Facial Recognition Faceoff

Facebook has been resisting outside efforts to rein in its “faceprints” facial recognition initiative – and mostly losing.

I’ve blogged before about the concerns many people have about facial recognition technology, and the troubling implications of the technology being misused in the wrong hands.

Facebook would claim to be the “right hands” rather than wrong ones when it comes to the database of “faceprints” it’s been compiling over the past decade or so. But its initiative has run afoul of an Illinois biometric privacy law passed in 2008.

The Illinois measure, which prohibits companies from collecting or storing people’s biometric data without their consent, is one of the strongest pieces of legislation of its kind in that it also allows individual consumers to sue for damages – to the tune of up to $5,000 per violation.

And that’s precisely what’s happened.  A class-action suite was filed in 2015 by a group of Illinois residents, alleging that Facebook has violated the Illinois privacy law through its photo-tagging function which draws on a trove of “faceprint” photos to recognize faces and suggest their names when they appear in photos uploaded by friends on Facebook.

Facebook has vigorously resisted efforts to rein in its faceprint initiative, arguing that any such lawsuits should be dismissed because users haven’t actually been injured by any alleged violations of the state law.

That stance has been rejected – first in U.S. district court and then in the court of appeals. Undaunted, Facebook appealed to the U.S. Supreme Court which turned down the appeal in late January.

Rebuffed at all legal levels, Facebook has now decided to settle the suit for a reported $550 million, including payments of ~$200 each to claimants in the Illinois class-action suit.

Facebook has lost, but the whole notion of facial recognition technology could well be like playing a game of whack-a-mole. As it turns out, another firm has developed similar functionality and is busily selling facial recognition data to police departments across North America.  According to a recent investigative article publishing in The New York Times, a company called Clearview AI has mined billions of photos from Twitter, Facebook and other social platforms.  (Clearview is now being sued in Illinois for allegedly violating the same biometric privacy law that was at the center of the Facebook suit.)

And indeed, the efforts to rein in facial recognition activities may be a little too little, a little too late: According to a recent report from Business Insider, the faces of more than half of all adults in America have already been logged into police or government databases.

… Which brings us to a parallel response that appears to be gaining traction: figuring out ways to fool facial recognition software.  A number of entrepreneurs are developing intriguing methods to beat facial recognition software.  Among them are:

  • Clothing designers have begun to target weaknesses in the ability of facial recognition software to process overlapping or unusual shapes, as well as deciphering multiple similar images appearing in close proximity. One such example is a pair of goggles fitted with near-infrared LEDs that interfere with the ability to scan facial features.
  • Headscarves decorated with different faces “confuse” the software by overloading it with excessive amounts of data in the form of numerous facial features.
  • So-called “adversarial patches” – a graphic print that can be added to clothing – exploit the vulnerabilities in facial recognition scanning by making a person “virtually invisible for automatic surveillance cameras,” according to creators Simen Thys, Wiebe Van Ranst and Toon Goedemé.

Will the two-front attack on facial recognition technology from the legal as well as technology standpoint succeed in putting the facial recognition genie back in the bottle? It’s debatable.  But it’s certainly making things more of a challenge for the Facebooks and Clearviews of the world.