• United States



EFF: Americans may not realize it, but many are in a face recognition database now

Jul 18, 20126 mins
Data and Information SecurityFacebookMicrosoft

EFF Staff Attorney Jennifer Lynch testified that although "many Americans may not realize it, they are already in a face recognition database." The Judiciary Subcommittee on Privacy, Technology and the Law held a hearing about facial recognition in regards to privacy and civil liberties. Between Facebook scanning 300 million photos a day and the FBI's nationwide face search, real-time face recognition is coming and we desperately need privacy protections in place.

People are not going to, nor should they have to, start walking around outside with a bag over their head to avoid security cameras capturing images of them. Yet “face recognition allows for covert, remote and mass capture and identification of images — and the photos that may end up in a database include not just a person’s face but also how she is dressed and possibly whom she is with. This creates threats to free association and free expression not evident in other biometrics,” testified EFF Staff Attorney Jennifer Lynch about What Facial Recognition Technology Means for Privacy and Civil Liberties.

There are 32 states that use some form of facial recognition for DMV photos. Every day, Facebook happily slurps up and automatically scans with facial recognition software about 300 million photos that users upload to the social networking giant. “Face recognition is here to stay, and, though many Americans may not realize it, they are already in a face recognition database,” Lynch said. In fact, when you stop to consider Facebook “at least 54% of the United States population already has a face print.” Now it purchased which had 31 billion face images profiled.

Previously Senator Al Franken declared privacy is a fundamental right and explained in a letter to NTIA [PDF] how the Fourth Amendment and privacy are taking a beating via technology. Recently Sen. Franken said “The dimensions of our faces are as unique to us as our fingerprints. And right now technology exists that gives the government and companies the ability to figure out your name and other personal information about you with nothing more than a photograph.” Today the Judiciary Subcommittee on Privacy, Technology and the Law held a hearing about facial recognition in regards to privacy and civil liberties.

Sen. Franken brought up Facebook’s FAIL on privacy by design by mentioning that it takes six clicks on the allegedly “easy to use” privacy options to opt out of facial recognition and tagging. When Rob Sherman did not have the answers to some questions, Sen. Franken sent a light jab of reminder that Sherman is the Facebook Manager of Privacy and Public Policy. Will Facebook eventually sell all these face prints? Sherman sidestepped by saying, “It’s difficult to know in the future what Facebook will look like five or ten years down the road.”

Lynch mentioned some advancements in camera and surveillance technology that will make facial recognition more common place and ever so handy for law enforcement “to track Americans.” Did you know “the National Institute of Justice has developed a 3D binocular and camera that allows realtime facial acquisition and recognition at 1000 meters?” Lynch testified, “The tool wirelessly transmits images to a server, which searches them against a photo database and identifies the photo’s subject.”

What happens if you are in a crowd, wrong place, wrong time, and have your picture taken due to an allegedly suspicious person or persons? Much like the NSA whistleblowers’ claims that the government is full-throttle Total Information Awareness by having a dossier on nearly every U.S. citizen, and you are “automatically suspicious” until proven otherwise, facial recognition false positives will put the burden of proof on innocent people. Funny, being that in America we are supposed to be innocent until proven guilty and not vice versa.

EFF’s Jennifer Lynch did a wonderful job with her testimony in pointing out the potential dangers of face recognition and other biometrics without “data collection, transfer and search” protections in place. She touched on the FBI’s nationwide face search and recognition program.

The FBI has stated it needs “to collect as much biometric data as possible . . . and to make this information accessible to all levels of law enforcement, including International agencies.” Accordingly, it has been working “aggressively to build biometric databases that are comprehensive and international in scope.”

The FBI has stated that a future goal of NGI is to allow law-enforcement agencies to identify subjects in “public datasets,” which could include publicly available photographs, such as those posted on Facebook or elsewhere on the Internet….The FBI has also stated that it hopes to be able to use NGI to track people as they move from one location to another.

What if you apply for a job and they want a photo for your file? Some doctors ask for a photo too. Lynch pointed out that “Although noncriminal information has always been kept separate from criminal, the FBI is currently developing a ‘master name’ system that will link criminal and civil data and will allow a single search query to access all data. The Bureau has stated that it believes that electronic bulk searching of civil records would be ‘desirable’.”

According to the FBI’s testimony:

The Facial Recognition Pilot provides a search of the national repository of photos consisting of criminal mug shots, which were taken at the time of a criminal booking. Only criminal mug shot photos are used to populate the national repository. Query photos and photos obtained from social networking sites, surveillance cameras, and similar sources are not used to populate the national repository. The national repository is updated as transactions, including enrollments and deletions, are submitted by law enforcement users. The national repository contains approximately 12.8 million searchable frontal photos.

Yet Lynch said, “Given the FBI’s history of misuse of data gathered on people during former FBI director J. Edgar Hoover’s tenure and the years following September 11, 2001, 76-data collection and misuse based on religious beliefs, race, ethnicity and political leanings-Americans have good reason to be concerned about expanding government biometrics databases to include face recognition technology.”

Whether you want to believe it or not, as Dr. Alessandro Acquisti pointed out, mobile real-time face recognition is coming much faster than most people believe. Yet Duke Law School professor Nita Farahany argued that the use of facial recognition software does not violate the Fourth Amendment.

Like this? Here’s more posts:
  • The more you encrypt, the more the government breaks into your cloud
  • HOPE 9: Whistleblower Binney says the NSA has dossiers on nearly every US citizen
  • NSA Whistleblower Drake: You’re automatically suspicious until proven otherwise
  • Mobile Phone Surveillance Out of Control: Cops Collected 1.3 Million Customer Records
  • High tech car theft: 3 minutes to steal keyless BMWs
  • TSA lawlessly snubs federal court ruling for 1 year! Interview with Jim Harper
  • Hacker claims to have breached & backdoored antivirus software firm Trend Micro
  • The Future of Drone Surveillance: Swarms of Cyborg Insect Drones
  • NSA claims it would violate Americans’ privacy to say how many of us it spied on
  • Independence Day: Ghosts of SCOTUS on the fundamental right to privacy
  • Windows 8 technology shift: The coming end of Win32 apps
  • Going Dark in the Golden Age of Cyber-Surveillance?
  • Exploiting Windows: Upcoming Black Hat Briefings

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.