A written parliamentary question from MP Luciana Berger about the possibility of bringing forward legislation to regulate the use of facial recognition technology has led the Home Office to hint that the legislation (and more) may be on the way soon.
Questions and Answers
The question by the MP about bringing forward ‘biometrics legislation’ related to how facial recognition was being used for immigration purposes at airports. Last month, MP David Davis also asked about possible safeguards to protect the security and privacy of citizens’ data that is held as part of the Home Office’s biometrics programme.
Caroline Nokes has said on behalf of the Home Office, in response to these and other questions about biometrics, that options to simplify and extend governance and oversight of biometrics across the Home Office sector are being looked at, including where law enforcement, border and immigration control use of biometrics is concerned. Caroline Nokes is also reported to have said that other measures would also be looked at with a view to improving the governance and use of biometrics in advance of “possible legislation”.
Controversial
There have been several controversial incidents where the Police have used/held trials of facial recognition at events and in public places, for example:
In February this year a deliberately overt trial of live facial recognition technology by the Metropolitan Police in the centre of Romford led to an incident whereby a man who was observed pulling his jumper over part of his face and putting his head down while walking past the police cameras ended up being fined after being challenged by police. The 8-hour trial only resulted in three arrests as a direct result of facial recognition technology.
In December 2018 ICO head Elizabeth Dunham was reported to have launched a formal investigation into how police forces use facial recognition technology after high failure rates, misidentifications and worries about legality, bias, and privacy.
A trial of facial recognition at the Champions League final at the Millennium Stadium in Cardiff back in 2017 only yielded one arrest, and this was the arrest of a local man for something unconnected to the Champions League. This prompted criticism that the trial was a waste of money.
Biometrics – Approved By The FIDO Alliance
One area where biometrics has got the seal of approval by The FIDO Alliance is in its use in facial recognition, and fingerprint scanning as part the login for millions of Windows 10 devices from next month. The FIDO Alliance is an open industry association whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords.
In a recent interview with CBNC, Microsoft’s Corporate Vice President and Chief Information Officer Bret Arsenault, signalled the corporation’s move away from passwords on their own as a means of authentication towards biometrics and a “passwordless future”. Windows Hello (the Windows 10 authenticator) has been built to align with FIDO2 standards so it works with Microsoft cloud services, and this has led to the FIDO Alliance now granting Microsoft official certification for Windows Hello from the forthcoming May 2019 upgrade.
What Does This Mean For Your Business?
Taking images of our faces as part of a facial recognition system used by the government may seem like an efficient way of identifying and verification e.g. for immigration purposes, but our facial images constitute personal data. For this reason, we should be concerned about how and where they are gathered (with or without our knowledge) and how they are stored, as well as how and why they are used. There are security and privacy matters to consider, and it may well make sense to put regulations and perhaps legislation in place now in order to provide some protection for citizens and to ensure that biometrics are used responsibly by all, including the state, and that privacy and security are given proper consideration.
It should be remembered that some of the police facial recognition tests have led to mistaken identity, and this is a reminder that the technology is still in its early stages, and this may provide another reason for regulations and legislation now.