from the remember-malls,-bart? dept
Facial recognition tech continues it kudzu-like growth. It’s not just government contractors providing tech for law enforcement and security agencies. It’s also making inroads in the private sector — a place where there’s even less oversight of its use.
Cameras everywhere have long been part of retailers’ operations. But retailers are now adding third party facial recognition software to the mix, further increasing the chance innocent people will be punished for software screw-ups.
[W]ith facial recognition, getting caught in one store could mean a digital record of your face is shared across the country. Stores are already using the technology for security purposes and can share that data — meaning that if one store considers you a threat, every business in that network could come to the same conclusion.
One mistake could mean never being able to shop again.
Kogniz, the company behind one strain of shopper-oriented facial recognition tech, says no retailers are currently sharing data and recordings with other retailers. At this point (if Kogniz is to be believed), retailers are still operating within their own silos. But that could change. And it could change without notice. There’s nothing in place legislation-wise that regulates this market. The government isn’t keeping an eye on these developments, leaving it up to companies to self-regulate. They’ve responded by doing nothing.
Without any legal restrictions, companies can use facial recognition without limits. That means being able to log people’s faces without telling customers their data is being collected.
Two facial recognition providers told CNET that they don’t check on their customers to make sure they’re using the data properly. There are no laws requiring them to.
This means there’s no baseline for accuracy and no limits on sharing or retention. This also means law enforcement can ask to be added to the “sharing” list without running afoul of legal restrictions. False positives could result in bans and/or visits from local law enforcement. One Kogniz client is already sharing its login with local law enforcement, ensuring the government gets pinged every time the system registers a hit.
Even the companies providing this tech directly to government agencies are unconcerned about how it’s used.
Gemalto, a digital security company, has been providing facial recognition to the Department of Homeland Security, which uses it at US exits to log foreign visitors leaving the country.
“Once the customer has it, they’re going to operate with the standards that they define,” said Neville Pattinson, Gemalto’s senior vice president for government programs. “It’s not our responsibility to have involvement past the point of delivery.”
Fair enough. But the federal government has also decided they need to do almost nothing. Self-regulation isn’t working any better in the public sector. That’s why the EFF and ACLU are pushing for someone — anyone — to start acting like the adults in the room. Fortunately, a handful of local governments are stepping into the legislative void.
In late January, San Francisco supervisor Aaron Peskin proposed legislation to completely ban the city’s government agencies from using facial recognition. State lawmakers across the US have suggested similar legislation, like in Washington and Massachusetts.
This is a good step forward, if extremely geographically-limited. Tech development has always moved faster than the government. But that excuse is pretty hollow when it comes to facial recognition tech. The government has been an aggressive early adopter. The legislators are late to the party, but at least they’re finally starting to arrive.