Computers, Privacy & the Constitution

Issues on Facial Recognition Technologies and Regulations Needed on Profiling

-- By ShotaSugiura - 11 Mar 2022


Facial recognition technologies have been a topical privacy issue. In 2020, IBM announced canceling of its facial recognition program. In their statement, IBM’s CEO, Arvind Krishna, expressed their concerns about “mass surveillance, racial profiling, violations of basic human rights and freedoms”. In the same month as this statement, Amazon and Microsoft also announced that they were not selling their facial recognition products to the police. Big tech giants voluntarily withdrew from their facial recognition business, although the facial recognition technologies were thought to be emerging businesses that serve in various places and services. This issue intrigues me because the withdrawal of giant techs from facial recognition implies the necessity of regulation in this area. This essay discusses the problems of facial recognition technologies and what type of regulation is necessary.

Background of Withdrawal from Facial Recognition Technologies

As reported in 2020, Amazon decided to ban the police from using Amazon’s facial recognition system “Rekognition” at least for a year. At the time, the risks that come from the police using facial recognition systems have been widely realized. For example, an innocent man was arrested by Detroit Police Department due to misidentification of the facial recognition system in January of 2020. Even before this event, research institutions and citizen groups warned about the inaccuracy of facial recognition systems and the danger of mass surveillance.

Problems with Facial Recognition

Inaccuracy of Facial Recognition Technologies

What are the problems with facial recognition technologies? One apparent problem is inaccuracy. In 2018, a researcher at the MIT Media Lab published a study showing that facial recognition technologies make more errors when identifying darker-skinned women than it does for lighter-skinned men. According to the research, since facial recognition is a technology that identifies a person based on machine learning of the pattern of human faces, if the system has fewer opportunities to learn from pictures of darker-skinned women, its accuracy in identifying them would also be low. Inaccurate analysis via facial recognition system can lead to mistaken arrest, just as the Detroit Police Department did in 2020. Other than law enforcement, it can also cause serious problems in airports, political conferences, or hospitals.


Another issue would be the profiling of people based on their gender, race, etc., through the use of facial recognition technologies. Profiling is typically defined as the automated processing of data to evaluate certain personal aspects of a person, in particular, to analyze and predict a person’s preferences, interests, economic situation, reliability, or movements. Since facial recognition identifies a person only by their facial appearance, it can easily lead to biased decisions and inappropriate discrimination based on the person’s external characteristics, such as their gender or skin color. Take, for example, a smart security camera. It can identify suspicious behavior of people in a scene. There is a possibility that the camera has a tendency to pick a person of certain traits, such as a specific gender or race, based on the machine-learned patterns of scenes of criminal behavior. A kind of bias or discrimination could be justified by machines that learn patterns of human behaviors in our society.

Who Should be Regulated?

Regulation on Providers and Users of Facial Recognition Software

In considering regulation on facial recognition, there are two possible players to be regulated. The first one is those who sells or uses facial recognition software, such as IBM, Amazon, Microsoft, or law enforcement agency that use their software. As mentioned, some software providers have already taken action by themselves in response to the public accusation. However, many other providers have not done yet. Not all companies can regulate themselves, nor is all self-regulation sufficient. So, we need to set general standards in selling and using facial recognition software to avoid possible misuse and undesirable result by using it. We can find a good example of regulation in the EU’s General Data Protection Regulation ("GDPR"). Under GDPR, people have the right not to be subject to a decision based on automated processing, including profiling (Article 21-1). Profiling is one of the major serious concerns that can be caused by facial recognition software. Therefore, regulation targeting profiling activity is an effective and less suppressive way to restrict the most invasive function of the software.

Regulation on Collection and Distribution of Facial Images

Regulation on selling and using software is a way to block off the exit of the problem at the downstream side. The other way of regulation is to control the upstream side of the system. Facial recognition technologies are supported by a massive amount of data sets of facial images. And such large-scale data collection can be conducted only by a handful of tech companies such as digital platformers. And they typically monopolize their privileged position to collect big data from people. Therefore, controlling these upstream companies could be more effective than regulating downstream players. How can we regulate such a massive collection of facial images? A typical measure is to require companies to explain how to use data and obtain consent from people when they collect personal data. In fact, this type of regulation has been put in place in many countries. In those countries, companies cannot use personal data, including facial images, outside the scope of informed consent taken from people in advance. However, I am skeptical of this approach because, in real life, people voluntarily provide their data to the digital platformers in exchange for their “free” services usually without serious consideration. We cannot expect average consumers to take time to read and understand lengthy privacy policies and decide whether or not to provide their personal data. Leaving consumers to make their own decision cannot be always sufficient. On top of that, we should also take more direct approach to restrict collection and use of personal data if they are conducted in an unjustified way, regardless of consumers’ consent to it.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r3 - 03 May 2022 - 18:42:07 - ShotaSugiura
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM