If you have any iteration of a modern cell phone, it’s likely set up to use biometric data whether you know it or not. They’re called “smart phones” for good reason- sometimes they’re smarter than you!
The applications include a wide breadth of settings from using your face or fingerprint to unlock your screen (popularized by Apple) or controlling your TV with just a voice command. It’s useful and can make your life more efficient. Certainly, looking at a screen or tapping your thumb against it is a lot easier than typing in a complex password every time you want to log into your bank account.
While these conveniences have their benefits, we have previously discussed some of the scarier parts of biometric data. For starters, companies can collect and store this sensitive information. The laws around how they do so, however, aren’t always clearly defined. A suit in Canada against US-based company, Clearview AI, alleged Clearview was collecting biometric data from Canadian citizens without their knowledge or consent. In the end, Clearview was adamant that they would stop collecting new data but would not delete any previous data from Canadians unless specifically asked by them.
Facial recognition is also highly controversial for various reasons, particularly because the laws around it aren’t clear. They vary state-to-state in the U.S. and some countries don’t have clear laws surrounding biometric data at all or are being used by governments in problematic ways. In China, for example, the state regime is installing a system of thousands of cameras to surveil their population and categorize them based on levels of threats they pose to the state. Reports claim the intent is to target journalists and suppress speech. Scary stuff. Could it happen in the U.S.? Perhaps it’s already here.
However, things are starting to go into motion to protect U.S. citizens from unreasonable intrusion into their privacy. On October 21, Maine became the U.S. state with the strongest and most restrictive laws regulating facial recognition data. Maine passed a new law that strictly outlines the scenarios in which the government can use facial recognition, paying particular attention to police use. Police are no longer allowed to ask third-party agencies to run facial recognition searches and must make records of any searches done publicly available. Previous attempts to pass laws around facial recognition in the U.S. have fallen short, still allowing for loopholes and abuse of the technology.
While laws still widely lack support for individual privacy and don’t suppress either governmental or corporate use of biometric data, the news from Maine is a significant step forward for privacy advocates. Maine is setting an example of what regulations may look like in the future to protect basic rights. It’s important to stay up to date on how these laws change, since facial surveillance is an issue that affects everyone.
In our last blog about biometric data, we asked the question, “How can legislators possibly plan for the technology of the future?” Maine, at least, has given us something of an answer by passing legislation that impedes the abuse of technology when it is believed abuse is present. These laws, however, may have the fatal flaw of being reactionary and not preventative as workarounds are inevitable in a world so dependent upon technology and prepared to waive individual rights for convenience. But the more we focus on legislation surrounding tech, the smarter we can all become in understanding and controlling the potential for abuse.