Proactive approach from White House, NIST needed for facial recognition technology, report says

Federal laws and regulations haven’t kept pace with advancements in facial recognition technology, a fact that merits executive action and more responsibility for agencies including the National Institute of Standards and Technology, a new report sponsored by the Department of Homeland Security and Federal Bureau of Investigation recommends.

The National Academies of Sciences, Engineering, and Medicine report, released Wednesday, found that the nation is lacking in “authoritative guidance, regulations, or laws to adequately address issues related to facial recognition,” a technology that has only grown in use in recent years with the rapid adoption of artificial intelligence models that fuel the tech. 

The report’s authors said it’s incumbent upon the U.S. government and lawmakers to be more proactive on legal and regulatory questions. 

“It is crucial that governments make tackling these issues a priority,” Jennifer Mnookin, University of Wisconsin-Madison chancellor and co-chair of the committee that wrote the report, said in a statement. “Failing or choosing not to adopt policies and regulations on the development and use of facial recognition technology would effectively cede decisionmaking and rulemaking on these important questions of great public concern entirely to the private sector and the marketplace.”

The report’s authors — who conducted the study independently of their DHS and FBI sponsors but were guided by questions from the agencies and NASEM staff and board members — noted the race and equity shortcomings inherent in facial recognition technologies, which are disproportionately reliant on data from white people. 

With that in mind, the authors urge the president to issue an executive order that develops guidelines for federal agencies on “the appropriate use of facial recognition technology” that takes into account “both equity concerns and the protection of privacy and civil liberties.” 

Meanwhile, the report said that Congress should consider a handful of legislative efforts on facial recognition, including storage limits on facial images and templates; mandated training and certification for system operators and decision-makers, such as those working in law enforcement; passage of a federal privacy law surrounding facial recognition technology or the adoption of federal privacy legislation targeting commercial practices that undermine privacy; and tackling specific concerns regarding the technology, such as surveillance and the potential for harassment and blackmail.

“The number of uses will continue to expand as the technology becomes more widespread and inexpensive,” Edward Felten, a committee co-chair and founding director of the Center for Information Technology Policy at Princeton University, said in a statement. “For example, it is likely only a matter of time before stores routinely scan customers’ faces upon entry to personalize shopping experiences and marketing, and perhaps more troubling, private individuals could potentially use it to target others.”

From a federal government perspective, the report’s authors recommended that NIST take on a greater role, calling on the agency to “sustain a vigorous program of facial recognition technology testing and evaluation to drive continued improvements in accuracy and reduction in demographic biases.” NIST’s Face Recognition Technology Evaluation verification process was cited as “a valuable tool,” making the agency the “logical home” for facial recognition regulatory activities within the government.

The authors also recommended that the federal government develop a risk management framework for organizations that takes into account the “performance, equity, privacy, civil liberties, and effective governance” implications of facial recognition technology. NIST’s Cybersecurity Framework and AI Risk Management Framework were singled out as positive examples of this approach, making the agency a natural fit for developing something similar for facial recognition technology.

DHS and the Department of Justice, meanwhile, are charged by the report’s authors with developing a “a multi-disciplinary and multi-stakeholder working group on facial recognition technology to develop and periodically review standards for reasonable and equitable use, as well as other needed guidelines and requirements for the responsible use” of the technology by federal, state and local law authorities.  

“As governments and other institutions take affirmative steps through both law and policy to ensure the responsible use of [facial recognition technology], they will need to take into account the views of government oversight bodies, civil society organizations, and affected communities to develop appropriate safeguards,” the report stated.