In recent years, technology that can sense and recognize human identity has seen dramatic improvement; smartphones now let you unlock screens via fingerprint, voice, and facial recognition.
The latter is not only used to enhance gadgets, but also by the police force and private businesses to solve cases and identify shoplifters. In 2013, the Chicago police force was able to catch an armed robber after matching surveillance footage with a database of 4.5 million mugshots, the first time it had used facial recognition technology to nab a criminal.
Retailers are exploring using facial recognition technology to crack down on shoplifting and organized retail theft; the latter, committed by professional criminal rings who steal in bulk to resell on the black market, costs U.S. businesses an estimated $30 billion per year.
The technology also has applications that can be applied to marketing to consumers, as it can work to track patterns in shopping behavior.
Before companies can implement visual databases of shoplifters, they’ll have to get approval from the federal government, which is tasked with making sure that retail surveillance doesn’t become too intrusive or violate the privacy rights of shoppers or even simply the passerby.
Since February 2014, privacy advocacy groups have been working with industry leaders in retail to craft a code of conduct to govern the practice of retail surveillance, but the process appears to have fallen through. On Monday, the privacy advocates issued their withdrawal from the process, citing a lack of progress in establishing real privacy guarantees.
“Through facial recognition, these immutable, physical facts can be used to identify you, remotely and in secret, without any recourse,” the group, which includes the ACLU and the Electronic Frontier Foundation, said in a statement. “We are convinced that in many contexts, facial recognition of consumers should only occur when an individual has affirmatively decided to allow it to occur.”
The retailers have pushed back on this condition, and it’s not easy to see why. The people willing to consent to being tracked by facial recognition software probably won’t overlap very much with those who are the target of these tools.
“The position that companies never need to ask permission to use biometric identification is at odds with consumer expectations, current industry practices, as well as existing state law,” the privacy groups said. “We have participated in this process in good faith for 16 months.”
As with many instances in technology, facial recognition technology has outpaced the reach of existing laws, and regulators are trying to catch up with tools that already exist and are being used. The facial recognition tools developed by Google and Facebook, which use it for auto-tagging in uploaded pictures, both have an accuracy rate above 95 percent.
In April, an Illinois man filed a lawsuit against Facebook, charging the social network with collecting his biometric data without his consent.
Laws governing facial recognition technology exist only at the state level—in Texas and Illinois—the bounds of which are still being hashed out.