Facial Recognition on the Horizon
Wen Lee
Introduction
The rise of technology is inevitably accompanied by benefits and downfalls, perfectly demonstrated by the complexity of facial recognition in our digitized world. Many companies advocate for its use because of its high accuracy as well as the value it has as a tool of convenience. But of course, this requires an extreme amount of data to be collected in order to achieve that accuracy. Just like some of the other topics we've mentioned in class, this may not seem like a big deal to the average citizen, but for privacy advocates, facial recognition poses a huge threat as a major source of vulnerable data.
Protection or Threat?
This likely doesn't have one right answer, but most people will lean pretty favorably for one or the other. A promising benefit of facial recognition is its ability to process our extremely unique features as a more secure password, like Apple's Face ID feature. Both convenient and protective, almost everyone opts into this feature with their compatible devices without a second thought. We also use facial recognition as a way to more efficiently identify criminals in databases or in recordings, which is huge for law enforcement duties. Another function of facial recognition that millions of people utilize comes from social media. In the New York Times article from this week, Hill and Mac describe the Facebook "auto-tag" feature, where the platform had software able to sift through photos and user data to identify when someone was in a photo and prompt them to tag themselves in it or confirm that it was them. Again, many users didn't mind this feature and welcomed the ease and convenience of it all, but others spotted the potential danger of this much data collection immediately.
The general issues that we talk about when discussing privacy apply very heavily to the debates on facial recognition as well. This includes data breaches, mishandling of technology, improper disclosure, and all of the questions on who, what, where, when, how, and how long. There's also a special problem concerning false matches, as exemplified in the "Wrongfully Accused by an algorithm" (Hill). AI can't always be trusted to sort through everything and get it right every time, and neither can humans. So for as many benefits as there are to utilize this in the digital age, is facial recognition really worth the risk?
State Laws (WA vs. UT)
The two state documents we're comparing this week is between Utah and Washington, and I found it to be a fascinating difference. I'll re-summarize the main points of the statutes and then analyze the effectiveness of both and how they potentially address the different issues mentioned earlier.
Utah
In Utah, S.B. 34 mainly addresses the utilization of facial recognition within the Department of Public Safety and the boundaries of when government entities can use it. It mainly states the obvious that to utilize facial recognition, the department must submit requests, have warrants, and only use it in circumstances like identifying felons, people at risk, or who are deceased or incapacitated, all in accordance with the law.
To address false matches, Utah does implement a procedure that requires multiple real human employees to verify and approve it through a supervisor as a probable match before submitting it as any kind of evidence. Law enforcement must also thoroughly disclose to a prosecutor/the court when they use facial recognition software and its role in the investigation.
If the government is planning on using facial recognition, they must inform an individual that it's doing so and their facial data will be used in that kind of software. If the government is using the facial recognition database, they must also give notice for public disclosure by posting details of its use on the government entity website at least 30 days before doing so. Upon request, they are also required to release any records on the statistics of how it's been used and how often.
Washington
The Revised Codes of Washington require companies and law enforcement to undergo a much more rigorous process in order to utilize facial recognition software, and to do it correctly. A company must present a Notice of Intent accountability report of basic information, the types of data input, and details on how it's generated, collected and processed. This report includes how it'll be used and operated, transparency on any updates, its maintenance, and how long the data will be collected for.
The company must also outline a plan for possible security breaches and undergo testing procedures beforehand, along with a report on their predicted false-match accuracies. They must also allow for community trials and feedback and ensure meaningful human review for their practices. They have to test for possible effects the software may have and performance differences in populations. Specifically in section g of the Notice of Intent, the state mentions that there must be a statement on the possible impact that this may have on civil liberties and rights, and how it could affect marginalized populations.
When the government or government entities use facial recognition technology, all employees must be trained properly and periodically while using it. If used within the criminal justice system, there must also be proper disclosure to criminals, and there are strict guidelines on when law enforcement is able to use this technology. A warrant is needed unless court ordered or under exigent circumstances, and it is not allowed to do continuous tracking of people using facial recognition software. One important factor to consider as well is that they are not able to use facial recognition results as the sole basis of probable cause.
Comparison Analysis
I personally think that Washington has a very thorough outline on facial recognition usage, and I applaud them for acknowledging so many of the major privacy concerns. The biggest surprise about it is that it really looks at it from all perspectives, of past, present, and future, while also looking at the legal, technical, and social impacts of it all. It seems like facial recognition is more of a "tool, if needed," whereas in Utah, it seems like it can be used more casually in the government space. I think it's really cool that Washington addresses how there must be proper training and testing done first, proper usage during, and also requires predicted reports of accuracy and impact. On the other hand, I think Utah kind of does the bare minimum of what you'd expect from this kind of law. Do you agree or do you think that Utah does a sufficient job and might even be better for our government to have less constraints when using this for our protection?
I think facial recognition technology poses more harm than benefit. I appreciate the amount of restrictions Washington has on it though. I especially liked that it mentioned how such technology could effect marginalized communities even more. I worry about racial profiling in such technologies if they are built with the creator's own biases in mind. Facial recognition poses an even greater threat than most data if leaked or hacked, I believe. If someone had the ability to identify somebody based only an image of them, that person could be in extreme danger. That is a power I do not trust corporations, or practically anyone for that matter, to have access to. Overall, I believe the risks of facial recognition technology outweigh the benefits.
ReplyDeleteYour comment is definitely true. However, I think that being able to identify someone via facial recognition is only done with a mass database sweep of photos on social media. For example, if you have a photo in the facial recognition system but have no photos of yourself on social media or on the internet, it would be hard to correlate that photo and identify that person.
DeleteI prefer Washington's policies on facial recognition compared to Utah's. This is mainly because I worry more on what facial recognition means for private companies who are collecting our data. Personally, I do not even like that in order to unlock my phone, Apple has a complete scan of my face which can link back to me just as signicantly as my social security number. I also fear facial scans and recognition when it comes to something like deep-fakes. Being able to essentially create false videos with my face attached to them could be detremental. When it comes to criminal matters, facial recognition should not be used loosely and only when seaching for perpetrators whom have commited serious crimes.
ReplyDeleteCould be wrong on this, but I believe you can disable Face ID on iPhone. I don't know if that deletes your face from their database though.
DeleteThanks for posting Wen! Like Lindsay and Maxwell, I prefer Washington's policies on facial recognition to Utah's. I think that Washington's policies reflect a more holistic and sustainable approach. Included in Washington's policies is a Notice of Intent which obligates facial recognition companies to include the impact of its service on marginalized communities and civil rights and liberties. I think the inclusion of an accountability report demands greater transparency and forethought from facial recognition companies and users. In contrast to Washington's involved stance on facial recognition, Utah follows a laissez faire approach to regulation. I believe that there should be protective privacy and accountability measures put in place for facial recognition technology.
ReplyDeleteWoah this is a super interesting concept. I definitely think it is interesting how common place facial recognition is used today. For bank accounts and their respective access for example, passwords have become inane. Instead, you can use facial recognition to get into your phone. However, I definitely think the data base companies keep of your face, is a privacy issue and presents more of an issue than the actual perceived benefits. Sure, facial recognition is more convenient than typing in your username and password, but at what cost?
ReplyDeleteLove the comparison between the two states and their policies. WA's policies definitely seem more thorough when put side by side with UT's. I really like how WA requires various reports, as it keeps companies self-accountable and aware of their own shortcomings. I think UT could certainly learn from WA in regards to facial recognition laws.
ReplyDeleteI'm glad that the laws around facial recognition require humans to confirm that the computers identification is accurate. Utah's laws could definitely be more robust in comparison to Washington which has a lot of consideration for all sorts of things that can go wrong in the use and storage of facial recognition data.
ReplyDeleteI definitely think that Utah’s laws could cover more ground, and be more explicit in how forward companies need to be before obtaining the scan info. I really like how Washington’s laws make the intent of use known, and how they also require an outline of a plan for data breaches. Our faces, though seen by the public, are definitely something that belong to us and if we are using them to secure information by means of a password, we should be able to protect it from being taken from us.
ReplyDeleteIt was a great idea to compare two different states to show differences and similarities. I do have to say where Utah does have some laws about facial recognition, I prefer the washington laws. Making facial recognition harder to do and also protecting it more, so people cannot go around with fake identities or faces. There are also strict guidelines for law enforcement to actually use facial recognition software.
ReplyDeleteI think that facial recognition technology has the potential to be very harmful. I personally don't like the idea of private companies or even the government having a record of my face that could be fed into an algorithm to identify me at any time. I agree with what has been said about Washington's law when compared to Utah's. It seems like Washington is more aware of the risks of the technology that they are using and are being careful not to abuse it. I especially appreciate that they can't use facial recognition as the only reason for probable cause because algorithms are often faulty or biased. I think that when it comes to identifying people, other humans should still be involved, and there should be transparency about where the pictures/data that will be used come from.
ReplyDeleteLike most others in the comment section, I prefer Washington's laws regarding facial recognition. It's strange that Utah has so lenient a policy towards its use, as Utah has fairly strict laws regarding the use of software to invade one's privacy. For example, speed cameras are illegal in Utah due to fear of the violation of the 6th Amendment, with the reasoning being that a machine may not be an accurate witness. If facial recognition can be used as evidence in Utah, then it raises questions surrounding the verity of Utah's standpoint on the matter.
ReplyDelete