Nothing gives people the creeps more than the sense that some hidden force is watching them. In George Orwell’s telling of this story, that force was a totalitarian government surveilling the public to suppress dissent. In the contemporary version, it’s a seemingly ubiquitous Internet company vacuuming up personal information to build profits. Like, say, Facebook.
In its latest privacy intrusion, the Silicon Valley powerhouse has built a gargantuan photo collection of the faces of Facebook users — and non-users. For now, the company is using the database and facial recognition software only to help users identify the people in the snapshots they upload to the social network. Nevertheless, it’s just the kind of repurposing of personal information that companies should obtain users’ permission for — a step that companies don’t like to take because it results in fewer people participating.
Facebook’s users collectively upload millions of photos daily, and the company has long encouraged them to add digital tags identifying the people in them. What it didn’t tell users was that it was using that information to build a database of facial images. Late last year it started using this database to identify people automatically, although the person uploading the photo still had to confirm the tag.
The feature isn’t as disturbing as it could be. When someone uploads a photo, Facebook suggests identities only for the people whose images it recognizes within the uploader’s circle of Facebook friends. It also notifies people when they are named in a photo so they can delete the tag if they choose to, and it lets users change their privacy settings to prevent them from being identified automatically.
Still, the system encourages people even more strongly to disclose information about others who might not welcome the exposure. When someone tags you in a photo, the social network’s default setting is to notify all of your Facebook friends. If it’s an image you’d prefer not to be seen, by the time you remove the tag it’s probably too late.
A larger concern is what Facebook may eventually do with its growing collection of facial images — for example, how it might make the technology available to advertisers, or how it would respond to subpoenas. European regulators are investigating the facial recognition system; a group of U.S. privacy advocates are asking the Federal Trade Commission to do the same, arguing that Facebook hoodwinked users into providing the images and tags for the database. Facebook has issued a partial mea culpa, saying it should have given users a clearer heads-up when automatic identification was enabled. What it really should have done, though, was ask them to opt in instead of merely, quietly, giving them a way out.