he Illinois Biometric Privacy Statute Survived a Recent Attack. But the Struggle Continues.
Supporters of unregulated corporate facial recognition systems are waging a sneak attack against our nation’s strongest protection of biometric privacy. On one side are business interests seeking to profit by using invasive facial recognition technologies to identify and track vast numbers of people without their consent. On the other side are EFF and many other digital privacy and consumer rights organizations. Our side won the latest round. But the future of biometric privacy will require all of our constant vigilance.
The latest example of successfully working together: privacy advocates sprung into action last month and defeated a bill that would have repealed most of the Illinois Biometric Information Privacy Act, a groundbreaking law protecting your biometric data. The bill would have deregulated scans of faces, irises, retinas, and hands, and left in place regulation only of fingerprints and voiceprints. In addition to gutting people’s privacy, it would also have undercut lawsuits pending against Facebook and other companies for violating the original strong law. The bill, filed just before the Memorial Day weekend, appeared set for quick passage before the end of the regular legislative session.
The day after the bill was introduced, EFF sent an opposition letter co-signed by the ACLU of Illinois, the Center for Digital Democracy, Consumer Action, the Consumer Federation of America, Consumer Watchdog, Illinois PIRG, the Privacy Rights Clearinghouse, Restore the Fourth, U.S. PIRG, the World Privacy Forum, and Professor Alvaro Bedoya. Illinois PIRG and the World Privacy Forum sent additional opposition letters. The Illinois Attorney General also opposed the bill. Amid this chorus of dissent, the bill’s author announced they would not call the bill for a vote—a win for privacy and for the people of Illinois.
EFF also objects to police use of facial recognition technology. Just last week, EFF joined a coalition effort against the FBI’s attempt to exempt its massive Next Generation Identification database of biometric identifiers from the guarantees of the federal Privacy Act.
Facial Recognition Technologies Endanger Our Privacy
The Illinois law is so important because increasingly sophisticated technology is making it easier than ever to capture and match our faces–remotely, secretly, cheaply, and automatically. New cameras can capture our facial images at ever greater distances and with ever higher precision. New computer programs can match our facial images with ever greater accuracy. New interoperability systems allow this facial matching across ever more databases.
Our faces are readily accessible to other people, and most people must expose their faces to other people in order to participate in society. When we do so, there is very little that we can do as individuals to prevent other people from capturing the images of our faces and subjecting us to facial recognition technologies.
If someone stalks us or commits identify theft against us by using our passwords or credit card numbers, we can defend ourselves by simply changing those unique identifiers. We can even change our names. But contrary to what action movies suggest, we cannot change our faces.
The private sector is deploying facial recognition systems with ever growing frequency. For example, Face First sells systems that retailers use to identify the people entering their stores, and assess whether (in the words of Face First) they are “bad guys” likely to shoplift or “good customers” who should be made more welcome. Similarly, Churchix sells systems that allow houses of worship to automatically determine who is attending their worship services. Analysts expect the global market for facial recognition technologies to double from $3 billion in 2015 to $6 billion in 2020.