There have been increasing privacy and civil liberty questions raised as the use facial recognition technology has increased in companies’ advertising and criminal investigations. As identification technology becomes cheaper and more prevalent, it could easily unmask people and track their movements. Those who were previously part of the unnamed crowd could be singled out for identification.

I’ve discussed before the increasing use of facial recognition technology in advertising, especially in “digital signage.” Most people have heard of the term connected with billboards or other screens that have cameras (and facial-recognition technology) to watch people watching ads in order to improve their marketing. The digital signs log data such as gender, approximate age and how long someone looks at an advertisement. This is supposed to help build a better billboard — one that is tailored specifically to the individual standing in front of it. However, the data-gathering and surveillance practices raise substantial privacy questions. (Disclosure: The Center for Democracy and Technology has released a set of privacy guidelines for digital signage, which I consulted on and contributed to, in the report “Building the Digital Out-Of-Home Privacy Infrastructure.”)

There are also civil liberty questions of government use of the technology. See this previous post for a discussion about the First Amendment right to free speech and how widespread identification technologies can affect that. More of my thoughts on facial recognition in this older GCN interview.

The Federal Trade Commission, which recently held a workshop of facial recognition technology, is now seeking public comment about the use of this biometric technology. The deadline for filing is Jan. 31. Here’s more from the FTC press release: Read more »

Here’s some background: A privacy and civil liberties oversight board was recommended by the 9/11 Commission, and the board was created in 2004 and placed within the White House. In 2008, Congress passed and President Bush signed the “Implementing the 9/11 Commission Recommendations Act of 2007,” which took the Privacy and Civil Liberties Oversight Board out of the White House and established it “as an independent agency within the executive branch.”

Terms for the original board expired in January 2008, but President Bush delayed the nomination of new board members for many months; none were confirmed by the Senate. President Obama last year nominated James X. Dempsey, Vice President for Public Policy at the Center for Democracy and Technology, and Elisebeth Collins Cook, who worked in the Justice Department in the Bush administration. Privacy Lives has joined in the call to nominate and confirm experts to the board. (For more information on the board, here’s a 2008 Congressional Research Service report (pdf) on the board’s history and powers.)

Now, the White House has announced that President Obama has sent more nominations to the oversight board to the Senate: Read more »

Secrecy News has posted a copy of a Congressional Research Service report (pdf) on cybersecurity laws, which includes a discussion of privacy laws including the Privacy Act of 1974 and the Electronic Communications Privacy Act of 1986 (“ECPA,” also known as Title 18 § 2511 of the United States Code). There has been much discussion of revising ECPA and several bills have been introduced, which are discussed in this CRS report. Here’s the introduction:

For more than a decade, various experts have expressed concerns about information-system security—often referred to as cybersecurity—in the United States and abroad.1 The frequency, impact, and sophistication of attacks on those systems has added urgency to the concerns.2 Consensus has also been growing that the current legislative framework for cybersecurity might need to be revised to address needs for improved cybersecurity, especially given the continuing evolution of the technology and threat environments. This report, with contributions from several CRS staff (see Acknowledgments), discusses that framework and proposals to amend more than 30 acts of Congress that are part of or relevant to it.

I’ve noted before how social-networking data — from sites such as MySpace and Facebook — have been used to gather evidence in trials against jurors and defendants, in divorce cases, against employees (which can lead to lawsuits), applicants to colleges and graduate schools, politicians and high school students. We’ve seen it affect applicants to jobs in the United States and abroad. Recently, the Wall Street Journal noted that some employees are fighting back when their employers attempt to punish them for comments made on social-networking sites.

Now, NPR reports on problems that teachers have had with Facebook and other social networking-site postings:

The new and ever-changing world of social networking has blurred the lines between private and public, work and personal, friend and stranger. It’s becoming a particular challenge for teachers who can quickly rile students and parents by posting comments or photos online.

In some cases, teachers have been fired for statements they’ve made on Facebook, which is raising free speech issues. [...]

John Palfrey of Harvard’s Berkman Center for Internet and Society says there have always been teachers who say dumb things, but now social media amplifiy those comments. Read more »

We’ve discussed before how social-networking data — from sites such as MySpace and Facebook — have been used to gather evidence in trials against jurors and defendants, in divorce cases, against employees (which can lead to lawsuits), applicants to colleges and graduate schools, politicians and high school students. We’ve seen it affect applicants to jobs in the United States and abroad.

Now, the Wall Street Journal discusses how employees are responding when their bosses punish them for the comments they make online on Web sites, including social-networking sites:

Since the rise of Facebook and Twitter, companies believed they had the right to fire employees who posted complaints or hostile or rude comments online about their employers.

But in recent months, workers have sought to solve their very modern employment predicament by using the law that kick-started the U.S. labor movement: the National Labor Relations Act of 1935. The law gives private-sector employees certain rights to complain about pay, safety and other working conditions. It doesn’t protect simple griping.

More than 100 employers, including a saloon, a BMW dealership and Wal-Mart Stores Inc., have been accused by workers over the last 12 months of improper activity related to social-media practices or policies, according to the National Labor Relations Board, a federal agency that enforces the law and decides whether employees’ complaints have merit. [...] Read more »

Recently, there have been reports about how smartphone users’ data could be quietly gathered and used by companies via service called Carrier IQ. Now, Sen. Al Franken (D-Minn.), chairman of the subcommittee on Privacy, Technology and the Law of the Senate Judiciary Committee, has written to Carrier IQ demanding answers about how this technology affects cellphone users’ privacy.

Franken noted that, “Earlier this week, a researcher confirmed that software developed by Carrier IQ was logging and potentially transmitting the sensitive information of consumers, including” information such as “the phone numbers they dial,” “the contents of text messages they receive,” “the URLs of the websites they visit,” “the contents of their online search queries,” and “the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.”

Franken wrote to Carrier IQ President and CEO Larry Lenhart, saying:

It appears that [your company's] software runs automatically every time you turn your phone on.  It also appears that an average user would have no way to know that this software is running—and that when that user finds out, he or she will have no reasonable means to remove or stop it. [...]

I understand the need to provide usage and diagnostic information to carriers.  I also understand that carriers can modify Carrier IQ’s software.  But it appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.  Read more »