Definition of Facial Detection, Categorization Hot Button Topic for NTIA-Backed Facial Recognition Group
Facial recognition can be broken down into roughly three steps -- detection, categorization and identification -- the NTIA-backed multistakeholder group mostly agreed at a Thursday meeting. While the group is hammering out the specific words and definitions (for example, profiling instead of categorization, recognition instead of identification), it largely agreed facial recognition technology occurs in three steps that merit differing levels of notice and privacy, stakeholders said Thursday. Differing opinions remain over issues like which characteristics, when detected, count as categorization. And setting the privacy standards associated with each step is an unsettled issue as the group attempts to move toward a code of conduct.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The first step, detection, is akin to simple people counting, said Alvaro Bedoya, a staffer for Sen. Al Franken, D-Minn., and chief counsel for the Senate Judiciary Subcommittee on Privacy, Technology and the Law. “Pure, there is a face here,” he said. The group largely agreed this step triggers few privacy and notice requirements.
Facial detection was one of three items identified at the group’s last meeting as on a path to consensus -- the two others being privacy standards for stored biometric templates, and the standards governing biometric template data breaches (CD June 25 p6). Through the first half of 2014, the group has been working on a list of 18 items a code of conduct should address (http://1.usa.gov/1oj4n6g) and a variety of definitions (http://1.usa.gov/1rEa8Os).
The second step, categorization, occurs when software separates faces from one another based on characteristics -- age, gender, race, ethnicity, size, religion -- without face authentication, said stakeholders. “Gender and age probably are less objectionable than race or religion,” said International Biometrics & Identification Association (IBIA) Vice Chairman Walter Hamilton. He proposed adding in parentheses “what characteristics we find appropriate and exclude those that we don’t think are appropriate.” IBIA presented a best practices document at the group’s last meeting (CD June 24 p6), but it didn’t discuss facial detection.
"I don’t think we need the parentheticals,” NetChoice Policy Counsel Carl Szabo countered. “We're not here to re-litigate these very broad issues. We're trying to achieve consensus.” The discussion, he said, “was just creating more vitriol in the room.” “We have to at least try,” said Susan Grant, director of consumer protection for the Consumer Federation of America. The group voted 11-3 to keep the parenthetical that lists specific characteristics, and delineate the individual characteristics later.
The third step, identification, includes matching a face against a database of photos or biometric templates. For detection and identification, the group agreed higher notice and consent should be required. Bedoya pointed to two 2012 facial recognition best practices documents -- the FTC’s (http://1.usa.gov/1nxyAhc) and the Center for Democracy & Technology’s (http://bit.ly/1nYi7yF) -- that said “you really do need a very strong transparency regime” in such instances. The FTC’s document is relatively “moderate,” he said.
The group decided to take August off before reconvening sometime in September. “Sounds like my group has a lot of work to do over the August break,” said Szabo, who has spearheaded the editing process for the definitions document.