The U.N. suspends Syrian peace talks until late this month. The U.S. plans to quadruple military spending in Europe as a signal to Russia. And American officials express concern about ISIS in Libya. A panel of journalists joins guest host Tom Gjelten for analysis of the week's top international news stories.
Yesterday former intelligence subcontractor Edward Snowden denied ties to China. Many questions remain unanswered related to his claims that the U.S. government routinely collects vast troves of information on ordinary Americans. But there’s another kind of surveillance not widely acknowledged: facial recognition. An estimated 120 million facial images are stored in searchable databases across the country. Law enforcement authorities in 26 states are allowed to search these images for crime suspects, victims and witnesses. How facial recognition software and other biometric techniques are being used today.
- Laura Donohue professor at Georgetown University Law School.
- Michael Thieme vice president of International Biometric Group (Novetta Solutions).
- Craig Timberg national technology reporter for The Washington Post.
Facial Recognition Via High-Resolution Photos
The Washington Post created a gigapixel panorama of the 2013 opening day game at Nationals Park. The interactive photograph allows users to zoom into the stadium by seat number, see faces and tag people. Erin Stamper, engineer for The Diane Rehm Show, attended the baseball game, and she was able to identify and tag herself in the image. See the panorama and close-up of Stamper in the gallery below. Click “Full Screen” to see a larger version.
MS. DIANE REHMThanks for joining us. I'm Diane Rehm. Many questions remain about NSA's surveillance operations, but some say it's your photo ID that's more likely to be used by law enforcement authorities. Twenty-six states with facial recognition systems in place allow police to search these databases. Joining me to talk about advances in facial recognition and other biometric techniques and how they're used: Craig Timberg of The Washington Post, Laura Donohue of Georgetown University Law School.
MS. DIANE REHMJoining us from a studio at NPR in New York City, Michael Thieme of the International Biometric Group. Do join us with your questions, comments. Call us on 800-433-8850. Send us an email to firstname.lastname@example.org. Follow us on Facebook or Twitter. Good morning to all of you.
MR. CRAIG TIMBERGIt's great to be here.
PROF. LAURA DONOHUEThank you very much for having us.
REHMAre you there, Michael? Michael Thieme, are you there?
MR. MICHAEL THIEMEYes, I am. Thank you.
REHMOh, good. It's good to hear your voice. I want to let our listeners know how sensitive this issue has become. Just 55 minutes ago, we got a call from the individual who was to be our fourth guest this morning, Scott McCallum. He's in the sheriff's office at Pinellas County, Fla., I guess that is, and he was told by his PR people that he could not appear on this program. So, Craig Timberg, I'll turn to you and get you to give us a sense of just how important and how sensitive this whole issue of photo ID databases is.
TIMBERGSo the story we did really came out of the Boston marathon bombing in the sense. You all remember the moment where they had images of their suspects, but they didn't know who it was. And we were asking ourselves, well, why don't they just use that cool facial recognition technology that we've seen in the movies? So it turned out that the images weren't good enough for that to work, but my colleague Ellen Nakashima and I began asking ourselves, well, what are these databases? How do they work?
TIMBERGAnd we began mapping out this fairly broad universe of databases held by different government bodies, and then they we're being used in different ways. And that brought us, eventually, to the state driver's license registry. So if you have a driver's license, you know, you have a picture that the government has taken. And in 37 states, they use facial recognition technology to make sure that you don't have two or three or five driver's licenses.
TIMBERGAnd in 26 states, they have given access to law enforcement, either directly or sort of indirectly through other kinds of searches, to use them for investigative purposes. So they have a picture on Facebook. They have a picture of surveillance video. They need -- they want to know who it is, they go, they check.
REHMSo why couldn't they find the two young men in the Boston bombing even more quickly?
TIMBERGThere were two problems. One is the images were very grainy. There weren't enough pixels for the facial recognition searches to work properly because both of them had driver's licenses in Massachusetts which is a state that uses facial recognition technology. But in addition, you may remember that one of them had sort of the cap low on the face and sunglasses. The other one, the face was on an oblique angle.
TIMBERGAnd while this technology has gotten much better and will continue to get much better over the next few years, it's not, you know, it's not like what you see in the movies. It's not perfect. And so they need -- in order for it to be better, they need to assemble more databases. They have to get better cameras.
REHMOK. And, Michael Thieme, just how technically proficient is this facial recognition software?
THIEMEWell, to sort of echo what was just mentioned, the quality of the data is really the driving factor here. Government organizations and our company have run tests where if you take very high-resolution faces, the sort you might get with an iPhone or a high-resolution digital camera, the accuracy is in the general vicinity of accurate biometrics like fingerprint or iris recognition. But it's quite rare that a law enforcement agency would have access to both the probe and the gallery image, if you will, that are high quality.
THIEMESo the issue is that the technology, the algorithms need to essentially work with what you got, sort of garbage in, garbage out. And that's what's different about face recognition is that there really aren't any dedicated cameras or sensors whose sole job is to collect face recognition photos, right? The algorithms process what they get out of, you know, through driver's license cameras or, you know, CCTV, the sort you see for the -- with the Boston marathon bombings.
REHMOK. But let me just say that our engineer Aaron Stamper went to the Nats baseball game, the opening game, thousands of people in the stand. And we have on our website a photograph with facial markings. So our listeners can go to drshow.org. You can scroll down, and you can find individual faces. What do you - how do you figure that, Craig?
TIMBERGWell, there's no presumption of privacy of your face when you're in a public space, right?
TIMBERGYou walk around, you expect to be seen. And I feel like the conversation tends to focus on the images, the surveillance cameras and all that. But what crosses a whole new line is when there's identification software rigged up with those systems. So I believe The Washington Post ran the picture from -- that high-res picture from that Nats game on opening day.
TIMBERGIf we had then ran facial recognition technology and named all 46,000 people in the crowd, that's kind of a different thing.
TIMBERGAnd also, if you then collected information and put it in a database, again, it's a different kind of thing.
REHMShe posted that she was there on Facebook...
REHM...so that makes a difference.
DONOHUEYeah. One thing to add to Craig's point on this is just in terms of the technology. At Carnegie Mellon, there's a study run using Facebook technologies and just publicly available information on Facebook and a camera on students as they crossed campus.
DONOHUEThey were unable to identify more than 30 percent of the students using simply a camera and publicly available Facebook information. And so if you look at the technologies as they're being developed -- I took a look, for instance, at the patents that have been developed in this area. Between 1970 and 1995, there were only 10 patents issued in that entire time. So in 25 years, only 10 patents issued for facial recognition technology.
DONOHUEOver the next five years, there were 20, so from 1995 to 2000. But since 2000, what we've seen is just an explosion in this area. There are now 633 patents that were issued between 2001 and 2011.
REHMAren't they all different patents for the same kind?
DONOHUEThese are all different patents, but there is a pattern to the types of patents that are being granted. Many of them have law enforcement and/or national security applications.
REHMI see. Mm-hmm.
DONOHUESo it's a kind of thing that you are in the military and you want to identify the driver of a truck 50 feet -- or 50 yards, or instance, before they approach or actually arrive at a checkpoint, you'd like to know who's driving that truck. And so often, the patent applications themselves have very clear national security or criminal law-type implications.
TIMBERGAnd it's worth mentioning that a lot of the technology that's being used in the driver's license registry by the FBI and the State Department comes out of a military setting, right? These technologies were developed in Afghanistan and Iraq or at least they were honed in Afghanistan and Iraq to find insurgents who plant bombs. So there's a big explosion. The military will round up a bunch of guys and take their pictures and compare them to other pictures they have. That's the software that's being used increasingly in our country.
THIEMESo one clarification on that point. I do agree that the implementation of face recognition in, you know, theater military applications did drive the technology, but the stuff that's used in DMVs from legacy companies like Visage and L-1 (sp?) was originally developed for that purpose, right, and I think that there is -- we just clarify for the audience's benefit, the stuff that's used to search the driver's license duplicates -- let's say, if you have 10 million faces in a database -- tends to be different technology, different back-end technology than what you use in military application.
THIEMEIn fact, the stuff that was used in theater was almost always fingerprint and iris because the face wasn't accurate enough. And this gets back to the idea of there being controlled collections in DMVs. So I agree that the issue that you have this large database of driver's license photos, it's searchable because they're controlled. That needs to be separate from sort of less controlled, sort of deployed applications of face recognition.
REHMBut, Craig, tell me, in doing this story, did you talk with people who were police officials about how they're using this technique?
TIMBERGQuite a few of them, and they, as you might expect, love it, right? I mean...
REHMThey love it.
TIMBERGYeah. It's effective stuff.
TIMBERGI mean, it's not as effective as, frankly, they would like it to be 'cause there are still limitations in the technology. But I tell this account in the story where this detective in Carlisle, Pa., is looking for a guy. All he has is a nickname. The nickname is Buddha the Shoota, right? So they go. They find a Facebook page that shows...
REHMBuddha the Shoota.
TIMBERG...yeah, Buddha the Shoota. And they run it against a mug shot database the state of Pennsylvania maintains. They get an ID. They go visit the guy, and they say, hey, Buddha. (laugh) And Buddha says, how'd you know that? And the officer says, we're the police, right? I mean, so it's being used in a broad range of investigations, not just terrorism. And it's being used not just against suspects. It's being used for witnesses as well.
TIMBERGSometimes they'll look -- they'll get a picture of a bunch of guys who were like around a shooting, and they'll try to figure out who each and every one of them is. And they'll use Facebook and they'll use the facial recognition technology that they have in criminal mug shot databases and, in some cases, the driver's license photos as well.
REHMSo why do you suppose the sheriff's office in Florida didn't want to talk to us?
TIMBERGYou know, that guy is a really solid guy who I dealt with extensively on the story. You know, sometimes it's -- I think we have experienced before that when things are on the front page of The Washington Post, it sometimes freaks out officials a little bit. So that may have happened.
REHMCraig Timberg of The Washington Post. Short break. When we come back, we'll talk further, take your calls. Stay with us.
REHMAnd welcome back. We're talking about facial recognition and the use of computers to create advances in facial recognition, the use of that technique in the armed forces but also by police in your own community. What about reasonable expectations of privacy? Laura Donohue, as a law professor, what's left?
DONOHUEIn 1967, the Supreme Court famously looked at the Fourth Amendment and said that the Fourth Amendment protects people not places. And where people have a reasonable expectation of privacy objectively and subjectively, then in order to obtain information, the government must go through a series of steps to do a search and a seizure. They must have probable cause apply before a judge, a neutral, disinterested magistracy...
DONOHUE...for warrant, you know, and so on.
DONOHUEThe problem is that the court's jurisprudence in this area has developed with regard to different technologies. These are new technologies. And so the court has consistently, over time, considered individuals in public space not to have a reasonable expectation of privacy...
DONOHUE...when you go about your daily business. So there are some famous cases. Ciraolo is one where a plane flew over somebody's home. There's a helicopter case, Florida v. Riley, where a helicopter was hovering over somebody's home. And anything that is outside the curtilage of the home, once you leave, you know, four or five feet around your home, you do -- you no longer have this reasonable expectation of privacy.
DONOHUENow, paired with that is the Supreme Court's doctrine with regard to some new emerging technology. So there is a case called Kyllo, in which individuals were growing drugs in house, marijuana, and a thermal imaging device picked up the heat signature from outside the home.
REHMI remember that case.
DONOHUEDo you remember this case?
DONOHUERight. Well, Justice Scalia said at the time that until that technology becomes ubiquitous, then you have a -- an expectation, a reasonable expectation of privacy for what happens in your home. So now enter 633 patents, you know, between 2001 and 2011, look at the commercial sphere, what's happening. When -- I can turn on my cellphone and find out bars in Chicago, how many men to women are in each bar?
DONOHUEWhen I walk past a billboard outside the Bellagio in Las Vegas and it starts advertising to me based on my ethnicity, my height, my weight, my gender. When Kraft Foods is in talks with Facebook so that as you walk into the grocery store, it can access your Facebook account and then market to you, you know, say you have children, ways to spice up mac and cheese that night, that is -- you would say that that technology is becoming fairly ubiquitous.
DONOHUEYou know, the extent to which FRT is now used in the commercial sphere therefore has an implication for how we view government use of these technologies even though it's being used in a very different way now.
TIMBERGYou know, it's -- Laura touches on a really interesting point, which is sort of like there's the government piece of this and there's the private sector piece of this. I cover technology and privacy for The Post, so I sort of used to debate which was more important, the private sector piece and the government piece. And it sort of has gradually dawn on me in the last couple of weeks that they're kind of one and the same, right?
TIMBERGI think we've learned from the revelations about the NSA program that when you give over your information to private companies, the government has ways of getting that. And so it does feel like we're increasingly surrounded by this kind of like web of -- surveillance may not be right word, but maybe it is not -- maybe it is the right word that there's just so much information out there that people can get about us. And we have no idea they're getting about us.
REHMMichael Thieme, would you agree?
THIEMEYeah. I think there's a lot of truth in that. The -- it is interesting -- face recognition is interesting in that I think maybe the most significant developments and the technology over the last few years have actually been in the social networking platforms, like Facebook and Google. And the use of technology in that area isn't for these large-scale searches. It's not, you know, search against a million people.
THIEMEIt's to do things like help people organize photographs, to be able to upload 200 photos, and it says, is this your uncle? It'll give you a tag, you know, accept that or not. But by virtue of that, the technology has been able to deal with the type of off-angle and profile images and blurry images that would simply not be usable for the -- of what you might consider traditional face recognition.
THIEMESo it's sort of an inversion of the normal biometrics like fingerprint and iris where it really is the commercials fear, the Facebooks and Googles that are doing the most out there uses of face recognition in terms of using bad images.
DONOHUESo one of the other doctrines that this is bringing to mind is the issue of third party information. So the Supreme Court has, over time, developed an understanding that when you voluntarily give your information to a third party, then you lose that reasonable expectation.
DONOHUEThe problem is that that doctrine was developed at a time when the technologies, the social network sites, digital technologies that can store massive amounts of information, when these didn't have such deep implications for the private lives of citizens when amassed, analyzed and data mine for further knowledge.
REHMBut, Craig, what about school photos? What about work IDs? Is all that collected?
TIMBERGBoy, that's a good question. Certainly, it's collected somewhere, right? I mean, all these things end up in databases. And so the government, you know, I don't honestly know about the school pictures. Certainly, university pictures probably are collected.
DONOHUESo the FBI is running a program right now as part of next generation identification called the Rap Back service where employers can collect biometric information from employees. That information is then provided to the FBI, which then will report back to the employer if the employee is implicated in criminal or, in some cases, civil activities. And that is a biometrically enabled program.
DONOHUEWell, one can imagine a range of civil potential activities that could -- it could be anything from lawsuits to other actions. It's not actually defined in more detail, and we don't yet have a PIA for the rap back service -- I'm sorry -- a privacy impact assessment for the rap back service...
DONOHUE...which is one of seven programs that's part of next generation identification.
TIMBERGSo I wanted to point out here that it's not that these technologies are inherently bad, right?
TIMBERGI mean, and they can be very effective. For example, if you could've spotted the 9/11 bombers walking on to an airplane back in 2001, that would be like a great thing. And so the -- and we tend to get these very binary conversations about this, like either we let al-Qaida have its way with whatever, or we're going to give up all of our privacy. And I feel like one of the things that we're still working out as countries is drawing the lines in between, and that's why these legal issues really matter.
TIMBERGThat's why illuminating what the government can do and how they say they're drawing the lines are so important because the public conversation has been pretty unsophisticated so far, and you see that in the polls. People are creeped up by some of the intrusions. They don't want bombings in their cities, and they don't really know how to weigh these things against each other. And that's why it's really important that there'd be a public conversation. And then maybe there need to be laws that don't exist yet that draw line's more clearly than it have so far.
REHMMichael Thieme, help me understand how much more were less useful facial recognition technology is than, say, fingerprint technology.
THIEMESure. One interesting thing about face recognition is that it's almost universally deployed when you happen to have a database of faces, right, you know, fingerprints and irises and palm recognitions that are -- people deploy specific collection systems like the rap back program, right, to collect fingerprints. But, you know, face recognition uses existing databases in existing systems.
THIEMEAnd in that way, you know, it will be a less accurate technology, but it's not plausible to, you know, and then not just plausible, it's not desirable to collect fingerprints or other biometrics from everybody who's applying for a driver's license or something. So I think the fact that face recognition...
TIMBERGWell, hold on, Michael. But some states do do that, right? I mean, some states do...
THIEMESome states do, yeah. Some states do collect fingerprints...
REHMBoth photo and fingerprint. Right.
TIMBERGAnd fingerprints. Right.
THIEMESo -- but the question...
DONOHUEAnd the interstate...
THIEMEThe question had to do -- go ahead. Sure.
DONOHUESorry. The interstate photo system had -- in 2009, there are 6.75 million photos. By February 2012, there were 114.5 million photos. So it's not like there is a stasis database of photos that's not being added to constantly. The whole design of IPS is to accept more photos, batch uploads from more sources, from social network sites, from privately held sources as well as publicly held sources.
DONOHUEAnd to have all that information and now the initial PIAs are written to actually keep that information in this database. So it's expected to grow exponentially even more in the future.
REHMOK. So say I'm going to attend a political rally, which I've never done in my life, are you suggesting that everyone's photograph at that political rally will somehow end up in a database, Craig?
TIMBERGSo I do think that political rallies frequently are photographed by the police. I don't think that that's a particular revelation. I think the question has to be are they then running those photographs through identification software and putting it in a database for unknown use? What you tend to hear from the civil libertarians is, OK, you're investigating somebody and you have probable cause?
TIMBERGUse every technique available to you to solve that crime. That's a different thing than a sort of broad, diffused, where are people going? What are people doing? And that's where this...
TIMBERGThat's where the fears of these kinds of things become particularly acute, that with all of the surveillance cameras we already have around our country and our airports and our downtown areas, that once you marry that with broad, sophisticated databases and sophisticated identification technology that eventually people's movements end up in databases.
TIMBERGNow, no one in the government today may have any desire to do that, but, you know, the future's a long time, right, and administrations change. And I think that these are questions we should be asking ourselves, whether we deal with this on a legislative level and talk about it.
DONOHUESo as a legal matter, there are two points to be made here. First, the Supreme Court has considered political rallies and photographs taken at political rallies by the police whether this is constitutional. And these cases are from the 1970s, where you had to snap a picture and then go away and research and figure out like who that person might have been and so on. And the court actually notes that with the time lag involved, there's no immediate threat, for instance, to otherwise protected First Amendment, right to free speech. Because they take the photo away, they...
REHMRight, takes time.
DONOHUEA few days later, they figure out. Right. It no longer takes time to do that. So this is one of the key points, again, with regard to the traditional doctrine of the court is this is a new technology. The second point is as a statutory matter -- so Craig is suggesting that new laws are necessary. I think it would be hard to overemphasize that point. It is so important to actually have laws on this.
DONOHUEUnfortunately, right now, what we have is we have a number of statutes that give government agencies the authority to collect personally identifiable information. We even have a number of statutes from Congress directing agencies to use biometric information as much as possible.
REHMAnd speaking of Congress, which is going to debate amendments on immigration, one proposed by Sen. David Vitter of Louisiana will establish a biometric tracking system that would be able to identify immigrants who overstay visas. So you could use facial. You could use fingerprints. You could use the iris. You could use any number of methods.
DONOHUEWell, the Department of Homeland Security runs two major biometrics databases. IDENT is one of them, which really grew from the INS databases. But it now reflects all of the homeland security functions of the department itself. That information is kept for 75 years. And to help them, they actually have developed a biometric watch list. So that's already done. And U.S. visit, in turn, there were 130 million people screened between 2004 and 2009 using U.S. visit in the biometrically enabled database.
REHMAnd you're listening to "The Diane Rehm Show." We're going to open the phones now, 800-433-8850, first to Montgomery Village, Md. Good morning, Martha.
MARTHACan you hear me?
REHMYeah. Go right ahead, please.
MARTHAGood morning, yes. I just wanted to make a very quick comment. I constantly hear all the complaints about the invasion of our privacy, phone records, cameras, et cetera. I'm 70 years old and lived in a different world when I was raised in this country. I think it's very naive to think the government shouldn't be able to use these tools in the world of terrorism that we live in. Law enforcement needs to use this technology.
MARTHAThey have to be able to prevent events that I'm sure they're preventing that we don't know of because intelligence can't tell us when they succeed. We only know when they don't. So I think -- personally, I've never broken the law. I don't do things that are bad. So I don't care when they look at my life and my supposed "privacy." If third parties can do data mining, why shouldn't the government be able to use it to help prevent attacks?
TIMBERGLook, I'm all for the government being able to use information to help prevent attacks. My concern has to do with sort of broad, undifferentiated collection of all sorts of data on all of us all the time. And I -- so -- and this goes back to my point that you have to sort of draw lines in here, ideally by law, that say that one thing is OK and one thing is not OK. So just before I became the technology reporter at the Post, I spent several months as the acting national security editor at the Post.
TIMBERGAnd, you know, at the Post, periodically the government comes to us and asks us like not to publish things, and we use our best judgment if there's a real national security risk. Sometimes we don't publish things or we take individual facts out of stories. Now, I'm not saying that this administration will do this or the last administration will do this.
TIMBERGBut when you think more broadly about the kinds of information the government could assemble on me -- every website I've ever visited, where I go, maybe when my wife's out of town, I'm visiting, you know, the neighbor down the street -- who knows, in the future, what kind of -- even if I've never done anything wrong or anything against the law, that if you give kind of unlimited information to people, the prospect of abuse exists.
TIMBERGAnd I've -- I also was a foreign correspondent in Africa, and I can tell you that when governments amass power and it's not checked by clear, legal authorities, bad things happen. Even good people do bad things sometimes.
REHMMichael Thieme, do you want to comment?
THIEMEYeah, I agree with everything that's been said. I think what happens with these discussions that the capabilities of technology, I guess people project sort of science fiction views on the ability to make blurry images in focus and to rotate faces in 3-D. And I think, you know, we always struggle with the things technology can do now or it can plausibly do in the next few years versus the things you can imagine them doing in 20, 30, 50 years 'cause we use it every day, so we know when the technology fails and when it works.
THIEMEI do agree that having a legal framework to lay out when these sort of databases can be searched on what conditions will be helpful as the technology improves. But the improvements are not -- they're not going to be overnight. It's going to be a long time before technology can do the types of things that people speculate that it can do right now.
DONOHUEThe problem with the -- I agree with Michael and with Craig on this that it's important to have the abilities. The problem is the legal framework is simply not there.
REHMNot catching up quickly enough.
DONOHUEIt has not caught up. The 1974 Privacy Act, you know, we have this legislation that's nearly 40 years old that has exemptions for CIA records. It has exemptions for classified information, for national security. In July of 2006, DHS exempted part of IDENT. We need new legislation in this area.
REHMLaura Donohue, she is professor of law at Georgetown University. Short break here. When we come back, we'll open the phones, read your email. Stay with us.
REHMAnd welcome back. We're talking in this hour about an article written yesterday in The Washington Post by Craig Timberg. He's a national technology reporter. He did a huge piece on facial recognition technology. How it's being used. How widespread it is. We've invited him into the studio along with Laura Donohue, who is a professor of law at Georgetown University, talking about how long it's taking the laws to catch up with this proliferation of technology that is currently available.
REHMOn the line with us from New York is Michael Thieme. He's vice president of the International Biometric Group, Novetta Solutions. Let's go back to the phones. To Woodlands, Texas. Good morning, Bill. You're on the air.
BILLGood morning. Thank you for taking my call.
BILLI enjoy your show.
BILLI just have -- yeah, I'm sorry, Diane. I just have a question to all of your panelists why everybody continues -- and it seems to be everybody -- using the term government every time something happens that, in many ways, is a private corporation. Booz Hamilton is not government. If Booz Hamilton is working under contract for the government and somebody in that government, a person, individuals are the ones getting the contract done.
BILLSo I really, you know, is it any wonder you have so much problem with everybody screaming how bad the government is? The government is not always bad, but there facets of it. And many times, it's the contracts that are made with private corporations that are really hurting all of us.
REHMThanks, Bill. Go ahead, Craig.
TIMBERGI mean, that's a really good point. I will say that borders between governments and private companies can look awfully porous sometimes, as was the case with Booz Allen doing, you know, highly secure NSA work. And, you know, and it's -- I think it's -- this gives me an opportunity to double back on a point that's important, which is that, you know, these governments, they're different, right? All of these states are different now. The FBI has access to various databases.
TIMBERGBut the states maintain these things. The rules around what sort of police searches happen to vary in some cases. Lots of states will only allow, like, the motor vehicle officials to run searches. And so I would resist conflating all of this too terribly much. Our governments are very complicated entities, and they work together on lots of things and lots of things they don't work together.
DONOHUEYes. I'd like to highlight the point which is being raised about contractors. This is actually a very important part of this picture and often under discussed. The State Department, for instance, runs the largest facial recognition technology database in the world. By 2011, the system contains records on over 139 million individuals. It's expected to grow to 210 million by 2012 with...
REHMIs that around the world?
DONOHUEThis is the State Department's facial recognition technology system.
REHMBut what I'm asking is, are those photographs around...
DONOHUEYes, around the world. Globally, globally, globally.
DONOHUENow, this system includes not just face templates but demographic data, their birth, gender, place of birth and so on. This entire system is leased from a private company, which means that both employees and contractors have access to the information and to the infrastructure.
REHMSo you're talking about government and contractors grounded.
DONOHUEYes, working very closely. So DHS shares its identity information with private contractors. You know, this is a very important part of this picture that needs a lot more study and scrutiny.
REHMAll right. Michael, here's a question for you, let's see, from Jason. "How different is the law enforcement software from the versions packaged in popular Apple and Google programs? As we use these companies' free software, are we adding our friend and family's face and name data into their databases that can be accessed by either private or government organizations in the future?" Michael.
THIEMEIt's a great question. The technology that's used to compare law enforcement photos and driver's license photos is sort of the traditional, you might call the legacy face recognition, where it's trying to find a needle in a haystack. And that technology is sort of fundamentally different from what you see in Facebook and Google. It's not that you can't take a Facebook photo and search it against, you know, a driver's license database. It's just that Facebook and Google are trying to solve different problems.
THIEMEIt's not a needle in a haystack. It's let's group these few photos together that are from the same person. And as I said before, the real advances in using off-angle and low-quality photos haven't been from the government and haven't been from the driver's license systems. It's been from Facebook and Google. And the real question in my mind is, when does that -- when are those advances if -- when if -- when and if, do they wind up being folded back into the sorts of systems used by governments?
THIEMEBut right now, you can't buy the stuff that Facebook uses. You can't buy the stuff the Google uses. It's not commercially available. It's only accessible, you know, when you upload your photos. And even then, it's not something that software developers can use.
THIEMEAnd I think that this differentiation is important.
REHMAre you on Facebook, Michael?
THIEMEVery, very rarely, but that's because I'm lazy, not because of any fear of technology.
REHMAnd, Craig, are you on Facebook?
TIMBERGSo I have a Facebook page that I use mainly to publicize a book I did on the AIDS epidemic a couple of years ago. But my nearly perfect wife is on Facebook all the time. And so I often hear about things that my kids are doing because friends of mine will tell me about because they saw it on Facebook.
REHMAll right. And, Laura, you?
REHMAnd that is the same with me. The show is on Facebook. The show is on Twitter, but I am not. Why are you not on Facebook, Craig?
TIMBERGI do have some privacy concerns. I have three youngish kids, and so I do worry a little bit about them being out there. But I may just lack the attention span. Like, I love catching up with all friends, but I don't actually care what they had for lunch and so, like, sort of the constant trip of information.
TIMBERGIt's a little bit more than I could hold on my feeble brain.
REHMBut, Laura, you have very different reasons.
DONOHUEYeah. I just -- I feel that it's, first of all, an invasion of privacy in many ways. It is a corporation. It's third-party data. I'm aware of the legal implications of that. I have seen students who've had job offers rescinded when corporations or law firms have gone on the Web and taken a look at the types of things that's on their Facebook pages. I think it's starting to be used in all sorts of ways that are very concerning.
DONOHUEOnce you go on Facebook, facial recognition technologies means that other people can upload your photo, so even things you don't upload will then be identified and recognized by the system. They've changed their privacy settings in the past so that what you might think is secure is actually not secure. And I believe that the social network information that it contains is an awesome amount of information and power, basically.
REHMYou've also said you don't know of any people involved with national security issues that are on Facebook.
DONOHUEYeah. So my colleagues who work in this field, not a single one that I am -- that I know well enough that we've discussed this, none of them go on Facebook. (laugh) And that might be because they are aware of the statutory and constitutional, the jurisprudential, the lack of constraints on this information.
TIMBERGI'd just add here that the European data protection authorities have asked Facebook to stop using the facial recognition technology in Europe, but it's still used here.
REHMYou know, I find myself wondering whether Twitter and Facebook have gone over a curve and whether people are realizing the implications that they had not foreseen and may begin to cut back on this. Craig.
TIMBERGI do think we're living through a time sort of dawning to realization about the tradeoffs we've made with technology. And part of what makes my job fun is like I have to map these things out and write about them. But I think most people still don't really understand how much information if already given about themselves. I mean, I walk around with my iPhone, which is constantly emitting (laugh) extremely precise information on, you know, where I am...
REHMWhere you are.
TIMBERG...all the time, right? And it has all my email contacts and all my phone contacts and huge amounts of my private conversation out. I cover technology. I'm pretty security aware. I have not taken this thing off and thrown it in the river because I like it so much, right? I like so many of the things that the iPhone lets me do. And I guess what I urge people to do is to learn about this and understand and make the tradeoffs a little bit more knowingly and curb access where they feel like it crosses a line as Laura has with Facebook.
REHMAll right. To Birmingham, Ala. Good morning, Dibby. (sp?)
DIBBYHi. I had a question about using Photoshop and video editing tools and data editing tools and the potential for false-incriminating information to enter into these databases. I just think, given the amount of access they have the data and the amount that they have to process and the processing power that they have available, that it seems like someone with maybe political motives or vendetta could get in there and make a case for false incrimination.
REHMAll right. Michael Thieme, what do you think?
THIEMEWell, that would -- a bad actor who had access to these systems could, you know, change photos, could change demographic information, could change biographic information. At that point, I think you're not dealing maybe with a technology problem. It's an oversight problem. There are, you know, sort of anecdotal cases of people getting backdoor access to these systems. And, again, I think it comes back to, you know, laws and oversight and transparency into who can get to the systems under what conditions.
REHMBut the problem being these laws have not caught up.
DONOHUEYeah. How the information is kept, how long it's retained, who sees it, with whom it's shared, all of these type of information as well as the importance of audit trails, which there is a technology piece to it in that anybody accessing this information, the recording of who is accessing it and where that information goes, how it's kept, you know, right now, we're not seeing that statutorily required.
REHMAll right. Let's go to Ann Arbor, Mich. Good morning, Ron.
RONGood morning, Diane. My feeling is that this is really a property rights issue. In the U.S., we decided this is a property of the gatherer. And I think that one of your guests mentioned, in Germany, it's the property of the individual. And so, yeah, I believe this is the case in Germany. You can tell Google, take my -- take the picture of my house off of there. And in the United States, we talk about privacy, but in terms of individual privacy, we are not as vigorous in that.
DONOHUESo what you're referring to has also been spoken up in Europe as the right to anonymity. So you also have the right to withdraw information that has been published about you. We don't have that corresponding right in the United States, this concept of property rights, so I want to touch on two aspects of that. Craig had mentioned a moment ago this idea of people following you on public space when he has his iPhone as he walks around, a GPS chip basically, locational data.
DONOHUEA case came to the Supreme Court in 2012 -- they ruled on it -- where there had been a GPS chip placed on a car of an alleged drug dealer's wife for 28 days. And the court in the end decided -- Justice Scalia authored the opinion and -- on grounds of physical trespass, that is the psychical placement of that GPS on the car -- that this was unconstitutional.
DONOHUENow, this idea of property right, a property right in your privacy, that this could be an electronic trespass on that property right is -- might be one way in which the courts could proceed to look at some of these new technologies. The second way is reflected in what could be called a shadow majority in the Jones case, in U.S. v. Jones, which was this GPS case.
DONOHUEThere, a majority of the justices expressed strong unease at the idea that a government could continually monitor individuals for a 28-day period and pick up all the other information that goes along with that, in the process, generating new information that would indicate religious views, political views, familial connections, associates, all of these other elements to it.
DONOHUEAnd so the time is ripe now, in light of these new technologies, to actually look at the mosaic theory of privacy and reconsider our Fourth Amendment doctrine.
REHMAnd you're listening to "The Diane Rehm Show." Here's an email from Steve, who says, "It not just photographs. The government is also expanding use of license plate recognition systems, LPR. So as the LPR network expands and becomes linked, the government can track your movement outside your home. Tie that with facial recognition software, you can build quite a record.
REHMNow, tie that in with your cellphone info -- who you call, your GPS info from your phone -- the government can build a complete profile of all your movements and also tell when you were at home, all legal and all without requiring a court order." Craig.
TIMBERGYeah. That's basically right. (laugh) I was -- when I was down in Pinellas County a couple of weeks ago, down in Florida, you know, I was riding along with the...
REHMWith the sheriff that -- who didn't come on this morning.
TIMBERGYeah. The very smart and lovely guy who apparently was not allowed to be on the show.
TIMBERGSo I rode along with another, you know, a deputy in that department, who was also a very smart and nice guy, and -- but he had that license plate readers on his car. And we drive by and he say, oh, yeah, you know, there's a warrant out on that guy. And he would stop them, right? He actually didn't stop them 'cause -- in that case, but literally a car would go by, and he'd say, that's an expired license. And the -- an alarm would go off in his car.
TIMBERGAnd they're used all over Washington, D.C., where I live. I mean -- and apparently, I don't know (unintelligible) told that, you know, if you moved around Beijing, the government has set up all of these cameras that monitor the comings and goings of various cars. And, of course, we do have red light cameras here. They're taking pictures of us when you go through the lights.
TIMBERGSo there is an awful lot of information being generated about all of us all the time. And it's easy to get a little paranoid about it, I think. I mean, I presume the government...
REHMHave you reached that point?
TIMBERGYou know, I kind of go back and forth. And, you know, I think in most of my life, I'm not interesting enough to warrant a huge amount of government attention but...
REHMYou write for The Washington Post.
TIMBERGYeah. OK. That's a good point there. Yeah. I mean, I guess I try to live -- because I covered the stuff, I'm probably a little bit more aware of the digital tracks I leave. And that's -- I think that's a useful thing.
REHMAnd, Laura Donohue, what specific law would you say is needed now?
DONOHUEWe have nothing that governs, for instance, silent video recording. Title III of the Crime Control Act and Title I of the Electronic Communication Privacy Act from 1986 simply do not cover this. So the circuits are split right now on what to do about this. The Ninth Circuit, the chief judge has said, look, I'm not going to read into the statute that it applies to silent video recording because there's nothing in the statute that covers this instance.
DONOHUEOther circuits have said, look, it doesn't cover it, but we'll read it in with similar-type protections it needs to be in place. It's time for Congress to act and to act quickly to address facial recognition.
REHMWell, it's not just facial recognition. Perhaps the young man who's gone to Hong Kong and you, Craig Timberg, have enlightened us all about what's out there, what's available and what's not being done with it yet. Craig Timberg of The Washington Post, Laura Donohue, Georgetown University Law School, Michael Thieme, president of International Biometric Group, Novetta Solutions. Thank you all.
TIMBERGThanks so much for having us.
REHMAnd thanks for listening. I'm Diane Rehm.
Most Recent Shows
As the New Hampshire primary looms, Republicans brawl over tactics used in the Iowa caucuses. The F.B.I. joins the Flint drinking water investigation. And President Obama calls for religious tolerance at his first mosque visit. A panel of journalists joins Diane for analysis of the week's top national news stories.
Julian Borger: “The Butcher’s Trail: How The Search For Balkan War Criminals Became The World’s Most Successful Manhunt”
After the 1990s conflicts in the former Yugoslavia, the international community identified 161 suspected war criminals. Fourteen years later, every single person on the wanted list had been captured. The Guardian's diplomatic editor recounts one of the most successful manhunts in history.
Two top military officers say this week women should register for future military drafts. This comes after the recent decision to open all combat roles to female service members. The changing role of women in the military.