By Erika Batista
So today the news broke out that Facebook turned off their ill-famed facial recognition feature, otherwise known as “tag suggest”, in Europe. Almost simultaneously, other news revealed the social networking giant is rolling out new features that allow users to view and delete their search history. My husband and I had a brief discussion on the topic of privacy and data protection, and unlike most times, we found ourselves surprised to have very opposite points of view. So I decided to write about it, mostly to illustrate my opinion and hopefully start an interesting discussion.
As a lawyer and a lover of liberty, my first reaction is to reject the idea of a facial recognition system altogether. Just imagine all the implications for the right to privacy of having a giant database out there with enough information to locate you, even in a crowd, anywhere in the world.
While this may sound like a promising tool for the prevention of terrorism and tracking down of criminals, results actually show otherwise. Indeed, it was reported that the Tampa Police Department stopped its use after the technology generated hundreds of false positives, but not a single arrest. That just means the technology isn’t good enough yet, though.
In my opinion, facial recognition can be downright creepy. The other day while uploading an album from a recent museum visit, I was asked to identify the “people” in a photo, which were actually deteriorated statues from the 12th century. Another time, Facebook suggested a tag of my brother on a picture of me. Ew.
A bit more seriously, the relevant question here is what are the actual risks that users face? What exactly are we protecting here?
Before addressing this question, a little history:
In 1980, the OECD promoted guidelines for the protection of personal data. Accordingly, there are several principles that should be respected if handling personal data. They basically say that you should know when your data is being collected, what for, and that it should not be used for anything other than the stated purpose. Other principles cover security, disclosure, access and accountability.
That sounds like poetry to my lawyer ears, but they were merely suggestions. So, how many states did actually implement these guidelines? Yes, you guessed right. Zero.
Recently we’ve had more honest efforts, and as of 1998 every European country has its own data protection legislation in accordance with a European directive that was issued on the topic. As for the United States, it’s been more of a trial and error process. Despite the existence of some regulation there is an overall tendency to promote self-regulation among the incumbent entities, leaving behind a lot of loopholes. But how well does this self-regulation work?
So far, in the case of social media, not bad. Besides the protection that the law grants, you can count on the services themselves for fine-tuning. Google’s social networking service G+ had its momentum when it announced that it would feature new privacy and sharing controls, which Facebook lacked and swiftly adopted in order to keep users from fleeing. Despite allegations of social network fatigue, the market has proven itself capable of adapting to (some) user needs.
So, going back to our question, what exactly are we protecting?
Without going completely “conspiracy theorist” on you, one of the arguments most often used against facial recognition is the fear that it could lead to a “mass surveillance society”. Yoann argued at this point, validly, that it is not the government we are dealing with. It’s just Facebook. Right?
Wrong. The thought of a mass surveillance state might seem like a far-fetched idea to you, but it’s actually not. Indeed, we hear everywhere about scandals regarding different types of privacy-invasive acts such as tapped conversations, misrepresentations about the use of tracking cookies (even when users expressly disabled them, Google still kept using them and gladly paid the fine that followed), the government officials using twitter to track down supposed threats, the police being allowed access to social media accounts without a warrant, and access being granted to these accounts without even notifying the user, just to mention a few.
Again, my husband (acceptably) argues: if you don’t want something to be known, just don’t share it. But asking myself each and every time before hitting that “post” button “Could this content seem in any way incriminating?” is borderline psychopathic behavior.
The ramifications don’t limit themselves to police activity, of course. Information obtained through social media can and has been used during the processing of insurance claims, the assessment of a candidate for a job (there are companies created exclusively for this purpose), not to mention the intrusive commercial applications of facial recognition systems, among many others.
With recent Facebook updates it is easier to control how your data is shared with the public. However, there is still certain information that is always public (name, profile and cover pictures, network, gender, username and ID). The alternative Facebook offers you? To delete your account.
Then another question arises: Who are Facebook’s real customers? Sure, they want to create a good product so that we can keep using it, the same way a farmer keeps feeding his cows so that they will stay alive and produce milk. This has been discussed before, many, many, times. Facebook wants you to keep providing information so that they can keep monetizing it and getting better at it. For the moment, most of their profit comes from advertisers, but who is to say it will be that way forever? Users certainly don’t have a say in whom Facebook can or can’t do business with.
Yet the use of social media remains safe “enough” that most of us don’t even consider these issues. After all, Ireland’s Data Protection Commissioner concluded their report on Facebook with a positive note. However, that still means that your information could be revealed (according to Facebook’s own guidelines) to public authorities in accordance with the law, which in certain cases does not grant much protection.
Moreover, there may be a brighter side to the story. There are some software that include this feature such as Google’s Picasa and Apple’s iPhoto, for example, which allow users to organize their photo library by tagging recognized people on photos. This represents a practical advantage for the consumer, and in the future there will probably be many exciting and non-intrusive developments to this technology. Facebook themselves expressed that they would revisit facial recognition when they figure out how to keep the legislators happy (after all, they did invest millions acquiring a face recognition tech company this year).
So, ultimately, by providing Facebook with a vast amount of information we are trusting that they will not use it for any purpose other than those annoying and increasingly accurate ads. Until a breach of that trust occurs, this matter and the minor incidents will continue to be overlooked.