Lawmakers Move to Block Companies From Using Face Recognition Without Your Consent

Illustration for article titled Lawmakers Move to Block Companies From Using Face Recognition Without Your Consentem/em
Photo: AP / Jayson Photography

On the heels of this week’s news that a major tech company had scraped nearly a million images off Flickr to help train a facial-recognition tool, Senate lawmakers have introduced bipartisan legislation aimed at prohibiting commercial users of facial recognition from collecting and re-sharing such data without the public’s consent.


The bill was introduced by Republican Senator Roy Blunt of Missouri and Democratic Senator Brian Schatz of Hawaii, members of the Senate Committee on Commerce, Science & Transportation.

Known as the Commercial Facial Recognition Privacy Act of 2019, the bill follows the disclosure of a project at IBM that extracted nearly one million photos from Flickr to feed algorithms designed, the company said, to reduce bias in facial recognition technology. Although the photos were listed under a Creative Commons license and could, therefore, be reused without obtaining any additional permissions from the owners, photographers told NBC News, first to report the project, they were nevertheless alarmed.


“None of the people I photographed had any idea their images were being used in this way,” an executive at a Boston-based public relations firm told the outlet. One expert told NBC that the practice was fairly common and that in order to train the artificial intelligence underlying facial recognition technology, researchers often “just grab whatever images are available in the wild.”

Others stated that it was unethical to use the photos, offered freely to the public for an entirely different purpose, to train what is effectively surveillance technology with broad commercial and law enforcement applications.

Senator Blunt cited growing concern among Americans about how their data is being collected and used in this arena. “That’s why we need guardrails to ensure that, as this technology continues to develop, it is implemented responsibly,” he said in a statement.

While IBM’s head of AI research assured reporters that it was committed to privacy and that anyone who wished to have their photos removed from the data set could request it, NBC News characterized the process as “almost impossible.” NBC also created a tool that allows Flickr users to find out if their photos are part of IBM’s data set. (You can find it embedded in this article.)


“Our faces are our identities. They’re personal. So the responsibility is on companies to ask people for their permission before they track and analyze their faces,” said Senator Schatz, ranking member of the Senate Subcommittee on Communications, Technology, Innovation, and the Internet. “Our bill makes sure that people are given the information and—more importantly—the control over how their data is shared with companies using facial recognition technology.”

The bill does not require law enforcement on any level to seek consent before using the technology. Facial recognition is now a common fixture at U.S. borders and ports of entry for all international travelers, including U.S. citizens, in accordance with an executive order signed by President Trump two years ago. Citing government records obtained under the Freedom of Information Act (FOIA), BuzzFeed reported Tuesday that Homeland Security is now “rushing” to implement the systems nationwide before a 2021 deadline.


Most alarming to privacy advocates is the fact the records, released under FOIA by U.S. Customs and Border Protection (CBP), indicated there are no limits on how partnering airlines can use the collected facial-recognition data. U.S. officials declined to answer questions about whether there are any privacy safeguards in place, according to BuzzFeed.

In a statement to Gizmodo, the lawmakers noted the increasing rate at which facial recognition is being applied commercially, and that, despite its use for security purposes for over a decade, many Americans remain unaware of the fact that their faces are often scanned in public, or that facial recognition data is widely shared by companies with undisclosed third parties.


Blunt and Schatz’s proposal garnered immediate support from Microsoft’s president, Brad Smith, who said he was encouraged by the effort. Facial recognition, he said, “needs to be regulated to protect against acts of bias and discrimination,” but also to “preserve consumer privacy.”

Calling facial recognition a “powerful and invasive” technology that must be assessed for “accuracy and bias,” Chris Calabrese, vice president for policy at the Center for Democracy & Technology, said the bill would help Americans know more about how businesses are deploying and using it.


“We deserve clear rules and limits on how our faces can be analyzed, identified, and tracked over time,” he said.

Senior Reporter, Privacy & Security

Share This Story

Get our newsletter



How are they going to fuck this up? Oh wait..

The bill does not require law enforcement on any level to seek consent before using the technology

How long before private security gets a pass as well?