In what can be seen as growing unease with the use of facial recognition and other biometric identification, at least by the government, the San Francisco Board of Supervisors voted Tuesday to ban city agencies’ use of facial recognition software, including law enforcement agencies. The move, the first for a U.S. city, came as part of an ordinance that added public oversight to the city’s procurement and deployment of surveillance technology more broadly. While the ordinance does nothing to regulate private individuals’ or companies’ development, use or sale of facial recognition technology, privacy advocates are nevertheless praising the move as a stand against growing government surveillance, and the opening salvo in the regulation of what some see as a currently flawed and potentially discriminatory technology.
Indeed, last summer Microsoft called on Congress to regulate and limit the use of facial recognition technology, and in the absence of federal action, several cities and states are considering similar bans or moratoriums on government use of facial recognition, at least until the software improves or its full capabilities and the impact of its wide-scale adoption and use are better understood. This ordinance alone adds to California itself and its municipalities increasingly pushing for privacy legislation from Santa Clara County’s 2016 ordinance creating a public process for the procurement of surveillance technology to the landmark California Consumer Privacy Act, to proposed expansion of the state’s data breach notification law.
Don’t expect the growing trend from the past several years to slow or these debates to die down, but rather look for more informed and nuanced discussion of privacy and technology, including facial recognition and other biometric technologies. Case in point, the distinction between using facial recognition to identify individuals against a known database and using it to, for example, follow specific anonymous faces around a defined space without identifying those individuals is not currently part of the push to ban. As consumers become more informed by public debates around legislation both here and abroad, the conversation about privacy is likely to become more complex, which could potentially lead to regulation of specific uses and disclosures of private information, à la HIPAA, rather than broad stroke bans.