Tuesday, September 7, 2010

Face recognition software

How should we handle face recognition software?

Every so often a new technology comes along that has the ability to alter fundamentally the private/public balance, with profound implications for privacy. Face recognition is one of them, in my opinion.

We're already seeing highly accurate face recognition software provided by companies like face.com in the Facebook community. Some online photo albums also offer it, as a tool for users to tag one of their photos and allow the software to come back with face matches and propose auto-tagging them too.

But what will we do about face recognition software in the wild? Any Internet-connected smart phone with a camera could in theory do a real-time face recognition search on a person walking down the street, without their knowledge, and get web-based search results. Google declined to include face recognition in the version of Goggles that it launched a few months ago, precisely because of the unresolved privacy implications.

Over the last few months, I've spoken about face recognition with a number of privacy experts. Everyone quickly understands how it could be a useful tool, and how it could be a freaky tool, depending on how it's used. But essentially no one has a clue what to do about it. One could imagine a "solution" where users would upload their photos to a company offering this service, with either an opt-in or an opt-out, in other words, telling the company, "yes" you can can run searches against my photo, or "no", please do not run searches against my photo. In either case, the company has to maintain a central database of these people and their faces. Moreover, the database is essentially a biometric database, since the software runs against algorithmic "face prints". Neither of these "solutions", opt-in or opt-out, seems very palatable. In addition, it's hard to imagine how different countries might regulate such global services according to different standards, if, as one might realistically expect, one country wants to regulate an opt-in model, while another wants to take an opt-out model, while yet a third wants to prohibit such services entirely. How would that work?

Well, as we reflect, the technology is developing rapidly, and is already on the marketplace, offered by many different companies. Once again, the technology will evolve faster than our legal, political and sociological response to it. Hang on, this one will be interesting. If you have an idea about how to handle it, I'd welcome your comments, which you're free to submit, anonymously, of course.


P-Air said...

FYI, Google Ventures here in the U.S. has invested in a facial recognition tech company ;)

Steffen Glomb said...

Hi Peter,

Thanks for your posting, just now I discovered your blog. I thought about face recognition a couple of days ago in my blog in relation to 'Search by Image', which you probably mentioned in your smartphone example.

Pretty scary what it can do, anonymous dating sites would be gone as soon as you get hold of an image.

Enough default 'privacy' settings are set to public these days.
But what is stopping guys in China (just as an example) to run such a service with Biometrics? The need for more global agreements seems to emerge again. Difficult.

I know this is your private blog, but is there a description of how smart google's Search By Image already is?

Kind Regards