The Future of Privacy: Facial Recognition, Public Facts, and 300 Million Little Brothers

It’s been a pleasure to blog this week.  I hope you’ve enjoyed this conversation and I’d love to continue it.  If you’re interested in reading more, check out our book, Wild West 2.0.  It is the most-discussed Internet policy book of 2010 (Jimmy Wales called it “an invaluable guide” to the “brave new world of the Internet”) and it sold out Amazon.com once already.  Or, contact me directly through my site at davidcthompson.com.  Thanks again to Eugene and the whole Volokh Conspiracy for inviting me to participate this week.

This week, we’ve discussed the “Wild West 2.0” metaphor for the Internet.  Today, I’m going to present a few quick ideas that didn’t make it into this week’s posts.   I don’t have enough space to flesh them all out, but I hope to provoke some thoughts and discussions that will continue beyond this week.

What will widespread surveillance and facial recognition do to privacy?

It’s always been the law in the U.S. that images you take in public are yours to use non-commercially.  There are a few exceptions around security, peeping Toms, and so-called “upskirt” photography, but basically you can take a photo from any public place and make any non-commercial use of it.

There are good reasons for this policy, ranging from a basic respect for the free press and free expression, to the First Amendment.

But, today, facial recognition is quickly becoming available on a wide scale.  For just one example, an application called Face.com allows Facebook users to use photo recognition to find their friends in photos (even if they have not been tagged, or if they have removed their tag).  Using the tool, it’s often possible to find hundreds of untagged photos of your friends (or yourself) posted by other people.

The Face.com developers just released an API (programming interface) to allow other websites to use the same technology.  So far, Face.com has restricted use of the technology to known faces, but nothing technological prevents them from using their database of hundreds of millions of Facebook photos to identify millions of people in public photos.

The results of just one company unleashing photo recognition on the Internet could be huge.  There are more than 3 billion photos on the site Flickr.com  , and billions more in the unstructured Web, on sites like Facebook, and in automated surveillance systems (every time you walk past a security camera, imagine your name being logged).

The figures above don’t even count the fact that some forms of advocacy corporate surveillance would increase in a world with easy facial recognition.  Why would anti-abortion groups not photograph every person who walks into an abortion clinic, use facial recognition to identify them, and use public name-and-address databases (see below) to target mailings (or harassment) to each person’s home?  Why would anti-gay advocates not do the same for people who frequent gay bars, or liberals target “Tea Party” activists, or statists target libertarians, etc?  Or insurance companies outside bars to monitor drinking and driving, smoking, or any other risk factor that could increase rates?

What does this mean for privacy?   If the freedom to take and post photos cannot or should not be changed, should there be regulation of the uses of facial recognition software?  Should it be a privacy tort to publicly identify private citizens by name if they are walking into an abortion clinic, a gay bar, a Tea Party rally, a divorce lawyer’s office, a police station (to “snitch”), or a substance abuse treatment facility?  What does it mean when Google indexes a list of these names and it comes up first for a search for your name?  How will it affect job prospects, inter-personal relations, and more?

Will we all just get over it and not care that our friends are getting abortions or divorces?  Will anti-gay groups get over the fact that some people visit gay bars?  Will political opponents stop harassing each other?   I hope so, but my hopes are dim.

The end result might be that we all wear low-fitting baseball caps each day, or the aptly-named “FlickrBlockrs” sunglasses that started as an art project but might fill a real need.   But should individuals have to proactively monitor their public image so fiercely?  (Read more about our ideas for privacy in the book, Wild West 2.0.)

Will the future allow a binary public/private distinction?

Right now, the law generally recognizes facts as “public” or “private” with very little gray area in between.  This has caused problems in the Fourth Amendment context, where seemingly-private facts (like your bank account information) are not considered “private” for Fourth Amendment purposes (thanks to the “third party doctrine,” the government simply ask your bank; many scholars find this doctrine problematic).

The Internet sharpened this problem by making “public-but-obscure” facts readily available online.  Privacy interests were often supported by practical obscurity; a court may have a list of all cases and convictions, but very few people bothered to trudge to the courthouse to find out.  The county clerk’s office may have a hardcopy list of home owners and their property values, but nobody actually checks.

But online, these records are being rapidly digitized and made searchable.  And because they are all “public” information for privacy purposes, there is currently no restriction on how the information can be displayed.  So far, no case of which I am aware has held that online “white pages” or “dossier” sites (like Spokeo.com, WhitePages.com, Intelius.com, and many others) cannot create a dossier of private-seeming information like your income, hobbies, credit score, home address, phone number, political contributions, and more—just so long as each data point was drawn from a “public” source.

The result of the end of practical obscurity has turned a lot of privacy upside-down.  Criminals now routinely use public records databases for identity theft purposes (itself illegal, but hard to catch), to stalk their victims at home (same), and to identify candidates for burglary or other attacks.  Millions of people (below) now casually flip through their neighbors’ dirty laundry online, ranging from bankruptcy filings to property records to divorce records.  Maybe this information has always been “public,” but it was never so readily available.

Will the law continue to recognize only “public” and “private” information?  Or will it develop shades of gray to recognize that obscurity can protect privacy while allowing “legitimate” uses.  Scholars have discussed ways to limit data like property records to their original purpose (making sure property taxes are apportioned fairly) by encouraging states to strip names from the data before publication; of course, this works only if there are no other records that correlate names to addresses.  Will that be enough?  Or is it a good thing that all these facts are public?

Does the Law Recognize the 300 Million Little Brothers Problem?

The section above should suggest it, but her it is expressly: we no longer live in a nation of Big Brother; we live in a nation of 300 million Little Brothers.

Much of our law is based around fear of surveillance by the government (Big Brother).  The Fourth Amendment is the easiest example; it is based around a fear of an overly intrusive government acting in its role as sovereign.  Statutory law like the Electronic Communications Privacy Act also seeks to protect individual privacy against the government.  And laws like the Stored Communications Act and HIPPA prohibit corporations from revealing certain information about you.

But now an equally real risk is 300 million Little Brothers.  We’ve moved from the Panopticon—where the guards can see everything—to a suburb of glass houses where everyone can see each other.  This is a powerful development for politics (we can now watch the watchers), but it has changed inter-personal privacy as well.  What laws (if any) should be updated to reflect this new reality?  Or should we all just get used to living in public–to quote Google CEO Eric Schmidt If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”  The power of the Internet is increasingly moving toward making sure that everybody knows what everybody does.  Is this the right direction?

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.