Brad Smith, the President of Microsoft, has praised steps taken in Washington State to regulate controversial facial recognition technologies, but the landscape still remains incredibly fragmented.
Such issues would rarely bother the consumer today, but the same could have been said about a Facebook personality quiz in 2015. Like the proverbial butterfly flapping its wings, small actions have the potential to blossom into chaos, and the implementation of facial recognition certainly fits into this category.
As it stands, the freedom in which facial recognition technologies are being experimented with, thanks to a lack of accurate regulation, is dangerous.
“Washington state’s new law breaks through what, at times, has been a polarizing debate,” Smith said in a blog post.
“When the new law comes into effect next year, Washingtonians will benefit from safeguards that ensure upfront testing, transparency and accountability for facial recognition, as well as specific measures to uphold fundamental civil liberties.”
Regulation applied retrospectively is a very difficult thing to do. In this case, as some police forces and intelligence services have been making use of the technology, they might resist any attempts to draw limitations. Regulating proactively to prevent abuse instead of trying to take away existing powers is a much more effective approach to take, removing the risk of concessions and compromises.
This is what Washington State has done, as Smith praises. Governor Jay Inslee has attempted to get ahead of the adoption curve before it progresses too aggressively.
Passed on March 12 by a 27 to 21 count, Senate Bill 6280 was signed into law by the Governor on March 31. This piece of legislation creates a framework to dictate how facial recognition technologies can be used by authorities but protects democratic freedoms and civil liberties. This is the accountability that it required for a pervasive technology which poses a significant threat to privacy and a significant opportunity for misuse.
What is worth noting is that while Washington State is claiming the praise here, there are others who have made very ambitious progress in this field already.
Washington State should of course be commended for this piece of legislation, but lawmakers in Illinois deserve the crown when it comes to forward looking law. Senators in the midwestern state have already passed the Biometric Information Privacy Act, which offers stringent protections to citizens by designating biometric data as valuable as a social security number. Companies and authorities would have to consult users and citizens before using the technology, rules which Facebook has fallen foul of as it faces another privacy lawsuit in the state.
Amazingly, the Illinois Biometric Information Privacy Act protecting citizens against the free-wielding and unvalidated implementation of facial recognition technologies was signed into law in 2008.
While Illinois set the standards in years gone, Washington is taking legislation of this technology to a new level. Under the new rules:
- APIs or other technical capabilities will have to be made available to enable testing of the technologies by third parties to ensure there is no bias embedded in the algorithms
- Vendors must also disclose any complaints or reports of bias regarding the service
- A clear use and data management policy must be created and validated before any technologies can be implemented by authorities
- Humans, not machines, must be responsible for the decision making associated with any component of the facial recognition technology
- Mass surveillance has been ruled out. Implementation must be for a specific purpose, though there are exceptions to the mass surveillance case, (1) if a warrant allows it (2) finding a missing person or identifying a deceased individual (3) exigent circumstances
- Surveillance cannot be applied to any individual’s exercise of First Amendment rights, and authorities cannot justify facial recognition based on a person’s ‘religious, political or social views or activities’
- Finally, any implementations must be opened to public consultation
There are of course many more nuances and clauses written in suitably foreign legalese, though as you can see from the bullet points above, this is a very comprehensive law which should prevent the flamboyant implementation of facial recognition technologies.
Getting regulation in front of the rapidly developing technology industry is a thankless and often impossible task, meaning most legislation should be viewed as risk mitigation. These rules are promising, but there will certainly be loopholes exploited by the slippery lawyers of Silicon Valley. However, Washington State legislators should be applauded for their efforts to control a potentially divisive technology.
Given the complexities of the technology industry, it is slightly unfair to criticise lawmakers for not being able to protect us completely from the nefarious twists and turns of the digital economy. Few people in the world understand how the technology industry works today, and a radically smaller percentage can accurately forecast developments over the next decade. This is what we are asking of legislators.
Washington, Illinois and California are three who have made progress, but it is critical other states follow the lead. For evidence of why, simply have a look at the impact 2015’s ‘This Is Your Digital Life’ Facebook app has had on life years later.