We've all seen the movie, the one where the super spy snaps a picture with his spy-phone and uploads the image to his headquarters. There, a computer system quickly analyzes the grainy picture, identifies the perpetrator, and sends the super spy a dossier of all pertinent background information and known associates.
In the movies, this is very exciting. The super spy is able to out-maneuver the criminal mastermind and prevent him from achieving his evil plan.
But when we watch those movies, we don’t usually think about the privacy or personal injury implications of a government database that contains photos and background information of people around the world. I am such a viewer, and was very surprised to learn from a New York Times article that the U.S. National Security Agency (N.S.A.) is building such a database. It seems the N.S.A. has captured millions of images from monitored electronic conversations and from that, has culled 55,000 facial recognition quality images for their database. Those images are accompanied by database entries with background information, known associates, and network affiliations.
I’m not going to argue for or against the capture of the data, the use of the data, or even the surveillance practices of the N.S.A., but I do think the news raises questions about whether technologies may be intruding too deeply into the personal lives of people around the globe.
There are very few laws or regulations in the U.S. addressing facial recognition technologies and there are a few regulations in Europe related to the use of a person’s likeness for identification purposes. Germany and other European nations felt that Facebook’s facial recognition software, which helped users tag friends in photos, had run afoul of their privacy regulations. Facebook opted to pull its facial recognition functionality out of those countries to avoid any regulatory issues.
Facial recognition technology is a very interesting technology and could provide some significant benefits with proper use. We just need to face this emerging technology with our eyes wide open and build a proper legal and regulatory framework in which it can operate.
If you have any questions about cyber risk or cyber insurance, please feel free to e-mail me at sdougherty@iso.com. You can also follow me on Twitter @doughertyshawn.