Face Forward: Opportunities and Pitfalls with Facial Recognition
Getting to Orlando, Florida, for GSX 2021 was in some ways a return to normal, especially once I arrived at a busy and crowded airport—featuring both patient and disgruntled travelers waiting to be screened by TSA, children with overstuffed backpacks that would look more at home atop a donkey, and airline staff scanning boarding passes and ushering in passengers.
Different, however, were the hundreds of eyes sitting above masks with that look of trying to remember how to travel, as well as the signage throughout the airport reminding everyone that masks needed to cover mouths and noses unless someone was actively eating.
So, when Don Zoufal, CPP, safety and security executive at CrowZ Nest Consulting, Inc., explained that some airlines are using facial recognition to replace boarding passes, it’s hard not to smile—under the mask, of course—at the irony.
Zoufal, who presented “Face Forward: Legal Issues with Facial Recognition and Other Artificial Intelligence” in the Defensive Strategies Theater, noted that facial recognition has become increasingly common in combining surveillance with customer experience. Beyond the air travel industry, commercial uses for this technology include timekeeping, certifications, and enhancing customers’ experience for a smoother interaction.
On the security side, facial recognition is commonly used for digital or physical access, surveillance, identifying fraud or identity theft, and investigations.
But for all of its advantages, there remain some facets of facial recognition that can hurt an organization’s relationship with the public.
During the session, Zoufal pointed out that people in his hometown of Chicago, Illinois, were unhappy last year when they learned that the Chicago Police Department (CPD) used images from the Illinois Department of Motor Vehicles and Clearview AI without their knowledge or approval, such as when law enforcement agencies source photographs from the Department of Motor Vehicles or other image databases.
“People are creeped out by the fact that their photo may be utilized by police officers in an investigative context,” Zoufal said. Clearview later canceled the two-year contract with the CPD after being named in a civil liberties suit filed by the American Civil Liberties Union.
And there are other uses of facial recognition that are raising legal concerns and the ire of civil liberties groups. From real-time use (essentially, tracking a person through facial recognition) to racial bias to geospatial tracking (such as facilities where employers track the movements of staff) to unauthorized dissemination or use of the data, organizations must remain aware of the shifting regulatory environment.
While Illinois remains ahead of most U.S. states with its Biometric Information Privacy Act (BIPA)—which bars private companies from collecting a person’s biometric data without written notification and consent on how that data is used—Zoufal said he expects similar laws to emerge in other U.S. states.
And although the United States lacks a federal mandate or regulation on the use of facial recognition or other biometric data, the European Union’s General Data Protection Regulation impacts any business with clients or users living in the EU.
Ultimately, Zoufal said transparency and informed consent are the two practices organizations should consistently commit to if they plan to successfully deploy and retain facial recognition for either surveillance or commercial uses.
The ASIS International Security and Applied Sciences Community is studying the future of artificial intelligence applications. To learn more about its work and the community, check out Zoufal’s article from the April Artificial Intelligence issue of Security Technology.