Market research and other data suggest that the market for facial recognition technology has increased in the number and types of businesses that use it since a Government Accountability Office (GAO) report on the topic in 2015. For example, newer functions of the technology identified by stakeholders and literature included authorizing payments and tracking and monitoring attendance of students, employees, or those attending events.
GAO’s latest report on the technology, which it publicly released on August 11, says that although accuracy has increased dramatically in recent years, differences in performance exist for certain demographic groups. National Institute of Standards and Technology tests found that facial recognition technology generally performs better on lighter-skin men and worse on darker-skin women, and does not perform as well on children and elderly adults. These differences could result in more frequent misidentification for certain demographics, such as misidentifying a shopper as a shoplifter when comparing the individual’s image against a data set of known shoplifters. There is no consensus on what causes performance differences, including physical factors (such as lighting) or factors related to the creation or operation of the technology. However, stakeholders and literature identified various methods that could help mitigate differences in performance among demographic groups.
The report identifies concerns related to privacy, such as the inability of individuals to remain anonymous in public or the use of the technology without individuals’ consent. Facial recognition technology may collect or store facial images, posing varying levels of risk. Some federal and state laws and the European Union’s General Data Protection Regulation impose requirements on U.S. companies related to facial recognition technology. However, as GAO reported in 2015, there is no comprehensive federal privacy law governing the collection, use, and sale of personal information by private-sector companies. Some stakeholders, including privacy and industry groups, have developed voluntary frameworks that seek to address privacy concerns. Most of these frameworks were consistent with internationally recognized principles for protecting the privacy and security of personal information. However, U.S. companies are not required to follow these voluntary frameworks.GAO therefore reiterates its previous suggestion from a 2013 report that Congress consider strengthening the consumer privacy framework to reflect changes in technology and the marketplace.