Wal-Mart, Facebook help legislate facial recognition for advertising

Facebook, Wal-Mart and other companies planning to use facial-recognition scans for security or tailored sales pitches will help write rules for how images and online profiles can be used.

The U.S. Department of Commerce will start meeting with industry and privacy advocates in February to draft a voluntary code of conduct for using facial recognition products, according to a public notice. The draft will ready by June.

"We are very skeptical about stomping on technology in the cradle," Mallory Duncan, senior vice president of the Washington-based National Retail Federation Inc., said in a phone interview. "It's not a good idea to develop codes or laws that freeze technology before you have the ability of determining what it's capable of achieving."

In Britain, Tesco Plc is installing face-scanning technology at its gasoline stations to determine customers' ages and gender so tailored advertisements can be delivered to them on screens at checkouts. Retailers may be able to compare customers' images from security cameras with law enforcement photo databases.

Facebook, Apple and other Internet companies have been trying to restore consumer confidence that they protect privacy amid an international backlash over revelations that the U.S. National Security Agency has collected data on their users.

The American Civil Liberties Union and other privacy groups want laws, not voluntary standards, to prevent face scans from being used for spying and tracking. Trade groups like the retail federation, which represents Wal-Mart, oppose regulations or laws they say might cripple an emerging market estimated to reach $6.5 billion by 2018 by MarketsandMarkets, a Dallas research company.

Facial detection technology uses a mathematical formula to create a digital template of a person's face, otherwise known as a faceprint. It underlies one of the more popular Internet activities — tagging yourself and others in photos uploaded to social media sites like Facebook or within photo management applications such as Apple's iPhoto.

Kiosks have been developed that can scan a person's face at a shopping mall to determine gender or age for tailored sales pitches, Duncan said.

An advertising and technology agency in Nashville, Tenn., called Redpepper is testing an Internet application in which users agree to give access to their Facebook profiles and have their faces scanned by cameras at local businesses when they walk in or by. The application then delivers customized advertising deals to their smartphones.

Meanwhile, facial scans are becoming more common to establish identity for secure access to buildings or devices. Apple Inc. received a patent Dec. 3 for a system to use a facial scan to unlock an iPhone or computer.

The U.S. Commerce Department, which will start the discussions in February, says the code of conduct will apply only to commercial use, not to how law enforcement or spy agencies may use it.

The Commerce discussions "can provide meaningful privacy protections without running the risk of legislation that becomes outdated as technology evolves and limits people's ability to use online services," Rob Sherman, policy manager for Menlo Park, Calif.-based Facebook, said in an e-mailed statement. Facebook has almost 1.2 billion users and doesn't disclose how many faceprints it has assembled.

Kristin Huguet, an Apple spokeswoman, said the Cupertino, Calif.-based company declined to comment.

Wal-Mart doesn't use facial recognition in its stores but is looking into the technology primarily for security purposes, Brooke Buchanan, a company spokeswoman, said in a phone interview. The company will be represented by NRF at the Commerce talks.

Voluntary standards written primarily by companies with a business stake in using facial recognition won't ensure adequate protection of people's privacy, such as preventing facial scans of people without their knowledge, said Christopher Calabrese, an ACLU lawyer in Washington.

"One of the most serious concerns about facial recognition is it allows secret surveillance at a distance," he said in a phone interview. "Suddenly, you're really not anonymous in public anymore."

Once a company obtains facial images, it can use them to identify people, track their movements and build profiles of their personal lives, Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy group in Washington, said in a phone interview.

"This is all about giving a digital stamp of approval to the industry's ever growing collection of U.S. consumer data," Chester said.

Companies can combine facial data with applications that track a person's location or online browsing habits, Chester said. This "commercial surveillance" is vulnerable to being searched or obtained by the NSA or other government agencies, no matter how companies try to protect it, he said.

The NSA has hacked into fiber-optic cables abroad to access Internet companies' data and uses court orders to force businesses to turn over customer information, including so- called cookies that track websites they've viewed, according to reports in the Washington Post, the New York Times and the U.K.'s Guardian newspaper.

The reports were based on documents leaked by former NSA contractor Edward Snowden, who is now in Russia on temporary asylum.

Growth in the facial-recognition market is being fueled by cameras with the ability to capture quality photos, databases with photos linked to people's online identities, and computing power to analyze images, Joseph Atick, co-founder of the Washington-based International Biometrics and Identification Association, said in a phone interview.

"This is a perfect storm," said Atick, who pioneered the technology in the 1990s. "There is reason for alarm."

The association, which represents Lockheed Martin Corp. and other technology companies that work with facial recognition software and hardware, wants the code of conduct to be voluntary with the Federal Trade Commission supervising how companies implement it, Atick said.

Lockheed Martin "is committed to policies setting forth privacy practices for facial recognition technology," although it is premature "to discuss the specifics of the issue as the guidelines are still being drafted," Donna Savarese, a spokeswoman for the Bethesda, Md.-based company, said in an e-mailed statement.

Companies should be required to notify people and get their consent before using the technology on them, Atick said. Companies that pledge to abide by the code and fail to do so could be punished by the trade commission or face class-action lawsuits, he said.

The technology holds great potential to benefit society, for commercial proposes and security uses such as finding criminals, Atick said. It must be handled with "the utmost care" in order to not lose the confidence of consumers and citizens, he said.