FACEBOOK, FACE RECOGNITION, AND PRIVACY

June 16, 2011

As I was reading about the launch last week of Facebook’s face recognition software that automatically “tags” photos that look like you, I was reminded of those “separated at birth” magazine features that would pair two carefully selected photographs of unrelated celebrities and the juxtaposition would highlight their similarities to funny, sometime hilarious, effect.  Now, instead of magazine editors eyeballing side-by-side photographs, Facebook software is drawing the comparisons. While having a computer map your face and match it to a photo might be kinda creepy, I for one will not object to an automatic photo tag and might even enjoy a mis-tag if it means the revelation of some random far away twin.   

Privacy advocates are less humored.  The Electronic Privacy Information Center (EPIC), joined by The Privacy Rights Clearinghouse and Consumer Watchdog and others, has filed a complaint (pdf) with the Federal Trade Commission (FTC) to order Facebook to suspend the feature.  Members of the Congress have expressed public support for the complaint and have encouraged further FTC involvement. Yesterday the Connecticut Attorney General requested a meeting with Facebook to discuss photo tagging. 

The concerns center less on the creepy factor, and more on Facebook’s policy of automatically enabling the feature instead of offering its users the option of enabling it themselves in the first instance. Unless Facebook users affirmatively opt-out by following a series of detailed steps on the site, they will automatically be subject to the feature and run the risk of having the system identify (or misidentify) them is photos. Further, once an automatic tagging takes place, the tag might be shared and stored without the knowledge of the user. To undo this, users are forced to search for the disclosures and then figure out how to deactivate the tags. 

Facebook defends opting-out by pointing out that the policy facilitates “sharing” and “community building,” concepts that all Facebook users buy into when they sign up for the service.  But some commentators are suggesting ulterior motives – that by capturing identity information from unwitting users and those less savvy about navigating the (somewhat confusing) privacy settings, Facebook is mining for data in an attempt to “inflating its commercial value as it nears an initial public offering.”    

Facebook is certainly no stranger to privacy objections. EPIC  has now filed three complaints with the FTC questioning Facebook privacy settings and challenging the dissemination of address and phone information to third-parties.  Facebook has also been listed as a defendant in at least a dozen cases involving privacy concerns, the two most notable of which are the In re Facebook Privacy Litigation (5:10cv02389) case currently making its way through the Northern District of California court system and a class action complaint (2011 WL 1663627) filed in the Eastern District of New York just last month alleging that Facebook misappropriated the names and likeness of minors without parental consent.* 

But it remains unclear whether any laws have been broken or rights violated.  Courts have long held that there is no expectation of privacy in information an individual knowingly exposes to the public. See e.g. California v. Greenwood, 486 U.S. 35 (1988).  Nor was I able to find any case drawing into question the practice of up-front gathering of personal information on websites for behavioral or advertising purposes.

To date, no court has ruled against Facebook in a case with wide ranging privacy implications.  

*I searched Westlaw for Complaints against Facebook using the following terms and connectors in FILING-ALL:

 (TI,PR(FACEBOOK) & (PRIVACY /3 INV! ACT SETTING CONCERN) & (CONSUMER /3 PROTECT!) (UNFAIR! /3 COMPET!)) & ((DT(COMPLAINT PETITION) % DT(BRIEF MOTION MEMORAN! REPLY RESPONSE ANSWER COUNTER-CLAIM COUNTER-PETITION CROSS-CLAIM COUNTER-COMPLAINT COUNTER-SUIT)))