Risks of facial recognition in a business context

Patrick Gray discusses the risks and potential mitigations of using facial recognition technology in a business context.

Long the domain of sci-fi and James Bond movies, facial recognition is finally making its way into the mainstream. Devices like Apple’s Face ID and Microsoft’s Windows Hello have brought facial recognition to consumer devices and helped replace passwords, from unlocking our devices to paying for goods and services.

It’s easy to let your mind run wild with the business use cases for facial recognition – from using employees’ faces as access signals to the myriad of possibilities across industries from shopping to travel. Possible applications range from replacing the relatively common old-fashioned ID cards to personalized marketing displayed on an interactive sign when someone walks by.

See: Artificial Intelligence Ethics Policy (TechRepublic Premium)

As with any new technology, some risks go beyond technical feasibility or implementation challenges and spill over into areas such as ethics and legality. When evaluating facial recognition applications, consider the following challenges.

Is face even a good label?

An unstated assumption behind face recognition is that the human face is unique. Perhaps this assumption is based on people’s ability to pick out a friend or loved one at a glance, and how we routinely use our faces as emotional tools.

However, we all know identical twins and have probably experienced the doppelganger phenomenon where we are mistaken for a stranger. Surprisingly, very little academic research has been done on how unique our faces are, either biologically or on the ability of conventional facial recognition algorithms to reliably identify individuals.

A very dense recent study by Cornell University attempted to examine the effects of age-sex-matched twins on their ability to recognize specific faces using different face-recognition algorithms. The research concludes that we don’t fully understand how unique a particular face really is.

This fact may be acceptable if you are tracking traffic flows in your warehouse or serving customized ads. Still, it could be a problem if you’re using facial recognition to grant access to a secure or dangerous facility, for example.

While it may seem strange to question the fundamentals of facial recognition technology, a face is truly a unique identifier. However, this assumption is not only biologically wrong, as identical twins and doppelgangers show, but it can also be technically wrong.

Just because you can, doesn’t mean you should.

In an age of bundled terms and conditions and other legal entities, it’s relatively easy to protect yourself from the implementation of technologies like facial recognition. You can generally get permission from clients or employees without fully understanding what you’re allowing and without making your legal department happy. However, it’s worth pausing and applying the headline test: How would you feel if your activities were couched in plain language as a headline story in a major news outlet?

Using facial recognition to keep hourly workers on and off might be fine, but if you install hidden cameras near restrooms and schedule workers for “bio breaks,” what message does that send to workers? Likewise, it’s technically possible to use facial recognition to gather demographic information, but how do you explain the baseless accusation that you’re racially profiling your employees or customers? Many facial recognition algorithms promise the ability to read emotional states, but what happens if your algorithm misinterprets a certain gender, race or age and causes your company to treat them differently?

This event is already playing out. Tech giants from the Internal Revenue Service to Amazon and Microsoft have been in the press for using facial recognition technology.

Test the non-technological concerns as much as you test the technology

Technology leaders are used to building proofs of concept or pilot testing technology they know little about. You can apply the same approach to check the ethics and reputation of the technology.

For example, if you’re considering capturing demographic data on your employees, create a new policy document outlining how the company will handle and store their data for a hypothetical company, and see how some current employees respond. You can create a hypothetical news story and test the reactions of some key customers, or run dozens of similar experiments.

Just as you wouldn’t invest heavily in an unknown technology without initial and limited testing, you should test consumer awareness for risky technologies like facial recognition.

Facial recognition technology undoubtedly has interesting applications, and the popularity of devices like Apple’s Face ID proves that users are willing to adopt them when used properly. However, there are also significant back-and-forth and reputational press issues caused by the correct or incorrect application of these technologies. It’s worth taking the time to understand the risks of implementing them in your company.