SIA Testifies on Facial Recognition Before California State Assembly

legislature building

As part of the Security Industry Association’s (SIA’s) advocacy work on the issue of facial recognition, Jake Parker, SIA’s senior director of government relations, testified on March 10 before the California State Assembly’s Committee on Privacy and Consumer Protection.

Parker testified before the committee, led by chairman Ed Chau, at “Shaping the Future of Facial Recognition Technology in California: Identifying Its Promises and Challenges” – the assembly’s first heading on facial recognition – providing industry input on the benefits of facial recognition technology. See SIA’s testimony here.

Chairman Chau, members of the committee, thank you for the opportunity to speak to you today. The Security Industry Association represents over 1,000 companies providing security products in the United States, including 142 headquartered in California. Our members include many developers of facial recognition technology, and California is home to several key leaders in the field.

We just heard a great overview of the development history of facial recognition. I would like to follow on with come comments about the work of the National Institute of Standards and Technology (NIST), since they were not able to make it to the hearing today as originally planned. NIST is the global leader in performance evaluation of facial recognition technology, and their recent studies show that modern facial recognition technology is highly accurate. NIST has found that the facial recognition software it tests is now more than 20 times more accurate than it was just a few years ago in retrieving a matching photo from a database, and its September report found “close to perfect” performance by high quality algorithms with miss rates averaging just 0.1 percent. This reaches the accuracy of automated fingerprint comparison, which is viewed as the gold standard for identification.

On the issue of demographic effects, context is critical, as image quality issues have actually been the most significant challenge to accuracy, versus demographic effects. However, the view in our industry is that the recent NIST demographic report provides a comprehensive answer to many of the public’s most pressing questions about facial recognition accuracy and related concerns about bias. It found highest performing technologies had “undetectable” differences in performance across demographic groups, while most others performed much more consistently than had been widely reported in the media and a number of non-scientific tests. While some commentary has focused on the very lowest-performing algorithms, it’s important to point out that key government programs are already using the highest-performing technology tested – with accuracy rates well above 99 percent and undetectable false positive performance across demographics, even when tested against galleries of up to 12 million images.

To fully comprehend the benefits of facial recognition, you have to consider whether use of this technology – typically to assist, not replace, human analysis – is better than the alternative of human recognition only. Here the evidence is indisputable, as documented in a NIST study two years ago and elsewhere – automated facial recognition along with human analysis, is more accurate and less biased than human recognition alone.

You’ve likely heard some perspectives that call for severely restricting or even banning the technology. The key question here is whether it’s appropriate to limit processes to human capability alone when this advanced tool is available, especially where it impacts safety and security.

The benefits of facial recognition are not potential or hypothetical – they are proven and growing. In the public sector for example it has been used for over a decade to improve the speed and accuracy of criminal investigations. In any process where there are potential high-consequence outcomes, the technology serves only as a tool to assist personnel. This may explain U.S. law enforcement’s decade-plus operating history in many thousands of instances, without any confirmed example of the technology resulting in a mistaken arrest or imprisonment. 

One success story is rescuing trafficking victims. In April last year, a California law enforcement officer saw a social media post about a missing child. The officer used a facial recognition tool called Spotlight, returning a list of online sex ads featuring the girl. According to a story in WIRED magazine, the girl had been “sold for weeks,” but the officer’s actions helped a process that recovered the girl and removed her from trauma.” She was just one of 15,000 victims rescued using this tool in the last several years.

In August, the NYPD responded when a man sparked terror by leaving rice cookers around a subway station, using facial recognition to identify him from their arrest database within an hour. Officials were quoted later saying, “To not use technology \would be negligent” and “This is the most important type of case that we’d see out there: a possible terrorist attack.”

In May last year, three members of the LGBTQ community were shot and killed by a man at a home in Wayne County Michigan. The Detroit Police Department used facial recognition and other methods to help identify the suspect based on security footage from a nearby gas station.

It’s also been used to solve cold cases. After a 16-year manhunt, a man was apprehended in Oregon in 2017 who was accused of sexually assaulting a minor. Using facial recognition technology, the FBI was able to identify the suspect after he applied for a U.S. passport.

The technology also plays a key role in detecting fraud against state programs, which enables identity theft and other criminal activity. In 2014, the Kansas Department of Motor Vehicles facial recognition system sparked an investigation leading to the largest forced labor-trafficking case in the United States. In 2018, New York’s DMV found more than 9,000 cases involving drivers with records under more than one identity.

There are also many non-law enforcement uses that are increasingly important in public sector applications, like secure authentication, access control for sensitive areas of buildings, and use as part of security systems that protect employees and visitors to government facilities open to the public. Many schools and universities have implemented or are considering the technology to protect students and teachers, by notifying staff when an enrolled person of interest arrives at a facility – such as a sex offender or a person who has made violent threats.

In the private sector, facial recognition is providing enormous benefits, providing individuals an option to securely and conveniently prove their identity, in order to enter a venue, board a plane, perform remote online transactions, and access personalized experiences–all while reducing the need to show documents containing personally identifiable information or otherwise expose themselves to potential human bias. In airports across the country – from San Jose to Atlanta – the technology is giving passengers the option to more quickly and seamlessly pass from the curbside to their airplane seat, in some instances without removing their identification or boarding pass from their pockets.

Specific to the security industry, it is also enabling businesses to better protect their employees, customers and property. Facial recognition can provide additional security for facility access control, typically to augment other access credentials such as keys or cards, which can be shared, stolen or simply lost. Biometric entry systems can also provide additional convenience for registered users. In large commercial buildings we are seeing use with turnstiles for employees and authorized personnel to access elevators. This can dramatically increase the speed of entry as it eliminates fumbling for credentials. Buildings with high-security needs, can utilize a photograph, along with another credential, to easily add multifactor authentication. The technology also gives businesses the ability to alert staff to a potentially dangerous situation, where a person with a restraining order or a disgruntled former employee for example, attempts to enter. 

In another example, the technology is being used to address skyrocketing organized retail crime in California and other states. Some stores are using facial recognition at entry points to alert customer service staff to greet known thieves when they enter a property. This modern-day equivalent to posting a shoplifter’s printed photo can help deter crime without involvement from law enforcement. In one case, stores using this strategy are finding that over half the individuals enrolled stop shoplifting in covered stores after two to three visits and 80 percent stop after 8-10 visits. Product shrinkage is reduced by 30 to 70 percent.

Many financial institutions are using the technology to protect their customers against identity theft and fraud. If someone attempts to open a line of credit using a fake driver’s license with a customer’s real information, this is detected after the teller takes their photo as part of the application process, which is checked against the customer’s information. It’s increasingly important to the hospitality industry, for registration and admission to a venue, or recognition in VIP programs and other ways that personalize and improve customer service. In health care facilities it’s used in a variety of ways that protect the health and safety of patients and staff, which is becoming increasingly important as concerns about COVID-19 mount. This includes providing touchless access so that only trained and authorized personnel can enter sensitive areas like “clean rooms” in order to eliminate risk of contamination. Facial recognition and other biometric technologies can also provide a way to identify unconscious patients in need of emergency assistance.

It’s clear this technology makes our citizens safer and brings value to our lives when used effectively and responsibly. We believe that broad range of public and private sector applications, transparency should be the governing principle to ensure responsible use, without unreasonably restricting this essential technology tool.

Development of any policy on facial recognition must take a risk-based and use-case specific approach, because uses are so varied, and present extremely varied privacy considerations depending on the application. Many involve identity verification where there is already consent or an existing requirement to prove one’s identity – these have little impact on privacy or civil liberties. In other applications a property owner should be allowed to secure their premises using the technology but otherwise should obtain consent before offering convenience or commercial benefits.

The approach needs to be thoughtful and thorough. A rush to implement one-size-fits-all rules could result in unintended consequences if the full range uses are not considered. It also should be appropriately flexible, tailored to address the specific privacy risks that specific applications may pose.

While any technology has the potential for misuse, we believe facial recognition should only be used for purposes that are ethical and non-discriminatory, and consistent with our constitutional framework of laws and regulations.

That’s why it’s especially important for transparency to accompany government applications. Practical measures include posting clear use policies, providing privacy impact assessments, and implementing procurement requirements for top-performing technologies. On the other hand, wide-ranging restrictions singling out just one technology tool will fail to address important underlying social justice and other concerns at the root of many facial recognition debates.

As the committee examines these issues, we encourage you to continue to work with a wide range of stakeholders. On behalf of SIA and our members, I appreciate the opportunity to provide collective input from our industry.