Facebook flashes ramped-up face-recog tech. Try not to freak out
Luckily, there's an off switch... to placate lawmakers?
Analysis In an effort to make facial recognition technology more appealing to members of its clicky commerce club, social ad network Facebook on Tuesday said it will begin notifying people when they appear in the pictures posted by other people, sometimes.
Facebook already offers a related form of notification for those tagged in other people's photos. It does so because it uses facial recognition to suggest that people posting photos tag friends in images as a way to keep connected individuals engaged with the site.
The expansion of this commitment, a feature called Photo Review, triggers a notification to anyone who is part of the audience of a post containing a picture of the individual, regardless of tagging.
The key thing to grasp here is that you are alerted when Facebook detects you in someone's photo – whether or not you are tagged – and you must be in the image's distribution audience to have your face searched for and notified.
The individual distributing the image can choose the post's audience using the selection menu labelled Friends to the left of the Post button. Options include Public, Friends, Friends Except, Specific Friends, Only Me, and Custom, which can include a list-defined audience.
However, a Facebook spokesperson in an email told The Register that the Photo Review feature will only search photos from friends and from friends of friends. Public posts with a person's image won't trigger a notification.
"You're in control of your image on Facebook and can make choices such as whether to tag yourself, leave yourself untagged, or reach out to the person who posted the photo if you have concerns about it," said Joaquin Quiñonero Candela, director of applied machine learning at Facebook, in a blog post.
Lack of control over the use of facial recognition algorithms on user images prompted a lawsuit against Facebook in 2015. The complaint was filed in Illinois under the state's Biometric Information Privacy Act, a law that prohibits the collection of biometric data without prior consent and one of the few legal barriers to using facial recognition in the US.
Over the summer, the Center for Public Integrity, an advocacy group, said Facebook began stepping up its lobbying against biometrics laws in the wake of the lawsuit, largely through trade groups. And its efforts appear to be effective: This year, the group said, consumer data protection laws targeting facial recognition were proposed in five states – Alaska, Connecticut, Montana, New Hampshire, and Washington – and all failed to pass, apart from a watered-down version of the Washington legislation.
With the congressional rollback of online privacy protections in March, there appear to be few impediments to deploying facial recognition systems in the US.
Facebook's spokesperson said the company doesn't presently have any plan to use facial recognition to target ads.
At the moment, Facebook is focused on allaying public concern about the technology. Rob Sherman, deputy chief privacy officer at Facebook, confronted the question in another blog post on Tuesday titled, "Hard Questions: Should I Be Afraid of Face Recognition Technology?"
Spoiler alert: Those expecting a company that celebrates its facial recognition capabilities to answer, "Yes, be afraid," will be sorely disappointed.
Facebook: Who needs millennials? The cops love us more than ever!READ MORE
While Sherman concedes there are legitimate concerns, he points to the tech's utility for finding missing and kidnapped children – who could be against that? – and likens worries to those expressed about the social impact of photography toward the end of the 19th century.
Sherman says regulators at the time took action against specific abuses, like prohibiting stalking and allowing privacy invasion lawsuits, rather than requiring a blanket license for photography. Clearly, Facebook's preferences is for a minimal regulatory regime rather than the more extensive privacy protections that keep the company from offering facial recognition in Canada and the European Union.
To Facebook's credit, the company plans to implement a meaningful level of control: It has implemented a global on/off switch to avoid facial recognition entirely.
The Register asked Facebook's spokesperson whether turning facial recognition off would have any retroactive effect, like removing facial recognition data from machine learning models or otherwise making previous facial recognition hits inaccessible to company systems.
"Once a person turns off face recognition we delete their template completely," Facebook's spokesperson said. "The template is the reference we use to recognize you in photos. Without the template we can not recognize you in photos."
We also inquired whether Facebook has ever been served with a subpoena related to facial recognition or asked by law enforcement to make facial recognition data available.
Facebook declined to comment beyond pointing to its law enforcement guidelines and Government Requests Report. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Max Schrems
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero trust