Public anonymity is dead. While that phrase, “public anonymity” may sound like an oxymoron, let me explain: You can no longer walk along a street, visit a store, or attend an event without the possibility that someone — a government entity, a storeowner, or a tech giant — knows that youare there and can track everywhere else you’ve been, simply by your physical appearance.
In 2018, facial recognition technology spent a lot of time in the news. Between Amazon licensing their Rekognition product to law enforcement, the presence of gender and racial bias in some of the current technology, and China’s use of facial recognition to publicly shame jaywalkers, it’s clear that society is facing moral and philosophical questions about who owns and should have access to your physical identity and information in the real world?
Truthfully, this conversation should be broken in two discussions: what rights do law enforcement / government entities have to track us, and what do we allow companies to access & use our visual identities for?
Much of the focus to date has been on government use of facial recognition. The ACLU has concluded that “Face surveillance threatens to chill First Amendment-protected activity like engaging in protest or practicing religion, and it can be used to subject immigrants to further abuse from the government,” and San Francisco has already proposed a ban on the city’s use of the technology. Aaron Peskin, the member of the Board of Supervisors who proposed the ban commented on his proposal: “I have yet to be persuaded that there is any beneficial use of this technology that outweighs the potential for government actors to use it for coercive and oppressive ends.”
As this discussion heats up, there will undoubtedly be those who cry, “If you’ve got nothing to hide, you’ve got nothing to fear!” Despite this shallow rationalization, I fully expect that masks and other facial coverings will become increasingly popular in public spaces— potentially even stylish.
The more interesting discussion, in my opinion, is how we allow companies to use facial recognition. The technology is already used by Apple to enable you to unlock your iPhone and by Facebook to tag your friends in photos. To date, these applications have for the most part taken place online or under our control, and (to our knowledge) have yet to be deployed in the public sphere.
Public deployment is inevitable, however, as sensors on Google’s Waymo vehicles will have the capability to act as a roaming camera network, identifying pedestrians and even keeping track of where they’ve been (just as Android does today, admittedly).
To be clear, there are many beneficial and convenient applications for consumer facing biometric identification technology, as I’ve written about before. Biometric access control will get rid of the need for physical keys or fobs for your home, office, and other institutions. Your physical identity may function as a non-transferable ticket to a concert or sporting event, while the need to “ID” people with their driver’s licenses disappears.
Since wide-scale deployment of biometric identification is likely inevitable, it’s imperative that we think through all of the potential nefarious use cases and set some ground rules. Lauren A. Rhue, an assistant professor of information systems and analytics at the Wake Forest School of Business has commented on the potential misuse of facial recognition technology, stating: “The risk in giving up any type of biometric data to a company is that there’s not enough transparency, not only about how the data is currently being used, but also the future uses for it.”
For any company looking to deploy biometric identification / facial recognition technology in applications outside of the home, standard operating procedures need to be established sooner rather than later. These standards should include, at a minimum:
- Mandatory opt-in: users must opt-in to have their biometric identity scanned, stored, and tracked.
- Transparency in how data / information will be used today and may be used in the future. This must include any potential for 3rd parties to access or utilize (anonymously) this data (for instance, targeted advertising).
- No selling or buying data to pair biometric identification with other data — such as online activity, credit card data, etc.
- Clear and transparent value proposition to consumers: “By using your biometric ID, we make it easier to X, Y, and Z.”
- The ability to completely delete all personal and biometric identification information at-will.
It is clear to me that current tech giants are likely incapable of fulfilling the proposed standards above. They are too large, diversely focused, and frankly have made too many mistakes regarding privacy and data use in the past. Instead, there’s a distinct need for a company built from the ground up focused exclusively on transparently managing people’s biometric identities, divorced from any other business lines or monetization streams. We have a short window of time to establish the standards by which our physical identities may be used by companies in order to preserve our privacy. Any for-profit company that wishes to deploy biometric identification technology outside of the home or internet should agree to ethical, transparent, and responsible use of such technology, and be held accountable if they fall short of these standards.
This Article is Republished from our dedicated Privacy Magazine, Privacy.dev – read more now.