The US Federal Trade Commission warns companies not to compromise privacy when using facial recognition
The US’ Federal Trade Commission would take a hard line on companies that violate consumer privacy using facial recognition technology, the agency’s chairman said at a public workshop last week.
Government officials, privacy advocates and technology companies discussed the ethics of facial recognition and the impact on user privacy at a workshop in Washington, D.C., on 8 December.
Facial recognition technology has been integrated in a wide range of products and services, including online social networks, digital billboards and mobile apps, which raises a host of privacy and security concerns, the FTC said.
While the technology can be used in positive ways, regulators, companies and consumers must “acknowledge and address that they have the potential to run right over consumers”, forcing users to reveal more information than they intended to, FTC Chairman Jon Leibowitz said at the workshop.
Even if the technology isn’t fully mature yet, it will soon be possible for the technology to match a name with a face and be able to access data about jobs, credit history and health without the user even being aware of it, according to Leibowitz.
The FTC will “vigorously enforce the law if we see a violation” of privacy through a facial recognition feature, Leibowitz said.
Insurers and employers may soon start using facial recognition technology to find information about a potential customer or worker, FTC Commissioner Julie Brill said. “It is scenarios like these we must bear in mind as we both guide and react to how these technologies change the way we buy, sell and live,” Brill said.
At the Black Hat security conference this year, a Carnegie Mellon University researcher ran Facebook photos through off-the-shelf facial recognition software to identify 30 percent of students walking around the CMU campus. He also used Facebook profiles to positively identify people who’d posted anonymously on online dating sites. His research showed how even the most rudimentary tools can be combined with other sources of information to compromise individual privacy.
The FTC will publish a final report on privacy protections in the digital age in the next month, according to Leibowitz. The preliminary version of the report, released December 2010, found that industry self-regulation was inadequate and called for a “do not track” setting for consumers to control what is done with their online activity.
Facebook rolled out tag suggestions feature in which it uses facial recognition to prompt users to tag their friends when photos are being uploaded earlier this year. There was a big privacy backlash when the announcement was made because users were automatically included in the service. The company later added a way to opt-out.
The Electronic Privacy Information Centre and other advocacy groups filed a complaint with the FTC to block the feature until more security safeguards are in place to prevent data leakage. Facebook did not provide sufficient advance warning to users before turning on the feature, the groups said.
Google also has begun rolling out a similar feature for its Google+ service called “Find My Face,” which the company’s product counsel Benjamin Petrosky discussed at the workshop. “Find My Face” is completely opt-in and users can opt out at any time, according to Petrosky. The feature makes suggestions to people “we believe you know”, by examining how users interact with each others, such as how frequently they interacted over Gmail or used the +1 button on posts, he said.