Privacy groups to quit US talks on facial recognition standards

The groups believe that the talks aren't likely to lead to adequate protections for consumers

Nine privacy groups plan to withdraw from U.S. government-hosted negotiations to develop voluntary facial-recognition privacy standards because the groups feel the process won't lead to adequate privacy protections.

Industry representatives at the talks have been pushing to limit consumer control over the facial recognition data collected, the groups said in a letter to be released Tuesday.

"We are convinced that in many contexts, facial recognition should only occur when an individual has affirmatively decided to allow it to occur," wrote the groups, including the Center for Digital Democracy, the Electronic Frontier Foundation and Consumer Action. "Industry stakeholders were unable to agree on any concrete scenario where companies should employ facial recognition only with a consumer's permission."

The talks, hosted by the U.S. National Telecommunication and Information Administration, started in February 2014 and participants have invested about 40 hours of work in 11 meetings, said Alvaro Bedoya, executive director at the Center on Privacy and Technology at Georgetown Law, which is also withdrawing from the negotiations.

The nine groups withdrawing from the talks represent all the major privacy and consumer groups that were taking part.

The NTIA is disappointed that some participants have withdrawn from the talks, the agency said. "Up to this point, the process has made good progress as many stakeholders, including privacy advocates, have made substantial, constructive contributions to the group's work," an agency spokeswoman said by email.

Several other participants want to continue meeting to "tackle some of the thorniest privacy topics concerning facial recognition technology," she added. "The process is the strongest when all interested parties participate and are willing to engage on all issues."

At last Thursday's meeting, privacy organizations left early after the group failed to make progress on consumer consent issues. The problem isn't with the NTIA process, but "in the resistance of industry associations to embrace privacy choices that leading companies like Microsoft and Google made a long time ago," Bedoya said by email.

In many cases, facial recognition vendors have been more careful with deploying the technology than negotiators at the NTIA meetings have advocated, Bedoya added.

"Due to state laws and just good business sense, most of the leading companies have refused to turn facial recognition on automatically," he said. "Instead, they turn it on only if customers choose to turn it on. Industry associations have staked out a position that is less protective of privacy than the companies they represent -- and far less protective of what consumers deserve."

If the NTIA process goes forward without privacy and consumer groups, that will raise questions about the product, Bedoya added. "If all consumer groups who have been active withdraw, I don't think it can be called a 'multistakeholder' process," he said. "It can be called an 'industry' stakeholder process."

Still, one industry participant said Monday he remained optimistic that the NTIA process would produce a strong set of facial recognition privacy standards. Despite disagreements about the consent issues, participants have made a lot of progress, said Carl Szabo, policy counsel with NetChoice, an e-commerce trade group.

"We're getting to a point when we can start putting pen to paper," he said.

The final standards need to incorporate compromise from both industry and privacy groups, Szabo added. All the new privacy standards being negotiated are "actually limiting on business, in some capacity," he said.

Since mid-2012, the NTIA has convened for a series of negotiations related to technology and privacy, with the first meetings focused on mobile application privacy. The NTIA-led discussions produced a set of app privacy standards that some companies are now adopting, although two privacy groups declined to sign on to the final product.

In March, the NTIA announced it would next host negotiations on privacy standards for aerial drones.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags securityNetChoiceCenter for Digital DemocracygovernmentCenter on Privacy and Technology at Georgetown LawAlvaro BedoyaU.S. National Telecommunication and Information AdministrationprivacyElectronic Frontier FoundationConsumer ActionCarl Szabo

More about Electronic Frontier FoundationGoogleIDGMicrosoftNetChoiceNewsTechnologyTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts