Editor’s Note: The following article is reprinted from CIO.com. Visit CIO’s Macs in the Enterprise page.
Members of a Senate subcommittee sought answers from a senior Facebook official about the social network’s usage of facial-recognition technology at a hearing on Wednesday, marking the latest phase of the ongoing scrutiny the company has faced from privacy-conscious lawmakers and regulators.
Senator Al Franken (D-Minn.), the chairman of the Judiciary Committee’s Subcommittee on Privacy, Technology and the Law, challenged Facebook’s policy of setting the tag suggestions facial-recognition feature as a default, and then allowing users to opt out.
Franken was also critical of the privacy controls the company makes available to its users, saying at one point that it takes six clicks to navigate to the first page that mentions the term “facial recognition.” Similarly, he suggested that the company has not been as forthcoming as it could be about how much data it collects and how that information is used, a familiar refrain from critics of the social network’s privacy policies.
“I think Facebook could still do more to explain to its users how it uses facial recognition,” Franken said.
Facebook recognizes you
Facebook’s tag suggestions feature uses facial-recognition technology to automatically suggest the names of people pictured in new photos that users upload to the site. Tag suggestions has been offline for several weeks as Facebook has been conducting maintenance, a move that was necessitated by the widespread usage of the feature, according to Rob Sherman, Facebook’s manager of privacy and public policy. Sherman said that the tag suggestions feature is set to come back online “soon,” though he did not specify a timeframe.
In testimony before the subcommittee, Sherman defended Facebook’s stance on setting tag suggestions as a default feature offered on an opt-out basis, and sought to ease the senators’ concerns about the scope of the facial-recognition technology on the social network.
“We think that’s the appropriate choice because Facebook itself is an opt-in experience,” Sherman said when asked about the opt-out default for tag suggestions. “People choose to be on Facebook because they want to share with each other.”
“Beyond that, tag suggestions are only used in the context of an opt-in friend relationship on Facebook, which means that you wouldn’t be suggested to somebody as a potential tag for a photo unless both parties to the relationship had already decided to communicate with one another on Facebook and had already seen each other’s photos,” he added. “So we’re actually not exposing nay addition information to anybody as part of this process.”
Facebook buys into facial recognition technology
Facebook signaled how important it considers facial-recognition technology with the recent acquisition of Face.com, an Israeli firm specializing in software that powered Facebook’s own tagging suggestions.
The privacy implications—and the legal limitations—surrounding facial recognition technology remain murky. Franken suggested that Congress should consider legislation that could clarify the appropriate uses of software like that behind Facebook’s tag suggestions, both for commercial purposes and in the hands of law enforcement authorities.
Existing laws are “almost totally unprepared” to deal with facial recognition technology, Franken said.
Representatives of the FBI and Federal Trade Commission were on hand at Wednesday’s hearing to offer their perspective on facial-recognition applications. The FBI is developing what it calls a next-generation identification program, which will allow authorized law enforcement agencies to query a massive database of criminal photos. The program, currently in a pilot phase with about 12.8 million photos in the database, is on track to be fully operational by the summer of 2014.
Franken expressed concerns that the technology could pave the way for law-enforcement officials to expand surveillance programs, capturing images of protesters or participants at a political rally, for instance. But Jerome Pender, deputy assistant director of the Information Services Branch at the FBI’s Criminal Justice Information Services Division, promised lawmakers that the database would only draw on mug shots and not collect images from social networking sites or other non-criminal repositories.
The FTC has also been evaluating facial-recognition applications in its ongoing review of the privacy practices of companies in the digital age, said Maneesha Mithal, associate director at the commission’s Division of Privacy and Identity Protection.
Mithal said that the FTC considered the technology at a recent privacy workshop, where participants pointed to an array of factors that have converged to push facial recognition toward the mainstream, including improvements in imaging technology and the proliferation of freely available photos people are posting on Facebook and other websites. From the FTC’s perspective, companies that use facial recognition technology should offer consumers “clear, simple, concise notices not in legalese,” she said.
Should kids have to opt-in?
In Facebook’s case, the concerns about the privacy implications of its facial recognition technology take on another dimension as the company considers opening its site to children under the age of 13. Senator Richard Blumenthal (D-Conn.) said that if children are allowed onto the site, then Facebook should exclude them from the facial recognition feature by default.
Sherman pointed out that at present, Facebook requires users between the ages of 13 and 17 to opt in to tag suggestions, but declined to speculate about how the company would handle tag suggestions should the company allow younger children to join.
“It’s something certainly that we would consider actively, but until we make a decision about changing our policy I think it’s premature to say exactly how we would implement it,” Sherman said.
Blumenthal pressed on.
“I’m going to ask that Facebook commit to not collecting or storing those facial recognition data for anyone under 13 if you decided to go ahead,” he said.
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.