Facebook Biometric Snooping Called Illegal
CHICAGO (CN) - Facebook violated its users' privacy to acquire the largest privately held stash of biometric face-recognition data in the world, a class action claims in Chancery Court.
Lead plaintiff Carlo Licata claims Facebook began violating the Illinois Biometric Information Privacy act of 2008 in 2010, in a "purported attempt to make the process of tagging friends easier."
Through its "tag suggestions" program, Facebook scans all pictures uploaded by users and identifies any Facebook friends they may want to tag, according to the April 1 lawsuit in Cook County Court.
Facebook got its facial recognition technology from the Israeli company Face.com, which Facebook later bought. Face.com is not a party to the lawsuit.
Though it may seem at times that a major purpose of Facebook is to allow people to share too much information about themselves, Licata says this form of data mining violates users' privacy.
He calls it a "brazen disregard for its users' privacy rights," through which Facebook has "secretly amassed the world's largest privately held database of consumer biometrics data."
Sen. Al Franken, among others, has criticized Facebook for this, according to the complaint.
The company identifies Facebook friends in photos by scanning their faces, extracting facial feature data and comparing it against their "faceprint database," or what it calls templates.
But Licata claims Facebook "actively conceals" this from its users and "doesn't disclose its wholesale biometrics data collection practices in its privacy policies, nor does it even ask users to acknowledge them."
That's illegal in Illinois, Licata says. The Illinois Biometrics Information Privacy Act made it unlawful to collect biometric data without written notice to the subject stating the purpose and length of the data collection, and without obtaining the subject's written release.
The Federal Trade commission suggested that for private companies to use biometric data that they should provide clear notice of how the technology works, what they are collecting and why, and get consent. But this, Licata says, "is precisely what Facebook did not do when it rolled out its facial recognition program."
Facebook "automatically enrolled its users into its facial recognition program to collect their biometric identifiers-a practice that continues to this day," according to the complaint.
Licata claims that Facebook was "calculatedly elusive" in explaining the program.
At a 2012 Senate hearing on biometric technology, Facebook privacy and public policy manager Robert Sherman testified that the "tag suggestions" program is merely a "convenience feature" and that users' data is secure .
The company's faceprint database works only with its own software, and "alone, the templates are useless bits of data," Sherman said. He said that users can opt out of the feature and their data will be deleted.
Licata claims that due to lack of informed consent, users can opt out only after they have been unwittingly opted in.
At the hearing, the panel discussed the fact that "Americans cannot take precautions to prevent the collection of their image," and that data can be used to identify and track people anywhere they go.
"Your face is a conduit to an incredible amount of information about you," Sen. Franken said, adding that unlike a password, a face cannot be replaced or changed.
"Unless you turn it off, it's already been used on you," Franken said of the Facebook program.
Licata claims in the lawsuit that in 2011 the FTC worried about a "third party maliciously breaching a database of biometric information," and that because a person's face cannot be changed, "once exposed, a victim has no recourse to prevent becoming victim to misconduct like identity theft and unauthorized tracking."
Licata seeks class certification and an injunction requiring Facebook to comply with the Illinois law, to "put a stop to its surreptitious collection, use and storage" of users' biometric data.
He is represented by Jay Edelson.