Writing in Albany’s Times Union, Fabian Rogers and Jason Taper of privacy watchdog STOP remind us that invasive landlords are nothing new. What is new is the way facial recognition has quietly become a tool for controlling tenants.

Landlords, for obvious reasons, don’t like rent-stabilization policies in many cities. Knowing this, technology firms are now marketing facial recognition products as a way to help landlords find new ways to evict people and raise rents (because, to de-regulate an apartment, you first have to empty it). There’s even a wink-wink industry term for this: “de-stabilize.”
​
It’s a technological fishing expedition, and facial recognition tech is the rod. Park a camera at the only door, log every entry and departure, and wait to “catch” a tenant in violation of some technicality – an unauthorized overnight guest or a too-frequent absence that “proves” they don't really live there.

Landlords will use all manner of red herring arguments to whitewash what they’re doing, such as claims of enhanced “safety and security.” In co-author Rogers’ own case, his Brooklyn landlord decided to implement a facial recognition system a mere year after the complex was declared rent-stabilized. Coincidence? The Trojan Horse pitch the landlord used was “frictionless entry.”

Rogers and his fellow tenants weren’t fooled. After they organized, the landlord backed down. In the end, the tenants’ right to privacy trumped the promise of frictionless entry.

This is just one example of how private companies are quietly assembling exactly the kind of always-on surveillance the Constitution forbids the government from building – and that is the loophole. The Fourth Amendment guards your home against the state; it has nothing to say about a property manager with a camera.
​
New York's Senate Bill S8223 would ban landlords from using such tech. This makes sense: No one should have to build a tenant movement simply to preserve the basic freedom to come home without being tracked, watched, and cataloged by the place they live.

After the end of the pandemic, retail theft became rampant in New York City, as it did in San Francisco, Los Angeles, and elsewhere.

Retail theft has evolved into a multibillion-dollar industry for highly organized criminal gangs. Last year, Queens District Attorney Melinda Katz charged a theft ring with hitting Home Depot outlets up to four times a day, only taking breaks from larceny for team lunches. New York Gov. Kathy Hochul said that the state, after toughening laws and putting money behind enforcement, had driven down retail theft crimes in New York City and the state with double-digit reductions.

Yet retail theft continues to eat away at the profits of stores, from big chains to mom-and-pop shops. It is understandable that businesses would turn to biometric identifiers to spot serial offenders and block them before they can enter a store.

But there is a cost to such surveillance – one that we all pay.

“Many of us know the feeling of discovering our credit card information has been stolen,” said New York Councilmember Shahana Hanif. “It’s invasive and frightening, but you can cancel a credit card and get a new one. You cannot cancel your face. You cannot cancel your iris.”

Hanif is sponsoring legislation that would prohibit biometric identifying technology in “public accommodation” spaces such as concerts and grocery stores. (Hat tip to Liam Quigley of Gothamist.)

The city already requires stores to post notice to customers that they collect biometric data. Is this a simple case of caveat emptor? Or is the better question: should we give up our privacy just to buy groceries?

There is more at stake than just what store managers see. It is what happens to this biometric data after it is collected. Hanif’s legislation would stop businesses from selling, leasing, or trading biometric data for profit. It would also require written consent from customers who wish to share their data, including in stores where biometrics are accepted for payment.
​
At the very least, protecting our biometric data – and blocking its sale to other businesses, as well as preventing it from being sold or given to government agencies – would be a reasonable guardrail for New York City and other municipalities to adopt.

​“Great to see you … Bob … How’s … Maggie ... and those three wonderful … dogs of yours.”

You have to admit, it will be a boon to politicians. Adding facial recognition software to smartglasses will enable them and anyone at a cocktail party to dispense with all those tiresome strategies for remembering names and familiar facts about the person in front of them. According to a 2025 internal company memo obtained by The New York Times, Meta plans to quietly equip its line of smartglasses with facial recognition technology dubbed “Name Tag.”

Facial recognition technology is one of the most robust privacy-destroying tools. This was an idea that was floated and dropped five years ago for Meta’s social media platforms. Now it is back, this time as a wearable in Meta’s Ray-Ban and Oakley smartglasses. The strategy behind this policy reversal is breathtakingly cynical.

The Meta memo held that the new feature’s debut would go largely unnoticed if it were launched “during a dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns.”

This presumably is a nod to the looming FISA Section 702 debate in April, as well as a torrent of other privacy-destructive technologies, like the unfolding national network of Flock cameras.

So plan ahead. You might be at lunch several years from now with a bunch of business prospects wearing Ray-Bans or Oakleys, finding them unusually quiet from time to time. That’s because they will be reading up on you in real time with the help of Meta’s AI assistant.

Meta is weighing identification only of people who are on its platforms, not strangers you pass on the street. But we are skeptical. Even without facial recognition tech installed, the company’s smartglasses can be hacked and made to identify strangers. And let’s not forget that Meta smartglasses already offer livestreaming and the ability to post directly to Instagram.
​
But try to think of the bright side: You’ll never have to introduce yourself again.

Watch Amazon’s Super Bowl ad and tell us what you see: a heartwarming story of a family reunited with a lost dog, or another element in America’s comprehensive surveillance state.

As the ad shows, Amazon’s free “Search Party” function connects cameras in a whole neighborhood to look out for a lost dog. Amazon’s AI, trained by tens of thousands of dog videos, can recognize different breeds, fur patterns, shapes and sizes to spot the lost puppy. That is not a bad thing at all.

But many viewers found the ad “terrifying,” not heartwarming, according to Kelly Kazek of al.com. One commenter on X wrote:

“Ring just casually outing themselves as literal spyware that can be accessed by anyone on the network. This is insane.”

Another wrote:

“Amazon owns Ring and they want to use all these devices to make a mesh network for Amazon sidewalk … The American consumer just got a Trojan horse packaged as home security.”

As EFF’s Matthew Guariglia reported last year:

“Not only is the company reintroducing new versions of old features which would allow police to request footage directly from Ring users, it is also reintroducing a new feature that would allow police to request live-stream access to people’s home security devices …

“This is a grave threat to civil liberties in the United States. After all, police have used Ring footage to spy on protestors, and obtained footage without a warrant or consent of the user.”

The Search Party AI function greatly amplifies Ring’s surveillance capability. This default feature of Amazon Ring that can identify Fido can also identify you, where you go, and people you visit.
​
At the very least, Amazon should announce limits on how this technology can be trained to follow Americans in our daily movements.

Imagine being targeted for surveillance because of your race – not with facial recognition or government inspection of your personal digital data, but through your electric meter. If you lived in parts of Sacramento, this is exactly what happened, as a decade-long scheme quietly bled Americans’ privacy one kilowatt hour at a time.

Sacramento’s Municipal Utility District (SMUD) and local police zeroed in on Asian-American customers, flagging those deemed to be using “too much” electricity. Many were assumed to be growing marijuana illegally – and police eagerly requested bulk data on entire ZIP codes to feed their suspicions.

The Electronic Frontier Foundation in July joined the Asian American Liberation Network to ask the Sacramento County Superior Court to end the local utility district’s illegal dragnet surveillance program. Last week, the court agreed, finding that routine, ZIP-code-wide data dumps had nothing to do with “an ongoing investigation.”

The court wrote:

“The process of making regular requests for all customer information in numerous city ZIP codes, in the hopes of identifying evidence that could possibly be evidence of illegal activity, without any report or other evidence to suggest that such a crime may have occurred, is not an ongoing investigation.”

The response from EFF was even sharper:

“Investigations happen when police try to solve particular crimes and identify particular suspects. The dragnet that turned all 650,000 SMUD customers into suspects was not an investigation.”

The court recognized the obvious danger – dragnets turn vast numbers of innocent citizens and entire communities into suspects.

Still, it wasn’t a clean sweep. The court stopped short of ruling that SMUD’s practice violated the “seizure and search” clause in California’s Constitution.
​
But even a qualified victory is still a victory. We are reminded that privacy wins do happen – one dragged-into-the-sunlight surveillance program at a time. This win is something to be thankful for as we count our blessings this week.

Last week the House Judiciary Subcommittee on Crime and Federal Government Surveillance held a hearing on AI and crime and something remarkable happened: Everyone agreed:

1. The administration’s desired moratorium on state AI regulation is a bad idea, and
   ​
   
2. Existing criminal statutes everywhere need to be retrofitted to include AI-based offenses.

As for the first area of agreement, there was a collective sense that the country dodged a bullet last week when the Senate removed the moratorium from the budget bill and the House declined to reinstate it. Regarding the second issue, the consensus was clear: Buckle up. We have work to do.

Perhaps getting to work should start with persuading Members of Congress to show up at AI hearings. Other than the Chair and Ranking Member, only three of ten regular members were present. Those who did attend, however, heard from witnesses who, in combined testimony that ran 77 pages, struck similar chords:

1. Criminals can use AI impersonation to do things we’ve scarcely imagined.
   
   
2. AI is removing the technical barriers to crime. In the hands of industrious criminals, said witness Zara Perumal of Overwatch Data, “AI agents can learn by doing,” meaning the criminals themselves no longer have to be technical experts. “AI is removing human bottlenecks. It’s not just enhancing traditional fraud – it’s creating entirely new categories of criminal threat,” agreed Ari Redbord of TRM Labs. Just imagine, as one of the witnesses portended, “child abuse at scale.”
   
   
3. Law and policy are late to the party. For example, “Artificial Intelligence” isn’t even a category on the drop-down menu of the National Conference of State Legislatures. Overall, a handful of states have passed a few random measures, while hundreds of initiatives either failed or remain pending. As for the federal government, forget it. The administration’s recent moratorium attempt proved that the attitude du jour is recklessly laissez-faire. Which is exactly why subcommittee chair Andy Biggs (R-AZ) needed to call this hearing and promisingly referred to it as the first of many.
   
   
4. When it comes to fighting AI-powered crime, the best offense is a good defense. Given that the proverbial cats and genies are already out of their respective bags and bottles, it’s time to “shift the technical advantage to the defenders,” said Perumal.

Oregon and California, for example, intend to repurpose existing laws to include AI abuses. Some from-scratch legislation is also emerging, like Texas’ Responsible AI Governance Act and Tennessee’s ELVIS Act.

While most of the discussion centered on how criminals can misuse AI, we should not forget how it may be misused by our own government, which has a voracious appetite for our purchased data. AI is the critical ingredient to turn all that raw personal data into a working surveillance state.

The ACLU’s Cody Venzke reminded everyone not to overlook the Swiss Army Knife of our democracy – the Bill of Rights, especially the First and Fourth Amendments. Such protections, Venzke said, do not lose their power “simply because a new tool such as artificial intelligence was used.” They are both our sword and shield against criminals and government surveillance abuse, especially in the age of AI.

​Today, Hungary is ostensibly free, a democratic state in a union of democratic states. But something is rotten in Budapest. Prime Minister Viktor Orbán has been steadily fashioning a monoculture since his return to power 15 years ago, running afoul of European Union policies and democratic norms along the way. The most recent infraction is multifaceted, and it involves the use of facial recognition to target peaceful protesters for criminal prosecution.
 
In March, Orbán’s subservient parliament railroaded the opposition and banned public gatherings of gay rights activists. With the stroke of a pen, Pride gatherings and related pro-gay rights protests were suddenly illegal. A month later, these crackdowns were enshrined in the country’s constitution (showing why America’s founders were wise to foresee the necessity in making the U.S. Constitution so notoriously difficult to amend).
 
As in Putin’s Russia, the justification for this crackdown is that it’s necessary to protect children from “sexual propaganda” – even though we are talking about peaceful protests conducted by adults in city centers. However you feel about Pride parades, most Hungary watchers believe the prime minister needs to whip up a cultural scapegoat to rally his base in advance of next year’s elections.
 
Hungary represents a turning point in the rise of the modern surveillance state in a developed country. Beyond the infringement of basic rights, it includes a chilling new embrace of facial recognition technology – specifically, to identify Pride participants (now officially designated as criminals) or likewise pick out faces from among the tens of thousands who are sure to illegally protest these new measures. At the moment, the punishment for such unconstitutional behavior is a fine of up to €500. Organizers, however, can be imprisoned for up to a year. But can even more draconian punishments be far behind?
 
If you’re wondering how Hungary’s democratic partners in the European Union are reacting to all of this, the answer is not well. And it’s also raising important questions about the efficacy of the EU’s AI regulations in general (a debate about loopholes and guardrails that merits a separate discussion).
 
For now, though, Americans should take in a cautionary warning from Hungary’s use of facial recognition software. Future uses of the technology here could target leaders of a MAGA or a Black Lives Matter protest. Facial recognition scans can pinpoint individuals, spotting the face in a crowd. It gives regimes the ability to come back later to arrest and persecute on a scale only Orwell could have conceived. All of this is enhanced by the unholy combination of data analytics, advanced algorithms, unprecedented computing power, and now generative AI.
 
The uncomfortable truth of the modern era is inescapable: The development and deployment of modern surveillance has gone hand in hand with modern authoritarianism, from Russia to China and Iran. Just imagine what might have happened if J. Edgar Hoover had access to facial recognition tech and AI. We imagine it would have looked like Orbán’s dystopian democracy.
 
Budapest Pride is not backing down, celebrating its 30th anniversary in a public demonstration in June. The world will be watching to see how this technology is used.

As facial recognition and biometric scanning systems expand to 400 U.S. airports, Sen. Jeff Merkley (D-OR) is asking if this could be the beginning of a U.S. surveillance state.
 
In a video interview with Philip Wegman of RealClearPolitics, Sen. Merkley said:
 
“I'm concerned about the way facial recognition is used to encroach upon freedom and privacy around the world. We see China enslaving a million Uyghurs, and a tool they use is facial recognition software. It's so inexpensive and pervasive; if you put that power in the hands of a government, you can't know where it's going to go.

“This is not the kind of tool you want to give to the government in a free country. You would never know you have the ability to opt out at any airport where they're doing this program."

​From a risk perspective, facial recognition software is a mixed bag of good and bad outcomes. It has helped capture bank robbers, rapists, and murderers. Yet it is disproportionately bad at accurately identifying people of color and women of color in particular, leading police to arrest the wrong people. And above all, it is by definition a broad surveillance tool fundamentally at odds with the concept of individual liberty. Even the Government Accountability Office is worried, issuing two reports to assess risks and make recommendations.
 
In late 2023 GAO wrote:
 
“The use of facial recognition technology for criminal investigations presents unique questions about civil rights and civil liberties. For example, civil liberties advocates have noted that the use of facial recognition at certain events – such as protests – could have a chilling effect on individuals’ exercise of their First Amendment rights.”
 
Americans who care about their Second Amendment rights should be equally worried about this technology. The connection isn’t as obvious as it is with free speech, but the math works. Imagine:
 

1. You attend a rally in support of the Second Amendment.
2. The ATF and state police are there too, in disguise. They secretly work the crowd and pickpocket the wallets of everyone in attendance.
3. They then use the pickpocketed driver’s licenses to identify the attendees.

 
Oh, wait. The ATF and state police can’t pickpocket IDs because that would be a crime. But let’s try a slightly a different formulation:
 

1. You attend a rally in support of the Second Amendment.
2. The ATF and state police use facial recognition technology to identify everyone in attendance.
3. They then cross-reference the list of rally attendees with various gun registries to develop a short list of attendees who own firearms.
4. Worried about being on various lists, you eventually stop going to Second Amendment rallies.
5. If state or federal authorities decide to confiscate civilian weapons, they have a pre-constructed database ready to (ab)use.

 
Two scenarios. Both unconstitutional. Yet one is perfectly legal. The very use of facial recognition software is tantamount to having our wallets and IDs physically stolen. Somehow we have become inured to the difference.
 
“A search engine for faces,” is how Clearview.ai founder Hoan Ton-That cheerily described his company’s software to CNN Business. Clearview’s 50+ billion images, scraped from the Internet without anyone’s permission (do you recall being asked?) has been used by more than 2,000 organizations in 27 countries – including the Marshals Service, FBI, and ATF. Thank God none of those agencies have any interest in guns.
 
Oh, wait.
 
By the way, if you ever visit Clearview’s website, we recommend you decline all cookies.

​We’re all resigned to the need to go through security at high-profile sporting and cultural events, just as we do at the airport. The American Civil Liberties Union is raising the question – will that level of scrutiny be the new normal at the mall, at open-air tourist attractions, outdoor concerts, and just plain walking around town?
 
The Department of Homeland Security (DHS) is investing in research and development to “assess soft targets and address security gaps” with new technology to track people in public places. It is funding SENTRY, the Soft Target Engineering to Neutralize the Threat Reality. SENTRY will combine artificial intelligence from the “integration of data from multiple sources,” which no doubt will include facial recognition scans of everyone in a given area to give them a “threat assessment.”
 
We do not dismiss DHS’s concern. The world has no lack of violent people and our country is full of soft targets. Just hark back to the deranged shooter in 2017 who turned the Route 91 Harvest music festival in Las Vegas into a shooting gallery. He killed 60 people and wounded more than 400. A similar act by a terrorist backed by a malevolent state could inflict even greater casualties.
 
But we agree with ACLU’s concern that such intense inspection of Americans going about their daily business could lead to the “airportization” of America, in which we are always in a high-security zone whenever we gather. ACLU writes that “security technology does not operate itself; people will be subject to the petty authority of some martinet guards who are constantly stopping them based on some AI-generated flag of suspicion.”
 
We would add another concern. Could SENTRY be misused, just as FISA Section 702 and other surveillance authorities have been misused? What is to keep the government from accessing SENTRY data for warrantless political surveillance, whether against protestors or disfavored groups targeted by biased FBI agents? If this technology is to be deployed, guardrails are needed.
 
PPSA seconds ACLU’s comment to the watchdog agency, the Privacy and Civil Liberties Oversight Board (PCLOB), that asks it to investigate AI-based programs as they develop. Congress should watch the results of PCLOB’s efforts and follow up with legal guardrails to prevent the misuse of SENTRY and similar technologies.

A new study from Washington Post reveals that police routinely use facial recognition software to identify and arrest suspects, yet fail to disclose it to the defendants themselves. This, despite the fact that that the still-new technology has led to numerous documented false arrests.

Washington Post spoke with 100 police departments across 15 states, although only 30 of them provided records from cases in which facial recognition was used. In fact, the investigation found that the police often overtly masked their use of the software, recording in reports, for example, that suspects were identified “through investigative means.” 

There’s reason for that; facial recognition software is notoriously fallible. The article references at least seven cases of wrongful arrests stemming from the use of the technology. Six of those seven were Black Americans.

Washington Post reports, “[f]ederal testing of top facial recognition software has found the programs are more likely to misidentify people of color, women and the elderly because their faces tend to appear less frequently in data used to train the algorithm….”

Last year, we wrote about the case of Randall Reid, a Black man from Georgia arrested for allegedly stealing handbags in Louisiana. The only problem: Reid had never even been to Louisiana. He was a victim of misidentification. And that was all the police needed to hold him for close to a week in jail.

Generally speaking in the criminal context, facial recognition software works by comparing surveillance footage with publicly available photos online. Companies like Clearview AI contract with law enforcement agencies, providing access to billions of photos scraped from Facebook, X, Instagram and other social media platforms. And despite access to so much online material, the results are often faulty. Which is all the more reason that such evidence needs to be disclosed in an investigative context.  

Per the Post, “Clearview search results produced as evidence in one Cuyahoga County, Ohio, assault case included a photo of basketball legend Michael Jordan and a cartoon of a Black man.” Spoilers: neither image depicted the culprit.

The real culprit in this case is a legal system that is decidedly behind the times on reacting and responding to technological shifts. Some are catching up; in 2022, the ACLU won a legal victory against Clearview mandating the company to adhere the Illinois Biometric Information Privacy Act (BIPA). The law requires companies that collect, capture, or obtain a biometric identifier of an Illinois resident to first notify that person and obtain his or her written consent.
​
But we have a long way to go in establishing vigorous protections against the misuse and masking of “iffy” new technologies like facial recognition. Due process requires we do better.

​For years, big tech companies – Meta and Google in particular – have developed but declined to commercialize facial recognition technology that could dox people in real time.
 
The media is now agog about reports that two Harvard students conducted an experiment by rigging a pair of Meta’s Ray Ban smart glasses with facial recognition software. Combined with automated social media analysis, the glasses identified people on the subway. Joseph Cox in 404 Media writes such glasses can “identify a stranger on the street, where they work, where they went to school, where they live, and their contact information.”
 
One of the students told Cox: “We would show people photos of them from kindergarten, and they had never even seen the photo before.”
 
While we don’t expect any reputable company to offer this product, someone will undoubtedly combine these off-the-shelf technologies, just as vendors supply kits to turn semi-automatic weapons into fully automatic weapons or offer silencers for guns. Armed with this technology, your neighborhood creep could easily spot a woman walking down the street and be there when she arrives at her front doorstep.
 
For all the valid concerns about how such creeps, perps, stalkers, and assorted snoops might use this technology, the current danger comes from our own government. By 2021, facial technology company Clearview AI had scraped 10 billion images off the internet to identify people in fulfilling contracts with more than 3,000 law enforcement organizations. This is enormous power that allows federal, state, and local agencies to instantly know everything about you at a glance.
 
With a few clicks, an agent can know how you voted, who you date, where you’ve been, and where you’re going.
 
Action is needed to keep this technology out of consumer’s hands, just as Congress has done with machine guns and other fully automatic weapons. Laws to restrict and punish facial doxing may not fully stop it, but such laws would be an important start. Beyond that, guardrails must be put in place to prevent government agents from doxing people at a glance. A probable cause warrant requirement would be a good start.

​We’ve long recounted the bad news on law enforcement’s use of facial recognition software – how it misidentifies people and labels them as criminals, particularly people of color. But there is good news on this subject for once: the Detroit Police Department has reached a settlement with a man falsely arrested on the basis of a bad match from facial recognition technology (FRT) that includes what many civil libertarians are hailing as a new national standard for police.
 
The list of injustices from false positives from FRT has grown in recent years. We told the story of Randall Reid, a Black man in Georgia, arrested for the theft of luxury goods in Louisiana. Even though Reid had never been to Louisiana, he was held in jail for a week. We told the story of Porchia Woodruff, a Detroit woman eight months pregnant, who was arrested in her driveway while her children cried. Her purported crime was – get this – a recent carjacking. Woodruff had to be rushed to the hospital after suffering contractions in her holding cell.
 
Detroit had a particularly bad run of such misuses of facial recognition in criminal investigations. One of them was the arrest of Robert Williams in 2020 for the 2018 theft of five watches from a boutique store in which the thief was caught on a surveillance camera. Williams spent 30 hours in jail.
 
Backed by the American Civil Liberties Union, the ACLU of Michigan, and the University of Michigan Civil Rights Litigation Initiative, Williams sued the police for wrongful arrest. In an agreement blessed by a federal court in Michigan, Williams received a generous settlement from the Detroit police. What is most important about this settlement agreement are the new rules Detroit has embraced. From now on:
 

• Police will not be able to conduct a lineup based solely on an FRT investigative lead without further independent and reliable evidence linking a suspect to a crime. Before seeking an arrest warrant, a detective must document evidence establishing probable cause from sources other than this technology.

 

• When requesting and conducting an FRT search, investigators and analysts must complete detailed forms that document critical information about that search – including the quality of the original photo and how many other potential photos of the suspect are in the database that did not show up as a lead.

 

• Prosecutors must make any use of FRT in an investigation available to defense counsel in discovery as potentially exculpatory information. FRT in investigations will also be limited to violent crimes.

 
Another series of reforms impose discipline on the way in which lineups of suspects or their images unfold. When witnesses perform lineup identifications, they may not be told that FRT was used as an investigative lead. Witnesses must report how confident they are about any identification. Officers showing images to a witness must themselves not know who the real suspect is, so they don’t mislead the witness with subtle, non-verbal clues. And photos of suspects must be shown one at a time, instead of showing all the photos at once – potentially leading a witness to select the one image that merely has the closest resemblance to the suspect.
 
Perhaps most importantly, Detroit police officers will be trained on the proper uses of facial recognition and eyewitness identification.
 
“The pipeline of ‘get a picture, slap it in a lineup’ will end,” Phil Mayor, a lawyer for the ACLU of Michigan told The New York Times. “This settlement moves the Detroit Police Department from being the best-documented misuser of facial recognition technology into a national leader in having guardrails in its use.”
 
PPSA applauds the Detroit Police Department and ACLU for crafting standards that deserve to be adopted by police departments across the United States.

​George Orwell wrote that in a time of deceit, telling the truth is a revolutionary act.
 
Revolutionary acts of truth-telling are becoming progressively more dangerous around the world. This is especially true as autocratic countries and weak democracies purchase AI software from China to weave together surveillance technology to comprehensively track individuals, following them as they meet acquaintances and share information. A piece by Abi Olvera posted by the Bulletin of Atomic Scientists describes this growing use of AI to surveil populations.
 
Olvera reports that by 2019, 56 out of 176 countries were already using artificial intelligence to weave together surveillance data streams. These systems are increasingly being used to analyze the actions of crowds, track individuals across camera views, and pierce the use of masks or scramblers intended to disguise faces. The only impediment to effective use of this technology is the frequent Brazil-like incompetence of domestic intelligence agencies.
 
Olvera writes:
 
“Among other things, frail non-democratic governments can use AI-enabled monitoring to detect and track individuals and deter civil disobedience before it begins, thereby bolstering their authority. These systems offer cash-strapped autocracies and weak democracies the deterrent power of a police or military patrol without needing to pay for, or manage, a patrol force …”
 
Olvera quotes AI surveillance expert Martin Beraja that AI can enable autocracies to “end up looking less violent because they have better technology for chilling unrest before it happens.”
 
Olivia Solon of Bloomberg reports on the uses of biometric identifiers in Africa, which are regarded by the United Nations and World Bank as a quick and easy way to establish identities where licenses, passports, and other ID cards are hard to come by. But in Uganda, Solon reports, President Yoweri Museveni – in power for 40 years – is using this system to track his critics and political opponents of his rule. Used to catch criminals, biometrics is also being used to criminalize Ugandan dissidents and rival politicians for “misuse of social media” and sharing “malicious information.”
 
The United States needs to lead by example. As our facial recognition and other systems grow in ubiquity, Congress and the states need to demonstrate our ability to impose limits on public surveillance, and legal guardrails for the uses of the sensitive information they generate.

Facial recognition software is useful but fallible. It often leads to wrongful arrests, especially given the software’s tendency to produce false positives for people of color.
 
We reported in 2023 on the case of Randall Reid, a Black man in Georgia, arrested and held for a week by police for allegedly stealing $10,000 of Chanel and Louis Vuitton handbags in Louisiana. Reid was traveling to a Thanksgiving dinner near Atlanta with his mother when he was arrested. He was three states and seven hours away from the scene of this crime in a state in which he had never set foot.
 
Then there is the case of Portia Woodruff, a 32-year-old Black woman, who was arrested in her driveway for a recent carjacking and robbery. She was eight months pregnant at the time, far from the profile of the carjacker. She suffered great emotional distress and suffered spasms and contractions while in jail.
 
Some jurisdictions have reacted to the spotty nature of facial recognition by requiring every purported “match” to be evaluated by a large team to reduce human bias. Other jurisdictions, from Boston to Austin and San Francisco, responded to the technology’s flaws by banning the use of this technology altogether.
 
The Washington Post’s Douglas MacMillan reports that officers of the Austin Police Department have developed a neat workaround for the ban. Austin police asked law enforcement in the nearby town of Leander to conduct face searches for them at least 13 times since Austin enacted its ban. Tyrell Johnson, a 20-year-old man who is a suspect in a robbery case due to a facial recognition workaround by Austin police told MacMillan, “We have to follow the law. Why don’t they?”
 
Other jurisdictions are accused of working around bans by posting “be on the lookout” flyers in other jurisdictions, which critics say is meant to be picked up and run through facial recognition systems by other police departments or law enforcement agencies.
 
MacMillian’s interviews with defense lawyers, prosecutors, and judges revealed the core problem with the use of this technology – employing facial recognition to generate leads but not evidence. They told him that prosecutors are not required in most jurisdictions to inform criminal defendants they were identified using an algorithm. This highlights the larger problem with high-tech surveillance in all its forms: improperly accessed data, reviewed without a warrant, can allow investigators to work backwards to incriminate a suspect. Many criminal defendants never discover the original “evidence” that led to their prosecution, and thus can never challenge the basis for their case.
 
This “backdoor search loophole” is the greater risk, whether one is dealing with databases of mass internet communications or facial recognition. Thanks to this loophole, Americans can be accused of crimes but left in the dark about how the cases against them were started.

​Wired reports that police in northern California asked Parabon NanoLabs to run a DNA sample from a cold case murder scene to identify the culprit. Police have often run DNA against the vast database of genealogical tests, cracking cold cases like the Golden State Killer, who murdered at least 13 people.
 
But what Parabon NanoLabs did for the police in this case was something entirely different. The company produced a 3D rendering of a “predicted face” based on the genetic instructions encoded in the sample’s DNA. The police then ran it against facial recognition software to look for a match.
 
Scientists are skeptical that this is an effective tool given that Parabon’s methods have not been peer-reviewed. Even the company’s director of bioinformatics, Ellen Greytak, told Wired that such face predictions are closer in accuracy to a witness description rather than the exact replica of a face.
 
With the DNA being merely suggestive – Greytak jokes that “my phenotyping can tell you if your suspect has blue eyes, but my genealogist can tell you the guy’s address” – the potential for false positives is enormous. Police multiply that risk when they run a predicted face through the vast database of facial recognition technology (FRT) algorithms, technology that itself is far from perfect.
 
Despite cautionary language from technology producers and instructions from police departments, many detectives persist in mistakenly believing that FRT returns matches. Instead, it produces possible candidate matches arranged in the order of a “similarity score.” FRT is also better with some types of faces than others. It is up to 100 times more likely to misidentify Asian and Black people than white men.
 
The American Civil Liberties Union, in a thorough 35-page comment to the federal government on FRT, biometric technologies, and predictive algorithms, noted that defects in FRT are likely to multiply when police take a low-quality image and try to brighten it, or reduce pixelation, or otherwise enhance the image. We can only imagine the Frankenstein effect of mating a predicted face with FRT.
 
As PPSA previously reported, rights are violated when police take a facial match not as a clue, but as evidence. This is what happened when Porcha Woodruff, a 32-year-old Black woman and nursing student in Detroit, was arrested on her doorstep while her children cried. Eight months pregnant, she was told by police that she had committed recent carjackings and robberies – even though the woman committing the crimes in the images was not visibly pregnant. Woodruff went into contractions while still in jail.
 
In another case, local police executed a warrant by arresting a Georgia man at his home for a crime committed in Louisiana, even though the arrestee had never set foot in Louisiana. The only explanation for such arrests is sheer laziness, stupidity, or both on the part of the police. As ACLU documents, facial recognition forms warn detectives that a match “should only be considered an investigative lead. Further investigation is needed to confirm a match through other investigative corroborated information and/or evidence. INVESTIGATIVE LEAD, NOT PROBABLE CAUSE TO MAKE AN ARREST.”
 
In the arrests made in Detroit and Georgia, police had not performed any of the rudimentary investigative steps that would have immediately revealed that the person they were investigating was innocent. Carjacking and violent robberies are not typically undertaken by women on the verge of giving birth.
 
The potential for replicating error in the courtroom would be multiplied by showing a predicted face to an eyewitness. If a witness is shown a predicted face, that could easily influence the witness’s memory when presented with a line-up.
 
We understand that an investigation might benefit from knowing that DNA reveals that a perp has blue eyes, allowing investigators to rule out all brown- and green-eyed suspects. But a predicted face should not be enough to search through a database of innocent people. In fact, any searches of facial recognition databases should require a warrant. As technology continues to push the boundaries, states need to develop clear procedural guidelines and warrant requirements that protect constituents’ constitutional rights.

​PPSA has long followed the dysfunctionality of facial recognition technology and police overreliance on it to identify suspects. As we reported in January, three common facial recognition tools failed every time they were confronted with images of 16 pairs of people who resembled one another.
 
This technology is most apt to make mistakes with people of color and with women. Stories had piled up about Americans – overwhelmingly Black men – who have been mistakenly arrested, including one Georgia man arrested and held for a week for stealing handbags in Louisiana. That innocent man had never set foot in Louisiana.
 
Now we have the first woman falsely arrested for the crime of resembling a scofflaw. Porcha Woodruff, a 32-year-old Black woman and nursing student in Detroit, was arrested at her doorstep while her children cried. Woodruff, eight months pregnant, was told by police that she was being arrested for a recent carjacking and robbery.
 
“I was having contractions in the holding cell,” Woodruff told The New York Times’ Kashmir Hill. “My back was sending me sharp pains. I was having spasms.” After being released on bond, Woodruff had to go straight to the hospital.
 
The obvious danger of this technology is that it tends to misidentify people, a problem exacerbated by distinctly lazy investigations by police. We see a larger danger: as public and private cameras are increasingly networked, and law enforcement agencies can fully track our movements, this technology will mistakenly put some Americans at the scene of a crime.
 
And if the technology improves and someday works flawlessly? We can be assured of being followed throughout our day – who we meet with, where we worship or engage in political activity or protest – with perfect accuracy.

​In “A Scanner Darkly,” a 2006 film based on a Philip K. Dick novel, Keanu Reeves plays a government undercover agent who must wear a “scramble suit” – a cloak that constantly alters his appearance and voice to avoid having his cover blown by ubiquitous facial recognition surveillance.
 
At the time, the phrase “ubiquitous facial recognition surveillance” was still science fiction.
 
Such surveillance now exists throughout much of the world, from Moscow, to London, to Beijing. Scramble suits do not yet exist, and sunglasses and masks won’t defeat facial recognition software (although “universal perturbation” masks sold on the internet purport to defeat facial tracking).
 
Now that companies like Clearview AI have reduced human faces to the equivalent of personal ID cards, the proliferation of cameras linked to robust facial recognition software has become a privacy nightmare. A year ago, PPSA reported on a technology industry presentation that showed how stationary cameras could follow a man, track his movements, locate people he knows, and compare all that to other data to map his social networks. Facial recognition doesn’t just show where you went and what you did: it can be a form of “social network analysis,” mapping networks of people associated by friendship, work, romance, politics, and ideology.
 
Nowhere is this capability more robust than in the People’s Republic of China, where the surveillance state has reached a level of sophistication worthy of the overused sobriquet “Orwellian.” A comprehensive net of data from a person’s devices, posts, searches, movements, and contacts tells the government of China all it needs to know about any one of 1.3 billion individuals.
 
That is why so many civil libertarians are alarmed by the responses to an ACLU Freedom of Information (FOIA) lawsuit. The Washington Post reports that government documents released in response to that FOIA lawsuit show that “FBI and Defense Department officials worked with academic researchers to refine artificial-intelligence techniques that could help in the identification or tracking of Americans without their awareness or consent.”
 
The Intelligence Advanced Research Projects agency, a research arm of the intelligence community, aimed in 2019 to increase the power of facial recognition, “scaling to support millions of subjects.” Included in this is the ability to identify faces from oblique angles, even from a half-mile away.
 
The Washington Post reports that dozens of volunteers were monitored within simulated real-world scenarios – a subway station, a hospital, a school, and an outdoor market. The faces and identities of the volunteers were captured in thousands of surveillance videos and images, some of them captured by drone. The result is an improved facial recognition search tool called Horus, which has since been offered to at least six federal agencies. An audit by the Government Accountability Office found in 2021 that 20 federal agencies, including the U.S. Post Office and the Fish and Wildlife Service, use some form of facial recognition technology.
 
In short, our government is aggressively researching facial recognition tools that are already used by the Russian and Chinese governments to conduct the mass surveillance of their peoples.
 
Nathan Wessler, deputy director of the ACLU, said that the regular use of this form of mass surveillance in ordinary scenarios would be a “nightmare scenario” that “could give the government the ability to pervasively track as many people as they want for as long as they want.”
 
As we’ve said before, one does not have to infer a malevolent intention by the government to worry about its actions. Many agency officials are desperate to catch bad guys and keep us safe. But they are nevertheless assembling, piece-by-piece, the elements of a comprehensive surveillance state.

​Facial recognition technology has proven to be useful but fallible. It relies on probabilities, not certainties, algorithms measuring the angle of a nose or the tilt of an eyebrow. It has a higher chance of misidentifying women and people of color. And in the hands of law enforcement, it can be a dangerous tool for mass surveillance and wrongful arrest.
 
It should come as no surprise, then, that police mistakenly arrested yet another man using facial recognition technology. Randall Reid, a Black man in Georgia, was recently arrested and held for a week by police for allegedly stealing $10,000 of Chanel and Louis Vuitton handbags in Louisiana. Reid was traveling to a Thanksgiving dinner with his mother when he was arrested three states and seven hours away from the scene of the crime.
 
Despite Reid’s claim he’d never even been to Louisiana, facial recognition software identified Reid as a suspect in the theft of the luxury purses. That was all the police needed to hold him for close to a week in jail, according to The New Orleans Advocate.
 
Gizmodo reports, “numerous studies show the technology is especially inaccurate when identifying people of color and women compared to identifications of white men. Some law enforcement officials regularly acknowledge this fact, saying facial recognition is only suitable to generate leads and should never be used as the sole basis for arrest warrants. But there are very few rules governing the technology. Cops often ignore that advice and take face recognition at face value.”
 
When scientists tested three facial recognition tools with 16 pairs of doppelgangers – people with extraordinary resemblances – the computers found all of them to be a match. In the case of Reid, however, he was 40 pounds lighter than the criminal caught on camera.
 
In Metairie, the New Orleans suburb where Reid was accused of theft, law enforcement officials can use facial recognition without legal restriction. In most cases, “prosecutors don’t even have to disclose that facial recognition was involved in investigations when suspects make it to court.” Elsewhere in Louisiana, there is no regulation. A state bill to restrict use of facial recognition died in 2021 in committee. Some localities use facial recognition just to generate leads. Others take it and run with it, using it more aggressively to pursue supposed criminals.
 
As facial recognition technology proliferates, from Ring cameras to urban CCTVs, states must put guardrails around the use of this technology. If facial recognition tech is to be used, it must be one tool for investigators, not a sole cause for arrest and prosecution. Police should use other leads and facts to generate probable cause for arrest. And legal defense must always be notified when facial recognition technology was used to generate a case.
 
It may be decades before the technical flaws in facial recognition are resolved. Even then, we should ensure that the technology is closely governed and monitored.

Facial recognition software is a problem when it doesn’t work. It can conflate the innocent with the guilty if the two have only a passing resemblance. In one test, it identified 27 Members of Congress as arrested criminals. It is also apt to work less well on people of color, leading to false arrests.
 
But facial recognition is also problem when it does work. One company, Vintra, has software that follows a person camera by camera to track any person he or she may interact with along the way. Another company, Clearview AI, identifies a person and creates an instant digital dossier on him or her with data scrapped from social media platforms.
 
Thus, facial recognition software does more than locate and identify a person. It has the power to map relationships and networks that could be personal, religious, activist, or political. Major Neill Franklin (Ret.) Maryland State Police and Baltimore Police Department, writes that facial recognition software has been used to violate “the constitutionally protected rights of citizens during lawful protest.”
 
False arrests and crackdowns on dissenters and protestors are bound to result when such robust technology is employed by state and local law enforcement agencies with no oversight or governing law. The spread of this technology takes us inch by inch closer to the kind of surveillance state perfected by the People’s Republic of China.
 
It is for all these reasons that PPSA is heartened to see Rep. Ted Lieu join with Reps. Shelia Jackson Lee, Yvette Clark and Jimmy Gomez on Thursday to introduce the Facial Recognition Act of 2022. This bill would place strong limits and prohibitions on the use of facial recognition technology (FRT) in law enforcement. Some of the provisions of this bill would:
 

• Limit law enforcement use of FRT to situations in which a warrant is obtained that shows probable cause that an individual committed a serious violent felony.

 

• Prohibit law enforcement from using FRT to create a record documenting how an individual expresses rights guaranteed by the Constitution, such as lawful protests.

 

• Prohibit a FRT match from being the sole basis upon which probable cause can be established for a search, arrest, or other law enforcement action.

 

• Ban the use of FRT in conjunction with databases that contain illegitimately obtained information.

 

• Ban the use of FRT to track individuals with live or stored video footage.

 

• Require law enforcement to provide notice to individuals who are subjects of an FRT search and copy of the court order and/or other key data points.

 
The introduction of this bill is the result of more than a year of hard work and fine tuning by Rep. Lieu. This bill deserves widespread recognition and bipartisan support.