Privacy and Face Recognition
A colleague recently sent me an article that talked about the FTC’s stance on face recognition. The FTC was cautioning companies to be careful about using face recognition in ways that would violate current privacy laws:
Even if the technology isn’t fully mature yet, it will soon be possible for the technology to match a name with a face and be able to access data about jobs, credit history and health without the user even being aware of it, according to Leibowitz.
Face recognition technology is pretty mature already. It isn’t quite as mature as Hollywood would portray in the movies, but it is plenty mature enough to start violating people’s privacy.
Here is a hypothetical example. I could easily build an “smart ad” type project that would show a Victoria’s Secret ad, along with a camera to watch people passing by.
I could register that you looked at the ad, and how long you looked at it. I could keep metrics on you over time – you looked at the ad every day between 7:30 and 8:00. At this point, I don’t know who you are, but I do know you as a unique individual – person #5634. Am I violating your privacy yet? Maybe, maybe not. It depends on your individual views on privacy.
Now, I decide to try to link that to your Facebook profile. That’s not going to be terribly successful, but it will work in some cases. I make a leader board and post it online, saying “John Smith has looked at our lingerie models a total of 20 minutes and 30 seconds this month!” Have I violated your privacy yet? Probably true for a lot more people.
Next, let’s say my company is large database company that manages health records. I use that information to flash up a message on my billboard, saying “Hey John Smith – I bet our models can help with your ED problem!” At this point I have probably violated the privacy of almost anybody.
I sincerely believe you should have the right to control your data, even if it is data that is available in the public. If a company is going to take a picture of you, especially if they are going to use biometrics, they should be subject to the same rules that exist for any other data collection. First, they should be required to notify you (16 pt font, minimum) that they are collecting your face or face biometric. They should be required to post what they are going to do with data, how long they are going to retain it, and who they are going to share that data with. Then, you can decide whether you want to patronize that business or not.
As an aside, I was in Kinko’s today and counted 10 separate surveillance cameras. Next time you are bored standing in a line somewhere, count how many you can see. They are everywhere.