Privacy concerns have been ignited by “NameTag,” a facial-recognition app designed to reveal personal information after analyzing photos taken on mobile devices. Many are concerned that Google Glass will abandon its prohibition on facial recognition apps. And, there are open questions about the proper protocols for opting customers in and out of services that identify people through facial comparisons in real time. These kinds of services are technically “face matching” services, though they are colloquially referred to here as “facial-recognition technologies.”
Ultimately, the coming wave of consumer facial-recognition technologies brings bad and good news. The bad news is obvious: Automatically identifying one of our most unique and personal traits raises serious privacy concerns ranging from stalking to loss of obscurity in public.
The good news is that facial-recognition technology—at least the kind that could be used at scale to identify most people in any given place—has an Achilles heel that buys society enough time to respond appropriately. No matter how powerful a facial-recognition app is designed to be, it can’t get the job done without being connected to a database that links names to faces, such as those owned by Facebook or LinkedIn. Going forward the key is to ensure legal and social pressure demands the same responsible behavior from database owners as it does from designers, hosts, and users of facial-recognition technologies.
In order for any facial-matching technology to work, algorithms must be able to accurately compare new, unknown images to older, identified ones. An app without a database of images to draw from is like a car without gasoline. You can get in, buckle your seat belt, and fantasize about a destination. But you aren’t going anywhere.
If a facial recognition app is going to be used to identify random strangers encountered around the country (if not the world), it must be connected to a database of images of corresponding proportion. While there are still privacy concerns with localized use of facial recognition technologies, a database that only has information about people in limited circles is of limited use.
NameTag seems ominous because it allegedly can draw from “publicly available information.” Indeed, if we imagine the app combining every photo made available by searching Google, it’s easy to assume the worst. But while NameTag users might try to populate a new database with Google results, it’s hard to imagine they could get far enough to make the effort worthwhile.
Putting copyright and contractual issues aside, hitting a critical mass of hundreds of millions, if not billions of photos would rival Wikipedia’s project of crowdsourcing knowledge. While the public saw social good in pulling together to create an online encyclopedia of faces and names, they likely won’t muster the same zeal to build a repository for private companies to profit by minimizing privacy. And if such a project ever gained momentum, it should receive the same public scrutiny as existing substantive name and face databases.
Since it seems unlikely that NameTag—or, frankly, any other company developing facial recognition software—will create a new massive database, the few existing large-scale facial-image repositories will become valued targets. Because it takes too much time and effort to manually collect images from these sources, companies interested in say, Facebook and LinkedIn, government-owned databases such as a DMV's, could try to collect bulk data by scraping publicly accessible profiles.