Some Colorado schools are using cameras with facial recognition as a security measure. As it often does, this has raised worries and concerns about civil rights.

Facial recognition technology has become a political hot button in security, but many of the concerns don’t make sense — especially in the context of facial recognition being used by private businesses for security and access control.

Why arguments against facial recognition don’t make sense

The privacy arguments against facial recognition are arguments we’ve already had in the security industry.

Cameras, which are now considered to be a staple of security technology, caused many of the same privacy concerns we’re now hearing about facial recognition: people were worried about their image being captured, about spying, and about being misidentified and charged with a crime they did not commit. There were concerns that no one would want to work in an environment where they were being filmed.

Yet despite these concerns, cameras are ubiquitous now. Homes use cameras in their Ring doorbells. Some cars have cameras. A business is now considered negligent if it does not use cameras to monitor its sites. We use camera footage as evidence in criminal investigations.

Facial recognition offers many of the same benefits as cameras, along with the potential for greater accuracy, which should be good news for those who are concerned about being misidentified.

To understand the benefits, however, it may help to understand how facial recognition is being used by private businesses.

Use cases for facial recognition in private business

There are two primary reasons a business might want to use facial recognition.

• Access control: Large enterprises and other organizations with closed sites are likely to use facial recognition to verify your identity before allowing a person on-site. Like the TSA, access control algorithms will compare a person’s face to the photos they have on file. This is something we already do with badges, except it’s an officer verifying the photo. This form of access control may also mean that employees won’t need to carry badges at some sites, which is a benefit because badges are often lost or stolen.

• Identifying criminals: Retail establishments are likely to use facial recognition to identify thieves and other troublemakers. If someone has stolen from a store, the facial recognition technology will flag them in the system and alert the staff if the person returns. At the least, this will prevent a thief from returning to a store, but it may also help retailers prosecute those who have stolen. Once again, this is something that is already done; camera footage, photos, and eye witnesses already identify and bar known criminals from returning to some stores. The benefit is greater accuracy.

In both cases, any person who is being identified is on the business’s property. The company has the right to verify their identity.

What are people saying about facial recognition?

Below are some of the most common arguments against facial recognition:

• “Facial recognition technology violates my privacy”: When we are in public, our images aren't protected. We can be photographed or videoed in any public place without permission. People may recognize us on the street, in photos, and in videos. Facial recognition is simply an extension of this.

• “Law enforcement has no right to store someone’s image”: Yes - any technology can conceivably be misused. However, the ability of law enforcement to use a tool like facial recognition outweighs the negatives. Put yourself in the victims’ shoes; if facial recognition can be used to solve a loved one’s murder, why wouldn’t we use it? I agree that systems have been misused in the past, and there are controls that should be put in place to ensure that these issues do not arise.

• “Facial recognition is likely to misidentify people”: This is something that has happened, however, we’d argue that it’s not the technology at fault but those who are using it. Detroit police are being sued formaking a faulty arrest based on facial recognition technology. The misidentified victim alleges that police relied on the technology without asking basic questions that would have proved her innocence. We agree that those who implement this technology need to follow guidelines and best practices rather than simply trusting AI. Facial recognition and AI are powerful tools, but they are just that: tools. They cannot replace police work.

• “Facial recognition can be tricked with masks or hats”: So can cameras. So can human beings. Facial recognition is no more trickable than the naked eye.

• “My face could be stolen and used for a deepfake”: Your face is likely already online. If a criminal wants to steal your image, it’s easier to go to a profile on social media and use images or videos you posted there. As for personal information being stolen from a company, there are many other important pieces of personal data at risk from cyber criminals. Companies need to take precautions to protect them all, including people’s faces.

Like any new technology, facial recognition is a tool. Any technology can be used for nefarious purposes. A few years ago, there were concerns about drones. We can’t stop threat actors from coming up with criminal uses for new technology; they will do that no matter what.

What we can do is work with the new technology, understand it, and learn how to protect ourselves from any misuse. We can also use technology like facial recognition to streamline access control, improve our security posture, and make our sites safer.

Does your organization need facial recognition technology?

It's tempting to implement technology just because it’s new and exciting, but not every site needs cameras with facial recognition technology, and in some cases local regulations or industry standards may not allow it.

The best way to know if your site can benefit from facial recognition — or any other technology is to assess your security needs. Security risk assessment software, like Circadian Risk, allows you to collect risk data from all your sites, and see that information in one dashboard. A risk assessment platform lets you see at a glance which sites are at risk, and which security measures will work best for each site.

Learn more about how leading edge technology can improve your security posture. Schedule your personalized demo today.

About the Author

Daniel Young

Founder & Chief Innovation Officer

Daniel has been a security and risk advisor for more than 10 years, and is passionate about helping companies to better understand their risks to undesirable events on a daily basis. Dan previously served as the Regional Bioterrorism Coordinator for District 1 in Michigan, where he was instrumental in preparing communities for catastrophic incidents. He has also acted as the Private Security Liaison for the City of Lansing’s Critical Infrastructure Team, which identified and documented deficiencies in the city’s critical infrastructure.

He is a Co-Founder of the CSO Risk Council, a think tank of seasoned security professionals and thought leaders with extensive experience in managing the physical security and risks of large enterprises consisting of multiple sites and whose mission is to create a better process to develop and share innovative solutions and pertinent information with organizations to improve safety and security risk by providing a forum to discuss best practices and recommendations for specific risk scenarios and to network with other enterprise security professionals.