Facial Recognition and privacy: a dystopic approach
The House of Representatives Committee on Oversight and Reform has recently faced the delicate topic of facial recognition technology used in a criminal investigation context. Such federal hearing occurred as U.S. cities are considering banning facial recognition or placing a moratorium until its flaws are corrected and its uses controlled. For instance, San Francisco’s Board of Supervisors voted to ban the use of facial recognition technology by the city’s police and other agencies. In particular, It has been affirmed that Face recognition technology is not currently reliable enough to justify its use.
Numerous privacy advocates and academics have displayed algorithmic deficiencies that may result in false-positive matches of suspects or minorities individuals. However, there are severe concerns that facial recognition has been and continues to be implemented by U.S. agencies without safeguards. In such a context, the U.S. and Europe are just starting to experience facial recognition ethic and legal issues. Contrarily, China is undertaking an unconstrained approach in the absence of basic data security framework.
There are two main objections against the use of facial recognition: one of principle, the other one of practicality. First, facial recognition has been introduced without adequate debate. In fact, more than 50 agencies in the US use facial recognition software able to process and store sensitive data of more than 117 Million of Americans. Agencies countered that facial recognition technology is a cheap and effective tool against crime and is only used in compliance with the Data Protection Act.
The second objection involves the technology that does not work effectively misidentifying individuals. For instance, South-Wales police has published interesting numbers displaying that their facial recognition system triggered almost 2500 false-positive matches among the 2700 individuals tracked. Moreover, alarms over facial recognition shown that the system contains racial and gender biases.
Under these circumstances, it appears important to propose guardrails around how biometric identification it is used. In particular:
- Private agencies using biometric identifiers shall have a written policy, made publicly available, setting a retention period for the destruction of such data when the first processing purpose has been satisfied;
- In the event a biometric identifier is collected, the individual must be informed that biometric data is being collected while providing clarifications about purpose and length of biometric data collection;
- Biometric Data cannot be sold. Moreover, biometric data cannot be disclosed unless the data subjects consented to the disclosure.