The International Biometric and Identification Association released a paper that proposes best practices for use of facial recognition in consumer applications.
While the new consumer and commercial applications of face detection and face recognition technologies – such as social media and digital signage – can be positive and beneficial to consumers, they must be deployed with utmost sensitivity to the privacy of the consumer and general public, according to IBIA and Joseph Atick. Atick is one of the original inventors of face recognition technology and is vice chairman at the IBIA.
The underlying principle of IBIA’s best practice recommendations is that a photo is not a biometric but a faceprint – the unique digital code from a photograph can be matched against a database of known faceprints to establish identity and can be used for face recognition. Since a face print is a biometric it should be considered personally identifiable information (PII) and have the security and privacy protections of other PII.
Thus, applications that generate and store faceprints, tracking or face recognition, should be subject to a higher standard of protection than applications that simply perform face detection.
In addition, IBIA supports the implementation of measures to protect against developing large-scale identity databases by harvesting identity-tagged face photographs from the Web that could be used to perform face recognition of unknown individuals appearing in front of cameras in public places, thus piercing the veil of anonymity.
These measures could include limiting access to identity-tagged images on the Web to search engine companies that commit to appropriate privacy policies and blocking those that do not.
In August a Google group was using facial recognition to try and track down London rioters. A similar effort was made in Vancouver after riots when the Canucks lost the Stanley Cup.
The full white paper can be downloaded here.