Federal regulation for face recognition technology?

Microsoft wants regulation of facial recognition technology to limit ‘abuse’ (CNN)

“Facial recognition — a computer’s ability to identify or verify people’s faces from a photo or through a camera — has been developing rapidly. Apple (AAPL), Google (GOOG), Amazon and Microsoft are among the big tech companies developing and selling such systems. The technology is being used across a range of industries, from private businesses like hotels and casinos, to social media and law enforcement.

Supporters say facial recognition software improves safety for companies and customers and can help police track police down criminals or find missing children. Civil rights groups warn it can infringe on privacy and allow for illegal surveillance and monitoring. There is also room for error, they argue, since the still-emerging technology can result in false identifications.”

The details of any such federal regulation will matter a lot. I believe three states have laws regulating face recognition technology today: Illinois, Texas, Washington. Illinois is reportedly considering revisions to its Biometric Privacy Law (BIPA) to limit its scope.

The US Congress will need to decide whether to continue to leave regulation of biometric systems to the States or that it’s time for federal action. We’ll definitely bee keeping a close eye on this.

Illinois to revisit BIPA law?

Illinois Considering Amendments to Biometric Privacy Law (BIPA) That Would Create Major Exemptions to Its Scope (Proskauer.com)

“Biometric privacy remains an important issue, as facial recognition and other biometric technologies are increasingly in use. As such, it is desirable to find a balance between privacy and security while at the same time allowing companies to use the advances in biometrics in productive ways. Some argue that the Illinois law, in its present form, fails to strike that balance. It appears that some of the Illinois legislators have heard that argument and are trying to correct any imbalance that the law might present. Given what’s at stake, we will closely follow these legislative developments.”

Proskauer Rose, the source of the linked article, is an international law firm with offices in Chicago. The full piece has a lot of links to more information on the Illinois BIPA law. Read the whole thing, especially if you’re interested in biometrics, privacy, or in business in Illinois.

Our previous posts touching on the Illinois BIPA law can be found here.

Illinois: Google faces face-rec lawsuit

Google Gets Sued Over Face Recognition, Joining Facebook And Shutterfly In Battle Over Biometric Privacy In Illinois (IBTimes)

In the latest scuffle over biometric data collection in Illinois, Google Inc. this week was hit with a lawsuit over its face-recognition technology, making Google the latest tech giant to be accused of violating an unusual state privacy law that restricts the collection and storage of so-called faceprints. Illinois and Texas are the only two states that regulate how private companies may use biometric data, and Illinois is the only state that authorizes statutory damages for violations.

Another Illinois Facebook face recognition lawsuit

Gillen v Facebook (Scribd)

Note: BIPA = Biometric Information Privacy Act

I have removed two footnotes in original.

NATURE OF ACTION

1. Plaintiff brings this action for damages and other legal and equitable remedies resulting from the illegal actions of Facebook in collecting, storing and using Plaintiff’s and other similarly situated individuals’ biometric identifiers and biometric information (referred to collectively at times as “biometrics”) without informed written consent in violation of the BIPA.

2. The Illinois Legislature has found that “[b]iometrics are unlike other unique identifiers that are used to access finances or other sensitive information.” 740 ILCS 14/5(c). “For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”

3. In recognition of these concerns over the security of individuals’ biometrics – particularly in the City of Chicago, which was recently selected by major national corporations as a “pilot testing site[] for new applications of biometric-facilitated financial transactions, including finger-scan technologies at grocery stores, gas stations, and school cafeterias,” 740 ILCS 14/5(b) – the Illinois Legislature enacted the BIPA, which provides, inter alia, that a private entity like Facebook may not obtain or possess an individual’s biometrics unless it: (1) informs that person in writing that biometric identifiers or information will be collected or stored, see id.; (2) informs that person in writing of the specific purpose and length of term for which such biometric identifiers or biometric information is being collected, stored and used, see id.; (3) receives a written release from the person for the collection of his or her biometric identifiers or formation, see id.; and (4) publishes publically available written retention schedules and guidelines for permanently destroying biometric identifiers and biometric information, see 740 ILCS 14/15(a).

4. In direct violation of each of the foregoing provisions of § 15(a) and § 15(b) of the BIPA, Facebook is actively collecting, storing, and using – without providing notice, obtaining informed written consent or publishing data retention policies – the biometrics of its users and unwitting non-users.

5. Specifically, Facebook has created, collected and stored over a billion “face templates” (or “face prints”) – highly detailed geometric maps of the face – from over a billion individuals, millions of whom reside in the State of Illinois. Facebook creates these templates using sophisticated facial recognition technology that extracts and analyzes data from the points and contours of faces appearing in photos uploaded by their users. Each face template is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person.

6. Plaintiff brings this action individually and on behalf of all others similarly situated to prevent Facebook from further violating the privacy rights of Illinois residents, and to recover statutory damages for Facebook’s unauthorized collection, storage and use of unwitting non-users’ biometrics in violation of the BIPA.

A wrinkle in this lawsuit is that the plaintiff is not, and never has been, a registered Facebook user and therefore could not have agreed to Facebook’s terms of service.

Illinois: School cafeteria biometrics

Parent gives thumbs down to finger scans (The Telegraph – Alton, IL)

Essentially the same article has appeared perhaps thousands of times in local papers over the last few years.

What makes this one interesting is the process of adoption and communication was unusual and is more explicitly dealt with here than in other articles.

“We adopted the philosophy of ‘every child, every day,'” Moore said. “This means that every child in the district starts every day with something to eat.”

By serving breakfast to every student, the cafeterias must provide the equivalent number of meals served over nine lunch periods in a short span of time each day.

“In order to process that many students quickly, we needed to come up with a different system,” Moore said. “It also allows the students to get through lunch lines faster and have more time for recess.”

Read the whole thing. It’s short.