“There is no comprehensive law regulating the collection, use, disclosure, and retention of biometric data.”
The Project for Privacy and Surveillance Accountability (PPSA) joined with 45 other civil liberties organizations in an open letter calling on federal and state agencies to end the practice of forcing Americans to use facial recognition technology for identity verification.
The letter applauds the IRS and Department of the Treasury for backing out of a decision to use the facial recognition software of a contractor, ID.me. The letter notes many problems with facial recognition technology, ranging from misidentification of people of color to issues with how a private contractor might use its possession of personal biometric data in the marketplace.
One portion of this letter precisely describes PPSA’s concerns with government-mandated facial recognition technology:
“The use of third-party face verification service also creates needless security issues facilitated by government agencies forcing individuals to hand over biometric data to a private company. Biometric data, particularly faceprints, are increasingly becoming targets for fraudulent activity. The likely result of federal and state agencies using faces as a credential to access sensitive information will be large-scale data breaches of a credential that cannot easily be changed."
PPSA has long noted, as the letter states: “There is no comprehensive law regulating the collection, use, disclosure, and retention of biometric data.”
Given the dire consequences for privacy and civil liberties of a hack of millions of Americans’ biometric data, PPSA joins our peers in calling on the government to halt the use of facial recognition technology. We should not even consider this technology for public services until the government has put in place the legal governance and cybersecurity needed to protect Americans.