Skip to Content

Sen. Franken Presses Facebook, Government to Safeguard Privacy As Facial Recognition Technology Quickly Advances

Says Millions of Americans' "Faceprints" Already Part of Public, Private Databases at Wednesday Hearing

Wednesday, July 18, 2012

U.S. Sen. Al Franken (D-Minn.) said today that the "faceprints" of millions of unwitting people in Minnesota and across the country are already part of public and private databases, and he urged both the FBI and Facebook to do more to protect Americans' privacy as facial recognition technology quickly advances.

Sen. Franken, Chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law, pressed for the privacy safeguards at a hearing Wednesday, saying the emerging technology can be used to ascertain personal information using nothing more than an individual's unique faceprint-similar to an individual's fingerprint-and which are based on the dimensions and other characteristics of an individual's face. In the past several years, facial recognition technology has been used by law enforcement, social networks, and even Departments of Motor Vehicles, meaning that many - if not most - citizens are likely a part of some kind of facial recognition database.

Testimony at the hearing from the FBI, Facebook, and other expert witnesses indicated that facial recognition technology is sometimes being used without regard for a citizen's privacy and that legal safeguards may not be keeping up with the quickly advancing technology.

"Facial recognition technology is in broad use today by both the government and the private sector; it's not some remote future technology," said Sen. Franken. "Right now the technology is being used for good, but it could easily be used for bad: for example, it's probably good for law enforcement to be able to use this technology to identify a guy who's been holding up convenience stores, but it's another thing entirely for the government to use this technology to identify people at, say, a political protest. I fear that without further protections, this technology could be used on unsuspecting civilians innocent of any crime, or could be used to instantly identify someone walking down the street. I urge the FBI and Facebook to do more to protect people's privacy so that this new technology isn't abused."

In late 2010, Facebook enrolled all of its hundreds of millions of users into a program called "Tag Suggestions." The program allowed Facebook users to automatically find and "tag" or identify their close friends' faces in the photos they uploaded. This program uses facial recognition technology to create a unique faceprint for every user that is tagged through Tag Suggestions. In rolling out Tag Suggestions, experts say Facebook has built one of the world's largest privately held database of faceprints. Witnesses at today's hearing testified that this database could eventually be used to find and identify a Facebook user in any photo or to identify those users in person through the use of a facial recognition mobile app, and also said that the database could be leased or sold to third parties for similar purposes. Facebook users are not asked to enroll in Tag Suggestions; the company automatically enrolls all users in the program.

Last year, the FBI rolled out a facial recognition program. Active in Maryland, Michigan, and Hawaii-and soon to be expanded to Ohio, New Mexico, and South Carolina-this pilot program lets officers in the field take a photo of an individual and compare it to a federal database of criminal mugshots. Witnesses at today's hearing argued that the pilot program lacks clear restrictions against the government using this program to identify and target peaceful political protestors or other unsuspecting and innocent citizens. The Department of Justice is also developing technology that would allow the government to use this technology to remotely identify individuals in a crowd or large gathering.

In June, Chairman Franken received long-awaited responses to questions he posed to Attorney General Eric Holder regarding the Federal Bureau of Investigation's creation of a new facial recognition system. In April, Chairman Franken filed comments with the Department of Commerce, urging the White House-led privacy process to address the commercial use of facial recognition technology on social networks and elsewhere. Chairman Franken noted that Facebook's use of the technology had likely created unique facial recognition records for hundreds of millions of its users.

You can read Sen. Franken's opening statement below.

As Prepared for Delivery
Opening Statement of Chairman Franken on Subcommittee Hearing: "What Facial Recognition Technology Means for Privacy and Civil Liberties."


This hearing will be called to order. Welcome to the fourth hearing of the Subcommittee on Privacy, Technology and the Law. Today's hearing will examine the use of facial recognition technology by the government and the private sector - and what that means for our privacy and civil liberties.

I want to be clear: there is nothing inherently right or wrong with facial recognition technology. Just like any other new and powerful technology, it is a tool that can be used for great good. But if we do not stop and carefully consider the way we use this technology, it may also be abused in ways that may threaten basic aspects of our privacy and civil liberties. I called this hearing so we can start that conversation.

The dimensions of our faces are unique to each of us-just like our fingerprints. And just like fingerprint analysis, facial recognition technology allows others to identify you with what's called a "faceprint," a unique file describing your face.

I believe that we have a fundamental right to control our private information--and biometric information is already among the most sensitive of our private information, mainly because it is both unique and permanent. You can change your password. You can get a new credit card. But you can't change your fingerprint, and you can't change your face. Unless you go to a lot of trouble.

But facial recognition creates acute privacy concerns that fingerprints do not. Once someone has your fingerprint, they can dust your house or your surroundings to figure out what you've touched. Once someone has your faceprint, they can get your name, they can find your social networking account and they can find andtrack you in the street, in the stores you visit, the government buildings you enter, and the photos your friends post online.

Your face is a conduit to an incredible amount of information about you. And facial recognition technology can allow others to access all of that information from a distance, without your knowledge and in about as much time as it takes to snap a photo.

People think of facial recognition as something out of a science fiction movie. In reality, facial recognition technology is in broad use today. If you have a drivers' license, if you have a passport, if you are a member of a social network, chances are good that you are part of a facial recognition database.

There are countless uses of this technology, and many of them are innovative and quite useful. The State Department uses facial recognition technology to identify and stop passport fraud-preventing people from getting multiple passports under different names. Using facial recognition technology, Sheriff Larry Amerson of Alabama, who is with us here today, can make sure that a prisoner being released from the Calhoun County jail is actually the same prisoner that is supposed to be released.

But there are uses of this technology that should give us pause.

In 2010, Facebook, the world's largest social network, began signing up all of its then-800 million users in a program called Tag Suggestions. Tag Suggestions made it easier to tag close friends in photos. That's a good thing.

But the feature did this by creating a unique faceprint for every one of those friends. And in doing so, Facebook may have created the world's largest privately-held database of faceprints--without the explicit consent of its users. To date, Tag Suggestions is an opt-out program. Unless you have taken the time to turn it off, it may have already been used to generate your faceprint.

Separately, last year, the FBI rolled out a facial recognition pilot program in Maryland, Michigan and Hawaii that will soon expand to three more states. This pilot lets officers in the field take a photo of someone and compare it to a federal database of criminal mugshots. The pilot can also help ID a suspect in a photo from an actual crime. Already, several other states are setting up their own facial recognition systems independently of the FBI. These efforts will catch criminals: they already have.

Now many of you may be thinking that that's an excellent thing. I agree with you. But unless law enforcement facial recognition programs are deployed in a very careful manner, I fear that these gains could eventually come at a high cost to our civil liberties.

I fear that the FBI pilot could be abused to not only identify protesters at political events and rallies, but to target them for selective jailing and prosecution, stifling their First Amendment rights. Curiously enough, a lot of the presentations on this technology by the Department of Justice show it being used on people attending political events or other public gatherings.

I also fear that without further protections, facial recognition technology could be used on unsuspecting civilians innocent of any crime - invading their privacy and exposing them to potential false identifications.

Since 2010, the National Institute of Justice, which is a part of DOJ, has spent $1.4 million to develop facial recognition-enhanced binoculars that can be used to identify people at a distance and in crowds. It seems easy to envision facial recognition technology being used on innocent civilians when all an officer has to do is look at them through his binoculars.

But facial recognition technology has reached a point where it is not limited to law enforcement and multi-billion dollar companies: it can also be used by private citizens. Last year, Professor Alessandro Acquisti of Carnegie Mellon University used a consumer-grade digital camera and off-the-shelf facial recognition software to identify one out of three students walking across a campus.

I called this hearing to raise awareness about the fact that facial recognition already exists right here, today, and we need to think about what that means for our society. I also called this hearing to call attention to the fact that our federal privacy laws are almost totally unprepared to deal with this technology.

Unlike what we have in place for wiretaps and other surveillance devices, there is no law regulating law enforcement use of facial recognition technology. And current Fourth Amendment case law generally says that we have no reasonable expectation of privacy in what we voluntarily expose to the public - yet we can hardly leave our houses in the morning without exposing our faces to the public. So you don't need a warrant to use this technology on someone. You might not even need to have a reasonable suspicion that they're involved in a crime.

The situation for the private sector is similar. Federal law provides some protection against true bad actors that promise one thing yet do another. But that's pretty much as far as the law goes. If a store wants to take a photo of your face when you walk in and generate a faceprint - without your permission - they can do that. They might even be able to sell it to third parties.

Thankfully, we have a little time to do better. While this technology will in a matter of time be at a place where it can be used to quickly and reliably identify a stranger, it isn't there just yet. And so I have called the FBI and Facebook here today to challenge them to use their position as leaders in their fields to set an example for others-before this technology is used pervasively.

The FBI already has some privacy safeguards in place. But I still think that they could do more to prevent this technology from being used to identify and target people engaging in political protests or other free speech. I think the FBI could do more to make sure that officers use this technology only when they have good reason to think that someone is involved in a crime. I also think that if the FBI did these things, law enforcement agencies around the country would follow.

For their part, Facebook allows people to use Tag Suggestions only on their close friends. But I think Facebook could still do more to explain to its users how it uses facial recognition - and to give them better choices about whether or not to participate in Tag Suggestions. I think that they could make clear to their users just how much data they have-and how they will and will not use their large and growing database of faceprints. And I think that if Facebook did these things, they would establish a best practice against which other social networks would be measured.

My understanding is that for the past few months, Facebook Tag Suggestions has been temporarily disabled to allow for some technical maintenance. It seems to me that Facebook has the perfect opportunity to make changes to its facial recognition program when it brings Tag Suggestions back online.

I'm also calling the Federal Trade Commission to testify because they are in the process of actually writing best practices for the use of this technology in industry. I urge the Commission to use this as an opportunity to guarantee consumers the information and choices they need to make informed decisions about their privacy.

In the end, though, I also think that Congress may need to act - and it wouldn't be the first time it did. In the era of J. Edgar Hoover, wiretaps were used freely with little regard to privacy. Under some Supreme Court precedents of that era, as long as the wiretapping device did not actually penetrate the person's home or property, it was deemed constitutionally sound - even without a warrant. And so in 1968, Congress passed the Wiretap Act. Thanks to that law, wiretaps are still used to stop violent and serious crimes. But police need a warrant before they get a wiretap. And you can't wiretap someone just because they're a few days late on their taxes - wiretaps can be used only for certain categories of serious crimes.

I think that we need to ask ourselves whether Congress is in a similar position today as it was 50 or 60 years ago-before passage of the Wiretap Act. I hope the witnesses today will help us consider this and all of the different questions raised by this technology. With that, I will turn to my friend and the Ranking Member, Senator COBURN.

 

Duluth Office
515 W 1st St
Suite 104
Duluth, MN 55802
(218) 722-2390

NW Mobile Office
Valerie Gravseth
NW Field Representative
(218) 230-9487

Saint Cloud Office
916 W St. Germain St.
Suite 110
Saint Cloud, MN 56301
(320) 251-2721

Saint Paul Office
60 East Plato Blvd
Suite 220
Saint Paul, MN 55107
(651) 221-1016

Saint Peter Office
208 S Minnesota Ave
Suite 6
Saint Peter, MN 56082
(507) 931-5813

Official Web Site of Sen. Al Franken
Text Only   |   Privacy Policy   |   Contact