopping trip. But instead of looking at pairs of shoes, we’re perusing people,
glancing over their photos and profiles in an effort to gauge how interested we might be in them. So why shouldn’t we be warned, like a grocery-store expiration date, when one is rotten?

Such is the intention of CreepShield, a new web-browser extension that uses facial recognition technology to allow users to scan the faces they see on social networking websites – Facebook, eHarmony, OKCupid, even Grindr – and see if the faces match any public records in databases of sex offenders.

The app seems somewhat useful. Unless, of course, you’re mistakenly identified as a sex offender. When I uploaded my own photo after writing a recent Newsweek cover story on biometric surveillance, the CreepShield search engine showed results that were less than 50% sure I was a match – though there were some people in the
database who looked eerily similar to me.

Thankfully, my data-filled profile photo didn’t have a match, but actual sex offenders “have no right to privacy”,
CreepShield’s founder told me.

This raises the question: will the rest of us have the right to our own faces when they get stored in search engines of the future? The US government is currently building the largest biometrics database in the
world with Next Generation Identification, a system meant to help identify criminals. The FBI estimates that it will store over 50m faces images by 2015, according to documents obtained by the Electronic Frontier Foundation.

Facial recognition technology has plenty of practical applications. Germany is beginning to use biometric data to scan individuals at border crossings, and Facebook even collects face patterns to suggest who should be tagged in photos.

The technology is contributing to what will become a $20bn market by 2020, according to the Secure Identity Biometrics Association (Siba). Companies including Animetrics and Cognitec are selling their technology to startups like CreepShield as well as to police and military, with success rates of over 98% for facial matching. From a clear face image, ethnicity can be identified with an error rate of 13% and gender with an error rate of 3%.

Unfortunately, United States law has not caught up with the technology’s expansion. And as facial recognition becomes more present in everyday life, we are going to need new regulations protecting the anonymity of our faces, just as we are protecting our cellphones and, hopefully, the metadata therein.

If we don’t, we will lose our ability to be anonymous – and even when we’re talking about identifying sex offenders, retaining some measure of anonymity is important. Would you really want to cast a controversial vote or publicly protest in a world where your peers or the cops could track down your cheekbone pattern in seconds?

With Facebook’s burgeoning databases as well as the FBI’s s Next Generation Identification system, it’s now easier
than ever to get access to a photo of a person’s face and turn it into a kind of fingerprint on steroids, without them knowing. We need to find a way to preserve our anonymity, and fast.

Fingerprints and DNA data are protected under US supreme court law, providing a possible precedent for face-prints. If a fingerprint or DNA test is collected without due cause, it can’t be used in court as evidence it constitutes an unreasonable search and seizure, outlawed by the Fourth Amendment.

The supreme court is just this week embroiled in debate over whether or not search and seizure of social media and cellphone data should require a warrant. While we grapple with today’s dominant technologies, we should also be looking forward to tomorrow’s, regulating the Fourth Amendment’s application to futuristic technologies like CreepShield and Google Glass, which has banned facial recognition for now – but might not forever.

Laws should allow us to control which businesses and government entities have access to our faces and when. Individuals might opt in to facial recognition for interactive marketing campaigns or to be tracked in a retail store, but choose to be left out of unwarranted public government surveillance.

A face-print should fall under the same category as a fingerprint – and be controlled just as stringently. The US must take this opportunity to give citizens a right to their own face-prints and an ability to opt out of any facial recognition not explicitly connected to active criminal investigation.
This will regulate the technology’s application before it’s too late to prevent a situation like a wrongful conviction because of a facial recognition mistake.

Otherwise, the future gets dystopian quickly. The door opens to a version of CreepShield that runs on gossip or
Yelp-like reviews of people instead of a sex-offender database. (That random guy you see in the bar? Forget Lulu – try “see you later”.) Indeed, a world without facial-recognition laws is a world without strangers. Not being able to lie about height on OKCupid is the least of our worries.