The week started with some encouraging news: Facebook, in a victory for privacy advocates, said it will no longer allow police and intelligence agencies to randomly root around in its databases. But the next day I was distressed to hear about an app that would let anybody do much the same thing, using only an iPhone.
So said a company called Facezam, which on Tuesday claimed its eponymous product would let you identify strangers by shooting photos of their faces and then matching them against their Facebook profiles.
Within hours, the Facezam website admitted that the whole thing was a lie to generate a jolt of cheap publicity. But it was too late. The Telegraph, a respected British newspaper, wrote about the app, and word quickly raced around the world. I picked up on it too; I conducted an e-mail interview with the supposed founder of the fake company, and posted an earlier version of this column online early Wednesday.
I apologize to my readers for buying into the hoax. Then again, I had lots of company. Why? Partly because the underlying technology is as real as it gets. Facial recognition is commonplace in many desktop programs and Internet services, including Facebook itself. There’s also a company called Blippar, which makes a free app that can identify commonplace objects. Just point your smartphone camera at, say, a television, and Blippar will identify the device.
Last year, Blippar added a face recognition feature. I tested it on a picture of Matt Damon displayed on my computer screen. Up popped the actor’s name, his Wikipedia entry and a listing of his films. Blippar says it has a database of 70,000 famous faces, and will soon allow ordinary users to add their own faces to the mix.
Launch the Blippar app, point your phone at a stranger’s face, and there’s the story of his or her life. But only if the stranger has signed onto Blippar and provided a personal profile. Users will know from the start that their images might be used in this way.
Facezam also seemed plausible because Facebook and other Internet giants know nearly all there is to know about billions of us. We freely provide the information, even though we have little power we have over how it’s used.
Much of the information we give Facebook is available to all comers; it’s a social network, after all. You can look up information about one person at a time, or write software that plugs into Facebook and scoops up the data of thousands. That’s why companies love to advertise on Facebook; they know exactly who they’re talking to.
The police also like Facebook. They have hired companies that can track postings by suspected criminals or political activists, or follow message threads on controversial topics like the Black Lives Matter movement. It’s nonstop surveillance, without wasted shoe leather, or a warrant.
Now the police spies are being frozen out. Last year, the American Civil Liberties Union of Northern California reported that at least 20 of that state’s police departments were engaged in social media spying, without notice to the public or permission from elected officials. In response, Facebook and Twitter stopped providing data to one of the biggest tracking services used by authorities, Chicago-based Geofeedia. And on Monday, Facebook said it would no longer allow anyone to collect its data for use in surveillance.
But social networks, search services, and advertising companies will keep hoarding our data, and using it as they see fit. For now, our best defense against intrusive government agents or privacy-wrecking corporate abusers is the good intentions of Facebook chieftain Mark Zuckerberg and his fellow online titans.
That’s not good enough for several Illinois residents who are suing Facebook for doing the kind of thing that Facezam falsely claimed. When someone uploads a person’s photo to Facebook, the service often recognizes it and offers to “tag” it with the correct name. Most people love this feature. But the plaintiffs gripe that Facebook didn’t get written permission before putting their facial characteristics into a database. They say it’s illegal under a 2008 Illinois law aimed at protecting the privacy of biometric data, like fingerprints, voiceprints, or facial geometry. Similar laws have already prevented Facebook from offering this feature in Europe. If the lawsuit succeeds, the company might have to change its facial recognition policies in Illinois alone. That could get messy.
While my distaste for new federal regulations is nearly Trumpian, I make an exception for privacy. We need a comprehensive federal law, maybe similar to the Illinois law, to ensure that our facial data, like our fingerprints, belong to us. Such a law would require companies to clearly get our permission to use that information. That’s the best way to protect privacy-loving citizens, and gullible journalists, too.Hiawatha Bray can be reached at email@example.com. Follow him on Twitter @GlobeTechLab.