Facebook Abandons Face Recognition - What It Really Means
In a recent blog post, Facebook (now Meta) announced they were (mostly) moving away from face recognition. Facebook’s face recognition has been opt-in for a while, and they report that about 1/3 of there users opt-in to the service - a really good opt-in rate. Facebook’s use of face recognition is (as far as we know) solely tied to “face tagging” which identifies your friends in pictures you upload to the service. This a nice convenience feature and I have used it myself to search for old photos solely by the names of people in them. Apple’s iPhoto application (and many others) also have this feature, but without the network component, making it less of a privacy concern.
I’ve talked to various people about Facebook since we started Blink Identity, trying to understand what face recognition concerns they had, and they essentially came down to a vague feeling of unease about what Facebook could do with all that face data. While Facebook has (had) billions of indexed face photos, it would only search faces in your first-level friends network - it wouldn’t search their entire network. For example, if I was captured in the background of a photo taken by a stranger, it wouldn’t identify me in that photo. Instead of searching billions, Facebook was searching (typically) a thousand or so. In fact, a network of billions of “candid” photos (as opposed to well composed ‘passport style’ photos) is unlikely to be searchable without being overrun by false positives. So if your were skipping school to go to a baseball game you couldn’t be accidentally discovered.
I think the central issue in facial recognition is agency. At Blink Identity, we strongly believe that everyone should have control over their own biometrics and how they are shared. You can consent to face recognition for yourself, but not for others. If you are my Facebook friend, I can’t legitimately opt-in for you to consent to using it on you. But what about something like iPhoto that does a similar operation? Fundamentally, it is different because of the scale. If I am taking a decent picture of you, it is probably with your consent and iPhoto is really just doing the same thing I would be able to do myself by recognizing you in a photo. I am a limited human with limited resources. That’s different from what a large company with billions of photos could do. For example, Facebook could search their entire database for selected individuals on behalf of a government subpoena. (this is just a notional scenario - I have no knowledge of this happening.)
Facebook has a similar view to ours in their announcement:
Facebook announced that they would be deleting all their face templates in the coming weeks. That’s a fairly strong commitment, but also a little misleading. A facial image is used to construct a facial template, and Facebook still has the original images. They can still potentially use face recognition in a limited dataset, or use face recognition wholesale in the future by extracting face templates again. However, without a database of face templates, any large-scale matching will be impossible.
Strangely, chess champion Gary Kasparov has come out strongly against Facebook’s actions. His argument essentially boils down to the idea that Facebook behaving responsibly is irrelevant because other actors (e.g. China) won’t. In a sense, I agree with him - privacy violations will come from unaccountable governments or private companies, not companies with clear transparent policies. You may be worried about Facebook, but what about the dozens of surveillance cameras capturing you every day? But unlike Kasparov I applaud Facebook’s actions. Privacy is a shared societal construct, and unless people demand transparency for their private data it will never happen.