Is facial recognition tech really a threat to privacy?

  • Published
Computerised faceImage source, Getty Images

Facebook has decided not to offer its photo-sharing app Moments in Europe because of regulator concerns over its facial recognition technology.

And earlier this week, talks between US tech firms and privacy campaigners broke down over fears about how the industry is planning to use the tech.

So why is there so much concern over facial recognition tech, and is it justified? We unpick some of the issues.

Is this a new thing?

Not really. The concept of using cameras to recognise people has been around for decades - CCTV has become all but ubiquitous in our cities. And the public has, by and large, accepted the trade-off between privacy and protection. CCTV images are routinely used as evidence in court and have helped identify and prosecute many criminals.

So what's changed then?

Cameras have been good at recording people doing things but not so good at identifying them as individuals - unless your face was already on a database. And even then, CCTV images were often so blurry that facial recognition software was unable to make a match. If you weren't on a database, law enforcement authorities had nothing to compare your captured image with - they just had to hope someone recognised you.

Image source, Getty Images

But with the latest high-definition - and even ultra-high-definition - cameras giving images far more detail and sharpness, the curse of the blurry picture could disappear. And as the software and computing power improves too, programs could more easily make matches against existing databases and accurately measure the minute differences in our physiognomies that make us unique.

Why does that matter?

Because, theoretically, we can now be individually identified wherever we go. As our lives have become increasingly digital and online, we've been leaving data trails everywhere we go, particularly via social media and our smartphones. These separate bits of data can be amalgamated to build up a detailed picture of who we are - our tastes, opinions, friendships, habits, movements. If cameras can also identify us individually - by matching the image they capture with a Facebook photo they've gleaned, say - then the picture becomes almost complete.

Who does this benefit?

Law enforcement agencies and companies who want to sell us stuff, mainly. Say you walk into a shop - the in-store cameras could identify you using software that analyses your unique facial characteristics. This could then be cross-checked against your smartphone location data. The retailer could then ping special offers and discounts to your phone tailored to you personally, even responding to the outfit you happen to be wearing that day. Recognition software, coupled with machine learning, is now sophisticated enough to distinguish between objects within images, as well between faces. And some software companies reckon they can even monitor customers' changing emotions as they interact with products in the store.

What's wrong with that?

Nothing necessarily - consumers could benefit greatly, in fact. For example, facial recognition systems in airports - when they work - can help speed up passport checks. The issue is whether we have a choice. Civil rights groups argue that we have a fundamental right to privacy and that wanting to be anonymous does not mean we have "something to hide". We shouldn't be able to be identified if we don't want to be.

But how will we know whether we're being remotely identified or not? This is the issue that provoked a group of privacy campaigners to walk out of talks brokered by the US National Telecommunication and Information Administration, a division of the Department of Commerce. They were all trying to come up with a voluntary code of practice governing how facial recognition technology should be used. In the campaigners' view, government agencies and private companies are unwilling to accept that they should always seek permission first before using this type of data.

Image source, Thinkstock

Is my face on a database somewhere?

Very possibly. The Electronic Freedom Foundation believes the FBI already has 14 million face images on its database and plans to increase this to more than 50 million. In the UK, the police have about 18 million mugshots on file. And once you've been identified, you stay identified, because your facial characteristics and the proportions of your head, just like your fingerprints, don't change.

What are my rights?

In Europe, companies have to seek your permission first before using facial recognition technology for commercial purposes. This is why Facebook has decided not to offer its photo-sharing app Moments in the region - it does not offer an opt-in facility. Just two states in the US - Illinois and Texas - have adopted Europe's approach. In the UK, the Data Protection Act stipulates that we have to be informed when we are under camera surveillance and by whom. We also have the right to request any recorded images we feature in.

So what's the problem?

People don't always play by the rules. It's very difficult to know how our images are being used and whether our right to privacy is being respected. The digital surveillance genie is out of the bottle, and many privacy campaigners have little faith that regulators will ever be able to stuff it back in.