I was afraid this would happen. The use of facial geometry to identify us—what Facebook once called our “faceprint”—has gone mainstream, and the perfect surveillance society is that much closer.
A story out of Russia this week shows what lies in store. It describes how you can point a smartphone at a stranger on the bus or on the street, and then use a facial recognition app to identify them on the spot. Men are using it to track women, and law enforcement in Russia and other countries are embracing it too.
“If you see someone you like, you can photograph them, find their identity, and then send them a friend request,” the Russian app maker told the Guardian. You could also stalk or harass them too.
Things haven’t got to this point in western countries—yet. While facial recognition is being used on a mass scale by the likes of Facebook (FB) and Google (GOOG), the technology still comes across as fun and friendly. But for how much longer?
Face-to-face with a Nightmare
To understand why facial recognition is so scary, it’s helpful to know the technology that makes it possible.
There are actually two parts to the technology. The first relates to computers’ ability to recognize faces. Although the techniques are imperfect, it’s now possible for computers to use faces as a one-of-a-kind identifier, and find other matches on the Internet.
The other part is the speed at which computers can find a match. A popular app in Russia can comb through millions of photos in a social network, and show matches in seconds. So can Facebook and Google. That’s how those companies are able to ask “is this Mary?” (or whoever) when you upload a picture.
So why is this so bad? The problem is that the technology is escaping the control of any gate-keepers, and now more and more people are using it. Online images are turning into a way to spy on us in the real world. If this keeps up, anyone will be able stand outside a gay bar or a mosque or an AIDS clinic, and use their phone to identify people going in and out.
We’re not there yet, of course. Right now, the worst abuses are taking place in Russia. But face-tracking is catching on in other countries too.
Australia is preparing a tool called “The Capability” that will give police the power to pick out faces from millions of photos, possibly including ones from Facebook. Meanwhile, Malaysia is mulling plans to deploy the technology to screen for trouble makers outside night clubs.
In the United States, casinos are using facial recognition and so are retailers. Wal-Mart acknowledged to Fortune last year that it tested a trial program to screen for shoplifters (though later dropped it).
Get Data Sheet, Fortune’s technology newsletter.
And then there are Google and Facebook, which are collecting millions of photos at a rapid rate, and whose “tagging” technologies are the best in the business. What happens if someone scrapes their photo databases? That’s what a programmer did with a Russian social network in order to create an identification tool. One can only imagine what a hacked database of Facebook photos would fetch in the Internet’s darker corners.
Even if Facebook can keep its photo database nailed down tight, this is a company that wields more power than any media company, and that just hired a sitting federal judge. Can we trust it to do the right thing with our faces?
In the meantime, keep uploading those kids photos. The sooner tech companies know your children’s faces, the sooner they can have an indelible way to identify them.
Facing a point of no return?
The Russian app maker said he believes the technological progress is irreversible, so we might as well try to live with it. He is probably right about that. In his case, he will try to live with it by selling his facial technology to retailers and law enforcement.
The rest of us might hope there are other options, like finding a way to stave off a facial recognition dystopia a little longer. There are a few options. Congress could pass laws to restrict how biometrics are used, or we could encourage software and device makers to promote so-called “privacy by design” solutions.
But in the United States, so far, none of this happening. Instead Americans are like the frog in a pot of water unaware it’s being boiled. An attempt by the Department of Commerce to create facial recognition rules collapsed last year after privacy advocates walked out in response to industry’s intransigence.
There are a few class action lawsuits out there, including ones against Facebook and Google, that accuse the companies of violating the state of Illinois’ biometrics laws. While the lawsuits have gotten some traction of late, the companies may simply pay to make the cases go away.
More can be done. Canada and European countries are at least trying to keep some limits on facial recognition, including by restricting the use of automated “tagging” features.
It’s time for a U.S. lawmakers to get a handle on this. Otherwise, our faces could unlock a surveillance state more controlling than anything even George Orwell could have dreamed up.