There’s a court case in Illinois that challenges Facebook’s collection of biometric data without users’ permission, and the social media giant is fighting tooth and nail to defend itself.
Carlos Licata, one of the plaintiffs on the case, sued Facebook in 2015 under a unique Illinois law, the Biometric Information Privacy Act, which says that no private company can collect or store a person’s biometric information without prior notification and consent. If companies do collect data without giving notice and getting permission, citizens are allowed to sue.
That case is expected to progress this year, according to the Chicago Tribune, and if the court sides with the plaintiffs, it could challenge Facebook’s entire business model—and it could have huge ramifications for other data-driven Silicon Valley powerhouses, like Google and Amazon.
Facebook has been trying to fight the Illinois law for years, and the company has quietly worked to kill numerous other similar state laws that have popped up in around the country, according to a detailed report released Monday by the Center for Public Integrity. In 2017 alone, at least five states—Washington, Montana, New Hampshire, Connecticut, and Alaska—have considered consumer protection laws about facial recognition. Only Washington’s passed, and it is watered down considerably when compared to the Illinois law. It holds that companies have to get permission before handing the data over to a third party and doesn’t allow people to sue companies directly if the law is violated. The law also has a loophole exemption for biometric data gathered from photographs or video, which almost defeats the purpose. Facebook now counts 2 billion monthly users, and roughly 350 million photos are uploaded to the site every day. The company’s research suggests that Facebook holds “the largest facial dataset to date”—powered by DeepFace, Facebook’s deep learning facial recognition system.
Even if Facebook never sells its biometric data troves and keeps them locked in encrypted storage, the company still stands to turn big profits, as businesses look to tailor ads to specific customers based on their mood, age, eye gaze, or other personal attributes that could indicate a propensity to buy.
Facebook has innovated heavily in this space. It’s worked on a feature that can identify a user even if her face is hidden, drawing from other potentially unique identifiers, like body shape, hair, posture, and clothing. The Center for Public Integrity also found that Facebook has patented technologies that can deliver ads based on a person’s perceived emotions.
Retail shops are already using facial recognition to find repeat customers or identify shoplifters, while the FBI’s face recognition database is said to have access to more than 400 million images. In fact, about half of all American adults are in at least one law enforcement facial recognition data base, according to research from Georgetown Law. On Tuesday, the New York Times reported that Customs and Border Protection officers have started to scan people’s faces at airports to track people overstaying their visas.
Facebook has taken an aggressive approach to fighting state biometric privacy laws. The company does most of its lobbying legwork by way of industry groups, like the Internet Association and CompTIA. (Those groups also count companies like AT&T, Amazon, and Google as members.) Still, Facebook has increased its own lobbying fund five times since it started pushing for federal policy around 2011. Back then it spent $1.4 million on lobbying, but that number has ballooned to $8.7 million in 2016, according to the Center for Responsive Politics. And this year, Facebook reportedly hired a lobbyist specifically to grapple with legal issues in Illinois.
Washington state Rep. Jeff Morris told the Center for Public Integrity that Facebook’s representative lobbied “ferociously” there. And one of the attorneys who helped to write Montana’s biometric privacy bill, which was killed, said that lawyers and representatives from the tech industry swarmed the state when it was introduced.
Facebook and other data-dependent tech companies are taking what Morris called an “NRA approach” to policy change. “They basically say, ‘You’ll take our innovation out of our cold, dead hands,’ ” he said in the report.
And Facebook users should pay attention: When you tag a friend in a photo, that’s feeding a massive facial recognition dataset. There’s no telling how your biometric data could be used to target ads, locate, or track you or your friends and family in the future. But one thing is certain: it will be a lot harder to leave the house unnoticed.