We know that Facebook has a vast facial recognition database so good that it can recognize you when your face is hidden, that the FBI has built a millions-strong criminal facial recognition system, and that Google's new Photos app is so effective at face recognition that it can identify now-adults in photos from their childhood. But now facial recognition is starting to pop up in weird and unexpected places: at music festivals (to identify criminals); at stadiums (to weed out "sports troublemakers") and at churches. Yes, churches.
Moshe Greenshpan, the CEO of Israel- and Las Vegas-based facial recognition software company Face-Six, says there are 30 churches around the world using his Churchix technology. He launched the service just four months ago and says churches are already using it to scan congregants' earthly visages to keep track of attendance at events in order to know who wasn't there so they can check up on them, or who attends most frequently so they can ask those people for donations. He declined to name any of the churches using the technology citing the controversy around facial recognition. I asked him if any of the churches are based in Texas or Illinois, the only two U.S. states that have laws on the books about getting permission to collect peoples' faceprints. "I prefer not to say," said Greenshpan.
(If a facial expression-detecting camera were trained on my own face, it would read "skeptical." Without being able to talk to one of the churches using this technology, it's impossible to verify Greenshpan's claims.)
Greenshpan said the churches just have to upload one high-quality photo of a congregant to start scanning video or photos from gatherings to see if they were there. I asked him if the churches let people know they're using the technology. "I don’t think churches tell people," he said. "We encourage them to do so but I don’t think they do."
That's exactly the fear that privacy advocates have about the increasing roll-out of this technology: people's faces are being put in databases and used to track them without any knowledge that it's happening. Greenshpan argues that churches were already keeping track of who attended their events, but that his technology just makes it more efficient for medium-sized and mega-churches.
Greenshpan, who got his start with a facial recognition app called Skakash that was like a Shazam for celebrity faces, and then "followed the money" to business applications, is among the entrepreneurs who want to usher facial recognition into more common use. Some of the companies focus on their ability to create databases of "bad faces" — people who can be instantly identified for heightened scrutiny or even barred from entry. California-based FaceFirst tells retailers in an advertising brochure that they can get alerts when "pre-identified shoplifters" or "known litigious individuals" enter their stores.
FaceFirst also says retailers can create a database of "good customers," so they can greet them by name when they walk through the door. Privacy advocates worry about the creation of face-tracking databases that could be used to track people's movements in the offline world the same way advertising companies track them online from website to website using cookies.
"Instantly, when a person in your FaceFirst database steps into one of your stores, you are sent an email, text, or SMS alert that includes their picture and all biographical information of the known individual so you can take immediate and appropriate action," says the Facefirst brochure. It doesn't say what happens when that person isn't you but is actually a doppelgänger with a bad reputation. Or how someone who doesn't want to get greeted by name gets their face taken out of the database.
"There are no federal laws that specifically govern the use of facial recognition technology," wrote Ben Sobel in a Washington Post editorial that discussed the only two states with relevant laws on the books. In lieu of a law, the Department of Commerce has been trying to establish facial recognition industry standards in a "privacy multistakeholder process." For more than a year, industrial representatives and privacy advocates have been taking part in negotiations to come up with standards for how facial recognition should be deployed by businesses in the U.S. Last week, those negotiations broke down. Privacy groups involved in the process, including the ACLU and EFF, withdrew, saying in a letter that companies refused to agree to core principles of privacy.
"We asked the industry to agree that in general they need to get consent to put people's images into facial recognition databases and they disagreed," said Alvaro Bedoya, executive director of Georgetown's Center on Privacy & Technology. "So we proposed the narrowest of narrow situations, that when someone is walking down a street, a company they haven’t heard of shouldn’t identify that person by name. And the industry representatives wouldn't agree to that either. So we walked out."
According to many a sci-fi book and at least one hilarious comic, technology-enabled facial recognition in the wild will eventually be as common as caller id on your phone — which also got heat from privacy advocates when first introduced in 1990. How mainstream society feels about it is still unclear, though people occasionally seem to be discomforted judging from lawsuits filed this year in Illinois alleging that both Facebook and Shutterfly created faceprints without their users' consents. But proponents say, with the steady march of technology and image collection, face recognition everywhere is looking increasingly inevitable.
"You, I, everyone has the right to take photographs in public," said Carl Szabo, a lawyer at online advertising trade group Netchoice who was on the other side of the Commerce debate. "Facial recognition can be applied immediately, or days later, or months later. If someone takes a photograph in public, and wants to apply facial recognition, should they really need to get consent in advance? Are they going to chase someone down the street to get them to fill out a form?"
Szabo said he was disappointed that the privacy groups had dropped out of the negotiations but that the Department of Commerce working group will still issue standards on facial recognition for industry. He thinks companies just need to be transparent about what they're doing and put notices up about facial recognition being used. He says businesses will change their ways if consumers signal that they don't like it. "I don't know if society will get used to Carl Szabo being identified as he’s walking down the street," he said. "But if a business makes people uncomfortable, there will be a backlash."
Of course, if Greenshpan's claims are true, there are congregants at churches who are currently being subjected to facial recognition scanning who have no idea it's happening and thus no opportunity to raise holy hell about it if they object.