San Francisco bans agencies from using facial recognition technology

San Francisco has banned the use of facial recognition technology by local government agencies, becoming the first US city to do so, reports the New York Times. The ban applies to 53 city departments, including the police, which doesn’t use the technology but had tested it from 2013 to 2017, per CNN. It is part of a broader anti-surveillance ordinance (read a copy of it here, and excerpts below) that the city’s Board of Supervisors approved 8-1 on Tuesday. Under the new ordinance, city departments must also disclose any surveillance technologies that they use or plan to use, and must also spell out policies regarding them that must then be approved by the Board of Supervisors. The ban does not prevent individuals or businesses from using facial recognition technology, and does not apply to areas under federal jurisdiction such as ports and airports. The ordinance will become law when the Board of Supervisors ratifies the vote next week, the report said.

Highlights of San Francisco’s anti-surveillance ordinance

Here are some excerpts from chapter 19B of the anti-surveillance ordinance, lightly edited for clarity:

A department must obtain Board of Supervisors approval before:

1. Seeking funds for surveillance technology, including but not limited to applying for a grant, or accepting state or federal funds, or public or private in-kind or other donations
2. Acquiring or borrowing new surveillance technology, with or without the exchange of monies or other consideration
3. Using new or existing surveillance technology for a purpose, in a manner, or in a location not specified in a Surveillance Technology Policy ordinance approved by the Board
4. Entering into agreement with a non-city entity to acquire, share, or otherwise use surveillance technology
5. Entering into an oral or written agreement under which a non-city entity or individual regularly provides the department with data or information acquired through the entity’s use of surveillance technology.

The use of surveillance technology may be approved only in the following way:

1. The department seeking board approval first submits a Surveillance Impact Report to the Committee on Information Technology (COIT) for the surveillance technology to be acquired or used
2. Based on this report, COIT develops a Surveillance Technology Policy for the surveillance technology to be acquired or used
3. COIT recommends at a public hearing that the Board of Supervisors adopt, adopt with modifications, or decline to adopt the Surveillance Technology Policy

Notwithstanding the provisions of this chapter, it shall be unlawful for any department to obtain, retain, access, or use:

1) Any face recognition technology

2) Any information obtained from face recognition technology. A Department’s inadvertent or unintentional receipt, retention access to, or use of any information obtained from Face Recognition Technology shall not be a violation of this subsection, provided that: (a) the department does not request or solicit its receipt, access to, or use of such information; and (2) the department logs such receipt, access to, or use in its Annual Surveillance Report.

On the use of surveillance technology for law enforcement, the ordinance says:

If either the District Attorney or Sheriff certifies in writing to the Controller that acquisition of surveillance technology is necessary to perform an investigative or prosecutorial function and provides in writing to the Controller either an explanation of how compliance with this chapter will obstruct their investigative or prosecutorial function, or a declaration that the explanation itself will obstruct either function… the Board may hold a hearing and request that the District Attorney or Sheriff appear and respond to its questions regarding such certification, explanation, and/or declaration. The written certification shall specify the Surveillance Technology acquired, or to be acquired.

Facial recognition – benefits and downsides

Governments – including India’s – have used facial recognition technology for years and while it has its benefits, its effectiveness as a surveillance tool means it can easily be used for nefarious reasons. Last April, the Delhi police used the technology on 45,000 children living in various children’s homes and found that almost 3,000 of them had been listen as missing. They were soon reunited with their families. Soon after, National Commission for Protection of Child Rights (NCPCR) encouraged the use of the technology. “If such a type of software helps trace missing children and reunite them with their families, nothing can be better than this,” an NCPCR member told NDTV.

More controversially, facial recognition is used with the Aadhaar scheme. Last August, the Unique Identification Authority of India (UIDAI), which runs Aadhaar, mandated facial recognition – with on-the-spot pictures – for every authentication that requires Aadhaar, per the Times of India. Previously, Aadhaar authentication involved only fingerprints or iris scans. Facial authentication is problematic as it poses security and privacy concerns, and possibly expands the scope for surveillance of Aadhaar holders. An individual’s photograph is classified as ‘biometric information’ under section 2(g) of the Aadhaar Act, 2016.

In 2017 UIDAI had told the Supreme Court that the Aadhaar system could not be used for surveillance, per HuffPost. It said there were safeguards built into the law and its systems to ensure that the government could not use Aadhaar for surveillance even if a court were to permit them. But documents from State Resident Data Hubs (SRDHs) subsequently showed that they were building a 360-degree profile of citizens, which the Aadhaar Act specifically prohibits.