How to limit the use of facial recognition data
Facial recognition has been and continues to be a disputed topic. Advocacy groups and human rights protesters have raised privacy concerns related to the use of facial recognition to identify and verify individuals. The critics are derived from both a potential invasion of privacy and potential error rates that might disadvantage certain demographic groups. The
Facial recognition has been and continues to be a disputed topic. Advocacy groups and human rights protesters have raised privacy concerns related to the use of facial recognition to identify and verify individuals. The critics are derived from both a potential invasion of privacy and potential error rates that might disadvantage certain demographic groups. The questions that often accompany the use of facial recognition are about its role, the way it affects fundamental rights and freedoms, and its impact on democracy.
Risks regarding the governmental use of facial recognition
Concerns surrounding the use of facial recognition systems by governments revolve around the fact that not many states regulate facial recognition technology. For example, the United States had no federal statutes in place to regulate this type of technology. There may be local ordinances addressing surveillance technology, but their regulations are insufficient to establish clear and, most importantly, transparent frameworks and scope. For example, in 2008, the Biometric Information Privacy Act of Illinois established a set of broad regulations that have as objective the public “welfare, security, and safety”.
One of the most important risks associated with the lack of proper regulation is the individuals’ inability to protect their privacy and anonymity in public. Moreover, the technology is used by governments without the individuals’ consent. This means the system may collect and store facial images and then use or even sell them to private companies without the individuals ever being aware of this. Moreover, as long as the system is based on technology, there is always the risk of data breaches without the potential of ever repairing such a breach. While an account can be changed, there is no way to ever remedy a facial recognition breach.
Another major risk associated with the use of facial recognition is the lack of accuracy and the consequences that may follow. According to a report by AI Now from 2018, facial recognition systems are better at detecting light-skinned people than dark-skinned people and better at detecting men than women. Evidently, this may lead to serious misidentifications, as well as racial and other biases.
Even when accurate, the unregulated use of facial recognition technology may lead to the abuse of police and non-democratic states and an increased risk for the safety and welfare of their citizens. For example, in 2019, the people of Hong Kong took to the streets over a controversial extradition bill. Using facial recognition technology, the Hong Kong police managed to arrest almost 750 protesters.
How to limit the risks of facial recognition technology?
The first step is to regulate facial recognition technology. Every state and country should have clear legislation regarding the use of facial recognition to allow for transparency and accountability. External audits should be in place to verify and check for government misuse of the technology, as well as for accidental bias due to inaccurate algorithms. The systems should be tested by independent organizations to make sure the technology is accurate and fair.
If governments were to be held accountable for the improper use of facial technology, private citizens would have the possibility to defend and exercise their rights to ask for proper use of such technology.
As soon as transparency would become an indispensable factor for the use of facial technology, all institutions and companies would have to allow the public access to their privacy policy. Although there are some types of privacy policies already in effect, most of them are left vague and broad to avoid accountability.
Governments need to impose the type of information that should be included in the privacy policies and require a maximum period for the retention of the data collected. A retention schedule and cybersecurity standards may reduce the potential harm that a data breach may have on facial recognition-related datasets. Governments should also include a clear definition of facial recognition terminology for consistency across states.
Moreover, governments should limit the use of facial recognition by law enforcement to avoid abuses and privacy risks. Facial recognition should not be used in private places, like cars or homes, without a warrant to ensure the fundamental right of privacy. The same applies to monitoring drivers to reduce the rate of “distracted driving”. There should be no monitoring of drivers or individuals in their homes without the express consent of the respective individuals.
While private companies already have an “opt-in” and “opt-out” policy regarding data usage, the governments should have as default a method that opts out the individuals from facial recognition usage unless they expressively consent to allow the use of such technology.