What a bad week for privacy. Consumer watchdogs gave up on government talks over facial recognition software after industry groups appeared to reject even basic restrictions on face-scanning. Meanwhile, Facebook rolled out a new service called "Moments" that expands the use of the company's powerful "faceprint" technology.
This doesn't mean the privacy apocalypse is upon us; for now least, the Facebook "Moments" tool is just one more creepy-but-useful social media innovation. But if loss of liberty happens gradually, June of 2015 could be a watershed we look back on with regret. It marks a time when we took new steps towards accepting the use of our very faces as a universal ID card – without deciding on the rules for using it.
Facebook's powerful, dangerous faceprint tool
Your face is like your fingerprint: It's a set of identifying markers that are distinct to you and, short of major surgery, can't be erased. In recent years, the FBI and others have amassed mass databases of "faceprints," but Facebook has the biggest, and is best at using them. ("Faceprint" is a generic term, but one that has been adopted by online dictionaries and major media outlets).
My colleague Stacey Higginbotham this week described the remarkable feats of artificial intelligence that let Facebook (fb)teach computers to "see" the same face across hundreds of millions of photographs. That AI power is what drives Facebook's existing "tag" feature, which shows users a photo and a prompt like "Is this Jill?" (if the user says yes, Jill will typically be "tagged" when others see the photo).
That tag feature, notably, is not available in many countries. Regulators in the European Union and Canada, specifically, have found it to be intrusive so Facebook does not turn it on. Given that reaction, it's unlikely those countries will be okay with the company's new "Moments" feature either.
If you're unfamiliar, Moments is one of Facebook's sister apps for mobile devices. It works by burrowing into all the photos on your camera, and sorting them into discrete temporal events – that party, that bike trip, that office function – to create "Moments." The app then tags everyone it recognizes by comparing the faces in the photos to existing Facebook friends (your "social graph" in tech parlance), and invites you to share the resulting "Moment" with everyone tagged in the photo.
The idea is a good one. As Facebook points out, it could eliminate the need to take group shots on multiple cell phones, and it creates a quick and easy way to share pics of an event with those who were there. The catch, however, is that the whole thing turns on Facebook's facial recognition technology in a way that requires everyone to accept the use of their face as a type of ID badge.
Think of the implications: Facebook already has detailed biographical data about each of its users, and now it is using faces to create an archive of where they were and who they were with. Here is how the Privacy Commissioner of Canada explains what could happen (my emphasis):
Of significant privacy concern is the fact that Facebook has the ability to combine facial biometric data with extensive information about users, including biographic data, location data, and associations with “friends.” [...]
The availability of cheap facial recognition for the masses may have the effect of normalizing surveillance over time. We are not yet at the point where we can take pictures of people on the street with our smartphones, identify them, and gain access to information about them. However, this reality may not be too far off
That warning is from 2013 and relates to Facebook's existing "tag" technology. The arrival of Moments, then, doesn't introduce a new privacy risk, but expands an existing one: It normalizes the use of facial technology and makes it easier than ever to quickly track others' whereabouts and the company they keep – all without their permission, and on the internet.
In the worst case scenario, the technology could one day be used to compile and publish moments outside an AIDS treatment center, an abortion clinic, a gay bar, a church, a strip club, a mosque, a union meeting and so on.
It's not fair to blame Facebook for every potential abuses of facial recognition software. After all, lots of other outfits are using it too, including Microsoft, Google, casinos, night clubs and the Department of Homeland Security. Meanwhile, the technology has many benefits.
Facial recognition not only offers a new tool for law enforcement and border security, but could bring convenience and safety to consumers too. Imagine, for instance, using nothing but your face to log-in to your computer, open your front door or control every sensor in your house.
But for now the dangers appear to loom larger than potential conveniences. That's why nine public interest groups, including the ACLU and the Electronic Frontier Foundation, decided this week to abandon talks aimed at setting guidelines for how companies can use facial recognition technology. The groups said the 16-month talks, hosted by the Commerce Department, were futile since industry groups refused to agree to even basic boundaries.
Unfortunately for consumers, in the absence of the proposed guidelines, there appear to be few other legal options to rein in the use of their faceprint.
If the government is involved, the Fourth Amendment of the U.S. Constitution offers privacy protections; the Supreme Court has already said traditional rules on search and seizure apply to newer technologies like GPS devices and smartphones. But such protections may be harder to invoke when it comes to facial recognition technology – especially since putting your face in a public place does not typically involve a "reasonable expectation of privacy."
Meanwhile, constitutional checks don't apply in the case of private companies like Facebook. This means consumers may have to rely on the Federal Trade Commission to regulate how companies use their faceprint. But while the agency is tech savvy, it lacks the teeth of its counterparts in other countries, many of which have dedicated Privacy Commissioners to protect consumers. Likewise, class action lawsuits over Facebook's unauthorized use of users' images have generally come up short; a case over the use of your face for "Moments" would likely do the same, especially as the feature is not directly tied to advertising.
Another option, suggested by privacy scholar and EFF lawyer Jennifer Lynch, could be to apply existing laws like the Wiretap Act or the Video Privacy Protection Act to facial recognition. Doing so might prove impractical, however, given that the laws are decades old and have already proven inappropriate for a variety of computer-related issues. A final legal recourse comes via state laws that restrict the collection of biometrics; however, such laws appear to exist only in three states (Texas, Illinois and Washington) and have not really been tested.
Leaving it up to Facebook
Facebook's Moments tool pushes the privacy envelope by making it more normal than ever for others to quickly reveal where you were and who you were with. But it does at least offer a basic check on the tagging tool: Users who don't like the idea of using their as an ID can use Facebook's own settings to opt out. It's unclear, however, if Facebook will make much of an effort to tell users they can do so.
In an email comment, a company spokesperson said "Moments" is designed for limited sharing among smaller groups.
"Moments is a private way to give photos to friends and get the photos you didn’t take. It is not designed to be a way to publish photos broadly. Like any photo you have on your phone, you could publish a photo more broadly, but the whole point of this app is a private sharing experience with friends who mutually agree to share photos with one another. If you share a photo in Moments to Facebook, you would have to actually tag the photo before the person would be identified on Facebook.”
But even though, as the company explains, a Moment will be sent only to the people tagged in the photos, that does not mean the pictures won't appear elsewhere. That's because anyone who receives a Moment (perhaps with your face tagged in it), can then share it to the wider internet – a fact that Facebook downplays in its own Q&A page:
"Photos you sync with friends are only shared in Moments unless you or a friend decides to share them outside the app ...Keep in mind once you sync photos to a friend, they can then save your photos or sync them to their friends." (Translation: the photos are not private.)
The potential for abuse, and the larger privacy implications of facial recognition technology, means there is an obvious step Facebook should take in the case of Moments and other tagging tools: make them opt-in rather than opt-out. In a perfect world, Facebook would also show consumers a video about what they are giving up when they agree to let the company and others use their face as an ID badge in day-to-day life (though this is about as likely as Mark Zuckerberg selecting 1984 or The Circle for his monthly book club).
For now, Facebook is unlikely to change course in the absence of laws that require it to do so. As such, this could be the month where millions of people learn to trade control of their face for an internet sharing feature.
An earlier version of this story incorrectly suggested that places like Canada and the EU mandated "opt-in" rules for Facebook's tagging; photo tagging is not permitted at all in those places. It was updated to 3pm ET to include Facebook's comment.