At a Senate hearing on facial recognition software, Sen. Al Franken, D-Minn., said he was concerned that law enforcement may misuse the technology, which can identify people by analyzing images of their facial features and matching them to a database of faces.
Franken said, for example, the technology could be used by authorities to identify peaceful protesters at rallies and target them for selective jailing and prosecution. “I fear that without further protections, this technology could be used on unsuspecting civilians innocent of any crime, or could be used to instantly identify someone walking down the street,” he said at the hearing.
In several states, the FBI is testing pilot programs in which officers identify suspects by taking their picture and checking it with a federal database of images. According to the FBI, the database of about 13 million photos will only include photos of criminals, and not come from social networks. Such pilot programs are active in Maryland, Michigan and Hawaii, and will be rolled out in Ohio, New Mexico and South Carolina.
In the last few years, the technology has been used more widely as better-quality cameras made it easier to identify people and the number of online photos has grown, experts say. On Facebook, for example, about 2.5 billion photos are uploaded each month.
Facebook uses the technology to suggest who users should tag in photos. The feature is active by default on users’ accounts, meaning they must opt-out of having Facebook create a unique “faceprint” of their faces, Franken said.
Facebook has temporarily removed the feature, Rob Sherman, Facebook’s manager of privacy and public policy, said at the hearing. Sherman said Facebook only uses the technology so users can identify their friends, not strangers, and Facebook outlines its use on the site.
Yet privacy advocates have raised concerns about the technology. Last year, for example, researchers at Carnegie Mellon used facial recognition technology and social media profiles to identify strangers and gain their personal information — including their Social Security numbers.
In the future, mobile apps could use facial recognition to identify, in real-time, previously anonymous individuals on the street or in a bar, which “could cause serious privacy and physical safety concerns,” Maneesha Mithal, associate director of privacy and identity protection at the Federal Trade Commission, said.
Mithal said the FTC is in the process of writing a “best practices” guide for how companies should handle facial recognition technology.
There is no federal law regulating how law enforcement uses facial recognition technology, but Congress should create legislation to limit the collection of such data, said Jennifer Lynch, an attorney at the Electronic Frontier Foundation, a nonprofit focused on protecting privacy and civil liberties in new technology.
Currently, only three states — Illinois, Texas and Washington — limit the collection of biometric data on citizens, according to Lynch.
She said facial recognition technology poses “critical threats to privacy and civil liberties” because citizens can’t take any measures to prevent their images from being collected.
“Without legal protections in place,” she said, “it could be relatively easy for the government or private companies to amass a database of images on all Americans.”