Based upon the way modern computers are designed, there are certain tasks they are much better at performing than humans. It wouldn’t be pedantic to point the fact that’s the purpose of a computer in the first place: to do the stuff humans aren’t good at. One of the fascinating peculiarities of computer science and engineering is that there are certain things that humans are much better at doing. Giving computers the ability to do those things is what tends to capture our imaginations.
When one of my colleagues walks down the hallway, I can look at their face and immediately know who they are. In the human world, this makes me strikingly unremarkable. What’s remarkable is the fact that we’ve given computers the ability to do the same thing. (Although, if and when my computer starts following me around the office, I’m going off the grid.)
While facial recognition technology has been under development since the 1960s, it’s just starting to come into its own enough for widespread commercial use. One such application [http://www.wsj.com/articles/technology-will-speed-you-through-the-airport-of-the-future-1436974687] is customs and border control at Dulles International Airport in Virginia. Another is user authentication for mobile banking apps [http://blogs.wsj.com/cio/2015/07/24/wells-fargo-joins-other-banks-in-testing-mobile-biometrics/]. Perhaps creating the most controversial has been Facebook’s use of facial recognition to identify [http://www.bloomberg.com/news/articles/2015-07-28/facebook-s-use-of-facial-recognition-tool-draws-privacy-concerns] individuals in photos uploaded to the site in order to provide users with suggestions of who should be tagged in a photo.
Laws regulating the private use of facial recognition technology are few and far between. There is no federal law on the issue and the prospect of any consensus-based set of rules seems bleak after the breakdown of talks facilitated by the Obama Administration [http://www.ft.com/intl/cms/s/0/c1c258a0-13d8-11e5-ad26-00144feabdc0.html#axzz3hCkkITbL]. Two states, Illinois and Texas, have laws governing private use of biometric data like facial recognition, requiring disclosure and consent before collection and use of the data.
There is currently pending litigation on the issue in Illinois in the form of a case styled Licata v. Facebook [https://www.documentcloud.org/documents/1726092-licata-v-facebook-dkt001-compl.html]. The plaintiff alleges that Facebook violated the Illinois Biometric Information Privacy Act (BIPA) in implementing its photo tagging suggestion feature. The outcome should be interesting considering that BIPA explicitly excludes photographs from the definition of the term “biometric identifier” and excludes from the definition of “biometric information” any information that was derived from items explicitly excluded from the definition of biometric identifier. As the biometric information Facebook holds is derived from photographs uploaded to the site, it’s possible that the court decides the statute does not apply.
Regardless of the outcome, the case has brought a lot of attention to how states regulate the private use of facial recognition technology. With the breakdown of talks at the federal level, privacy advocates will certainly be focusing their resources on efforts to regulate this technology at the state level. Strategic engagement with policy makers in state capitals across the country will be crucial for companies wishing to employ these technologies in the future.