Face-recognition-book

Stephen McLeod Blythe looks at Facebook's new proposed features.

Image: Gezichtsherkenning / Face recognition by mooste CC BY-NC-ND 2.0

Facebook have hit the news again with the latest proposed amendments to two of their key operating documents: the ‘Data Use’, and Privacy Policies. There are a few different issues under scrutiny this time around, including the use of users’ pictures and other content for advertising purposes, but perhaps what has been most contentious of all is the wording that potentially allows Facebook to deploy facial recognition software across its entire network. This is something that is already in place in a few jurisdictions, but not currently active for European users after it got battered by Germany the first time it reared its head.

There’s no doubt that Facebook have a less than perfect record when it comes to issues of privacy. Time and again there seems to be little respect shown for the rights of multi-faceted individuals when it comes to implementing Mark Zuckerberg’s vision of a ‘single identity’; a concept that I take serious issue with. However, I have to confess that this latest row was not something that I immediately felt a great deal of consternation about. The level of outrage that has been expressed by many of the outlets giving coverage seemed to have a predictably reactive tone. This was compounded further by the repetition of only a few sources (almost verbatim in many cases), and the lack of explanation as to why it actually matters. Going in with an open mind, I decided to explore what the actual implications of such a thing might be.

So what’s the issue?

As far as I can see, there are a few main concerns about the possible implementation of facial recognition software across Facebook:

1. The system will be enabled by default, with users having to explicitly ‘opt-out from inclusion
2. It’s ‘creepy’
3. The NSA and other Government agencies may have access to this data, and use it for more serious purposes than simply enabling speedier tagging on Facebook
4. Strangers will be able to work out who you are by seeing you identified in other people’s pictures

Frankly, quite a lot of what happens on Facebook falls under number 2, so with that exception, let’s explore these a bit:

A closer look

The system will be enabled by default, with users having to explicitly ‘opt-out from inclusion

As the result of years of working as a nightclub photographer, for a long time I have restricted those I am ‘friends’ with on Facebook to a select few that I rarely get the chance to see in the flesh. To facilitate this quasi-secret online life, I make substantial use of the privacy controls that the platform now affords. This hasn’t been a particularly straightforward task at the best of times, but it has allowed me to keep a relatively low profile.

Let us leave aside the navigational difficulties of adopting a privacy-centric configuration that exist even for the more technical savvy of users, as well as the general ideological argument that advocates an opt-in approach to issues of consent. In this specific instance, a wholesale implementation of this technology will render users’ existing privacy settings completely ineffective. What use is it requiring prior review of every ‘tag request’ that comes in from a friend, if you are going to automatically be identified in every picture uploaded to the platform? The answer to this should be obvious, and it highlights only the tip of a very large iceberg. For the purposes of the rest of the considerations, let’s assume that this element is taken out of the equation completely, and focus on them in isolation.

The NSA and other Government agencies may have access to this data, and use it for more serious purposes than simply enabling speedier tagging on Facebook

Given the proximity of these privacy changes to the revelations of mass surveillance by Government bodies, it’s natural to question the extent of information that tech companies who have been named as complicit are gathering. One of the most pertinent questions that is raised as a result is what exactly happens should you choose to opt out of the facial recognition database. Does Facebook erase your data completely, or simply stop the associated notifications to the front-end? This remains unclear, and given the company’s track record in this area (try and permanently delete your account for an example), I doubt the answer will be either forthcoming, or what we would hope for.

Having said this, whilst it is important that the wider policy considerations are taken into account, we should be wary of blurring the lines too much between data collected by services that we actively choose to participate in, and the unauthorised access of that data by the State. There are issues inherent with any platform that encourages us to share information about every facet of our lives, and they should be challenged, but the real focus of dissent with regards to the NSA should be those in the political sphere who have allowed it to take place. Whether they make use of the data available in Facebook or not, they’re going to do it anyway. This is a bigger question than social networks alone.

Strangers will be able to work out who you are by seeing you identified in other people’s pictures

At first I genuinely couldn’t see a problem with this.

If you are tagged in a picture with a group of friends, then by design you will be exposed to their entire list of contacts - at least some of which will not know your identity before seeing the picture and associated profile link. This is true no matter what your privacy settings, and if your concern relates to strangers working out your identity, then the only real way to avoid this is to not be identifiable in any pictures at all.

Except, that’s not how it’ll work.

Instead of a scenario where you are identified as one of the main subjects in the foreground of a photograph owned or taken by someone that you have interacted with in person to some degree, this technology has the capability to identify you across the entire network. At the thin end of the wedge, this means that you could end up being identified by Facebook in other people’s pictures as you walk past in the background, but at the other end of the spectrum there is a far more chilling possibility.

What if somebody deliberately wants to find out who you are?

Sure, we’ve all taken an interest in finding out more about someone that we didn’t know much about... or whom we’ve had a fleeting interaction with at some point, but that usually comes along with a shared connection whether that be through another person, an event, or social group. The danger is that this technology could conceivably be used by anybody to snap a picture and identify exactly who you are, wherever you are, be that at work; in a shop; at school... in the playground?

At present it can take a whole lot to jump from a face in the street to somebody’s name, but there isn’t a whole lot of distance between knowing somebody’s name and face online to finding out far more personal details such as home addresses and telephone numbers. In fact, it is staggeringly easy.

So it appears that there is something to be alarmed about. Facial recognition technology attached to the largest database of people in the world could have consequences that don’t even bear considering. That said, with the advancements in this area of technology that already exist, is it really Facebook itself that we need to be concerned with, and is it too late?

You can get the ‘red line’ PDF that highlights the changes that are being proposed to the Facebook ‘Date Use’ Policy here, and the Privacy Policy here. To see the company’s own explanation for the changes, see this blogpost. Further reading on privacy and facial recognition in general can be found inthis Harvard Law article by Yana Welinder.

Stephen McLeod Blythe is an Internet law geek with an LLM on the way, and Digital Marketing Manager for tech firm Amor Group. You can find him onTwitter, Google+, and his own blog - iamsteve.in