Second NTIA Multistakeholder Process to Take on Facial Recognition Software
On December 3, 2013, the National Telecommunications and Information Administration (NTIA) announced the launch of a multistakeholder process to develop an enforceable code of conduct pertaining to the use of facial recognition software. This process, the second undertaken by the NTIA pursuant to the White House's proposed Consumer Privacy Bill of Rights, will get underway in February, and NTIA hopes to have a draft by the end of June.
NTIA's initiative is spurred by the rapid development and deployment of computer software capable of identifying faces and, in some applications, identifying particular people. This technology, which has been available for years in photography software and more recently in other applications, likely will only become more accurate and more pervasive in society as time progresses. The prospect of such technology in products such as Google Glass and similar devices has helped increase interest in the subject.
Facial Recognition Issues
Announcing the effort, NTIA Administrator and Assistant Commerce Secretary for Communications and Information Lawrence E. Strickling observed that businesses increasingly are incorporating facial recognition software into not only photo management products, but also into in-store camera systems, online services, game consoles, and mobile devices. While noting that facial recognition technology offers significant potential benefits, Mr. Strickling also said that it “poses distinct consumer privacy challenges.”
In particular, NTIA cited three privacy challenges: (1) securing sensitive biometric data (facial dimensions); (2) providing transparency when facial recognition is used in retail stores or other public places; and (3) developing meaningful controls for consumers. NTIA noted that consumer controls are particularly challenging because digital images are often widely available.
Facial recognition has come under government scrutiny before. The FTC hosted a workshop on facial recognition in late 2011, which led to the release of a staff report in October 2012. In that report, which is legally not binding but does reflect the staff's view of desirable practices, the FTC staff urged businesses to consider the sensitivity of facial and biometric data, and to employ Privacy by Design principles when developing their products. In addition, the FTC staff called upon businesses to provide meaningful notice to consumers and effective choice, and to use reasonable security practices to protect stored images and data. It is likely that at least some of the FTC's considerations will inform the NTIA discussions.
The first meeting is set for February 6. NTIA hopes that many diverse stakeholders will participate and collaborate in the process. It has issued a preliminary agenda for that meeting and a schedule for the subsequent meetings through June.