Push for facial recognition privacy standards hits roadblock

WASHINGTON — Retailers have the ability to scan your face digitally and use that identification to offer you special prices or even recognize you as a prior shoplifter. But should they use it? Should they get your permission first?

Privacy advocates announced Tuesday that they had walked away from government-mediated talks with industry that were intended to answer such questions. The idea was to hash out voluntary protocols for the use of facial recognition technology in a way that would not hurt consumers. The Commerce Department’s National Telecommunications and Information Administration, or NTIA, was acting as mediator.

The two sides had been meeting for 16 months, until the nine major privacy groups that were involved said they had hit a dead end and that ‘‘people deserve more protection than they are likely to get in this forum.’’


‘‘At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard of are tracking their every movement — and identifying them by name — using facial recognition technology,’’ the groups said. ‘‘Unfortunately, we have been unable to obtain agreement even with that basic, specific premise.’’

Industry groups said they still believe a consensus could be found on issues like transparency, notification, and data security.

‘‘We all want the same outcome — to help users be comfortable using online services with confidence that their privacy will be protected,’’ said Carl Szabo, policy counsel for an e-commerce trade group with Google and Facebook among its members. ‘‘Some of us have different opinions about what that outcome looks like.’’

Microsoft said it supports the idea that consumers have to agree to be recognized with biometric software before it can be used.

An NTIA spokeswoman said the government believed that progress had been made and work will go on.


The debate on facial recognition is only likely to grow bigger as the technology becomes more ubiquitous. Facebook, for example, has long used facial recognition technology on its site, and it just announced a new companion mobile app, called ‘‘Moments,’’ that scans a phone’s camera roll to ease photo sharing. Microsoft says it is building facial-recognition and fingerprint-identification technology into Windows 10, the new computer operating system coming this summer.

The biggest concern, however, among privacy groups is use of the technology by retailers, including casinos, to target and profile people. One company, FaceFirst, announced last year that its system is capable of processing more than 1 million facial matches per second per server, making it ideal for these customers.

The ability to apply a unique signature to a person’s face, even if you don’t identify the person by name, is particularly invasive, according to privacy advocates. They argue that industry has little incentive to adopt tough standards and that Congress should pass general privacy legislation that applies to different technologies.

‘‘You can change your password and your credit card number; you cannot change your fingerprints or the precise dimensions of your face,’’ the privacy groups said in Tuesday’s statement. ‘‘Through facial recognition, these immutable, physical facts can be used to identify you, remotely and in secret, without any recourse.’’

Groups that signed the letter included the Center for Democracy and Technology, the Center for Digital Democracy, Consumer Federation of America, Common Sense Media, Electronic Frontier Foundation, American Civil Liberties Union, Consumer Action, Consumer Watchdog and the Center on Privacy & Technology at Georgetown University Law Center.