This week, a federal judge said Facebook must face a class-action lawsuit over facial recognition and how it collects what’s called biometric data, such as images of faces and fingerprints. Three users sued Facebook under an Illinois state law that says the company has to get written permission before it collects such data. So far, the only laws against gathering that data come from a handful of states.
Marketplace Tech host Molly Wood talked with Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology, about both the value and harm in collecting this information.
Joseph Lorenzo Hall: Privacy harms are not trivial. Ask a federal judge, a law enforcement officer or a victim of domestic violence if they have certain interests in informational harms. These privacy harms where you give someone your data and the data is perhaps misused or not treated with the kind of stewardship that we would expect, and so it gets leaked or breached. Certainly collections — especially large collections — of biometric data, or even sensitive identifying data, you can imagine license plates, having large quantities of images of where and when people drove around is going to start to make people feel pretty uneasy. But it’s the same thing with your face, and there’s not a lot you can do to practice self-defense. You can’t wear masks in many, many states because of our history with the KKK intimidating people in voting lines. And so unfortunately faces are sort of a special case here. It’s sort of a license plate that you walk around with every day and you can’t avoid being photographed by it.
Molly Wood: Well, certainly in the case of social networks, people are uploading photos all the time that have lots of people in them, even if those people are not on Facebook or Twitter or didn’t sign up for Google services. And those people are being tagged and their faces are being added to that database. Is there any opt-out mechanism for them?
Lorenzo Hall: Unfortunately, the best solution is that you sign up for Facebook, and you have a profile, and you actually don’t allow people to tag you in images. But you know, that right there means you have to sort of take part in Facebook. A good suggestion I would say for Facebook is allow some mechanism for folks to not necessarily have an account, but to not have biometric data collected like this.
Wood: And then, because we as a society are in danger of overreacting a little bit maybe, what’s the good side of this? What are some of the positives of facial recognition and biometric data usage?
Lorenzo Hall: So, the two main positives that I would mention is usable security and ease of organization of information. So, in a usable security side, right now it’s never been easier to have a locked phone or a locked device. Before we moved to biometric forms of device locks, something like 20 percent to 25 percent of devices in general were locked. And so the rest, if you found a random phone, it more than likely would be unlocked, and all that person’s information would be for the having. Now it’s much higher. Now that it’s sort of a default biometric authentication either using your face or your thumb, the devices are in the 90s in terms of being locked by default. On the ease of organization side, scroll through your photo app. If you’re on an iPhone, pick a picture of one of your loved ones and scroll up, and you’ll see it actually clusters other photos of them down below, and you can actually scroll through photos of them. It’s extremely useful in terms of strolling through your family’s history or things like that. Those are both just amazing uses that I don’t think anyone wants to give up. But we can have those uses and also not have toxic waste of biometrics, links happening left and right.
|Why facial recognition software has trouble recognizing people of color|
|Biometric screening is coming to the airport of the future|