Yesterday's Department of Commerce/NTIA "multistakeholder" meeting to develop privacy "codes of conduct" provided more evidence on why the concept of Internet governance by so-called stakeholders is a oxymoron. A great deal is at stake here, since the Obama Administration has placed the future of American privacy largely in the hands of this DC lobbyist dominated group. Europeans also stand to lose here, as the U.S. approach to privacy protection becomes embodied with ineffective self-regulatory codes that enable wide-spread data collection.
CDD has been the leading NGO calling for the NTIA and the industry to engage in a serious examination of actual digital data collection and use practices, through a focused effort identifying current research, current market practices, and a better understanding of the near-term impact these technologies will have on consumers and citizens (such as with facial recognition, the issue now the focus of the current stakeholder group). The NTIA has demonstrated it really doesn't want to help get to the core of the issues, by identifying the key research and market elements that could lead to more effective decision-making--something incredibly important when you are discussing technologies such as facial recognition that expand commercial surveillance in far-reaching ways. There's a great deal at stake here for democracy, given the rapid growth of commercial services that constantly track us online and off--they know our social media history, credit score, actual "hyper-location," online browsing and buying--and even our facial and other physical characteristics.
Two examples of why the NTIA process cannot be relied on to develop effective ways to protect privacy were evident yesterday. First, we presented NTIA and the stakeholders with information on the extensive academic and commercial research infrastructure focused on facial recognition (FR). There are numerous scholarly conferences, scholarly papers, academic centers, industry-sponsored tutorials, and industry presentations. Google, Facebook, IBM and many others regularly financially support these FR academic conferences [see CVPR Sponsors for example, attached]. There are even FR "101" basic classes with online syllabi and readings. ("The goal of computer vision: To bridge the gap between pixels and meaning." from Stanford class.)
What even a cursory review of this material reveals is that facial recognition involves the intersection of multiple research disciplines that have serious consequences for privacy, consumer protection, and human rights. They include areas such as machine learning, computer vision, affective computing (computational and psychological modes of emotion), Deep Learning, Neural Networks, and Artificial Intelligence. There is publicly available FR research on crowd forecasting, socially intelligent surveillance, online social behavior modeling and more. One learns that Facebook has hired a leading FR researcher from NYU who works on Deep Learning; he will be working at the company's new Artificial Intelligence group (Prof. Fergus writes on his website that "Facebook first announced the AI Group in September to work on problems in deep learning, machine learning and computer vision").
Reviewing this research and industry activity also underscores how Google, Intel, Microsoft, Disney, Amazon and other leading companies are working on FR applications. But so far, Facebook, Google and most others have refused to discuss at these stakeholder sessions what that have created; are working on; plan to do, etc. While the NTIA stakeholder group has a number of industry trade (lobbying) associations involved (IAB, Internet Association, etc), they are there to protect the interests of their industry and members--they too have refused to speak out about what their members (which include Google and Facebook) do. We asked the NTIA yesterday to call on the companies in the room--which included reps from Facebook and Google--to tell us what they are doing; the NTIA rep refused. Its staffer said they couldn't call out companies in a government run meeting. If the NTIA can't get to the core of what's going on, they shouldn't be involved in this process at all.
So the Administration's initiative designed to protect our privacy is willing to operate in the dark when it comes to addressing FR--without information, analysis on what's really going on; how it works with the other parts of the data collection process; where it will be in 6 months or next year. It's a shameful proceeding. It's clear that consumer, public interest, civil rights and other NGOs and concerned groups need to become involved, and raise the moral and ethical dimensions about FR and the stakeholder process.