So this has been making the press:
http://www.latimes.com/...
U.S. policymakers are taking a closer look at facial recognition, thrusting privacy concerns over the controversial technology back into the spotlight.
The National Telecommunications and Information Administration, a division of the Commerce Department, said Tuesday it planned to study the technology and its use in the private sector.
The announcement comes after Sen. Al Franken, D-Minn., again pressed the agency on the privacy implications of facial recognition technology following last month's change to Facebook's privacy policy that allows the giant social network to use facial recognition on users' profile photos. He first called on the NTIA to investigate the issue in April 2012.
“Facial recognition technology can allow a stranger to identify you, by name and in secret, from a photograph taken on the street or copied from the Internet. It has serious implications for consumer privacy and personal safety,” Franken wrote in a letter to the NTIA last month. “Unfortunately, our privacy laws provide no express protections for facial recognition data; under current law, any company can use facial recognition technology on anyone without getting their permission – and without any meaningful transparency.”
The NTIA says it will hold its first meeting in February to bring together representatives from the public and private sectors. The study is part of a privacy initiative from the Obama administration to put in place a consumer privacy bill of rights. - Los Angeles Times, 12/3/13
Franken been on top of this for a while now:
http://thehill.com/...
Sen. Al Franken (D-Minn.) asked the Commerce Department to bring together tech companies and privacy advocates to discuss facial recognition technology.
The tech community should develop best practices to protect users from facial recognition technology, he said in a letter to the Commerce Department’s National Telecommunications and Information Administration on Thursday.
In February 2012, the White House announced its “Privacy Bill of Rights” and directed the Commerce agency to convene a series of stakeholder discussions to address digital privacy issues.
After a year and a half of meetings, a group of tech companies, trade associations and privacy advocates concluded the first set of discussions aimed at creating a shorter way for apps to disclose how they collect and share user data.
Participants in that first set of discussions have said the Commerce agency has expressed interest in examining facial recognition technology next.
In his letter on Thursday, Franken asked that the agency take up the issue of facial recognition “as quickly as possible.”
He pointed to a recent update in Facebook’s data use policy as evidence that the topic of facial recognition needs to be examined.
“The urgency of this matter is underlined by Facebook’s recent expansion of its facial recognition database – already likely the largest in private hands,” he wrote. - The Hill, 11/21/13
Here's the full text of Franken's letter:
http://venturebeat.com/...
November 21, 2013
The Honorable Lawrence E. Strickling
Assistant Secretary for Communications and Information
National Telecommunications and Information Administration
U.S. Department of Commerce
1401 Constitution Avenue, N.W., Room 4725
Washington, D.C. 20230
Re: Multistakeholder Process to Develop Consumer Data Privacy Codes of Conduct
Dear Assistant Secretary Strickling:
In my April 2, 2012 submission to the NTIA, I recommended that the multistakeholder process consider the privacy implications of facial recognition technology, and seek to develop best practices on its use. As I explained in my filing, facial recognition technology can allow a stranger to identify you, by name and in secret, from a photograph taken on the street or copied from the Internet. It has serious implications for consumer privacy and personal safety. Unfortunately, our privacy laws provide no express protections for facial recognition data; under current law, any company can use facial recognition technology on anyone without getting their permission – and without any meaningful transparency. Press reports from this summer suggested that facial recognition was the likely next item for debate. I’m writing to renew my request that the NTIA take up this subject, and urge you to do so as quickly as possible.
The urgency of this matter is underlined by Facebook’s recent expansion of its facial recognition database – already likely the largest in private hands. In 2010, Facebook enrolled its then-800 million users into its facial recognition program – without their express consent. In my filing, I made a conservative estimate that this database includes one-twentieth of the world’s population. Last year, in a hearing in the Senate Judiciary Subcommittee on Privacy, Technology and the Law, which I chair, I pressed Facebook to assure its users that it would never share or sell this database to third parties. A Facebook representative responded: “It’s difficult to know in the future what Facebook will look like five or ten years down the road, and so it’s difficult to respond to that hypothetical.”
Last week, Facebook finalized a new privacy policy that will expand its facial recognition program to include some of the site’s least active users – those who only had a profile photo and weren’t tagged in any other photos. Once again, Facebook refused to assure users that it would use facial recognition technology only to facilitate photo tagging. In an interview with Reuters, Facebook’s Chief Privacy Officer, Erin Egan, stated: “Can I say that we will never use facial recognition technology for any other purposes? Absolutely not.” See “Facebook considers adding profile photos to facial recognition,” Reuters, August 29, 2013.
In September, I asked Facebook: How many faceprints do you have? Facebook declined to say, indicating that “we consider the exact number of templates that we store to be commercially sensitive and proprietary information.” Facebook’s reply, along with my original letter, is enclosed.
I will be exploring legislation to protect the privacy of biometric information, particularly facial recognition technology. But I believe it would be extremely valuable for the NTIA to convene industry stakeholders and privacy advocates to establish consensus-driven best practices for the use of this technology – which won’t be waiting for us before it reaches pervasive deployment.
Thank you for your time and attention to this matter.
Sincerely,
Al Franken
Chairman, Subcommittee on Privacy,
Technology, and the Law
CC: Chairwoman Edith Ramirez
Commissioner Julie Brill
Commissioner Maureen Ohlhausen
Commissioner Joshua Wright
Federal Trade Commission
And here's the case that caught Franken's attention:
http://abcnews.go.com/...
But what if law enforcement was allowed to use a large database of pictures from multiple angles -- like the ones created when we "tag" Facebook photos? They could build what Kumar called "models," exponentially improving the accuracy of existing facial recognition.
That's what was apparently behind the thinking in the state of Ohio, which recently grabbed all the photos from driver's licenses issued in the state and uploaded them into their facial recognition system. It was only after the system went live -- and after police used it 2,600 times -- that the Ohio Attorney General thought it might be a good idea to establish an advisory panel to help safeguard people's privacy.
The Ohio database threw new light on Sen. Al Franken's (D-Minn.) concerns expressed during a hearing last year into the privacy concerns associated with facial recognition software. FBI deputy assistant director Jerome Pender testified that the FBI's database -- which didn't include pictures from sites like Facebook -- contained 12.8 million photographs, and Maneesha Mithal, the Associate Director of the Division of Privacy and Identity Protection at the Federal Trade Commission, promised the agency was "studying" the privacy concerns of facial recognition technologies for companies like Facebook, whose users add 2.5 billion photos a month to the service.
Facebook responded, saying that their encryption wouldn't allow third parties to access their photos database -- though, in 2013, their new "graph search" might do just that. - ABC News, 11/3/13
If you would like more information, please contact Senator Franken's office:
(202) 224-5641
http://www.franken.Senate.gov/...