Guest Post: Face recognition and the philosophical, societal and legal debate
25 July 2018 15:41 GMT

By Raphaël de Cormis, Vice President Innovation Labs at GEMALTO

These days, there is much controversy regarding facial recognition technology, widely explored by the media, both online and in print.

As a supplier of biometric technology such as facial recognition , it is essential to remember that everything depends on a range of factors including how it is used, for what purposes, and whether or not there is a legal framework in force.

With facial recognition, there is a promising range of use cases based on a system of real-time capture and verification of biometric information. One of the greatest benefits of this technology is that it offers a simple, reliable and fast way to authenticate for payment, to secure physical access, to identify with a service provider, and to protect public spaces. And it is with this last usage that the controversy is greatest, since it can involve technology can be used without our knowledge. It all depends on the particular situation, and there is a big difference between an automated border crossing check and an Orwellian sci-fi scenario.

The real question is whether or not biometrics should be used as "web cookies" in real life.

Protecting public or private spaces where large numbers of individuals come together, such as stadia and concert halls, is a real challenge that today, only advanced technology is able to meet, because it needs to be fast, accurate, and non-intrusive.

But what about individual consent? One must remember that there are differences in terms of regulations governing private and public spaces. For example, in France, there are clear rules governing the use of video surveillance. Transportation companies are not allowed to store information collected by video surveillance, and there must be clear, visible notification that cameras are in use in any area protected by such technology. The good news is that there is a real surge in such regulations in order to ensure proper transparency and data storage or deletion, and to establish who has the right to access and manage any relevant databases.

When online, we accept that our activity may be traced and analyzed in order to facilitate interaction, and we have rights and choices in that respect. Similarly, biometrics have the potential to be used like "cookies" are on the web, in order to improve our user experience in real life.

But in terms of the use of real-time facial recognition to secure spaces, we are clearly touching on surveillance-related issues that could infringe on our privacy, and even on our fundamental human rights. Today, it seems there is no universal law and such issues are managed by individual countries and the frameworks their governments choose to impose or not.

As a result, there are huge discrepancies, both ethical and legal, depending on where you are. Whether one is in Europe, where the GDPR guarantees the protection of individual rights; or whether in certain states of the USA where the opposite is the case; or whether one is in China, where biometric data can be legally harvested for commercial or marketing purposes; it is clear that we are a long way off having a shared and clearly-defined legal framework for all.

Reactions like Microsoft's call for public regulation are legitimate, and underscore the influence that the private sector can bring. It should be noted, however, that the National Institute of Standards and Technology (NIST) in the United States has already defined regulations for suppliers of non-commercial biometrics technology for public use. It is a good start, but the stakes remain high, because it is all about finding the right balance between the individual rights and a duty of protection on a governmental level.

In conclusion, any new technology as powerful as biometrics can be welcomed only when it is deployed and implemented within a legislative framework that is respected by a majority of countries, in order to consolidate strong common foundations.

If there is one thing we can all agree on, it is that without a legal and responsible framework, facial recognition is something upon which we will never agree.