SAN FRANCISCO — Of all the information Facebook collects about you, nothing is more personal than your face.
With 2.2 billion users uploading hundreds of millions of photos a day, the giant social network has developed one of the single-largest databases of faces and — with so many images to train its facial recognition software — one of the most accurate.
The question of whether you should let Facebook save your face is gaining in urgency as it moves to expand its deployment of facial recognition, rolling it out in Europe, where it was scrapped in 2012 over privacy concerns and scanning and identifying more people in photos.
At the same time, the giant social network is attempting to quash efforts to restrict the use of facial recognition in the U.S., from legislation to litigation. And consumer groups are asking the Federal Trade Commission to investigate Facebook’s widening use of the technology.
The biggest threat to Facebook’s collection of facial recognition data is a class-action lawsuit in California brought by three Illinois residents who are using Facebook under a state law, the Biometric Information Privacy Act, one of only two in the nation to regulate commercial use of facial recognition.
This week, a California federal judge ruled the case could proceed, potentially exposing Facebook to billions of dollars in damages.
Facebook is reviewing Monday’s ruling, spokeswoman Genevieve Grdina said in an emailed statement. But the company believes that the kind of facial recognition it performs is not covered by the Illinois law.
“We continue to believe the case has no merit and will defend ourselves vigorously,” she said.
Should people trust Facebook with one of their most sensitive data points which, unlike a credit-card number, can’t — or at least can’t easily — be changed?
Distrust over how Facebook treats its customers’ personal data has jumped after 87 million users had their data pilfered by Cambridge Analytica, the British political firm with ties to Donald Trump’s 2016 presidential campaign.
A survey taken after Facebook CEO Mark Zuckerberg’s congressional testimony last week showed a sharp decline in public confidence. Some 27% respondents agreed with the statement, “Facebook is committed to protecting the privacy of my personal information,” down from 79% in 2017, according to think to tank the Ponemon Institute.
Most forms of tracking target the technology you use. Cookies on your computer. Digital fingerprints your browser leaves behind. GPS on your smartphone. What makes this technology different: It tracks the most identifiable part of your body.
“You can delete cookies. You can change browsers. And you can leave your smartphone at home,” says facial recognition expert Alvaro Bedoya, executive director of Georgetown Law’s Center on Privacy & Technology. “But you can’t delete your face, and you can’t leave it at home.”
Facebook’s facial recognition technology analyzes photos and videos to create a unique “template” to identify you. The technology is a shortcut that scans photos to suggest names of friends to tag.
The company says it has no plans to make people’s facial recognition data available to advertisers or outside developers. But the more Facebook can glean from users’ photos about their interests, activities and social circles, the more precisely it can target advertising.
Facebook says it has tight control over its database of people’s likenesses. Even if someone were to obtain a “template,” it does not function like other face recognition systems.
“When we provide our biometric information to Facebook, we don’t know where that information is going,” Electronic Frontier Foundation senior attorney Jennifer Lynch said. “Facebook says: ‘Trust us to keep it safe.’ But Facebook has shown time and time again that it makes the wrong choices when it comes to protecting users’ data.”
Facial recognition, sometimes called face painting, is used by major technology companies around the globe. Apple last year replaced its fingerprint reader with a camera that uses your face to unlock the iPhone.
Facebook expands photo identification
In December, Facebook expanded the scope of its technology with the announcement that it would let users know when someone posts a photo of them, even if they are not tagged in it. The technology informs you if someone uses a photo of you in their profile picture to help detect impersonations. It also makes it possible for the visually impaired to have screen readers tell them who’s tagged in friends’ photos.
What may seem harmless — allowing Facebook to create an impression of your face — can be more telling than some people think. And soon it could reveal even more, including the state of your health, privacy experts say. The technology is becoming so sophisticated that Facebook can recognize people in photos and videos even if their faces are obscured, picking up clues from posture and body shape.
“This technology is powerful in a way that our society isn’t really used to,” Bedoya says.
On Wednesday, Facebook announced changes to how it asks users for permission to collect their personal data — including facial recognition data — to comply with strict new European privacy rules coming next month. Facebook says it has made it easy for users to understand their choices and to turn off the facial recognition feature, but critics say the process is rigged to nudge them not to. It’s on by default; users need to go into settings to turn it off.
“As members of the public and as users of Facebook, we need to know more about how that database is being utilized,” says Pam Dixon, executive director of the World Privacy Forum. “We just don’t know enough.”
Privacy experts have been sounding the alarm over the potentially invasive uses of facial recognition for years as cameras proliferate and the technology advances, from retailers using it to identify shoplifters to sporting venues to spot potential troublemakers.
Consumers frequently don’t realize their faces can be scanned and connected to their identity including income, education, demographics and other data, according to the ACLU.
In fact, very little is known about how extensive these practices already are. There is no federal law governing the use of facial recognition technology, and only two states — Illinois and Texas — regulate it.
During his testimony on Capitol Hill this month, Zuckerberg said Facebook is committed to getting “affirmative consent” from users for sensitive technologies such as facial recognition.
Yet Facebook has aggressively pushed back against limits that states have considered imposing on commercial uses of facial recognition, according to the Center for Public Integrity, an investigative non-profit.
Of legislation that would have created new privacy protections for facial recognition proposed in 2017, all failed but one, and then only after the scope was limited, according to the group. Facebook keeps its fingerprints off the bills by relying on trade groups for stealthier pushes on legislation that would hand users more control over how their likenesses are used, the Center for Public Integrity said, citing interviews with lawmakers and records. Facebook declined to comment.
The law requires companies to get permission from consumers before collecting biometric data such as fingerprints, iris scans, and images of faces. In 2015, three users sued on behalf of millions of Facebook users in Illinois under the law, claiming that Facebook did not obtain written consent from users or properly notify them about how their information would be used or-or how long it would be kept.
Now, just as the company is embroiled in this potentially costly class action, Illinois lawmakers are considering an amendment that would substantially weaken the law. Facebook denies having lobbyists or outside groups advocate on its behalf. But it has tried to get the 10-year-old biometric law changed before.
Sen. Richard Durbin, D-Ill., asked the Facebook CEO about his company’s efforts when Zuckerberg appeared on Capitol Hill.
“I’m afraid Facebook has come down to the position of trying to carve out exceptions to” the Illinois law, Durbin said. “I hope you’ll fill me in on how that is consistent with protecting privacy.”
Durbin’s time expired before Zuckerberg could respond.
Source: USA Today