Government needs to regulate facial recognition tech, says National Academies

A sign at New York City's Madison Square Garden alerts visitors to the use of facial recognition technology

A sign at New York City's Madison Square Garden alerts visitors to the use of facial recognition technology Christina Horsten/picture alliance via Getty Images

A facial recognition risk management framework, new legislation and more are among the recommendations in a new report requested by the FBI and DHS.

The government is falling behind on addressing the implications of facial recognition technology and needs to fill in gaps with new laws, executive orders and standards, experts say in a report from the National Academies of Sciences issued Wednesday. 

“Currently, with limited exceptions, the United States doesn't have authoritative guidance, regulations or laws that adequately address [facial recognition technology],” said Jennifer Mnookin, co-chair of the committee behind the report and chancellor of the University of Wisconsin-Madison, during a Wednesday event on the release of the document. 

Increasingly, though, the technology is both being used for verification — confirming that one photo matches another of the same person — and identification — where a one photograph is compared against a database of images to find a match.

Although the report’s authors note potential benefits of the tech, like its use in security checkpoints at airports or to unlock a smartphone, they caution that the government needs to take action to mitigate potential harms around equity, privacy, civil liberties and surveillance.

The report, sponsored by the FBI and Department of Homeland Security, includes recommendations for regulation and the development of technology standards.

The White House, it says, should consider an executive order on the use of facial recognition tech by federal agencies.

The report also recommends the National Institute of Standards and Technology establish standards for evaluating and reporting on the performance of facial recognition tech, as well minimum quality requirements — like acceptable false positive and negative levels — for different applications.

How well the tech works and how it is used are among the authors’ concerns.

An oft-cited 2019 NIST study found that nearly all algorithms have demographic differentials, as a NIST official told lawmakers early last year.

Although the technology has generally gotten more accurate over time and progress has been made to lessen demographic disparities in terms of performance, differentials still exist across characteristics like gender and race, the report states. Factors like what algorithm is used and the quality of photos affect how well facial recognition works.

The report also includes recommendations that NIST sustain its testing and evaluation on the technology and create a risk management framework for facial recognition applications. 

Congress also gets a to-do list from the Academy. The report recommends that legislation be considered for a list of specific sub-issues, including the scraping of images from websites and social media without the consent or knowledge of individuals in the photographs, as well as requirements for user training or certification for the operators of such systems.

The report’s authors also note that facial recognition has been used in at least six wrongful arrests of Black individuals in the United States, raising concerns about the technology’s use by law enforcement. 

They recommend that DHS and the Department of Justice set up a working group to create standards for the use of facial recognition by law enforcement agencies, and that the government require law enforcement grant recipients to follow certain requirements related to its use.

“I think one of the takeaways from the committee's report is that the issue is more urgent than it has been in the past. The urgency is increasing, and certainly the committee has recommended that Congress consider legislation in this area,” said co-chair, Edward Felten, professor of computer science and public affairs at Princeton University, a former deputy White House chief technology officer and a member of the U.S. Privacy and Civil Liberties Oversight Board. “That said, legislation is difficult and Congress has many things to do.”