- How can society benefit from and use face recognition while still protecting privacy?
- What methods can be used to mitigate the disparate impact of inaccuracies in the results from using face recognition?
The objective of face recognition technologies (FRTs) is to efficiently detect and recognize people captured on camera. Although these technologies have many practical security-related purposes, advocacy groups and individuals have expressed apprehensions about their use. The research reported here was intended to highlight for policymakers the high-level privacy and bias implications of FRT systems. In the report, the authors describe privacy as a person's ability to control information about them. Undesirable bias consists of the inaccurate representation of a group of people based on characteristics, such as demographic attributes. Informed by a literature review, the authors propose a heuristic with two dimensions: consent status (with or without consent) and comparison type (one-to-one or some-to-many). This heuristic can help determine a proposed FRT's level of privacy and accuracy. The authors then use more in-depth case studies to identify "red flags" that could indicate privacy and bias concerns: complex FRTs with unexpected or secondary use of personal or identifying information; use cases in which the subject does not consent to image capture; lack of accessible redress when errors occur in image matching; the use of poor training data that can perpetuate human bias; and human interpretation of results that can introduce bias and require additional storage of full-face images or video. This report is based on an exploratory project and is not intended to comprehensively introduce privacy, bias, or FRTs. Future work in this area could include examinations of existing systems, reviews of their accuracy rates, and surveys of people's expectations of privacy in government use of FRTs.
Every system requires a trade-off between accuracy and privacy
- Systems that obtain the subject's consent are more accurate than those that do not.
- Systems that match one subject image with one stored image, such as device authentication and mug shots, perform verification.
- Systems that check one or more subject images against multiple images, such as social media identity verification and surveillance cameras, perform identification.
- The most-accurate systems also have the lowest privacy risk: systems that obtain the subject's consent for one-on-one verification. One example would be passport authentication at a border.
- Medium-accuracy systems with low privacy risk include visa screenings; those with high privacy risk include detainee identification.
- The least accurate systems have high privacy risk and include face-in-a-crowd airport surveillance.
No unified set of rules governs the use of face recognition technologies
- Multiple laws and regulations create a disjointed policy environment, limiting the extent to which privacy and bias concerns can be mitigated for these implementations.
- For any technology that gathers personally identifiable information, such as facial characteristics, in public settings, strive to protect those data, use anonymization or other means to reduce the amount of those data available, and establish rigorous user protocols to limit unauthorized access.
- Carefully consider the composition and size of either training or targeting data sets to discern the potential for skewing face recognition algorithms.
- Design blacklists that avoid bias, and identify thresholds that produce acceptable rates of false-positive facial matches in security-related applications.
Table of Contents
Background on Face Recognition Technology: A Primer
Selected Face Recognition Technology Policies in the United States
Face Recognition Technologies in Action: Two Use Cases
Study Overview and Areas for Future Research
Research conducted by
- Homeland Security Operational Analysis Center
HSOAC is a federally funded research and development center operated by the RAND Corporation under contract with DHS.