MegaFace facial recognition dataset origin raises privacy and liability concerns
Pictures of two kids from Illinois made it to a biometric facial recognition database after their mom created a Flickr profile in 2005 and forgot it ever existed, writes the New York Times. Later research shows millions of images that had once been posted on the social networks ended up in the MegaFace database, without the account owners’ knowledge. MegaFace was partially financed by Samsung, Google’s Faculty Research Award, and by the National Science Foundation/Intel.
According to the Times, the database is easily accessible for download and has been used by companies including Google, Amazon, Ntechlab, Mitsubishi Electric, Tencent, and SenseTime to test or train their facial recognition algorithms to monitor terrorists or protesters, and even the general public. Because facial recognition encounters problems when detecting children, the photos of kids were used to improve the algorithms. Some of the individuals appearing in the dataset are not pleased their images have been repurposed in this way, the Times reports.
The Illinois’ Biometric Information Privacy Act (BIPA) protects residents of Illinois, giving Illinois residents the clear way to take the company to court for using their biometric data without consent, but the companies that downloaded the database claim they were unaware of what they were getting themselves into. They could face a potential class action suit, with liability of thousands of dollars per violation. While the photos could legally be shared due to creative commons of commercial use licenses, running biometric algorithms on images of Illinois residents runs the risk of BIPA exposure.
“Photos themselves are not covered by the Biometric Information Privacy Act, but the scan of the photos should be. The mere use of biometric data is a violation of the statute,” said Faye Jones, a law professor at the University of Illinois. “Using that in an algorithmic contest when you haven’t notified people is a violation of the law.”
Although it does not contain their names, the photos can be traced back to the owners.
For two years in a row, the University of Washington organized the “MegaFace Challenge,” where more than 300 biometric companies participated overall to test their algorithms if they used the data for “noncommercial research and educational purposes.”
The University of Washington declined to comment.
Other companies accused of violating the Illinois’ Biometric Information Privacy Act include Facebook, Vimeo, The Home Depot and Lowes.
Article Topics
algorithms | biometric data | Biometric Information Privacy Act (BIPA) | biometric testing | biometrics | data protection | dataset | facial recognition | MegaFace | privacy
Comments