With estimates that the use of facial recognition technology—which can verify or identify an individual from a facial image—will dramatically increase over the next decade, government agencies, privacy groups and industry representatives have expressed concern over a number of privacy issues tied to the new technology.
Just weeks ago, Homeland Security Today reported that use of facial recognition devices and licenses is predicted to increase from 28.5 million in 2015 to 122 million by 2024, which will likely lead to increased use by government and law enforcement, according to market research firm Tractica.
Although facial recognition technology faces strong competition from fingerprint, eye and voice biometric technologies, the industry is growing. Tractica forecasted that global facial recognition revenue will reach $882 million by 2024, with cumulative revenue for the 10-year period totaling $4.9 billion at a compound annual growth rate of 22 percent.
Amid these reports predicting the technology’s rapid growth, the Government Accountability Office (GAO) conducted a review examining use of facial recognition technology in commercial settings. Specifically, the auditors assessed the various uses of facial recognition technology, privacy issues that have been raised, proposed best practices and industry privacy policies, and potentially applicable privacy protections under federal law.
GAO concluded there are no federal laws that directly address the use of facial recognition technology.
Facial recognition technology is used in a number of US commercial applications including security, secure access, marketing and customer service. For example, social networking applications can identify individuals in photographs, retailers can improve marketing and customer service, and the technology can be used to provide secure physical access control to buildings or other locked areas.
Current and potential uses for the technology also include facial Internet search engines, matchmaking for online dating, memory support applications for smartphones assisting people with prosopagnosia (face blindness) or other memory-related conditions and for use in the hospitality industry as a mechanism hotel services can use to identify guests without having to ask for name or room number.
However, GAO said the “extent of its use is not fully known.” The International Biometrics & Identification Association, other industry trade organizations, and Federal Trade Commission (FTC) staff told GAO they knew of no comprehensive reliable information on the extent to which US businesses use facial recognition technology.
According to GAO, privacy advocacy organizations worry that “if its use became widespread, it could give businesses or individuals the ability to identify almost anyone in public without their knowledge or consent and to track people’s locations, movements and companions.”
GAO said, “They have also raised concerns that information collected or associated with facial recognition technology could be used, shared, or sold in ways that consumers do not understand, anticipate, or consent to.”
Stakeholder views on the issue vary. Some believe individuals should only expect a limited amount of privacy when out in public and that surveillance is already party of our daily lives. They believe consumers should be willing to give up some privacy for the benefits the technology offers.
The Center for Democracy & Technology asserted, however, that when most individuals are in public, they expect some recognition by businesses or individuals, but a very limited amount anticipate these entities connect a name to their face, and even fewer to associate their image with behavior online, in a store or traveling.
Sen. Al Franken (D-Minn.), who requested the report, asserted that the privacy issues stakeholders have raised about facial recognition technology point to the need for federal privacy laws to address new technologies.
“The newly released report raises serious concerns about how companies are collecting, using, and storing our most sensitive personal information,” Franken said. “I believe that all Americans have a fundamental right to privacy, which is why it’s important that, at the very least, the tech industry adopts strong, industry-wide standards for facial recognition technology. But what we really need are federal standards that address facial recognition privacy by enhancing our consumer privacy framework …"
Views also vary on the merits of voluntary and self-regulatory approaches versus legislation and regulation to protect privacy. The Department of Commerce’s National Telecommunications and Information Administration has developed a series of multi-stakeholder meetings aimed at coming up with a set of voluntary rules for commercial uses of facial recognition technology.
However, privacy advocates – which included individuals representing the Center for Democracy and Technology, the Electronic Frontier Foundation and the American Civil Liberties Union – all withdrew in protest.
Although federal laws do not fully address the privacy issues that stakeholders have identified with commercial uses of facial recognition technology, two states—Texas and Illinois—have adopted privacy laws that expressly address commercial uses of biometric identifiers. These laws require private groups to obtain individuals’ consent before collecting such identifiers and generally prohibit them from sharing these with third parties.
GAO did not provide any recommendations; however, in a 2013 report, the federal watchdog suggested that Congress consider strengthening the consumer privacy framework to reflect changes in technology and the marketplace.
“Facial recognition technology may be employed in a wide range of useful commercial applications, but the future trajectory of the technology raises questions about consumer privacy,” GAO concluded.