
European Union Calls for Five Year Strict Ban on Facial Recognition Technology - Anon84
https://techgrabyte.com/european-union-five-year-ban-facial-recognition/
======
dang
The EU hasn't "called for" anything. A discussion paper was leaked.

We ban sites that ridiculously overplay stories like this. Please submit from
more reliable sources.

------
ddevault
I love coming to these threads to watch the crowd who makes their living from
invading the public's privacy attempt to rationalize their worldview, find
loopholes, etc. If your job is mass surviellance, it has always been unethical
and the law is catching up to you. The purpose of these kinds of laws isn't to
bring your business in line - it's to put you out of business. We're coming
for you.

~~~
throwaway713
I have no problem if a company performs facial recognition on me as long as I
give them permission and it is used for specific purposes. Why should the
government interfere with my ability to decide how images of my face are used?

~~~
tjoff
How can a company know that you have given them consent before they perform
the facial recognition?

~~~
Ajedi32
Do the facial recognition, then throw out that data if it turns out the face
in question isn't in the whitelist of consenting users.

Computers aren't like humans. They have the ability to permanently and
irreversibly forget certain information, and they always do exactly what
they're programmed to. A local, on-device facial recognition programmed to
immediately discard information on unrecognized faces has exactly zero privacy
impact. (See also: smart speakers listening for a hotword.)

~~~
tjoff
False positives.

(See also: smart speakers listening for a hotword.)

~~~
Ajedi32
Which is, ironically, a problem that is solvable by improving the accuracy of
voice/facial recognition technology.

~~~
tjoff
Ironically how? Facial recognition isn't banned. Research isn't banned.

Another problem is that the risk of abuse is too great, even if the accuracy
was flawless.

~~~
Ajedi32
I find it ironic because that's one particular privacy problem where better
facial recognition technology is the solution, not the cause.

If the accuracy were flawless then there would be zero false positives, and
the aforementioned issue wouldn't exist at all.

~~~
tjoff
You can't seriously believe that better facial recognition technology will
result in better privacy - in any imaginable future. We live in a universe
where Facebook and Google exist and people in adtech can justify their
actions. Yet perfect facial recognition will lead to better privacy?

Oh, and it is hardly the only issue.

~~~
Ajedi32
You're taking my statement out of context. Better facial recognition would fix
the one particular privacy issue that you brought up. (False positives.) I've
said nothing about adtech, Google, Facebook, or any of the other topics you're
just now bringing into this discussion.

~~~
tjoff
Fair enough, I just don't find that solving one edge-case at the same time as
creating countless new major issues is particularly helpful.

------
no1youknowz
Here is what's happening in the UK.

>
> [https://www.youtube.com/watch?v=0oJqJkfTdAg](https://www.youtube.com/watch?v=0oJqJkfTdAg)

All I can hope for, is that some activist group takes the police to court and
the legislative branch reacts to then impose rules for spying on its citizens.

Some of the things I can think off the top of my head:

1) Citizens can legally opt out by putting on face masks. Especially when it's
cold.

2) Video / Images are stored outside of government bodies and akin to a black
box. Must require warrants to review footage.

3) Video / Images / Data are deleted after 1 year.

4) No data of citizens facial features, body structure, gate are transferred
into a national database.

Honestly though, where the UK is going. I firmly believe in 20 years all
citizens physical meta-data will be tracked and stored in a black box
somewhere and then later leaked on-line.

1984 isn't just a book. It's a handbook by all accounts.

~~~
ixtli
By many metrics the UK is and has been the most surveilled country in the
world for decades.

~~~
blibble
the metrics that include the privately owned CCTV cameras used by shopkeepers
in the same category as those operated by governments?

the UK has issues with creeping authoritarianism in an number of areas, but
millions of shops having crappy 2FPS black and white CCTV isn't a particular
concern of mine

~~~
blub
The whole argument that they're _private_ cameras is rather pedantic and
ultimately pointless.

It doesn't matter who owns what as long as the government can request access
to the data.

~~~
blibble
the concern amongst non-hysterical people is mass surveillance by government,
not ad-hoc requests by the police for VHS tapes of people stealing packets of
bacon

in this situation: the fact they're not controlled by, or accessible to the
state without effort is neither pedantic or irrelevant, sorry.

~~~
blub
After the amount of leaks and revelations in the last decade you're only
embarrassing yourself if you claim that any people concerned about privacy are
hysterical. Whoever is not worried is simply clueless about the power of data.

The fact that there is some extra effort required to get to the tapes does
make it a bit inconvenient, but that won't do you any good if you're caught by
those surveillance cameras in the wrong place at the wrong time. The
investigators will almost always make that effort, since it's part of the job.

------
denzil_correa
I can't read the link as its down but here's an article that does a good job
of explaining the leaked EU report [0].

> As for facial recognition, the Commission document highlights provisions
> from the EU’s General Data Protection Regulation, which give citizens “the
> right not to be subject of a decision based solely on automated processing,
> including profiling.”

It's more nuanced than "a ban on facial recognition". The leaked white paper
is also available [1]

[0] [https://www.euractiv.com/section/digital/news/leak-
commissio...](https://www.euractiv.com/section/digital/news/leak-commission-
considers-facial-recognition-ban-in-ai-white-paper/)

[1] [https://www.euractiv.com/wp-
content/uploads/sites/2/2020/01/...](https://www.euractiv.com/wp-
content/uploads/sites/2/2020/01/AI-white-paper-EURACTIV.pdf)

~~~
asdfasgasdgasdg
So let's say you're the police and you want to keep an eye out for bad guys,
and you have a bunch of CCTVs. According to the rule you quoted, it would be
sufficient to surface the face match to someone, who would manually check that
it is the right person before going ahead and arresting them? That person
could even be the police themselves? I bet people think this is banning a lot
more behavior than it is.

~~~
denzil_correa
The rule I quoted is a summary of the position and not to be taken as legal
framework on decision making. The rules are mulled over in the white paper and
it would take some time to digest it before making a comment on how the rule
could potentially work in the future. The current process is for the white
paper to be published and then call for opinions on comments.

------
prophesi
[https://www.schneier.com/essays/archives/2020/01/were_bannin...](https://www.schneier.com/essays/archives/2020/01/were_banning_facial_.html)

These bans have good intentions, but won't solve the actual root of the
issues, and does more harm than good.

~~~
Seenso
> Regulating this system means addressing all three steps of the process. A
> ban on facial recognition won't make any difference if, in response,
> surveillance systems switch to identifying people by smartphone MAC
> addresses. The problem is that we are being identified without our knowledge
> or consent, and society needs rules about when that is permissible.

It sounds like the ban needs to be broader, and extend to ban _any_ technology
used to automatically identify individuals without their consent using
surveillance sensors.

~~~
prophesi
Yeah. Facial recognition by itself is fine, but let them be in hot water if
they use it for identifying others.

It's similar to how GDPR and similar laws operate. Collecting the data is
fine, but you'll get in trouble if you process & distribute that data without
clearly notifying your users.

~~~
tjoff
Who else are they going to identify, themselves?

~~~
ReverseCold
Maybe they're talking about something like Face ID on an iPhone? You can use
it to identify yourself.

------
AdrianB1
Romania is part of the EU. Officially there is no facial recognition system in
use, but there are a few that are not official and those will not be affected
by the ban because "they don't exist".

A relative was the lead policeman in a case where a person A accused a person
B of a very serious crime. Person B appeared on a camera in the area, police
identified him instantly based on the national database of ID cards (it
contains photos of every person over the age of 14) and arrested the guy.
Luckily for him, he was covered by a different camera for the whole time he
was accused for the crime, but that was discovered after he spend a day in
arrest. The person that make the false accusations simply walked.

There is a database of pictures of people that get an ID card (which is
mandatory, not having one with you at all time grants you a fine). Another one
for passports, but those are optional. Another one for driver's license
(having a driver license with you does not save you from a fine if you don't
have also the ID). These are databases everyone knows about and police are
using every day, no authorization is required.

------
bko
I don't understand how you can ban a machine from doing something that a human
can do.

Consider the following scenarios:

\- I can pay for a person to watch archival video and take notes on paper as
to who comes in and out of frame.

\- I can have software that helps a person crop faces of people coming in and
the person can tag and catalog the people coming in and out of frame.

\- I can have software that identifies human looking things and things that
look like faces and a person can tag those

\- I can have software that identifies human looking things and things and
recommends a similar face. A human confirms.

\- I can have software do everything.

At which point does it become facial recognition? The end results are the same
regardless of which step you ban. So is any ban just meant to make the cost
artificially high? I think you could outsource it anyway via Mechanical Turk
or something similar if there is a real value to facial recognition.

I don't think banning technology is the answer.

~~~
cmendel
The difference is scale. With ML Face recognition we can identify people in
real time, without some safeguards we very rapidly reach a point where we can
track anyone anywhere. Imagine if every camera in the city of London could
identify you, forget metadata we will be able to actively track individuals
taking public transit across a city and identify every individual who the
interact with.

~~~
bko
Yes I agree, I just think that you can build a system to keep a token person
in the loop that will drive the cost down regardless. It's similar to how
regulators tried to ban "computerized trading" and traders literally built a
machine hand that presses the enter key.

Making the cost artificially high by banning a particular type of technology
is not addressing the real problem of civil liberties.

~~~
Ididntdothis
"Making the cost artificially high by banning a particular type of technology
is not addressing the real problem of civil liberties."

I think it helps.

------
belinder
> with exceptions for research and security projects

Isn't the whole point of facial recognition security projects

~~~
netgusto
Well no, tracking for targeted sales is a big use case I guess.

~~~
bhhaskin
It would make more sense to ban tracking for targeted sales no? As this won't
stop people using other methods like Bluetooth and wifi fingerprinting.

~~~
denzil_correa
That's where EU GDPR comes into the frame with informed consent for tracking.

------
Zenst
Prudent approach, gives time to define more finely how, when and what it is
used for etc.

After all, seems a fair few laws are a loophole away from enabling more crime
than the law prevents. So a step back like this, does so in balance towards
the consumer/people over government/business.

But like many things, there will always be exceptions and those that will take
exception to them, which is fair as that is how democracy works - equal voice
and often it has taught us that whilst today their may be a small child at the
back questioning things, there may be more tomorrow and the next day. Showing
that all questions need answers, this is a good start in enabling that. Will
the public engage and have their say heard, or will the EU pull for pubic say
and what balance will play out. We will know over the years and be great to
see how far that goes 5 years from now, once the ban has ended, or been
extended.

------
Nasrudith
Really the "public places" part of the definition betrays a fundamental
informational illiteracy in that they don't acknowledge the separation of the
data from where it is gathered.

Just a few silly demonstrative edge cases:

\- If I run facial recognition software on a public camera feed on a computer
in private would it be legal? \- If in Europe in public and running facial
recognition software on my laptop processing say my own personal family photo
album would I violate the law? \- Would running it on news footage of a public
street be legal? What about if it was an interview where you would get thrown
out if you tried to enter.

~~~
tjoff
Don't see how it does or how the edge cases are elevant. It is there to
prevent anyone from thinking public spaces are free game.

It's also a very different thing to process an image and permanently mounting
a camera in a public space. Something that already requires a license in
many/most jurisdictions, and getting one is hardly trivial.

------
skizm
As a private citizen, would I be allowed to set up a camera on my front porch,
point it at the sidewalk, and store all the data it takes in, including counts
of how many times each "unique" person walks by, etc. Maybe even link it to my
facebook, or a public directory and link all their public info to a profile
and keep all the data on my servers? Does this chance if I am a business?

~~~
vbsteven
I don’t know about the rest of the EU but in Belgium you cannot point it at
the sidewalk. You can only film your own property, not a public space.

~~~
skizm
How does this law allow for taking pictures in or of public spaces? Are you
just now allowed to use facial recognition tech on personal photos of public
places? How does Facebook get around this? Or do they just ignore the law?

------
whyaduck
Meanwhile in the US: [https://www.nytimes.com/2020/01/20/reader-
center/insider-cle...](https://www.nytimes.com/2020/01/20/reader-
center/insider-clearview-ai.html?searchResultPosition=1)

------
huonpine
I wonder in the future if we will look back and see intelligence agency's in
the same light as religious institutions from history. Both using there "all
knowing" information to influence power.

------
narrator
GDPR is great for coverups of official corruption because corrupt officials
can reliably destroy the evidence in the cloud if they get tipped off that an
investigation is starting.

Bans on facial recognition means prosecutors of corrupt officials have to rely
more on eyewitness testimony and eyewitnesses can be intimidated and have
"accidents".

------
franczesko
Any disruptive technology should be preemptively locked before public use.
Times of "move fast and break things" are gone for good.

------
nashashmi
How is it legally possible to ban computation over a set of data? Better yet,
how do you prevent indie developers from doing the same computation on their
personal machines?

If you ban the tech, then you prevent research on it as well. If you ban the
use, you can not catch violators.

~~~
Ajedi32
Anything's legally _possible_ if you're the one writing the law.

As for whether it's enforceable, that's another question entirely.
Historically, bans on the creation, use, and/or distribution of software
haven't done so well in that department. (See export ciphers, piracy, DRM.)

