This week, the Commerce Department is taking an important step in our campaign to drive innovation and better protect consumer privacy in the digital economy. On Thursday, the agency’s National Telecommunications and Information Administration (NTIA) will bring together representatives from technology companies, trade groups, consumer groups, academic institutions and other organizations to kick off an effort to craft privacy safeguards for the commercial use of facial recognition technology.
This initiative is the second “multistakeholder process” launched by NTIA to implement the Obama Administration’s consumer data privacy framework. The centerpiece of that framework is the Consumer Privacy Bill of Rights, which lays out high-level principles for protecting consumer privacy in today’s networked world. The multistakeholder processes will establish voluntary, enforceable codes of conduct to apply the Bill of Rights in specific business contexts.
Facial recognition technology is being embedded into everything from social networking services in the virtual world to building access systems in the physical one. Online services are adopting facial recognition software to help consumers organize their personal photos. Video games are using face prints to customize the gaming experience. And bricks-and-mortar retailers are employing recognition-enabled cameras to identify customers and reduce fraud.
But the innovative uses of this new technology raise novel privacy questions. How do we ensure consumers are given sufficient notice that their biometric data are being collected and stored? How do we provide consumers with appropriate control over their data? How do we establish effective security measures to protect this sensitive information? What do we do if a database of digital images is hacked?
Potential risks, if the technology is misused or abused, range from stalking (since a face print could be used to track an individual online and offline) to identity theft (since a face print is a unique biometric identifier).
At NTIA, we see the multistakeholder process as an effective model for policy-making on Internet-related issues such as online privacy since it offers the speed, flexibility and decentralization that are hallmarks of the Internet itself. NTIA’s first multistakeholder process marked an important milestone last summer when stakeholders agreed to begin testing and implementing a code to guide app developers as they design privacy notices for mobile devices.
For the Commerce Department, NTIA’s work helps achieve two important objectives. It supports the agency’s Open for Business agenda to promote growth, job creation and innovation across the U.S. economy by maintaining a free and open Internet. At the same time, it demonstrates our commitment to maintaining a leadership role on Internet privacy. We know that these two goals are intertwined since consumer trust is critical for our digital economy to thrive.
I urge participants to work together over the coming months to make progress in addressing thorny privacy concerns raised by facial recognition technology. The first meeting, on Feb. 6, will explore the technical capabilities of the technology, commercial applications and technical privacy safeguards. We are expecting a lively, informative conversation and we hope you will join us.