Facial Recognition the Right Way

The FTC issues non-binding guidelines with privacy best practices.

The Federal Trade Commission has laid down -- not the law, but the recommendations -- on how to use facial-recognition technology without trampling on people's privacy.

Adoption of facial recognition (FR) technology is just beginning, but it is already being used by advertisers, law enforcement, and social network sites. There are billboards and vending machines that use FR to decide what material to present to passers-by. Facebook, Google, and Apple all use FR to help people tag their friends in photos.

Last month Facebook announced it was suspending its use of FR in Europe after privacy regulators complained. In the US, where there is less unanimity on matters of privacy, government is just beginning to pay attention to FR. Al Franken's privacy subcommittee of the Senate Judiciary Committee held hearings in the summer in which he grilled representatives of Facebook and the FBI about their use of facial recognition. At that time the FTC promised a best-practices guide for those using FR.

It was issued this month (PDF). The best practices are not enumerated in the FTC's document in a handy list; rather, they are scattered across the narratives of three case studies. They emerge out of the three privacy principles the FTC has been elaborating for a couple of years now: privacy by design, meaningful choice, and transparency. Forbes's Kashmir Hill distills the FTC's recommendations down to seven points:

Make sure the FR database is secure.
Don't keep people's "faceprints" stored indefinitely.
Keep FR out of bathrooms, locker rooms, places where children congregate, and the like.
Notify people that FR is in use.
In computer programs, make it easy for people to turn off FR. (This one is especially for Facebook, though the FTC does not call them out by name.)
Use people's faceprints only for the purpose for which they were collected; obtain permission for any other use.
Don't "use facial recognition to identify anonymous images of a consumer to someone who could not otherwise identify him or her" without permission.

These all sound reasonable, and most people would agree that pictures of someone's face trigger a sharp sense of concern over privacy -- rather like location data does. Scenarios involving mobile applications -- for example, using FR to get background information on a stranger in a bar -- seem to be particularly piquant. Although, as Kashmir Hill points out, the "bar app" could cut both ways, striking some as a nightmare scenario and others as a security/privacy-preserving tool.

One of the five FTC commissioners, J. Thomas Rosch, dissented (PDF) from the best-practices report, saying "There is nothing to establish that... misconduct has occurred or even that it is likely to occur in the near future."

The FTC report is short (23 pages) and fairly readable, and I urge any software developer who is even contemplating implementing FR to give it at least a scan.