Pro-Privacy Groups: Facial-Recognition Rules Aren’t Enough
A number of associations and advocacy groups in the civil liberties space have walked away from the bargaining table due to an impasse over the consumer use of facial-recognition technology. The problem? As the groups put it, it's far easier to change your password than your face.
For more than a year, stakeholders from the federal government, trade groups, and the civil liberties sector frequently met to come up with privacy standards for facial-recognition technology.
In the end, it was the civil liberties groups that shut down the talks.
On Tuesday, the Electronic Frontier Foundation, the American Civil Liberties Union, the Consumer Federation of America, and six other groups stepped away from the process, claiming that there was a lack of acceptance of basic privacy practices by the other stakeholders that had been brought together by the Commerce Department’s National Telecommunications Information and Administration (NTIA). The advocacy groups say that after the significant energy they put into the agreement, they have little to show for it, so they’re cutting their losses.
“At this point, we do not believe that the NTIA process is likely to yield a set of privacy rules that offers adequate protections for the use of facial recognition technology,” the groups said in a joint statement. “We are convinced that in many contexts, facial recognition of consumers should only occur when an individual has affirmatively decided to allow it to occur. In recent NTIA meetings however, industry stakeholders were unable to agree on any concrete scenario where companies should employ facial recognition only with a consumer’s permission.”
While the groups agree on when facial recognition should be used, they found the argument difficult to sell to law enforcement agencies and technology groups taking part in the talks.
“You can change your password and your credit card number; you cannot change your fingerprints or the precise dimensions of your face,” the groups added in their statement. “Through facial recognition, these immutable, physical facts can be used to identify you, remotely and in secret, without any recourse.”
The multi-stakeholder process, which was launched in 2013, came about as a direct result a 2012 consumer privacy framework [PDF] released by the Obama administration. NTIA Spokeswoman Juliana Gruenwald expressed disappointment about the turn of events.
“The process is the strongest when all interested parties participate and are willing to engage on all issues,” she told The New York Times.
While the advocacy groups have left the process, business groups remain involved in the discussions.
“We all want the same outcome—to help users be comfortable using online services with confidence that their privacy will be protected,” Carl Szabo, policy counsel for NetChoice, told the Associated Press. “Some of us have different opinions about what that outcome looks like.”