(1) edited version of Carpenter v. US
(2) overview of the CCPA + state biometric privacy laws
Facial recognition technology involves using algorithms to identify people based on their faces. Distinctive details about people’s faces are compiled into “face templates,” which are then stored in a database and used to find facial matches,
Facial recognition is quickly being deployed by many companies for various purposes, such as authenticating identity (unlocking smart phones) and identifying people in photos. Other uses include using the data to track people’s location and behavior. Facial recognition technology also can detect people’s emotions – an ability that could be used to manipulate people.
A recent case involving the Illinois Biometric Information Privacy Act (BIPA), Rivera v Google (N.D. Ill. No. 16 C 02714, Dec. 28, 2018), puts the ills of Spokeo Inc. v. Robins on full display. In Rivera, plaintiffs sued Google under BIPA, which prohibits companies from collecting and storing specific types of biometric data without people’s consent. The plaintiffs alleged that Google collected and used their face-geometry scans through Google Photos without their consent. Google’s face recognition feature is defaulted to being on unless users opt out. Instead of addressing the merits of the plaintiffs’ lawsuit under BIPA, the court dismissed the case for lack of standing based on Spokeo, a fairly recent U.S. Supreme Court case on standing.
Spokeo is a terrible decision by the U.S. Supreme Court. It purports to be an attempt to clarify the test for standing to sue in federal court, but it flunks on clarity and coherence. I previously wrote an extensive critique of Spokeo when the decision came out in 2016.
Beyond Spokeo‘s incoherent mess, there is another part of the opinion that is far worse — Spokeo authorizes courts to override legislatures in determining whether there’s a cognizable privacy harm under a legislature’s own statute. This part of Spokeo is a major usurpation of legislative power — it undermines a legislature’s determination about the proper remedies for violations of its own laws.
The FBI is gearing up to create a massive computer database of people’s physical characteristics, all part of an effort the bureau says to better identify criminals and terrorists.
But it’s an issue that raises major privacy concerns — what one civil liberties expert says should concern all Americans.
The bureau is expected to announce in coming days the awarding of a $1 billion, 10-year contract to help create the database that will compile an array of biometric information — from palm prints to eye scans.
Kimberly Del Greco, the FBI’s Biometric Services section chief, said adding to the database is “important to protect the borders to keep the terrorists out, protect our citizens, our neighbors, our children so they can have good jobs, and have a safe country to live in.”
But it’s unnerving to privacy experts.
“It’s the beginning of the surveillance society where you can be tracked anywhere, any time and all your movements, and eventually all your activities will be tracked and noted and correlated,” said Barry Steinhardt, director of the American Civil Liberties Union’s Technology and Liberty Project.
The FBI already has 55 million sets of fingerprints on file. In coming years, the bureau wants to compare palm prints, scars and tattoos, iris eye patterns, and facial shapes. The idea is to combine various pieces of biometric information to positively identify a potential suspect.
A Washington Post article discusses the growing use of biometric identification, which involves authenticating identity by using immutable characteristics of the human body. Some methods include fingerprint readers, iris scanners, and facial recognition systems. According to the article: