Background / key excerpts from the article:
"Both Illinois and Texas have laws against using such technology to identify people without their informed consent. That means that one out of every eight Americans currently has a legal right to biometric privacy."
"Texas passed a law in 2001 that restricts how commercial entities can collect, store, trade in and use biometric data. Illinois passed a similar law in 2008 called the Biometric Information Privacy Act, or BIPA. A year later, Texas followed up with another law to further regulate biometric data in commerce."
While Ari and others have Rain Man level knowledge of wire pulling laws, the bigger issue with face recognition is that extremely few are using it in production given that it typically does not work well anyway (which is my main counter to the assumptions in this article).
Here's the text of the Illinois biometrics law, key excerpts:
"No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information, unless it first: (1) informs the subject or the subject's legally authorized representative in writing..."
"No private entity in possession of a biometric identifier or biometric information may sell, lease, trade, or otherwise profit from a person's or a customer's biometric identifier or biometric information"
The first excerpt would essentially prohibit facial surveillance, i.e., scanning the public looking for terrorists, rapists, shoplifters, etc.
The second excerpt would essentially prohibit schemes like Facewatch that want to build private facial exchanges / databases.
If everyone in your lab (in Illinois) agrees in writing beforehand, I assume you are ok. If you start doing facial recognition scans of people without telling them, it appears you might have a problem.