The technology works by identifying faces in images and analysing the spatial geometry of different facial features to create a template of the face. This template can then be compared to a database of faces that have already been mapped in order to verify the identity of the person.
While used widely, facial recognition is not without controversy. Indeed, under the EU AI Act, facial recognition systems are considered high risk and subject to additional restrictions. The Act also asserts that identifications made by biometric systems must be verified by at least two people before action is taken based on this identification and prohibits real-time facial recognition systems from being used by law enforcement except for in a limited number of cases.
In line with the classification of facial recognition systems as high risk, some harms of facial recognition technology have already been realised. For example, the well-known Gender Shades Project found that commercial gender recognition tools are most accurate for lighter-skinned males and least accurate for darker-skinned females. An investigation into 189 facial recognition algorithms by The National Institute of Standards and Technology (NIST) also identified racial bias.
Facial recognition can also lack support from the very people that are applying it; the Detroit Chief of Police claimed that the technology fails 96% of the time. In support of this claim, a study of the facial recognition technology used by London’s met police found that it fails 80% of the time.
In response to the risks associated with the use of facial recognition technology, Baltimore City Council has enacted legislation to ban the use of facial recognition in the city, with penalties of a $1000 fine or imprisonment for violations. Similar legislation also exists in Portland, while New York City legislation restricts the sale of facial recognition and requires businesses to inform customers of their use of facial recognition.
Facial recognition systems must also comply with relevant data protection laws such as GDPR, and Co-operative has recently been accused of violating these laws through their use of facial recognition to blacklist customers who have a history of criminal activity since they did not inform customers that their details were being retained for up to two years.
Where it is still permitted, the use of facial recognition technology has the potential to cause harm through to all four risk verticals. However, through the appropriate risk management strategies, the residual risk of facial recognition can be reduced.
Subscribe to our Newsletter!
Join our mailing list to receive the latest news and updates.