Facial recognition as a service has caught the attention of regulators and litigators. CISOs at companies considering the technology need strong privacy protections in place. Credit: Thinkstock The year is 2054 and a man walks into a Gap store. The virtual salesperson greets him by name, “Hello Mr. Yakomoto. Welcome back to the Gap,” from the life-size video monitor. This famous scene is cribbed from the film Minority Report. The prescience displayed in the 2002 film has actually short-changed the advances of science and technology between then and now. Indeed, some may argue that today we are well beyond the fictional capabilities of the Minority Report. The moral dilemma posed in the film, however, remains. Today many sensors and cameras are in constant search-and-connect mode. Recently, Clearview AI has announced that it is taking its advanced facial recognition technologies beyond the already controversial government/law enforcement usage into the commercial sector. The company, according to the Washington Post, has accumulated over 100 billion facial photos and is adding to the total at a rate of 1.5 billion images per month, which it wishes to monetize. While Clearview AI is not sailing in the ocean of facial recognition technology alone, it is meeting with a strong headwind of controversy, complete with global efforts to regulate how the technology may be used, especially in law enforcement. Some other facial recognition vendors have stepped away while others simply have taken a pause. Major vendors pause then restart facial recognition services In June 2020 IBM abandoned its facial recognition technology and “no longer offers general purpose IBM facial recognition or analysis software. IBM firmly opposes and will not condone uses of any technology offered by other vendors for mass surveillance, racial profiling, violations of basic human rights and freedoms ….” Concurrent with IBM’s abandonment of the technology, Microsoft announced that it, too, would not sell its facial recognition software to police departments “until we have a national law in place grounded in human rights, that will govern this technology.” Fast forward, to January 2022 and Microsoft is offering facial recognition technology via its Azure product platform. The company highlights the utility of the technology for identification verification and authentication, security and access control, event and travel security and smart home applications. Joining in with IBM and Microsoft in June 2020, Amazon placed a one-year moratorium on its Rekognition computer vision technology. Now in 2022, it has joined Microsoft with a product offering. The Amazon facial recognition capability is available to all with a plethora of suggested uses including content moderation, facial compare and search, and face detection and analysis as part of its AWS offering. Legality of collecting facial images in doubt Clearview AI has been in court for the last few years defending its right to “scrape photographs from the internet.” In mid-February, U.S. District Judge Sharon Coleman issued an opinion and order that dismissed the company’s attempt to have the pending consolidated class-action lawsuit dismissed. The lawsuit alleges the company “scraped more than three billion photographs posted online, then used artificial intelligence algorithms to scan facial geometry, harvesting unique biometric identifiers to build databases it sold to retailers, law enforcement agencies and others.” The company does not appear to be contesting it is scraping data. Indeed, the three-billion number is indicative of how long the lawsuit has been kicked down the road, given the databases currently stands at 100 billion images and counting. Governments considering regulation of facial recognition technology Meanwhile, the European parliament has called for a ban on the use of facial recognition technology. The European ban specifically calls out the use of “artificial intelligence in criminal law and its use by the police and judicial authorities in criminal manners,” which addresses the police use of the technology. In the United States, Senate Bill 3284, Ethical use of Facial Recognition Act was introduced in February 2020 and went nowhere. Perhaps influenced by the fact that the U.S. government not only is using this technology, but it is also pushing for better, faster and more accurate solutions to be derived from the technology. Which makes it all the more ironic that the U.S. National Counterintelligence Security Center in January 2022 issued a warning to the nation to be aware of commercial surveillance tools. How CISOs should prepare for the risk of facial recognition As CISOs and product managers look to implement facial recognition technology into their corporate infrastructure and product offerings, it makes sense to ensure a complete review of how the data collected is protected. This review should include a robust scrub of process and procedure with respect to the risks the accumulated data presents in terms of protecting individual rights to privacy and preserving basic human rights. Related content news Google launches Google Threat Intelligence at RSA Conference The new addition to Google Cloud Security is designed to give security teams information to inform approaches to protecting against external threats, managing attack surfaces, and mitigating digital risks. By Sascha Brodsky May 06, 2024 4 mins Google Cloud Functions Cloud Security Security Software brandpost Sponsored by Elastic Search + RAG: The 1-2 punch transforming the modern SOC with AI-driven security analytics AI is modernizing how SOCs function, triaging countless alerts down to a handful of attacks that matter most. By Mike Nichols, Product for Security at Elastic May 06, 2024 3 mins Artificial Intelligence how-to Download the Zero Trust network access (ZTNA) enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand what ZTNA can do for their organizations and how to choose the right solution. By Josh Fruhlinger and steve_zurier May 06, 2024 1 min Zero Trust Access Control Network Security news Germany blames Russian hackers for months-long cyber espionage The attacks by Russia-backed Fancy Bear used an Outlook exploit to compromise several German officials’ accounts. By Shweta Sharma May 06, 2024 4 mins Advanced Persistent Threats Hacker Groups PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe