Getting the Balance Right with Facial Recognition

If 2019 was the year of the “techlash,” facial recognition was something of its whipping boy. Over the past year, bans on uses of facial recognition have spread from San Francisco to Oakland and Somerville, with Portland and other cities expected to follow. California also joined Oregon and New Hampshire in banning facial recognition software on police body cameras. Many of these jurisdictions were not using facial recognition to begin with. However, activists and lawmakers called for a preemptive ban due to concerns about flawed technology, the sensitivity of biometric data, and the potential for mass surveillance.
 
Those concerns have no doubt been amplified by China’s Orwellian use of facial recognition in places like Xinjiang and Hong Kong, which have dominated news headlines. Facial recognition has come to encapsulate generalized fears about the impact of new technologies on privacy, data rights, and personal liberty.
 
The problems with facial recognition are real and well documented. Research has shown that facial recognition performs poorly in identifying non-Caucasian, non-male facial structures and skin tones. When the system is trained on data that underrepresents women, children, and people of color, it is hardly surprising that facial recognition is less accurate for these groups. Early facial recognition systems were rightly scorned for classifying black people as gorillas and mistaking Asians in a crowd as the same person.
 
Nevertheless, advancements in deep learning have led to major improvements in recent years. The National Institute of Standards and Technology (NIST), which has tested facial recognition algorithms from a majority of the industry, estimates that algorithms have improved 20 times over between 2014 and 2018. Error rates have dropped by 95 percent, and the best algorithms failed to find a match in only 0.2 percent of cases.
 
NIST’s most recent report confirms that demographic factors like race, age, and gender do have an impact on accuracy. Most algorithms have higher error rates for Asian and African American faces compared to Caucasian faces, and for women compared to men. But in some cases, the difference was only marginal and far lower than previous studies have suggested. Simply put, not all algorithms are created equal.

Improvements in the technology should, in theory, help pave the way for responsible adoption and use. Police departments and border agencies have embraced facial recognition as a valuable tool for identity verification, investigation, and surveillance. In 2018, India used facial recognition to reunite nearly 3,000 missing children with their families. Facial recognition is also being rolled out commercially for unlocking phones, monitoring school and work attendance, accessing buildings, paying for goods, and catching thieves.
 
A recent Pew survey found that 59 percent of Americans believe facial recognition should be used for assessing security threats in public spaces, and 56 percent trust law enforcement agencies to use facial recognition responsibly. But there remains a deep vein of mistrust about facial recognition, particularly among communities who feel they will be disproportionately affected and monitored by it.
 
To build trust, there needs to be a more balanced debate about the appropriate uses of technology and the safeguards that should be in place. Wholesale bans on a set of technologies, without regard to their specific properties or the context of their use, are counterproductive. Bans can stifle public debates and education rather than encourage it. Crucially, bans can mask the fact that the root cause of potential problems often lies in human user error and poor policy decisions rather than the technology itself.
 
Take for example the ACLU’s experiment on facial recognition. The ACLU ran 120 images of Californian lawmakers against a mugshot database using Amazon’s Rekognition software and found 26 false matches. But it had done so using the default confidence setting of 80 percent, whereas Amazon recommends a confidence setting of 99 percent for public safety and law enforcement applications. It is not clear that police departments using Rekognition are in fact dialing the software to the higher confidence setting, and there should clearly be more transparency around this. However, problems can be reduced with better application of guidelines, training, and standards. To pretend otherwise is misleading and creates unwarranted backlash.
 
Technology is not a substitute for good policy. Safeguards for the uses of facial recognition clearly need to be established. But more effective, enduring safeguards relate to how humans deploy and uses those systems—what happens before and after the algorithm produces a match—rather than technical fixes.
 
Initial decisions need to be made about the appropriate and proportionate uses of facial recognition. This means weighing up the relative risks and benefits and determining whether facial recognition is even the right tool for achieving a particular outcome. Gauging public sentiment and seeking informed consent are important. There is broad public support for limited uses for public safety, such as verifying the identity of a suspected criminal or for passenger screening at airports. There is less support for employers using facial recognition to track their employees or companies monitoring how consumers respond to advertising.
 
Use cases should reflect current capabilities but allow for enhancements over time as the technology improves. For example, facial verification—where there is a one to one match—is relatively safe if high-quality images are used, and privacy obligations are met. On the other hand, live video facial recognition in crowds should be treated with more caution given its lower levels of accuracy and the large amounts of facial data it will capture from people innocently walking through public spaces.
 
The policy decisions that occur after a match are equally important. In high-stakes scenarios like law enforcement, it is reasonable to set high standards for the quality of images fed into the system and for a human to review matches before any further action is taken. Even in less sensitive cases, facial recognition could still deny or restrict a person’s rights, such as denying them access to their own apartment. Since the risk of false positives or false negatives cannot be reduced to absolute zero, clear avenues for redress or alternative methods of identification will be important for when the system inevitably errs. It bears reminding that humans are not perfect at recognizing faces either.
 
Other safeguards to consider include minimizing the retention of facial data and strengthen cybersecurity. As demonstrated by the hacking of U.S. Customs and Border Protection in May, troves of biometric data are valuable targets for bad actors. Finally, ongoing evaluation of the technologies, including by independent organizations like NIST, will help to inform decisions about future use cases and the precautions required.
 
Olivia Shen is a former visiting fellow with the Technology Policy Program at the Center for Strategic and International Studies in Washington, D.C.
 
Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).
 
© 2020 by the Center for Strategic and International Studies. All rights reserved
 
 

Olivia Shen

Former Visiting Fellow, Technology Policy Program