Facial Recognition: Data Privacy Concerns on Your Own Block

Facial recognition technology has experienced a boom this past year. Amazon launched Amazon Rekognition, which has been used in cities like Orlando, FL, to scan faces in public and flag criminal matches against its database. A handful of retailers have also begun using facial recognition cameras in their stores to primarily monitor shoplifting and stealing, but to also identify unhappy customers.

Notably, Illinois and Texas are the only states where it is illegal to collect biometric data without consent. Both states have passed their own version of biometric information privacy acts. These laws limit how people’s retina or iris scans, fingerprints, voiceprints, hand and face scans may be collected and used. Illinois requires entities using facial recognition technology to obtain express, written consent from people before taking their biometric data. Both states also require disclosure of the length of time biometric identifiers will be used. But with no federal laws and limited state laws to guide this technology, there are many concerns about how companies and cities actually use data they collect, who else has access, and whether consumer privacy laws may be violated.

Amazon provides for a useful case study in examining the potential privacy and civil liberties problems unregulated facial recognition presents. Studies have shown that facial recognition technology — though seemingly sophisticated — has a tendency to mismatch and misidentify people, namely people of color. The ACLU identified that Amazon Rekognition “falsely identified” 28 Congressmen with arrest mugshots; the false matches were disproportionately people of color. These false matches are especially alarming because Amazon has promoted Rekognition to police departments, the FBI, and U.S. Immigrations and Customs Enforcement (ICE).

Demanding more transparency and details about Rekogition, a small group of U.S. Representative sent a letter to Amazon CEO Jeff Bezos in November 2018.  In response to the US Representatives’ letter, Bezos recently posted a pithy blog post that proposed unworkable legislation, dodged many questions, and denied allegations of misuse. Bezo’s call for federal regulation is further complicated by the fact that Amazon has a patent pending that would allow Rekogniton to use biometric information it has already gathered to track individuals and link them to their residence and place of work.  

In response to these concerns and the widespread, unregulated use of facial recognition technology, the U.S. House Oversight and Reform committee is “considering holding a hearing” on facial recognition technology. The House’s consideration for a hearing may be too late to protect against exploitation of biometric data. For those who would have never given consent to share our biometric data, it is unlikely that they will able to recover or regulate their biometric information from these companies. For years, with unfettered access and ability to collect biometric data from millions of Americans, private companies, state and local governments have already amassed an incalculable amount of data and are using it how they please.

Mariah Ahmed, 25 February 2019