The National Telecommunications and Information Administration Feb. 6 convened the first of a series of multistakeholder meetings aimed at crafting a voluntary privacy code of conduct for commercial uses of facial recognition technology.
Larry Strickling, administrator of the NTIA, a division of the Commerce Department, told stakeholders at the kick-off meeting that the agency will remain a throughout the process and will avoid imposing its own views.
“We are not regulators,” Strickling said. “We do not bring enforcement actions. Instead, we are in a unique position to encourage stakeholders to come together, cooperate, and reach agreement on important issues.”
“Facial recognition technology uses software to help identify a person based on a digital image,” Strickling explained in a blog post. He said the technology has the potential to improve services for consumers and support innovation by businesses, but it also presents privacy challenges, such as the importance of ensuring that consumers maintain control over their data.
The issue has also drawn attention from the Federal Trade Commission, which released a staff report in 2012 urging companies using facial recognition technologies to incorporate privacy by design into their services .
Part of Obama Plan
The NTIA project stems from a broader White House plan that has disappointed some in the privacy advocacy community.
According to John Simpson, Consumer Watchdog's privacy project director, the Obama administration should be focused on moving forward with a stalled effort to get comprehensive federal privacy legislation enacted, instead of “wasting time” with its latest multistakeholder project. “I don't believe there is much hope of this process leading to a meaningful code of conduct,” Simpson told Bloomberg BNA.
In February 2012, the White House called on Congress to pass a “Consumer Privacy Bill of Rights” for the digital age, a proposal that has so far gained little traction. In the meantime, the NTIA was directed to work with business representatives, consumer advocates and other stakeholders to advance new protections through voluntary privacy codes of conduct.
A company that makes a commitment to comply with a code but fails to do so could face an enforcement action from the FTC, through the agency's authority to prohibit unfair or deceptive practices, according to the White House plan.
A previous NTIA multistakeholder project resulted last year in a draft privacy code for mobile application developers . But many stakeholders complained that the process was inefficient. In addition, some privacy advocates said the resulting code did not go far enough, and the outlook for industry adoption remains murky.
“As far as I know, not a single company has adopted it,” Simpson said. Intuit Inc. has pledged to adopt the code once it has been tested, according to a February 2013 statement by the NTIA.
The NTIA launched its latest multistakeholder process on facial recognition technology in December 2013.
Beginning With Basics
The first NTIA meeting on facial recognition was designed to provide a “factual discussion” about the issue and establish a common level of technical understanding within the group, not to begin drafting a code, Strickling said.
Panel discussions included one on the fundamentals of facial recognition technology, moderated by John B. Morris, Jr., NTIA associate administrator and director of Internet policy, and another on commercial applications of the technology, facilitated by Craig Spiezle, executive director and president of the Online Trust Alliance.
Additional meetings are expected to follow through the spring and summer. The next meting has been scheduled for Feb. 25.
Pam Dixon, executive director of the World Privacy Forum, said a key goal of the effort should be to address concerns around database issues related to facial recognition technology.
“Developing strong privacy protections and best practices around consumer enrollment in facial recognition databases is of central importance to us in this process, as is how and why searches are conducted, and of course, how identity match information is used,” she told Bloomberg BNA. “We are also interested in developing guidance and best practices around the sale of facial biometrics to unrelated third parties such as commercial data brokers.”
Don't 'Demonize' Technology
Carl Szabo, policy council for NetChoice, a Washington trade association of electronic commerce businesses, said it is important to avoid “demonizing” a technology that is just beginning to show benefits in fraud prevention, consumer safety and marketing. He also said that any resulting code should apply to both online and offline facial recognition services.
“Today clarified that the discussion is much larger than just online, but applies to photographs from public places, retail stores and governmentally secured areas like airports,” Szabo said. “As part of our next steps we should create guidelines that apply to all these venues.”
Jon Potter, president of the Application Developers Alliance, said his group anticipates “productive discussions, bringing industry and consumer and privacy advocates together to find common ground.”
To contact the reporter on this story: Alexei Alexis in Washington at [email protected]
To contact the editor responsible for this story: Heather Rothman at [email protected]
Additional information about the upcoming meetings on the NTIA's facial recognition multistakeholder process is available at http://www.ntia.doc.gov/other-publication/2014/privacy-multistakeholder-process-facial-recognition-technology.