In today’s world, many businesses are increasingly aware of their responsibility to track and combat a continually evolving threat landscape. Potential security risks include outside and insider threats, cyberattacks, terrorism, severe equipment malfunctions and many others. And these threats are constantly changing, with specific needs required for different markets. For example, airports, transit hubs, hospitals and large campuses must continually reassess their security infrastructures and implement the latest technologies to keep their complex environments as safe and secure as possible. This puts a lot of stress on the infrastructure and requires an extraordinary level of flexibility and adaptability.
At the core of recognizing a potential threat and mitigating vulnerabilities is the ability to ensure that only the proper individuals, such as employees or visitors, are able to enter a facility. Identifying when an unauthorized or high-risk person, such as someone on the no-fly list or a banned hotel guest, attempts to gain access is a very important step in forming a proactive security posture. For this kind of real-time identification and response, organizations are increasingly turning to facial recognition technologies.
However, with the quantum leaps in analytics and data collection, facial recognition can also be used for more than just public safety and security. For example, a camera can match a person’s face to a profile that could outline their personal traveling or shopping habits. Though this type of information is certainly useful for an organization’s marketing strategies, businesses may start to run into privacy concerns when technology is used for purposes outside of security like merchandising or time-and-motion studies.
While many people might be comfortable with facial recognition being used for a no-fly list in an airport, those same people might not agree with the technology being used in a pharmacy or coffee shop to track the frequency of their visits for promotional purposes. As businesses assess their options for adding facial recognition to existing video collection, they need to consider the public response to data being collected from cameras that were once used only for security purposes.
Do Leaders in Security Have an Obligation to Weigh In?
In some respects, manufacturers that make their technologies as widely applicable as possible open those systems up to be used in more ways than originally intended. In these instances, the security industry has the ability to step up and help define best practices for how and where certain technologies should be used. Facial recognition is a topic that could use this kind of introspection and evaluation.
This is not meant to stifle innovative companies, on either the manufacturer or end user side, that continue to invent new and creative ways to use these emerging technologies. Instead, it should encourage companies to communicate data privacy risks and opportunities to consumers, guests, employees and patrons. There are technical, legal and regulatory restrictions around sharing or using certain data, but in any of these areas, the consumer could be unaware of exactly how their likeness is being used.
What Should a Person Know?
In the greater conversation around data privacy, one of the challenges is to determine what could reasonably be expected to be common knowledge. If a person walks into an airport or a convenience store, for example, they are usually aware of cameras. However, above and beyond security surveillance and investigations, the average person might not be aware that a camera can build a profile and use that information for other reasons. This means there are two sides to the surveillance coin: Does a patron know that they’re being filmed with additional facial recognition technology behind a camera? If so, are they aware of all the purposes to which that image could be put?
Some companies, like those in the social media space, are open about the fact that they collect certain information from their users and this data is used for a variety of purposes. Ostensibly the insights they derive from this data allow them to improve the experience for users, but we also know that it is a central part of the extraordinary profitability of the social networks. We will be faced with this existential question more and more as the technology develops: how much information, and privacy, is the public willing to relinquish for public security, convenience and livability? Will social norms evolve consistently, or will we need to provide more controls to individuals to make their own personal choices about their own privacy priorities?
If facial recognition is deployed in an environment for better security, detection and business intelligence, are there ways to use that same data in order to create a unique experience for a consumer? And would that experience outweigh their potential distaste at having personal informational gathered wherever they go?
These considerations are ultimately up to the end user. But it’s increasingly incumbent on security providers to facilitate the discussion and act as an adviser in this area, to proactively advocate the concerns of the public. Ultimately, the goal should be to foster more appreciation for the current capabilities of security technologies, their intended and proper use, and how and where security operations should respect individual privacy rights.
Taking a Proactive Stance
One determinant of whether facial recognition use crosses into a privacy concern is when and where it is used. Is it crucial that every person entering a building or airport have their identity tracked? (the answer, obviously, is “no.”) But it may be more important to use facial recognition to monitor people using public, shared services or critical infrastructure, like airports, transit systems or court buildings. If people see the direct need and application, where that notice is permissible within security practices, they may be more at ease with being recorded and knowing the lengths that organizations take to keep their patrons safe.
The public is starting to become aware of the presence of facial recognition technologies, and selective news stories about abuses create more profound privacy concerns. Companies that offer these technologies, and the applications that deploy them, have a responsibility to advocate for the responsible and fair use of these technologies, and to educate both end user and the public as to their use and impact.
Bruce Milne is CMO and Vice President of Business Development at Pivot3