(h/t The Loop)
After San Francisco in May placed new controls, including a ban on facial recognition, on municipal surveillance, city employees began taking stock of what technology agencies already owned. They quickly learned that the city owned a lot of facial recognition technology—much of it in workers’ pockets.
City-issued iPhones equipped with Apple’s signature unlock feature, Face ID, were now illegal—even if the feature was turned off, says Lee Hepner, an aide to supervisor Aaron Peskin, the member of the local Board of Supervisors who spearheaded the ban.
Around the same time, police department staffers scurried to disable a facial recognition system for searching mug shots that was unknown to the public or Peskin’s office. The department called South Carolina’s DataWorks Plus and asked it to disable facial recognition software the city had acquired from the company, according to company vice president Todd Pastorini. Police in New York and Los Angeles use the same DataWorks software to search mug shot databases using photos of faces gathered from surveillance video and other sources.
The two incidents underscore how efforts to regulate facial recognition—enacted by a handful of cities and under consideration in Washington—will prove tricky given its many uses and how common it has become in consumer devices as well as surveillance systems.
First off, it doesn’t strike me that the situation involving DataWorks Plus is in any way a negative side effect of the ban. Could last-minute scrambling have been avoided? Sure. But this kind of heightened awareness of systems that might just have gone unnoticed appears to be a positive effect of such rules.
In any case, from the situations described, it does not seem to be a “hard problem”, per se, just that the regulation so far has been inept. Regulation just takes an intelligent lawmaker, legislative process, and implementation, like all other regulation.
I’m not saying that the lawmakers who introduced the bans were incompetent. However, there is a need for legislators to understand the technology and the specific evils that they are trying to address. A ban is good — I would support a ban on the basis of the precautionary principle — but it clearly was not intended that the ban would prevent private users from using facial recognition technology on individual devices when the data does not leave the phone.
Bad regulation does not mean that regulation is hard. It just means that we can do better, as is clearly demonstrated by the fact that other jurisdictions have learned from these examples and built in different conditions to their own rules, for example:
[a] facial recognition ban passed by Brookline, Massachusetts, last week includes exemptions for personal devices used by city officials, out of concerns about both Face ID and tagging features on Facebook.