By: Joseph Segar, Staff Writer
Kelly Conlon was chaperoning her daughter’s Girl Scout troop to Radio City Music Hall in New York City to see the Rockettes.[1] When she attempted to enter the venue with her daughter and her daughter’s friends, she was denied entry.[2] After being pulled aside by security, she was asked to confirm her identity.[3] Security then informed Conlon that her face was recognized by the venue’s facial recognition software.[4] Conlon later found out that she was placed on an exclusion list because she is an attorney at a law firm representing the adverse party in ongoing litigation against Radio City Music Hall and its ownership.[5]
The act of excluding certain individuals from privately owned property is not new—however, excluding individuals by using facial recognition software is. This technology traces back to the 1960s when Woodrow Wilson Bledsoe developed a system of measurements to classify photos of faces.[6] The modern definition of facial recognition technology is “equipment that has the dual role of connecting faces to identities and enabling the distribution of those identities across computer networks”.[7] Its rise in use in the public and private sectors raises public policy concerns that have caught the attention of both state and local governments.
The issues surrounding the use of facial recognition technology include the right to privacy for individuals, adequate security for companies, and flaws in the technology that could give rise to racial bias.[8] On the issue of privacy, Brenda Leong, senior counsel and director of artificial intelligence and ethics at Future of Privacy Forum, argued that a lack of regulation on this technology can lead to “Orwellian futures, where things are tracking you everywhere you go by your face because cameras are everywhere.”[9] Leong is not the only one that believes there should be significant regulation of the new technology. According to a poll conducted by Pew Research, “sixty percent of Americans feel that they should be able to be out in public without being identified and ninety three percent believe that they should be able to control who obtain information about them.”[10]
The federal government has yet to introduce legislation regulating facial recognition technology. In the absence of federal statutes, state governments have approached regulation in various unique ways. One of the most comprehensive state statutes on the topic comes from Illinois, which passed the Biometric Information Privacy Act (“BIPA”) in 2008.[11] This law requires written consent for an entity to collect, capture, purchase, receive, disclose, or disseminate biometric information.[12] It also gives a person a “private right of action” to sue a company for violation of the law.[13]
New York enacted the Stop Hacks and Improve Electronic Data Security Act (“SHIELD”) in 2020, which requires businesses to implement protections for private information of New York residents. That private information includes biometrics like images of faces. The SHIELD law does not give New York citizens a private right of action. Instead, the state’s attorney general has the duty of enforcing the regulations outlined by the statute.[14] The refusal to permit Conlon and her daughter to see the Rockettes did not violate this statute. The statute calls for private companies to protect New York citizens’ biometric information, but it does not require them to ask for consent first.[15] In response to incidents like Colon’s, New York State Senators Brad Hoylman-Sigal and Liz Krueger introduced a new bill that would prohibit the use of facial recognition technology to bar attorneys from public venues.[16]
In 2009, Texas passed the Capture or Use of Biometric Identifier Act (“CUBI”).[17] This law requires private companies to obtain consent for the use of biometric information like facial images. A violation of this statute can result in up to a $25,000 fine.[18] Here also, the state’s attorney general has the duty to uphold the regulations outlined in the statute. Famously, in February of 2022 the Texas Attorney General filed suit against Facebook for violating CUBI.[19]
While Illinois, New York, and Texas have addressed some of the public’s concerns regarding facial recognition technology, most states do not have significant laws regulating its private use.[20] However, the lack of uniformity across states and ongoing litigation involving this new technology may persuade the federal government to finally pass legislation regulating the technology’s use.
[1] https://www.npr.org/2023/01/21/1150289272/facial-recognition-technology-madison-square-garden-law-new-york.
[2] Id.
[3] Id.
[4] Id.
[5] Id.
[6] https://www.nytimes.com/wirecutter/blog/how-facial-recognition-works/.
[7] Samuel D. Hodge, Jr., Big Brother Is Watching: Law Enforcement’s Use of Digital Technology in the Twenty-First Century, 89 U. Cin. L. Rev. 30, 57 (2020).
[8] https://www.nytimes.com/wirecutter/blog/how-facial-recognition-works/.
[9] Id.
[10] Hodge at 71.
[11] https://www.womblebonddickinson.com/us/insights/alerts/facial-recognition-new-trend-state-regulation
[12] Id.
[13] Id.
[14]Hodge at 65.
[15] https://ag.ny.gov/internet/data-breach.
[16] https://www.law360.com/articles/1568193/.
[17] https://www.womblebonddickinson.com/us/insights/alerts/facial-recognition-new-trend-state-regulation.
[18] Id.
[19] Id.
[20] https://www.womblebonddickinson.com/us/insights/alerts/facial-recognition-new-trend-state-regulation.
