Victoria MacLennan. 21 July 2022, 3:56 pm
I get so angry with my phone when it doesn’t recognise my mask clad, beanie covered, glasses wearing face, a feature I take for granted and I love my phones facial recognition as a productivity tool for me! On the other hand I read the articles last week about our government sharing facial recognition data between drivers license, passport other services like MSD’s welfare systems and it really riled me up.
First up lets get on the same page with what I am talking about. Simply put Facial Recognition is a way of confirming an individuals identity using their face. The technology behind it matches a human face against digital images stored in a database in order to take an action.
One New York Times article summed it up like this
“Facial recognition—the software that maps, analyzes, and then confirms the identity of a face in a photograph or video—is one of the most powerful surveillance tools ever made. While many people interact with facial recognition merely as a way to unlock their phones or sort their photos, how companies and governments use it will have a far greater impact on people’s lives.”
As a class of technology Facial Recognition falls under the banner of Artificial Intelligence or AI. AI has been controversial for many years, mainly concerns of algorithmic bias, unreliability or invasive functions – some of which have been proven over the years resulting in calls for consistent regulation and ethical frameworks to govern the AI space.
This video is a great explainer on the issues with Facial Recognition software and flaws in major software that is widely in use – The Gender Shades project hones in on ethical use, vulnerabilities in the technology and the risk of abuse. Worth a watch.
Facial Recognition in the media
It’s been a busy few months for Facial Recognition in the media. Here is a short summary.
1. The UK government fined Clearview AI $NZD14.5M (or 7.5M UK Pounds) – We have seen a lot about the case of Clearview AI selling facial data in the media in recent months. Luckily the UK has the protections of their Information Commissioners Office – and our own John Edwards – who said in their ruling:
“The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable. That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.”
1A. Other countries including Australia are following suit with fines for Clearview AI for breaching their legislation. Note the NZ Police admitted in 2020 they also used Clearview AI. An investigation found no evidence of “live” use of the technology but NZ Police did pause their programme after an independent review was undertaken last year.
2. Calls for the UK Government to ban live Facial Recognition – “The UK should immediately ban the use of live facial recognition in public spaces until laws are introduced to regulate biometric technologies” was reported in the Financial Times this week.
This is consistent with reporting earlier in 2022 calling for the UK Police to cease using Facial Recognition until adequate legislation is in place.
2. Microsoft scrapping their “bad” AI Facial Recognition tools – or also reported as limiting the access to their Facial Recognition tools as part of an Ethical overhaul with new Responsible AI Standards. Upshot is they aren’t completely scrapping the software, they are aligning it with the new standard and restricting use to only those customers who will comply.
3. Australian retailers using Facial Recognition software – The Office of the Australian Information Commissioner investigating Kmart and Bunnings for use of Facial Recognition software – the key issues in these cases are limited (if any) advertising to customers they are being recorded for Facial Recognition purposes and potential breaches of the Australian privacy act through use for this purpose. Bunnings have claimed they need to deploy technology like this to help maintain a safe and secure environment in stores for their customers and staff.
Why do I trust Apple to do the right thing with the images of my face that they capture more than my own government?
None of the global vendors are perfect, so acknowledging this I give my data away to Apple and Google and others on an informed basis.
Why do I trust Apple? For the most part because I feel I have control over the use of my phone, I can go to a setting and disable Facial Recognition whenever I like and there are two key terms Apple offer me:
- If you choose to enroll in Face ID, you can control how it’s used or disable it at any time. And
- Face ID data doesn’t leave your device and is never backed up to iCloud or anywhere else.
I can navigate to the terms on my phone and in clear text on their website – they make it easy for me to know where I stand with this technology. Importantly Apple is very diligent about asking me to read their terms and say “I Agree” periodically – yes this is problematic (SouthPark HumancentiPad episode) but they ask me so I feel informed and empowered.
What about the NZ Government? Three services listed in the article involved in Facial Recognition sharing / matching were NZTA Drivers License, DIA Passports and DIA RealME.
Before looking directly into these three I searched for the DIA’s One Time Identity System (OTI) and the closest thing I could find is their page on identity verification which outlines who DIA shares data with generically. Nothing on Facial Recognition though and no option for me to opt out or change my sharing options.
Then. Off to these 3 sites I go to find out what I have agreed to in participating in these three services.
NZTA Drivers License – it took refining my search criteria 3 times before I landed on this page, which does tell me they are sharing my photo for “identity verification and law enforcement” but is completely silent on Facial Recognition uses. However, I could find nothing about when I provided consent to these terms as a consumer eg: when my last Drivers License photo was taken, yep it was a few years ago now but I can’t recall any consent process being involved and there was nothing described on the website.
DIA Passports – again silent on Facial Recognition in their terms and it took me more than 3 tries to get to this page where I found a very reasonable sharing statement but a slightly concerning generic “testing” statement.
RealME (also DIA) – finally RealME, the system we all love to hate. RealME says they will store my photo capture to allow for automated facial recognition matching and to support the aforementioned Identity Verification Service. Tick for RealME – until I read this” Your captured image and liveness video may also be reused to retest biometric facial recognition thresholds to better improve our service.”…..
Do we need Legislation or an Ethical Framework? or both?
Many of the big AI Vendors are advocating for Regulation/Legislation and are starting to expose their own Ethical Frameworks for governing AI and Facial Recognition technologies.
There is legislation in other jurisdictions to protect citizens. For instance the European legislation GDPR deems biometric data (such as Facial Recognition) as sensitive personal information and describes 7 principles for protection of this information. You could argue our Privacy Act which provides 13 guiding principles for all facets of digital technology, affords similar protections to GDPR. It does not, it is not to the same granular level of detail and it does not carry the same repercussions of breaching the Act.
As I have described above fines like the $NZ14.5M can be pursued in the UK under the UK GDPR vs a maximum fine in NZ under the Privacy Act of $NZ10,000 – there is just no comparison.
I think we need both. An Ethical Framework for AI and Facial Recognition that Government agencies, businesses and citizens can sign up to. That recognises Māori Data Sovereignty and embraces the foundations of Te Tiriti o Waitingi. That is unique for our context here in Aotearoa New Zealand.
In parallel we should be commencing the process of developing Regulation/Legislation. Work has been done on this and this paper from the World Economic Forum is well worth a read – Reimagining Regulation in an AI Age – but it was in pilot stage late 2019 so I am guessing Covid delayed progress as can’t find anything else on how the pilot has progressed. They sum the challenge up here perfectly:
“Existing regulatory regimes do not provide solutions for all the harms and issues, and existing regimes will not be fit for purpose in the future”.
Perhaps the Government could pick this up and run with it – at pace!
In doing my random research I also came across this paper which provides a collection of Frameworks and Legislation out there that has a hand in governing Facial Recognition use in Aotearoa. A slightly difficult read but it does highlight the key principles we need to incorporate into our solution –
Finally – The upshot for me in considering the question I pose in the title, and after researching this blogpost, is Apple made it simple for me to find out and understand their position on and my rights regards Facial Recognition. The NZ Government were either silent on, or didn’t make it easy to find or understand. So after this wee investigation I still trust Apple (shocking I know) over my own government right now.
What do you think? Ngā mihi Vic