Democrats Ask GAO to Study Facial Recognition Technology
On the heels of Microsoft President Brad Smith’s call for the federal government to regulate facial recognition technology, five Democratic members of Congress have penned a letter to the Government Accountability Office (GAO) asking the agency to study commercial and government use of facial recognition technology.
In their letter, Senators Ron Wyden, D-Ore.; Chris Coons, D-Del.; Ed Markey, D-Mass.; Cory Booker, D-N.J.; and Representative Jerry Nadler, D-N.Y state that facial recognition technologies “raise serious concerns about individual privacy rights and the disparate treatment of minority and immigrant communities.” Noting that “[p]revious GAO work on this subject has been instrumental in educating Congress and the public as to the use, and possible misuse, of these technologies,” the Congressmen ask the GAO to: (1) conduct a survey to determine which state, local, and federal law enforcement agencies utilize facial recognition; (2) consider purchasing and evaluating commercial facial recognition technologies to assess whether commercial entities selling facial recognition “adequately audit use of their technology to ensure that use is not unlawful, inconsistent with terms of service, or otherwise raise privacy, civil rights, and civil liberties concerns;” and (3) describe the data commercial vendors use to “train” facial recognition algorithms, the market for purchasing and selling facial images, and the safeguards that exist for protect against the creation of commercial facial images databases with linked geolocation and timestamps.
In 2015, the GAO released a 54-page report on facial recognition technology. That report examined (1) uses of facial recognition technology, (2) privacy issues raised by the technology, (3) proposed best practices and industry privacy policies, and (4) potentially applicable privacy protections under federal law. The GAO determined in 2015 that “the extent of [the technologies’] current use in commercial settings is not fully known,” and that “[n]o federal privacy law expressly regulates commercial uses of facial recognition technology.” The agency stated further that “laws do not fully address key privacy issues stakeholders have raised, such as the circumstances under which the technology may be used to identify individuals or track their whereabouts and companions.”
Senator Markey was one of the Senators misidentified as a person arrested for a crime by commercially available facial recognition technology tested by the ACLU of Northern California in July. In those tests, Sen. Markey, along with 27 other members of Congress, were incorrectly matched with a mugshot contained in a database created using 25,000 publicly available arrest photos. According to the ACLU, the false matches were disproportionately of people of color, including six members of the Congressional Black Caucus. The company responsible for the technology responded by noting the ways in which its technology has materially benefited society, including by preventing human trafficking and inhibiting child exploitation. The company also stated that the ACLU’s results could have been improved by following best practices around setting the confidence thresholds used in the test. (The ACLU used an 80% confidence threshold, while the threshold recommended for law enforcement-related uses in 95% or higher.)
When asked by Congress to study an issue, the GAO will interview staff at federal agencies and often sends letters to private companies asking for relevant information. This provides companies an opportunity to discuss the best practices and security measures they have implemented. Companies that receive requests from GAO should carefully consider how they respond and what information will be helpful in developing a report.