“Facebook’s omnipresent empire was built on deception, lies and brazen abuses of Texans’ privacy rights – for Facebook’s own commercial gain,” said Ken Paxton, Attorney General of Texas.
The US state of Texas has filed a lawsuit against Meta’s Facebook for allegedly capturing biometric identifiers of residents through the platform’s facial recognition feature that was discontinued towards the end of 2021.
The lawsuit filed in the 71st Judicial District Court on February 14 alleged that Facebook —
- Disclosed biometric data to other entities
- Captured the biometric data without a Texan resident’s informed consent
- Failed to destroy the biometric data that it had collected within ‘reasonable time’
“There can be no free pass for Facebook unlawfully invading the privacy rights of tens of millions of Texas residents by misappropriating their data and putting one of their most personal and valuable possessions – records of their facial geometry – at risk from hackers and bad actors, all to build an AI-powered virtual-reality empire. The State brings this suit to hold Facebook accountable for covertly flouting Texas law for more than a decade and to stop Facebook from ever again violating the rights of Texans for its commercial gain.” — Lawsuit
Backlash against the use of facial recognition in Western countries has been growing, forcing many organisations that were planning to deploy this technology, to roll it back. In contrast, India has seen rising cases of facial recognition in both public and private sectors since the COVID-19 pandemic and subsequent lockdowns.
Facebook did not inform users of its facial recognition practices: Lawsuit
Arguing that Meta’s Facebook had harmed Texans by undertaking facial recognition, the lawsuit made the following key points —
Texans were ‘oblivious’ to biometric collection: The lawsuit said that Texans were ‘oblivious’ to the fact that Facebook was capturing biometric information from photos and videos that users had uploaded for sharing with family and friends. “Unbeknownst to users, Facebook was disclosing users’ personal information to other entities who further exploited it,” the lawsuit said.
Untimely deletion exposed Texans to harm: The lawsuit alleged that Facebook failed to destroy collected biometric identifiers ‘within a reasonable time’, exposing Texans to ever-increasing risks to their well-being, safety, and security. “When information is wrongfully obtained to begin with, holding it for any amount of time is unreasonably long,” it read.
Facebook captured those not on the platform: “For Texans who did not use Facebook’s social-media services, Facebook was still capturing hundreds of millions of biometric identifiers from photos and videos innocently uploaded by friends and family who did use Facebook. There was no way for such non-users to know of or contest this exploitation,” the lawsuit said.
Which laws did Facebook allegedly violate?
Specifically, the lawsuit said that Facebook violated Capture or Use of Biometric Identifier Act (CUBI) and Texas Deceptive Trade Practices Consumer Protection Act (DTPA). Let’s take a look at what these laws state —
CUBI: This was introduced in 2009 to regulate the commercial capture of biometric identifiers, according to the lawsuit. The law requires entities to obtain informed consent for the processing of biometrics.
Under CUBI, the lawsuit said, “A person may not capture a biometric identifier of an individual for a commercial purpose unless the person first:
- Informs the individual before capturing the biometric identifier
- Receives the individuals’ consent to capture the biometric identifier”
The law also states that an entity in possession of a biometric identifier should not disclose it to anybody else.
DTPA: The DTPA lists many practices that are false, deceptive, or misleading. The law says that when one falls victim to illegal practices covered by the DTPA, one has the right to sue for damages under the act.
“Through these practices Facebook has not only disregarded its users’ privacy, it has also violated the DTPA and CUBI, which was designed to protect Texas residents from practices precisely like Facebook’s covert facial recognition program. In particular Facebook has violated CUBI by failing to obtain consent prior to capturing Texans’ biometric identifiers for its commercial gain, disclosing their identifiers to other entities, and failing to timely destroy them.” – Lawsuit
What does the lawsuit intend to achieve?
In the lawsuit, the Attorney General prayed that the court prohibit Facebook from violating CUBI and DTPA by ordering it to —
- Discontinue its commercial use of any information obtained through ‘unlawful’ capture of biometric identifiers in Texas
- Destroy information that Facebook has collected from ‘unlawful’ capture of biometric identifiers in Texas
- Destroy any neural network or algorithm trained or improved using biometric identifiers
- Make best efforts to retrieve any information from third parties that may possess such information as a result of Facebook’s unlawful disclosure of that information.
Further, the court was asked to order Facebook to pay a penalty of $25,000 for each violation of CUBI, and $10,000 for each violation of DTPA.
Facebook has disabled its facial recognition feature
In November 2021, days after Facebook changed its name to Meta in a bid to be known for more than social media and its ills, the company announced that it was shutting down its facial recognition programme.
“We need to weigh the positive use cases for facial recognition against growing societal concerns, especially as regulators have yet to provide clear rules,” said Jerome Pesenti, VP of Artificial Intelligence at Meta.
What did it impact?
- From now on, people (almost 1/3rd of Facebook users) who opted in for Facebook’s facial recognition system will no longer be automatically recognised in photos and videos.
- The social media platform intends to delete more than a “billion people’s individual facial recognition template”, Pesenti said. “If you have the face recognition setting turned off, there is no template to delete and there will be no change,” he added.
- This will also have an impact on Automatic Alt Text (AAT), which is a tool that creates image descriptions for blind and visually-impaired people. “After this change, descriptions will no longer include the names of people recognised in photos but will function normally otherwise,” Pesenti said.
- People will no longer be able to turn on face recognition for suggested tagging or see a suggested tag with their name in photos and videos they may appear in, Pesenti said.
IRS backs down from its facial recognition proposal
The US Internal Revenue Service (IRS) announced that it will stop availing third-party service for facial recognition that was being used to authenticate people who create new accounts on its online platform. In a press release on February 7, the IRS said that during the transition, it will quickly develop and bring online an additional authentication process that does not involve facial recognition.
The agency had originally said that all taxpayers would need to submit a “video selfie” to authenticate themselves and access their tax records and other services on the IRS website, according to a Washington Post report.
However, the report said that the decision evoked criticism from lawmakers and advocates saying that it would be unfair towards those who do not have access to smartphones or computer cameras, towards people of colour, and it would also be vulnerable to hackers.
- The use of facial recognition technology for policing in Delhi: An empirical study of potential religion-based discrimination
- Lucknow Safe City Project: Uttar Pradesh To Deploy Facial Recognition, ‘Label’ Faces Of Suspects
- Legal Notice To Hyderabad Police Commissioner Highlights Lack Of Lawfulness Of Facial Recognition Measures
- RTI: Kolkata, Delhi Police Refuse To Give Information On Facial Recognition Systems
Have something to add? Subscribe to MediaNama here and post your comment.