San Francisco Amends Facial Recognition Ban After Realizing City Employees Could No Longer Use Smartphones
from the just-as-long-as-the-only-exceptions-are-cameras-pointed-at-city-employees dept
In May, San Francisco became the first city in the United States to ban facial recognition tech by city agencies. Being on the cutting edge has its drawbacks, as the city has now found out several months later. Tom Simonite and Gregory Barber of Wired report the city's legislation inadvertently nuked many of its employees' devices.
After San Francisco in May placed new controls, including a ban on facial recognition, on municipal surveillance, city employees began taking stock of what technology agencies already owned. They quickly learned that the city owned a lot of facial recognition technology—much of it in workers’ pockets.
City-issued iPhones equipped with Apple’s signature unlock feature, Face ID, were now illegal—even if the feature was turned off, says Lee Hepner, an aide to supervisor Aaron Peskin, the member of the local Board of Supervisors who spearheaded the ban
The law forbids the use of facial recognition tech, even if all it's doing is allowing employees to use their own faces to unlock their phones. An untold number of devices were rendered useless by the ban, but it's probably safe to assume the law was broken repeatedly until its very quiet amendment last week. Municipal agencies are once again allowed to procure devices that utilize facial recognition tech as long as they're "critically necessary" and there are no other alternatives.
This does not mean agencies can continue to purchase facial recognition tech that does anything more than secure employees' devices. And it also means the San Francisco Police Department had to give up one of its toys -- one city leadership apparently knew nothing about.
Around the same time, police department staffers scurried to disable a facial recognition system for searching mug shots that was unknown to the public or Peskin’s office. The department called South Carolina’s DataWorks Plus and asked it to disable facial recognition software the city had acquired from the company, according to company vice president Todd Pastorini.
This surveillance tool went unacknowledged during the city's institution of a facial recognition ban. As Wired reports, San Francisco claimed it had stopped testing facial recognition software in 2017. This denial sidestepped the untested (I guess) acquisition of DataWorks facial recognition tech with a contract that was originally due to run through 2020. According to documents obtained by Wired, the SFPD "dismantled" its DataWorks servers and allowed the contract to lapse after its 90-day trial period. That apparently ended in January before the law took effect.
Even so, it's not exactly comforting that the SFPD was able to secure and test drive facial recognition tech with zero public notice. City legislators made no mention of this tech or the SFPD's prior exploration of facial recognition when they began moving forward with the legislation earlier this year.
The other concern is a new one: the SF legislature has already amended its ban to allow city use of smartphones with biometric security features. While this may have been necessary to ensure employees could use city-issued devices, it also shows the city can be talked into punching holes in its brand new legislation. The city may hold firm in the future, but there's a good chance it will create other loopholes if the arguments are persuasive enough. It all depends on the definition of "critically necessary" -- terms that can become especially malleable following a mass tragedy or an uptick in violent crime, for example.
But for now, the ban holds, minus the inadvertent collateral damage. The city's government should still be applauded for its willingness to put its citizens above its own interests with this legislation, but any further requests for exceptions should be greeted with an overabundance of caution.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: face id, face recognition, facial recognition, iphones, san francisco, sfpd
Companies: dataworks
Reader Comments
Subscribe: RSS
View by: Time | Thread
This is a good example of why, while I oppose surveillance, I'm skeptical of blanket bans on facial recognition. When you ban an entire class of software, there's a significant risk of unintended consequences. I wouldn't be surprised to see more issues like this crop up.
Nonetheless, while mistakes will happen, it's good to see public servants recognize that facial recognition is extremely vulnerable to abuse, particularly by LEOs. I support efforts to curb the use of facial recognition, I'm just wary of the possibility that they may be too broadly-written.
[ link to this | view in thread ]
How about the law makers writing a carve out of biologic identifiers for security purposes of identifying the an owner identifying themselves to their own devices along with use to identify authorised personal on entry to a secured area. The latter allows sophisticated entry control, without becoming general surveillance, be qualifying authorised as named persons, and having the system only record who entered, and exited the area, and when.
[ link to this | view in thread ]
Re:
At first I laughed that this was needed, then I realized the tech is already used at elder care places for people with dementia. Exit gates prevent patients from leaving on their own and alert a care member to help them out. Staff and visitors are free to go with out any issues.
[ link to this | view in thread ]
Re:
This, and the acutal exemption they passed, are much broader than necessary. Nothing required them to let employees use Face ID—only to have city-issued phones that contain (disabled) code to support the feature.
[ link to this | view in thread ]
Re: Re:
Why ban device security applications under the rubric of preventing surveillance? There are applications of biologics that are not surveillance orientated, but only security orientated by only recognising and reacting to allow, or in the case of a nursing home deny access to or entry. A control mechanism is not surveillance, hence the problem with banning face-ID, which is no more surveillance than a finger print sensor.
[ link to this | view in thread ]
I fail to see the problem
"the SF legislature has already amended its ban to allow city use of smartphones with biometric security features"
"Municipal agencies are once again allowed to procure devices that utilize facial recognition tech as long as they're "critically necessary" and there are no other alternatives."
Considering that there are MANY ways to lock and unlock a phone, and the facial-recognition is certainly not the most secure option...did they add the "critically necessary and no other alternatives" exception and then add a SECOND exception for the "smart""phone" "security" garbage?
Typical of both government and corporations these days though...ram through a half-baked measure with insufficient analysis, then ram through some further ammendments once you realize how thoroughly you've screwed yourself. Take a principled stance, until it gets marginally inconvenient, and then those principles get thrown right out the window....
[ link to this | view in thread ]
Re: Re: Re:
Yes, those features should be banned on government-issued phones as they are not remotely secure, they shouldn't be banned due to biometric / facial recognition surveillance laws.
[ link to this | view in thread ]
Re: Re: Re:
All such "control mechanisms" I've ever seen also keep records and so also qualify as surveillance.
[ link to this | view in thread ]
Re: Re:
I could see that also being used by gated communities to keep out certain "kinds" people, like those with arrest records, and so forth.
[ link to this | view in thread ]
Re: Re: Re:
I see no reason. They should have simply used that as the reason to unban use, rather than making up some story about how it's "critically necessary" and there's no alternative (none of that is true on the devices we're talking about, because the features are optional with some sort of passcode as an alternative).
[ link to this | view in thread ]
Why would city want to use iPhones anyway.
Android is SUPERIOR to iPhones
iPhones are overpriced and overrates
Android rule!!!!
iPhone sucks!!!!!
[ link to this | view in thread ]
Re: Re: Re:
And such technology can be jammed. Such systems would probably use WiFi to communicate.
Since WiFi is under part 15, it is not illegal to jam.
jamming part 15 devices is legal, since part 15 devices have to accept any interfence, even if that interference is deliberate.
That is why, for example, jamming Ring doorbells to prevent your face from being scanned by police recogniation techology is not illegal. Since Ring doorbells are part 15 devices, they are not illegal to jam.
That is also why the ERAD devices that Oklahoma uses to scan your bank card are also not illegal, under FCC rules to jam. Since the ERAD devices is a part 15 wifi devices using a Wifi hotspot in the cop's patrol car, jamming that is not illegal.
Now, Oklahoma might have a state laws against jamming ERAD, but there would no federal law against it, since jamming Part 15 devices is not illegal.
The only federal I could see against jamming Wifi is the CFAA, and that still might be questionable.
I could see, someday, a prosecutor try to bring a case under the CFAA for jamming Wifi, but current FCC rules to not prohibit jamming Wifi
[ link to this | view in thread ]
Re: Re: Re: Re:
You should really run this amazing legal theory by the FCC, who has made statements to the exact opposite.
[ link to this | view in thread ]
Re:
Thanks for the morning laugh. You can keep your Google spying device.
[ link to this | view in thread ]