Retailers have the ability to scan your face digitally, and use that identification to offer you special prices or even recognize you as a prior shoplifter. But should they use it? Should they get your permission first?
Privacy advocates announced Tuesday they have walked away from a government-run effort with industry intended to answer these questions. The idea behind the negotiations was to hash out voluntary protocols for facial recognition technology in a way that doesn't hurt consumers. The Commerce Department's National Telecommunications and Information Administration, or NTIA, was acting as mediator.
The two sides had been meeting for 16 months, including last week, until the nine major privacy groups said they had hit a dead end and that "people deserve more protection than they are likely to get in this forum."
"At a base minimum, people should be able to walk down a public street without fear that companies they've never heard of are tracking their every movement — and identifying them by name — using facial recognition technology," the groups said. "Unfortunately, we have been unable to obtain agreement even with that basic, specific premise."
Industry groups said they still believe consensus could be found on issues like transparency, notification and data security.
"We all want the same outcome — to help users be comfortable using online services with confidence that their privacy will be protected," said Carl Szabo, policy counsel for an e-commerce trade group with Google and Facebook among its members. "Some of us have different opinions about what that outcome looks like."
Microsoft said in a statement that it supports the idea that consumers have to agree to be recognized with biometric software before it can be used.
An NTIA spokeswoman said the government believed that progress had been made and the work will continue. "The process is the strongest when all interested parties participate and are willing to engage on all issues," said NTIA's Juliana Gruenwald.
The debate on facial recognition is only likely to grow bigger in coming years as it becomes more ubiquitous. Facebook, for example, has long used facial recognition technology on its site, and just announced a new companion mobile app called "Moments" that scans a phone's camera roll to ease photo sharing. Microsoft says it is building facial-recognition and fingerprint-identification technology into Windows 10, the new computer operating system coming this summer.
The biggest concern, however, among privacy groups is use of the technology by retailers, including casinos, to target and profile people. One company, FaceFirst, announced last year that its system is capable of processing more than 1 million facial matches per second per server, making it ideal for these customers. So long as a company has an existing photo of "persons of interest," from shoplifters to "your best customers," retail staff can be sent an email or text alerting them of that person's arrival.
The ability to apply a unique signature to a person's face, even if you don't identify them by name, is particularly invasive, according to privacy advocates. They argue that industry has little incentive to adopt tough standards and that Congress should pass general privacy legislation that applies to different technologies.
"You can change your password and your credit card number; you cannot change your fingerprints or the precise dimensions of your face," the privacy groups said in Tuesday's statement. "Through facial recognition, these immutable, physical facts can be used to identify you, remotely and in secret, without any recourse."
Groups that signed the letter included the Center for Democracy and Technology, the Center for Digital Democracy, Consumer Federation of America, Common Sense Media, Electronic Frontier Foundation, American Civil Liberties Union, Consumer Action, Consumer Watchdog and the Center on Privacy & Technology at Georgetown University Law Center.