Facebook Becomes FaceBank?

-- By JanethLopez - 21 Dec 2012


In 2010, Facebook announced that it was using "facial detection," like the boxes on the screen of a digital camera, to enhance its photo tagging feature. Facebook Photos product manager Sam Odio insisted that the company was not using "facial recognition" and noted that the feature would not automatically link a face with a friend's profile, since that kind of feature was "a very touchy subject". Later, the company changed its tune and began to use facial recognition as part of its "tag suggestion" feature. Of course, the company was quick to point out that users could opt out of the feature. When Facebook first unveiled these "tag suggestions" based on facial recognition, I had not focused on what had been going on beforehand in order to enable this feature -- the company had already been storing my biometric information, along with those of my friends.

How Face Recognition on Facebook Works

I wasn't aware of the technology behind facial recognition software, but after reading a paper from the NSTC's SubCommittee on Biometrics and some of the criticisms of the use of Facebook's facial recognition features online (ACLU and the Electronic Privacy Information Center), I have come to better understand the risk hidden behind Facebook's "tag suggestions" feature.

A typical biometric system requires first locating observable characteristics and converting them into data. Next, the software creates and stores a biometric template for each person’s face and uses a matching algorithm to compare the template to other images and templates stored in the database. On Facebook, everytime a user tagged their friends in a photo, they were teaching the machine, making Facebook's facial recognition features surprisingly accurate. When Facebook announced its “tag suggestions” feature, it was admitting to having gone through the above steps already for every Facebook user, without their consent or knowledge. Biometric data is sensitive personal information, and, at the very least, Facebook should have notified users that it was creating and storing this information long before it went through the above steps. The announcement was made after the fact, only to inform users of how this data was going to be used, for now.

How Facebook's Facial Recognition Threatens Our Privacy Even When We "Opt-Out"

Facebook's policy regarding user privacy has been to collect as much information as possible from users first and later determine how to use the information, and the company has a bad track record when it comes to the use of its data, often selling it to the highest bidder (advertisers, app developers) and publicly acknowledging changes to its privacy policies only when challenged through litigation or by regulators. European regulators, for example, have gone after Facebook's facial recognition software for violations of European privacy laws, and in response Facebook has promised to delete biometric data on European users. In the US, Facebook allows its users to “opt out” of the tag suggestions feature and prevent their names from being suggested when friends upload pictures, but this alone does not delete the biometric data that Facebook has already collected. The user must write to Facebook asking that they delete any biometric data they have stored, and this does not guarantee Facebook will not collect more data in the future when friends tag you.

Some of the possible uses of biometric data have been researched with results that have concerned me greatly. A demonstration by Carnegie Mellon University researchers (funded in part by the U.S. Army) showed just how easily a person could take a photo of a stranger and pull up their full name and public information (after all, every Facebook user's profile picture is public regardless of privacy settings) or cross-reference that information with social dating sites to get a more complete view of the stranger's interests. Stores and restaurants would surely want to use the templates to identify customers and their "likes" in real time in order to offer them personalized advertising and discounts. In addition, law enforcement agents have already used Facebook as a source of information for investigations, for example, requesting location information and personal communications, and this biometric data would be especially attractive to government agents (especially in some foreign countries). Although as far as users know, the templates are not being used in this way now, if the past is any indication, Facebook will probably share this data, as it has in the past, with advertisers, app developers, and law enforcement making these future uses a real possibility.


This course has worried me so much about the risks of Facebook that I have been looking at alternative social networking sites that promote not only privacy but user ownership of their data. I requested and downloaded a copy of all of my activity and information on Facebook and removed my account three months ago (after multiple attempts in which I only received a message saying my request was "being processed")

Here’s what I would like from social networking sites – I want to be able to move my data over from Facebook, where I have stored pretty much all of my photos; I would like to stay in contact with close friends who are still using Facebook; and I want to be in control of my data. Diaspora* is one site I have been exploring thanks to posts on this Wiki. It seems like something that could develop into what I would like (especially after I learn how to host it on my own server). For now, it doesn't allow me to interact with my friends on Facebook and so it has been useless until I can convince others to follow me.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.