Recognizing the Dangers in Facial Recognition

By Shawn Dougherty June 9, 2014

Shawn DoughertyWe've all seen the movie, the one where the super spy snaps a picture with his spy-phone and uploads the image to his headquarters. There, a computer system quickly analyzes the grainy picture, identifies the perpetrator, and sends the super spy a dossier of all pertinent background information and known associates.

In the movies, this is very exciting. The super spy is able to out-maneuver the criminal mastermind and prevent him from achieving his evil plan.

But when we watch those movies, we don’t usually think about the privacy or personal injury implications of a government database that contains photos and background information of people around the world. I am such a viewer, and was very surprised to learn from a New York Times article that the U.S. National Security Agency (N.S.A.) is building such a database. It seems the N.S.A. has captured millions of images from monitored electronic conversations and from that, has culled 55,000 facial recognition quality images for their database. Those images are accompanied by database entries with background information, known associates, and network affiliations.

I’m not going to argue for or against the capture of the data, the use of the data, or even the surveillance practices of the N.S.A., but I do think the news raises questions about whether technologies may be intruding too deeply into the personal lives of people around the globe.

There are very few laws or regulations in the U.S. addressing facial recognition technologies and there are a few regulations in Europe related to the use of a person’s likeness for identification purposes. Germany and other European nations felt that Facebook’s facial recognition software, which helped users tag friends in photos, had run afoul of their privacy regulations. Facebook opted to pull its facial recognition functionality out of those countries to avoid any regulatory issues.

Facial recognition technology is a very interesting technology and could provide some significant benefits with proper use. We just need to face this emerging technology with our eyes wide open and build a proper legal and regulatory framework in which it can operate.

If you have any questions about cyber risk or cyber insurance, please feel free to e-mail me at sdougherty@iso.com. You can also follow me on Twitter @doughertyshawn.


Shawn Dougherty

Shawn Dougherty is the assistant vice president of ISO's Specialty Commercial Lines Division. He is responsible for providing the overall direction, leadership, and client service for ISO's cyber liability (e-commerce), D&O (management protection), businessowners, crime and fidelity, financial institutions, employment-related practices liability, and professional liability (other than medical) insurance programs. He is also the ISO product manager for the Lloyd's Wordings Repository, an electronic database of policy wordings and clauses regularly used within the London market. Mr. Dougherty has worked at ISO since 1988.