NTIA Facial Recognition Talks to Start New Phase With Principles
Principles for facial recognition technology use submitted to NTIA ahead of a Tuesday multistakeholder meeting revealed wide-ranging opinions and a divide between privacy and civil liberties advocates and industry groups. Participants we talked to said it was a good exercise to start articulating what has only been hypothetical to this point in the four meetings of the NTIA-backed group tasked with creating a code of conduct for facial recognition technology.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
"One thing we all seem to agree upon is a desire to give users control and to avoid prohibition writ large on the use of this technology,” NetChoice Policy Counsel Carl Szabo told us. “However, the devil’s in the details.” A number of the NTIA group’s key players -- such as the Center for Democracy and Technology and the Application Developers Alliance -- did not weigh in. Nor did many high-profile users of facial recognition technology, like Google or Facebook. NetChoice represents e-commerce companies including Facebook and Google. Eight organizations submitted principles: Association for Competitive Technology (ACT), American Civil Liberties Union (ACLU), Center for Digital Democracy (CDD), Interactive Advertising Bureau, Internet Association, Marketing Research Association (MRA), NetChoice and TechFreedom.
The level of consumer control was the key point of disagreement in the submitted principles -- whether facial recognition technology use be opt-in or opt-out. “You really starkly illuminate the differences” once they are written down, ACLU Legislative Counsel Chris Calabrese told us. Whether those disagreements derail the talks remains to be seen, he said.
The multistakeholder talks have spent three months defining the contours of the discussion and researching examples of day-to-day use of facial recognition technology (WID April 30 p5, March 26 p3, Feb 26 p1, Feb 7 p1). With the principles submitted, Tuesday’s meeting is “the beginning of a new part of the process,” said Calabrese. Szabo said Tuesday will have “a bit more of a focused discussion now that the pen is starting to touch the paper."
The consumer-control gulf separated industry groups and civil liberties advocates in the proposed principles. NetChoice and ACT submitted the principle, “Give consumers appropriate choices about when facial recognition technology and related data is used.” TechFreedom echoed this sentiment: “Businesses should be allowed to use facial recognition on their property so long as consumers are made aware of its use.” But ACLU’s principles on the same issue emphasized “An entity must receive informed, written, and specific consent from an individual before enrolling him or her in a face recognition database.” Calabrese told us: “There’s a pretty wide difference between some of the ideas that have been put forward and what the ACLU believes is the appropriate level of control for a powerful technology."
IAB also submitted a harm-based principle: “Where actual harm is found to exist, we encourage all participants of the multistakeholder process to work towards finding effective solutions that address the identified problem and avoid hampering current and future legitimate uses of facial recognition technology.” In an email, CDD Executive Director Jeff Chester vehemently disagreed with IAB’s approach. IAB could not immediately be reached for comment.
Three principles focused on security. ACLU’s principle was most stringent: “An entity must keep securely information contained in a face recognition system.” IAB, the Internet Association and MRA submitted similar principles, with added language like “use reasonable security protections,” or “use commercially reasonable measures.” In another principle, the Internet Association emphasized: “Companies should maintain reasonable retention and disposal practices.” MRA submitted the third security principle: “Storing facial recognition images as proprietary vectors is a form of encryption.”
Identifying specific security standards is useless if “no one is going to be monitoring compliance,” said Consumer Federation of America Director of Consumer Protection Susan Grant. “It’s not like there is anyone who is going to audit what companies are doing,” she said. As a result, Grant said the final group’s product should feature a set of high-level principles or recommended best practices, not a code of conduct.
Differences like these will drive the conversation moving forward, said several stakeholders. “It’s going to be a lively discussion, I suspect,” Szabo said.