Privacy Advocates Withdraw From NTIA Multistakeholder Process
All eight privacy advocates who participated in NTIA facial recognition multistakeholder meetings for the past 16 months withdrew from further deliberations, as some expected (see 1506150061). Their Tuesday letter to NTIA was signed by Georgetown University’s Center on Privacy & Technology Executive Director Alvaro Bedoya, along with advocates from the American Civil Liberties Union, Center for Democracy & Technology, Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumer Watchdog and Electronic Frontier Foundation. At this point, “we do not believe that the NTIA process is likely to yield a set of privacy rules that offers adequate protections for the use of facial recognition technology,” they wrote.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
“We’re disappointed some of the public interest groups have stepped away from the process,” and hope it is a “temporary pullout,” John Morris, NTIA director-Internet policy, told us. In the absence of any other law to address facial recognition technology, the multistakeholder process is a valuable way to make progress, Morris said. The Obama administration released a discussion draft of privacy legislation that would cover facial recognition, and Morris said he thought it made sense to “move forward in this process,” even with the departure of consumer groups. Consumers need confidence they are protected and companies need clarity on how facial recognition technology can be used, Morris said. Leaving the discussion “doesn’t advance either of those” goals, he said.
NTIA multistakeholder meetings on facial recognition began in February 2014 with the goal of writing a voluntary code of conduct for companies that use facial recognition technology. Privacy advocates believe individuals have a fundamental right of privacy, and have the right to control who gets their sensitive information and how that information is shared, the letter said. “Biometric information is extremely sensitive.” Unlike a credit card number, the advocates said, “You cannot change your fingerprints or the precise dimensions of your face.”
During the last multistakeholder meeting Thursday, privacy advocates said people should have the right to walk down a public street without fearing that companies they never heard of are tracking their every movement and identifying them by name via facial recognition technology. Representatives from industry disagreed, prompting privacy advocates to question their involvement in the multistakeholder meeting process. “The position that companies never need to ask permission to use biometric identification is at odds with consumer expectations, current industry practices, as well as existing state law,” the letter said.
“Up to this point, the process has made good progress as many stakeholders, including privacy advocates, have made substantial, constructive contributions to the group’s work,” an NTIA spokeswoman emailed reporters. “A substantial number of stakeholders want to continue the process and are establishing a working group that will tackle some of the thorniest privacy topics concerning facial recognition technology,” the spokeswoman said. “The process is the strongest when all interested parties participate and are willing to engage on all issues.”
Bedoya told us he doesn’t think the process should continue because the premise was to bring industry and consumer groups together. “When one whole side of the debate unanimously agrees that this debate won’t produce rules that adequately protect consumer privacy,” a change must be made, he said. Once consumer groups no longer participate in the multistakeholder process, it will become an industry stakeholder process, Bedoya said.
Multistakeholder processes are at risk if they can be halted simply by one segment of the community walking out, sources said. NTIA will ask the remaining stakeholders whether they want to continue, but currently plans to move forward and hold its next meeting in July. After consumer groups walked out of last week’s meeting, NTIA Director-Privacy Initiatives John Verdi asked stakeholders if they wanted to continue the meeting or adjourn. The stakeholders opted to continue. Formation of a drafting group to help refine the code of conduct was initiated at last week’s meeting, sources said. The Future of Privacy Forum has expressed interest in being part of the group, they said.
The failure of the multistakeholder process should raise serious doubts about whether such processes can be used to protect consumer privacy, Bedoya said. Industry flooded the field and argued in favor of positions that are far less protective of privacy than the companies industry groups represent like Facebook and Google argued for, he said. The failure of this process should be a “wake-up call to Americans” that the industry lobbying efforts in Washington are severely limiting advocates’ ability to protect privacy, Bedoya said. If consumers want to improve privacy protections, they should go to their state legislatures, not the federal government, he said.
The multistakeholder process is “flawed,” said Susan Grant, Consumer Federation of America director-consumer protection and privacy, in a statement Tuesday, saying there's “no incentive for companies to agree to anything that might constrain their current or future business practices.” Grant said the multistakeholder process for developing a code of conduct for mobile app privacy disclosures also was “disappointing,” and the end product was not one CFA could endorse. “The disclosures were inadequate and could actually mislead consumers into thinking that their personal information was shared more narrowly than might be the case,” she said.
“This is not the way to advance privacy protection in the United States,” Grant said. “If we are serious about privacy here at home and want to sell American products and services to consumers abroad, we need to enact legislation that gives consumers robust, enforceable privacy rights and sets clear parameters within which American businesses can innovate.”
Some pointed to Center for Digital Democracy Executive Director Jeff Chester as the reason that consumer groups failed to reach a compromise with industry by insisting opt-in become the default for facial recognition use. Chester told us industry has to admit it refuses to allow consumers to control their own facial information, which is why the privacy groups decided to abandon the process. The multistakeholder system is flawed because industry isn’t going to support anything that may negatively affect business, he said. Chester said it wasn’t just CDD that left, but also groups that NTIA knows are essential to any legitimacy of the code.
Consumer groups viewed the issue of consent to be fundamental in the decision whether to continue participating in the meeting, but it wasn’t the only factor, Grant said. Industry’s failure to make opt-in a default in most cases made it “crystal clear that we were not going to be able to come to consensus on the most important issues,” Grant told us. “Improving transparency about what companies are doing is not enough,” she said. “If we are not able to ensure that what they are doing is fair and based on respect for human rights, it makes no sense for us to spend more of our limited time on this project.”