Bad News for Face Recognition (FTC)

By: John Honovich, Published on Oct 22, 2012

Cold water is being thrown on renewed dreams of using facial recognition and demographic analysis. This time it is coming from an unlikely source and country. The United States Federal Trade Commission has issued 'best practices' that recommend fairly stringent approaches that could have a chilling effect on the use of these emerging technologies. This is all the more surprising given that the US has a much more relaxed general stance on privacy issues than the European Union. In this note, we dig through recommendations and the ones with the most practical impact for IP camera use.

Potential Impacts

Of the dozen recommendations made in the full FTC "Facing Facts' report, three of them may apply to IP cameras.

First, the FTC recommends receiving 'affirmative express consent when collecting a person's biometric data:

"Obtain a consumer’s affirmative express consent before using a consumer’s image or any biometric data derived from that image in a materially different manner than they represented when they collected the data"

This could be a significant problem because in surveillance, consumers typically have no idea that facial recognition is occurring and certainly never express 'affirmative consent'. On the web, this is more straightforward to accomplish as a person is interacting with a site. However, with surveillance cameras this could result in a shutdown of facial recognition systems if followed.

Second, adding signs that disclaim the use of demographic detection is recommended:

"Companies using digital signs capable of demographic detection – which often look no different than digital signs that do not contain cameras – should provide clear notice to consumers that the technologies are in use, before consumers come into contact with the signs."

In the case study, the FTC emphasizes that the sign should be prominent:

"Depending upon the size of the store, the notice may be a prominent notice at the entrance to the store itself or at the entrance to a particular section of the store – and on or near the sign itself"

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

The grey area here is that the examples are for displaying live ads. Potentially a VMS or video analytics supplier could claim an exception if it is only being used to chart demographic trends

Finally, a vague practice is encouraged about retention periods:

"Should establish and maintain appropriate retention and disposal practices for the consumer images and biometric data that they collect."

However, since no quantitative metrics nor further guidelines or given, this may be easier for providers to defend or justify.

Not Relevant to Surveillance / Camera Use

A handful of other recommendations might apply but, in practice, are not typically relevant.

Sharing biometric information is against best practices:

"Companies should not use facial recognition to identify anonymous images of a consumer to someone who could not otherwise identify him or her, without obtaining the consumer’s affirmative express consent."

Since security applications is typically limited to only use by security this is unlikely to be an issue.

Additionally, restrictions are recommended for camera placement:

"Companies developing digital signs equipped with cameras using facial recognition technologies should consider carefully where to place such signs and avoid placing them in sensitive areas, such as bathrooms, locker rooms, health care facilities, or places where children congregate."

However, facial recognition cameras are not typically placed in such areas.

Finally, protection is recommended:

"Companies that store such images should consider putting protections in place that would prevent unauthorized scraping"

However, 'scraping' is an issue of information posted on websites whereas most network cameras are used in internal networks only.

Questions of Enforcement

However, the FTC does not have legal authority as they disclaim:

"To the extent the recommended best practices go beyond existing legal requirements, they are not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC."

As such, regardless of what an organization does, they will not likely be going to jail. However, the FTC does have the power to fine plus not following these guidelines can increase litigation risks. The biggest issue will likely be a practical one as potential buyers consider what risks they take if they are seen as violating FTC best practices.

Comments : PRO Members only. Login. or Join.

Related Reports

UK Fines Security Firms For Illegal Direct Marketing on Jan 16, 2019
Two UK security firms have paid over $200,000 in fines for illegally making hundreds of thousands of calls to people registered on a government...
US City Sued For Hiding Surveillance Camera Map on Mar 08, 2019
UPDATE: The judgment is now in and updated information is at the bottom of the post. Should maps of public surveillance camera locations be kept...
UK Camera Commissioner Calls for Regulating Facial Recognition on Apr 15, 2019
IPVM interviewed Tony Porter, the UK’s surveillance camera commissioner after he recently called for regulations on facial recognition in the...
San Francisco Face Recognition Ban And Surveillance Regulation Details Examined on May 14, 2019
San Francisco passed the legislation 8-1 today. While the face recognition 'ban' has already received significant attention over the past few...
Kidnapping Victim Rescued With Video From Ring Doorbell Camera on May 24, 2019
A kidnapping victim was rescued within 24 hours, with the police crediting video from a Ring Doorbell camera as key to solving the case. A girl was...
GDPR / ICO Complaint Filed Against Dahua on Jun 27, 2019
IPVM has filed a GDPR complaint against Dahua UK's facial recognition conducted at their booth during this year's IFSEC show. In this post, we...
New GDPR Guidelines for Video Surveillance Examined on Jul 18, 2019
The highest-level EU data protection authority has issued a new series of provisional video surveillance guidelines. While GDPR has been in...
UK Facewatch GDPR Compliance Questioned on Aug 27, 2019
Even as the GDPR strictly regulates biometrics, a UK company called Facewatch is selling anti-shoplifter facial recognition systems to hundreds of...
France Declares School Facial Recognition Illegal Due to GDPR on Oct 31, 2019
France is the latest European country to effectively prohibit facial recognition as a school access control solution, even with the consent of...
Arcules CEO Retracts False GDPR Claim + Dahua and Milestone Claims Examined on Dec 03, 2019
Arcules CEO has retracted a false claim about his organization being a "fully compliant GDPR company" after IPVM reporting (Arcules CEO Threatens...

Most Recent Industry Reports

Intersec 2020 Final Show Report on Jan 21, 2020
IPVM spent all 3 days at the Intersec 2020 show interviewing various companies and finding key trends. We cover: Middle East Enterprise...
Vehicle & Long Range Access Reader Tutorial on Jan 21, 2020
One of the classic challenges for access control are parking lots and garages, where the user's credential is far from the reader. With modern...
Clearview AI Alarm - NY Times Report Says "Might End Privacy" on Jan 20, 2020
Over the weekend, the NY Times released a report titled "The Secretive Company That Might End Privacy as We Know It" about a company named...
Favorite Camera Manufacturers 2020 on Jan 20, 2020
The past 2 years of US bans and sanctions have shaken the video surveillance industry but what impact would this have on integrators' favorite...
"Severely Impacted" Mercury Security 2020 Leap Year Firmware Issue on Jan 17, 2020
One of the largest access controller manufacturers has a big problem: February 29th. Mercury Security, owned by HID, is alerting partners of the...
Apple Acquires XNOR.ai, Loss For The Industry on Jan 16, 2020
Apple has acquired XNOR.ai for $200 million, reports GeekWire. This is a loss for the video surveillance industry. XNOR.ai stunned the industry...
Installation Course January 2020 - Last Chance on Jan 16, 2020
Thursday, January 16th is your last chance to register for the Winter 2020 Video Surveillance Installation Course. This is a unique installation...
Halo Smart Vape Detector Tested on Jan 16, 2020
The Halo Smart Sensor claims to detect vaping, including popular brand Juul and even THC vapes. But how well does it work in real world...
PRC Government Entity Now Controlling Shareholder of Infinova / March Networks on Jan 16, 2020
A PRC government entity is now the controlling shareholder of US security manufacturer Infinova as well as its wholly-owned subsidiary March...
Network Cabling for Video Surveillance on Jan 15, 2020
In this guide, we explain the fundamentals of network cabling for video surveillance networks, how they should be installed, and the differences in...