Facebook deceptive announcement about an end to their use of facial recognition technology is a reminder that lawmakers need to crack down on invasive tech

A man smiles for an AI camera facial recognition system
Facial recognition technology is invasive and often problematic. Canon Information Technology
  • Facebook’s decision to stop using facial recognition tech on its flagship platform reveals how problematic this tech really is.
  • Facial recognition technology is a threat to our core constitutional rights.
  • We need strong, enforceable privacy laws that prohibit companies from using biometric identification tech without our knowledge and consent.
  • Kate Ruane is a senior legislative counsel with the ACLU.
  • This is an opinion column. The thoughts expressed are those of the author.

Last week, Facebook – or Meta, or whatever we’re supposed to call it now – announced that the company will cease using facial recognition technology (FRT) on Facebook, its flagship platform, and that it will delete all of its existing face scan data. The company cited privacy and societal concerns as its reason for ending some of its current use of the technology. The decision is estimated to affect about 1 billion people.

But there’s a catch.

Facebook is still keeping its facial recognition system. It has not promised to not use it again. It has reserved the right to deploy facial recognition on future products. And it has not said what this means for its many other properties, including Instagram.

In fact, it’s abundantly clear that Facebook is planning to find new ways to use facial recognition technology, which raises even larger concerns. For instance, Facebook and RayBan recently teamed up to create “Stories” sunglasses, a new line of eyewear that can take photos, record videos, answer phone calls, and play music and podcasts. The glasses could eventually be equipped to use FRT in real time in the real world without the knowledge or consent of the people out in public that wearers of Stories might look at. Facebook is also exploring technology that would help you “remember everything” by recording your every move and allowing you to play it back to yourself. The ways in which FRT could be used are endless and endlessly terrifying for those of us who value our personal privacy and autonomy.

Facial recognition tech is racist and problematic

For years now, we at the ACLU have said facial recognition technology is a threat to our core constitutional rights and has a disturbing record of racial bias and inaccuracy that endangers people of color and other marginalized groups. False matches can have real, harmful consequences. For example, a skating rink in Michigan kicked out a 14-year old Black girl because its FRT system mismatched her with a different person who had been disruptive in the rink. Correct matches can have devastating impacts too. Emerging FRT apps like PimEyes allow users to search for the identity of literally any person they meet if they are able to snap a picture of them. This feature could easily be used by domestic abusers to track survivors to new addresses or learn names that survivors may have changed to evade abuse.

Facebook’s decision reveals how problematic face recognition technology really is. That is why, while we should celebrate the purging of so many faceprints from the world, Facebook’s news should not distract us from the goal. We need strong, enforceable privacy rules that prohibit companies like Facebook, Amazon, Google, or Clearview AI from using FRT and other biometric identification technologies – such as voice recognition – on us without our knowledge and affirmative consent. And we need Congress and our state governments to quickly enact those rules.

Study after study reveals the flaws of FRT. In 2018, an MIT research team led by doctoral candidate Joy Buolamwini found alarming racial and gender disparities in commercial face classification systems, including Amazon’s Rekognition software. While the systems were relatively accurate when analyzing the faces of white men, they failed up to one in three times when classifying the faces of Black women.

Subsequent studies confirmed these findings. A study by the National Institute of Standards and Technology also found that FRT performs more poorly on people of color, women, and other marginalized groups. Not even members of Congress are safe – when the ACLU ran a test on Rekognition, it falsely matched 28 members of Congress with a mug-shot database, with false matches disproportionately affecting lawmakers of color.

We need legal protections now

The good news is that states have already begun to create common sense solutions to these problems. And they’re working. In Illinois, under the Biometric Information Privacy Act, companies cannot collect or use biometric identifiers, including faceprints, without the affirmative written consent of those to whom the identifier pertains. A record $US650 ($AU883) million settlement against Facebook for violating that law surely contributed to its decision to shut down its current facial recognition system. There are protections in Texas and Washington, as well, but those can only be enforced by the state attorney general, not by individuals directly harmed by violations of the law. That’s why only Illinois’ law protecting biometric privacy has been robustly enforced, including by the ACLU in our suit against Clearview AI.

In 2021, 24 other states have introduced similar legislation, but none were enacted, and few would have given residents the ability to take companies to court, a provision critical to ensuring meaningful enforcement. Active legislation in Massachusetts, Washington, New York and elsewhere would provide strong protections, but haven’t moved forward. Meanwhile in Congress, Democratic Senator Jeff Merkley of Oregon previously introduced the National Biometric Information Privacy Act, but the bill never advanced and has not been reintroduced.

Facebook’s decision is further proof that the harms of FRT are clear and growing. We know the right solution to the problem: preventing companies from collecting and using our biometric identifiers without our consent. We also need to make sure people are able to take companies that violate these basic protections to court. It is past time for a wave of legislation protecting our biometric privacy to sweep this country. And if Facebook is serious about recognizing those harms, it must join with the growing coalition of privacy, racial justice, and consumer protection organizations in pushing lawmakers to impose strong, enforceable protections.