Companies refuse opt-in for facial recognition profiling

Douglas Crawford

Douglas Crawford

June 18, 2015

For better or worse, we are now used to the ubiquitous prevalence of security cameras when we go shopping. In large part we accept the necessity of these to prevent theft and help ensure our safety.

Modern facial recognition techniques, however, go far beyond this remit. Using sophisticated facial recognition software, shops can match a visitor to a name, address, credit card, and spending habits (even noting which items in a shop seem to attract a visitor’s attention).

This information is stored in huge databases (with questionable security), and shared with other retailers and analytics firms to build up a detailed spending profile of members of the public.

It is precisely in order to tackle such widespread abuse of facial recognition systems that the US government organized a Privacy Multistakeholder Process. The aim was for corporations and privacy campaigners to ‘to develop a voluntary, enforceable code of conduct that specifies how the Consumer Privacy Bill of Rights applies to facial recognition technology in the commercial context.’

This has, however, come to a crashing halt as all nine privacy advocates stormed out of the meetings following a complete impasse over the question of consent.

The privacy advocates insisted that companies need to have customers’ consent before scanning their faces, while the corporations point-blank refused to accept any such notion. Professor of law at Georgetown University and participating advocate, Alvaro Bedoya, explained the situation,

‘When we came in [last] Thursday, [we proposed] that in general, there will be exceptions, but the default for identifying unknown people is that you get permission before you identify them using facial recognition. Not a single trade association or company would agree with that premise. That’s remarkable. Google is opt-in on facial recognition, Microsoft is opt-in on facial recognition, Facebook isn’t, but they’ve gotten sued and also had to turn it off in Europe. So not only does it go against state law, it goes against industry practice. Consumers deserve more.

Earlier this year Facebook was sued by a Chicago man for violating Illinois privacy laws by using facial recognition software that ‘secretly amassed the world’s largest privately held database of consumer biometrics data.’ The official joint statement made by the group of privacy advocates on Monday reads,

‘At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard of are tracking their every movement—and identifying them by name—using facial recognition technology. Unfortunately, we have been unable to obtain agreement even with that basic, specific premise. The position that companies never need to ask permission to use biometric identification is at odds with consumer expectations, current industry practices, as well as existing state law.

A letter obtained by the Washington Post reinforces this point,

At this point, we do not believe that the NTIA process is likely to yield a set of privacy rules that offer adequate protections for the use of facial recognition technology. We are convinced that in many contexts, facial recognition of consumers should only occur when an individual has affirmatively decided to allow it to occur. In recent NTIA meetings, however, industry stakeholders were unable to agree on any concrete scenario where companies should employ facial recognition only with a consumer’s permission.

The National Telecommunications and Information Administration (NTIA), who organized the meeting, has expressed disappointment at the walk-out,

NTIA is disappointed that some stakeholders have chosen to stop participating in our multi-stakeholder engagement process regarding privacy and commercial facial recognition technology. Up to this point, the process has made good progress as many stakeholders, including privacy advocates, have made substantial, constructive contributions to the group’s work. A substantial number of stakeholders want to continue the process and are establishing a working group that will tackle some of the thorniest privacy topics concerning facial recognition technology. The process is the strongest when all interested parties participate and are willing to engage on all issues. NTIA will continue to facilitate meetings on this topic for those stakeholders who want to participate.

It seems clear to us that the corporations have no intention of respecting the privacy of members of the public, and as Jeff Chester, the executive director of the Center for Digital Democracy, observed, we can hardly rely on the government to protect our rights,

The White House staff are veterans from Google and Facebook — they see this sector as vital to the American economy and they used data mining techniques in elections, so it is no surprise that they are ambivalent about protecting privacy, to say the least.

Perhaps new fashions will be influenced by facial camouflage, as consumers take matters into their own hands and take active steps to enforce their lack of consent on uncaring and exploitative companies? Alternatively, they could simply vote with their feet, and not visit shops and malls that deploy advanced facial recognition technology. One can only hope!

Your Information will never be shared with any third party.
Enter your email address to receive your Beginner's Guide to Online Security for Free
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the ebook:
Your Information will never be shared with any third party.
Enter your email address to receive your Ultimate Online Privacy Guide eBook!
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the eBook:
Special VPN Deal
Exclusive Offer
Get a Special Deal - 72% OFF!
With a biannual subscription
Exclusive Offer for Visitors!
50% Off Annual Plan
Limited Time Only
Exclusive price of
Exclusive Offer
Get NordVPN for only