Information & Ethics Committee on June 16th, 2022

Thank you for your question.

I agree with what Mr. Israel said earlier, which was that the onus and the burden should be on the entities seeking to use facial recognition. Certainly I think private companies would say there's an advantage. They are making money off of it. Collecting data, as we know, is very profitable. I don't think that's an advantage this committee should consider when weighed against the invasion of rights.

When we're talking about law enforcement and government uses, I think it's true that new technology will always be claimed to be solving age-old problems, but I don't see any evidence that the use of facial recognition technology and any perceived benefits it might bring to law enforcement outweigh the type of transformation it would render in society.

Yes.

There are a lot of companies marketing the ability to do this right now. The science is not there to support it.

Currently, all the experts say that there is not a reliable link between our physical or biological manifestations and those mental states or propensities, but I think the real fear, of course, is that society will come to accept these links, that we'll go back to an age where we thought physiognomy or physical characteristics revealed character and that this new technology will be seen as providing new and objective truth.

I'm not sure that the fear is that it will in fact reveal mental states, but the concern is that it is being marketed as such.

It is absolutely not a lost cause, and there is plenty of time for the government to take action. Regulating the flow of information going forward is critical to putting a halt to some of the harms we've seen.

It's not inevitable that we continue to be awash in biometric information, that we continue to be tracked. What has come before, of course, has come before, but moving forward, we can put guardrails in place. We can have strong laws and regulations. Just because an industry has been unregulated in the past doesn't mean that it's too late to solve it now.

That is certainly one element of it. I also want to highlight, though, that oftentimes data is collected from people without their consent. So many people who use the Internet to shop or to search for information don't know how they're being tracked.

As I mentioned, face prints being captured are often captured without our consent. Nobody meaningfully can say “no” if surveillance cameras are gathering that. This is not a problem of people willingly giving up their biometrics. Most of the time, people don't know, which is why a knowledge and consent requirement before biometrics are captured is very critical.

Yes. We filed a lawsuit against Clearview under an Illinois state law known as BIPA, the Biometric Information Privacy Act, and we settled that lawsuit.

Under the terms of the settlement, there are two key provisions. Clearview can no longer provide to any private entity access to its database containing millions and millions of face prints nationwide—permanently. It's a permanent ban on selling to private entities in the country, with a few exceptions, and a five-year ban on law enforcement access within Illinois.

The only way we were able to bring this lawsuit is that Illinois has the Biometric Information Privacy Act, which makes it rare in the United States, and that law shows the potential of regulation. That law is what enabled us to sue Clearview and reach the settlement whereby Clearview can no longer sell its face print technology to private entities around the country.

I would be happy to do that.

Our lawsuit doesn't address anything they do outside the United States. That's correct.

One of the areas that we have been concerned about is the expansion of facial recognition and other biometric technology in airports. We haven't looked specifically at Nexus, but the same principle holds with, for example, the global entry system in the United States.

The concern, of course, is that as people become required to provide face prints or iris scans to access essential services—going to the airport, crossing the border, entering a government building—it facilitates a checkpoint society the likes of which we haven't seen before. These are not contexts in which people can meaningfully opt out, so one clear area of regulation could be providing people with a meaningful opt-out by saying that, if you don't want to prove your identity via an iris scan, we'll provide you the option to do so another way, with your passport, for example, or with your Nexus card, for example.

On the airport use and the border use, because it's such a coercive environment, because people don't have the choice to walk away, that has been a big concern.

It's exactly as Ms. Bhandari said. It's a big problem, because programs like Nexus are opt in, in a sense, but the pressure to get through the border—the explicit use of the border as a pain point to encourage travellers to sign up for these types of systems—is a problem.

Canada, for example, piloted a program with the Netherlands, one developed by the World Economic Forum. It's basically a digital identity, housed on your phone, with a lot of your passport information and additional social identity verification program information. The idea was to see if that could be used in replacement of a passport, in order to facilitate border crossings. Facial recognition was the technology built into that system. The end vision of that system—it's very explicit—is getting travellers to voluntarily sign up for it to avoid delays at the border, because it gives you access to faster security processing. However, it later becomes available to banks, telecommunication companies and other entities, as well, for similar identity verification programs.