FTC Guidelines Take Aim at the Widespread Use of Facial Recognition Technology

Anthony Freed
By | October 24, 2012

Posted in: Network Security Trends

Imagine a world where your every move can be tracked via closed circuit video systems, or through seemingly innocuous photos of the crowd at an event you attend that are posted by someone else on social media outlets. Even more disturbing, envision a world where hidden cameras are strategically placed to capture your facial expressions in order to assemble a deeply personal profile of your specific attitudes and emotional reactions to various stimuli.

The thought of such a world conjures up notions of an Orwellian society where privacy has succumb to advanced technologies and the forces behind the rise of Big Data, and the reality is that with the advancement of sophisticated facial recognition software, such a world may not be the domain of science fiction for long. For that reason, the Federal Trade Commission (FTC) has issued a set of guidelines in an effort to protect consumers from the potential abuse of these powerful tools.

"Guidance on facial recognition is important, and the FTC is being proactive in releasing the best practices, instead of waiting until after such emerging technologies have become ubiquitous and misuse is widespread," noted privacy expert and attorney Rebecca Herold told Security Bistro. "You can’t shut the barn door after the digital horses have broken free."

The FTC report indicates that facial recognition technology is already being used "in a wide array of contexts," the most common of which is the identification of individuals from photographs or video footage, most often by law enforcement. More sophisticated uses of facial recognition tools include the analysis of specific characteristics in facial expressions which is being conducted by private companies.

"Companies can identify moods or emotions from facial expressions to determine a player’s engagement with a video game or a viewer’s excitement during a movie. Companies can also place cameras into digital signs to determine the demographic characteristics of a face – such as age range and gender – and deliver targeted advertisements in real-time in retail spaces," the FTC report explains.

Jeff Bardin, Chief Intelligence Officer for Treadstone 71, told Security Bistro that the problem with facial recognition is not the technology itself, but in its application without the consent of those who may be impacted by its use.

"For commercial uses of any kind, a full opt-in and enrollment process should occur before anyone is allowed to us facial recognition with or on anyone. This is much like recording a conversation without the consent of the target individual. Your features, although not hidden to the world, are still yours and should be protected," Bardin says.

He also points out that these technologies are still imperfect, and careful consideration is in order if facial recognition technology is going to be used as a primary authentication method. "I have been using facial recognition software for several years and find it to be convenient for a second factor when accessing my laptop, but I have seen some facial recognition access tools get spoofed by holding a still picture of the target person in front of the camera," Bardin noted.

While regulatory guidance such as those provided in the FTC report may serve to reign in the use of facial recognition for what can be considered legitimate uses by advertisers and in other commercial activities, the rapid advancement of these technologies also presents a threat to the public by those with more nefarious intentions.

"Current technologies have created a much more complex, and much more quickly changing business environment than we’ve ever encountered before. Misuse and deceptive practices, not to mention identity fraud and other even more heinous crimes, are being committed through the use of personal information, and often are not even detected until months or years later," Herold warns.

The FTC guidelines were issued following a four-to-one vote by an agency Commission, with the lone dissenting vote being cast by Republican Commissioner Thomas Rosch, who believes that the document "goes too far, too soon." As an expert on both legal and privacy matters, Herold is outwardly critical of Rosch's position on the matter.

"It is disappointing, and quite frankly troubling, to see the comments of Thomas Rosch, which are clearly rooted in the 1980s environment. Mr. Rosch seems completely disconnected with current, widespread public use of technology, and appears to be oblivious to the daily reports of privacy breaches that resulted from businesses and other organizations not having followed best practices to protect the associated personal information."

Herold also stated that she believes the FTC guidelines are merely a "good first step" to developing comprehensive regulations and best practices standards that will serve to protect the rights of consumers and diminish the risks posed by widespread use of facial recognition technologies.

"Asking organizations to use facial recognition responsibly, by following established best practices, is a good move. I look forward to the best practices evolving to be even more inclusive of the privacy risks involved, and to consider the various use cases that would be involved with facial recognition. Privacy protection needs will vary based upon such use case situations," Herold said.

You May Also Be Interested In: