[Senate Hearing 112-851]
[From the U.S. Government Publishing Office]


                                                        S. Hrg. 112-851

 
    WHAT FACIAL RECOGNITION TECHNOLOGY MEANS FOR PRIVACY AND CIVIL 

                               LIBERTIES
=======================================================================


                                HEARING

                               before the

                        SUBCOMMITTEE ON PRIVACY

                         TECHNOLOGY AND THE LAW

                                 of the

                       COMMITTEE ON THE JUDICIARY

                          UNITED STATES SENATE

                      ONE HUNDRED TWELFTH CONGRESS

                             SECOND SESSION

                               __________

                             JULY 18, 2012

                               __________

                          Serial No. J-112-87

                               __________

         Printed for the use of the Committee on the Judiciary





                  U.S. GOVERNMENT PRINTING OFFICE
86-599                    WASHINGTON : 2014
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001



                       COMMITTEE ON THE JUDICIARY

                  PATRICK J. LEAHY, Vermont, Chairman
HERB KOHL, Wisconsin                 CHUCK GRASSLEY, Iowa
DIANNE FEINSTEIN, California         ORRIN G. HATCH, Utah
CHUCK SCHUMER, New York              JON KYL, Arizona
DICK DURBIN, Illinois                JEFF SESSIONS, Alabama
SHELDON WHITEHOUSE, Rhode Island     LINDSEY GRAHAM, South Carolina
AMY KLOBUCHAR, Minnesota             JOHN CORNYN, Texas
AL FRANKEN, Minnesota                MICHAEL S. LEE, Utah
CHRISTOPHER A. COONS, Delaware       TOM COBURN, Oklahoma
RICHARD BLUMENTHAL, Connecticut
            Bruce A. Cohen, Chief Counsel and Staff Director
        Kolan Davis, Republican Chief Counsel and Staff Director
                                 ------                                

            Subcommittee on Privacy, Technology and the Law

                    AL FRANKEN, Minnesota, Chairman
CHUCK SCHUMER, New York              TOM COBURN, Oklahoma
SHELDON WHITEHOUSE, Rhode Island     ORRIN G. HATCH, Utah
RICHARD BLUMENTHAL, Connecticut      LINDSEY GRAHAM, South Carolina
                Alvaro Bedoya, Democratic Chief Counsel
               Elizabeth Hays, Republican General Counsel



                            C O N T E N T S

                              ----------                              

                    STATEMENTS OF COMMITTEE MEMBERS

                                                                   Page

Franken, Hon. Al, a U.S. Senator from the State of Minnesota.....     1
    prepared statement...........................................   123
Sessions, Hon. Jeff, a U.S. Senator from the State of Alabama....     4

                               WITNESSES

Witness List.....................................................    37
Pender, Jerome, M., Deputy Assistant Director, Criminal Justice 
  Information Services Division, Federal Bureau of Investigation, 
  U.S. Department of Justice, Clarksburg, West Virginia..........     6
    prepared statement...........................................    39
Mithal, Maneesha, Associate Director, Division of Privacy and 
  Identity Protection, Federal Trade Commission, Washington, DC..     8
    prepared statement...........................................    44
Martin, Brian, Director of Biometric Research, MorphoTrust USA, 
  Jersey City, New Jersey........................................    14
    prepared statement...........................................    57
Acquisti, Alessandro, Associate Professor, Heinz College ad 
  CyLab, Carnegie Mellon University, Pittsburgh, Pennsylvania....    16
    prepared statement...........................................    63
Amerson, Larry, Sheriff, Calhoun County, Alabama, Anniston, 
  Alabama, on Behalf of the National Sheriffs' Association.......    18
    prepared statement...........................................    75
Farahany, Nita A., Professor of Law, Duke Law School, and 
  Professor of Genome Sciences & Policy, Institute for Genome 
  Sciences & Policy, Duke University, Durham, North Carolina.....    19
    prepared statement...........................................    81
Sherman, Rob, Manager of Privacy and Public Policy, Facebook, 
  Washington, DC.................................................    22
    prepared statement...........................................    92
Lynch, Jennifer, Staff Attorney, Electronic Frontier Foundation, 
  San Francisco, California......................................    23
    prepared statement...........................................   100

                               QUESTIONS

Questions submitted by Hon. Al Franken for Jerome Pender, 
  Maneesha Mithal, Brian Martin, Alessandro Acquisti, Rob 
  Sherman, and Jennifer Lynch....................................   127

                         QUESTIONS AND ANSWERS

Responses of Jerome Pender to questions submitted by Senator 
  Franken........................................................   134
Responses of Maneesha Mithal to questions submitted by Senator 
  Franken........................................................   137
Responses of Brian Martin to questions submitted by Senator 
  Franken........................................................   139
Responses of Alessandro Acquisti to questions submitted by 
  Senator Franken................................................   141
Responses of Rob Sherman to questions submitted by Senator 
  Franken........................................................   145
Responses of Jennifer Lynch to questions submitted by Senator 
  Franken........................................................   147

                MISCELLANEOUS SUBMISSIONS FOR THE RECORD

Face Book, Facebook.com:
    Approving and Removing Tag, instructions.....................   149
Detroit, Michigan, Code of Ordinance, City code..................   150
Electronic Privacy Information Center (EPIC), Marc Rotenberg, 
  Executive Director, Ginger P. McCall, Director, Open Government 
  Program, and David Jacobs, Consumer Protection Fellow, July 18, 
  2012, joint letter.............................................   155
Federal Bureau of Investigation, Richard W. Vorder Bruegge, 
  Quantico, Virginia, report.....................................   156
Westlaw, Thomson Teuters:
    Federal Anti-Protest law, Public Law--112-98, March 8, 2012..   174
    Hawaii Anti-Protest law, Title 38, Chapter 852, HRS 852-1...   176
    Illinois Anti-Protest law, Chapter 740, Act 14...............   179
    Maryland Anti-Protest law, Maryland Code, Criminal Law,  10-
      201........................................................   185
    Michigan law allowing anti-protest ordinance.................   202
Security Industry Association (SIA), Don Erickson, Chief 
  Executive Officer, Alexandria, Virginia, January 31, 2012, 
  letter.........................................................   266
    Tag Suggestions, instructions: Windows Photo Viewer..........   268
    Texas Anti-Protest law, V.T.C.A, Business & Commerce  
      503.001....................................................   269

                 ADDITIONAL SUBMISSIONS FOR THE RECORD

Submissions for the record not printed due to voluminous nature, 
  previously printed by an agency of the Federal Government, or 
  other criteria determined by the Committee, list:..............   273

EPIC Comments--January 31, 2012.: http://www.ftc.gov/os/comments/
  facialrecognitiontechnology/00083-0982624.pdf..................   273
National Institute of Justice (NIJ), William A. Ford, Director, 
  State of Research, Development and Evaluation.: T3https://
  www.eff.org/sites/default/files/ford-State-of-Research-
  Development-and-Evaluation-at-NIJ.pdf#page=17..................   274
Farahany, Nita A., Testimony Attachment--Pennsylvania Law Review: 
  http://www.pennumbra.com/issues/pdfs/160-5/Farahany.pdf........   273


    WHAT FACIAL RECOGNITION TECHNOLOGY MEANS FOR PRIVACY AND CIVIL 
                               LIBERTIES

                              ----------                              


                        WEDNESDAY, JULY 18, 2012

                                       U.S. Senate,
          Subcommittee on Privacy, Technology, and the Law,
                                Committee on the Judiciary,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 2:36 p.m., in 
Room SD-226, Dirksen Senate Office Building, Hon. Al Franken, 
Chairman of the Subcommittee, presiding.
    Present: Senators Franken, Whitehouse, and Blumenthal.
    Also present. Senator Sessions.

 OPENING STATEMENT OF HON. AL FRANKEN, A U.S. SENATOR FROM THE 
                       STATE OF MINNESOTA

    Chairman Franken. This hearing will be called to order. 
Welcome to the fourth hearing of the Subcommittee on Privacy, 
Technology, and the Law. Today's hearing will examine the use 
of facial recognition technology by the Government and the 
private sector and what that means for privacy and civil 
liberties.
    I want to be clear: There is nothing inherently right or 
wrong with facial recognition technology. Just like any other 
new and powerful technology, it is a tool that can be used for 
great good. But if we do not stop and carefully consider the 
way we use this technology, it could also be abused in ways 
that could threaten basic aspects of our privacy and civil 
liberties. I called this hearing so we can just start this 
conversation.
    I believe that we have a fundamental right to control our 
private information, and biometric information is already among 
the most sensitive of our private information, mainly because 
it is both unique and permanent. You can change your password. 
You can get a new credit card. But you cannot change your 
fingerprint, and you cannot change your face--unless, I guess, 
you go to a great deal of trouble.
    Indeed, the dimensions of our faces are unique to each of 
us--just like our fingerprints. And just like fingerprint 
analysis, facial recognition technology allows others to 
identify you with what is called a ``faceprint''--a unique file 
describing your face.
    But facial recognition creates acute privacy concerns that 
fingerprints do not. Once someone has your fingerprint, they 
can dust your house or your surroundings to figure out what you 
have touched.
    Once someone has your faceprint, they can get your name, 
they can find your social networking account, and they can find 
and track you in the street, in the stores that you visit, the 
Government buildings you enter, and the photos your friends 
post online. Your face is a conduit to an incredible amount of 
information about you, and facial recognition technology can 
allow others to access all of that information from a distance, 
without your knowledge, and in about as much time as it takes 
to snap a photo.
    People think of facial recognition as something out of a 
science fiction novel. In reality, facial recognition 
technology is in broad use today. If you have a driver's 
license, if you have a passport, if you are a member of a 
social network, chances are good that you are part of a facial 
recognition data base.
    There are countless uses of this technology, and many of 
them are innovative and quite useful. The State Department uses 
facial recognition technology to identify and stop passport 
fraud--preventing people from getting multiple passports under 
different names. Using facial recognition technology, Sheriff 
Larry Amerson of Calhoun County, Alabama, who is with us here 
today, can make sure that a prisoner being released from the 
Calhoun County jail is actually the same prisoner that is 
supposed to be released. That is useful. Similarly, some of the 
latest smartphones can be unlocked by the owner by just looking 
at the phone and blinking.
    But there are uses of this technology that should give us 
pause.
    In 2010, Facebook, the largest social network, began 
signing up all of its then 800 million users in a program 
called Tag Suggestions. Tag Suggestions made it easier to tag 
close friends in photos, and that is a good thing.
    But the feature did this by creating a unique faceprint for 
every one of those friends. And in doing so, Facebook may have 
created the world's largest privately held data base of 
faceprints--without the explicit consent of its users. To date, 
Tag Suggestions is an opt-out program. Unless you have taken 
the time to turn it off, it may have already been used to 
generate your faceprint.
    Separately, last year, the FBI rolled out a Facial 
Recognition Pilot program in Maryland, Michigan, and Hawaii 
that will soon expand to three more States. This pilot lets 
officers in the field take a photo of someone and compare it to 
a Federal data base of criminal mug shots. The pilot can also 
help ID a suspect in a photo from an actual crime. Already, 
several other States are setting up their own facial 
recognition systems independently of the FBI. These efforts 
will catch criminals. In fact, they already have.
    Now, many of you may be thinking that that is an excellent 
thing, and I agree. But unless law enforcement facial 
recognition programs are deployed in a very careful manner, I 
fear that these gains could eventually come at a high cost to 
our civil liberties.
    I fear that the FBI pilot could be abused to not only 
identify protesters at political events and rallies, but to 
target them for selective jailing and prosecution, stifling 
their First Amendment rights. Curiously enough, a lot of the 
presentations on this technology by the Department of Justice 
show it being used on people attending political events or 
other public gatherings.
    I also fear that without further protections, facial 
recognition technology could be used on unsuspecting civilians 
innocent of any crime, invading their privacy and exposing them 
to potential false identifications.
    Since 2010, the National Institute of Justice, which is a 
part of DOJ, has spent $1.4 million to develop facial 
recognition-enhanced binoculars that can be used to identify 
people at a distance and in crowds. It seems easy to envision 
facial recognition technology being used on innocent civilians 
when all an officer has to do is look at them through his 
binoculars or her binoculars.
    But facial recognition technology has reached a point where 
it is not limited to law enforcement and multi-billion-dollar 
companies. It can also be used by private citizens. Last year, 
Professor Alessandro Acquisti of Carnegie Mellon University, 
who is testifying today, used a consumer-grade digital camera 
and off-the-shelf facial recognition software to identify one 
out of three students walking across a campus.
    I called this hearing to raise awareness about the fact 
that facial recognition already exists right here, today, and 
we need to think about what that means for our society. I also 
called this hearing to call attention to the fact that our 
Federal privacy laws are almost totally unprepared to deal with 
this technology.
    Unlike what we have in place for wiretaps and other 
surveillance devices, there is no law regulating law 
enforcement use of facial recognition technology. And current 
Fourth Amendment case law generally says that we have no 
reasonable expectation of privacy in what we voluntarily expose 
to the public; yet we can hardly leave our houses in the 
morning without exposing our faces to the public. So law 
enforcement does not need a warrant to use this technology on 
someone. It might not even need to have a reasonable suspicion 
that the subject has been involved in a crime.
    The situation for the private sector is similar. Federal 
law provides some protection against true bad actors that 
promise one thing yet do another. But that is pretty much as 
far as the law goes. If a store wants to take a photo of your 
face when you walk in and generate a faceprint--without your 
permission--they can do that. They might even be able to sell 
it to third parties.
    Thankfully, we have a little time to do better. While this 
technology will in a matter of time be at a place where it can 
be used quickly and reliably to identify a stranger, it is not 
there quite just yet. And so I have called the FBI and Facebook 
here today to challenge them to use their position as leaders 
in their fields to set an example for others before this 
technology is used pervasively.
    The FBI already has some privacy safeguards in place. But I 
still think that they could do more to prevent this technology 
from being used to identify and target people engaging in 
political protests or other free speech. I think the FBI could 
do more to make sure that officers use this technology only 
when they have good reason to think that someone is involved in 
a crime. I also think that if the FBI did these things, law 
enforcement agencies around the country would follow.
    For their part, Facebook allows people to use Tag 
Suggestions only on their close friends. But I think Facebook 
could still do more to explain to its users how it uses facial 
recognition and to give them better choices about whether or 
not to participate in Tag Suggestions. I think that Facebook 
could make clear to its users just how much data it has and how 
it will and will not use its large and growing data base of 
faceprints. And I think that if Facebook did these things, they 
would establish a best practice against which other social 
networks would be measured.
    My understanding is that for the past few months, Facebook 
Tag Suggestions has been temporarily disabled to allow for some 
technical maintenance. It seems to me that Facebook has the 
perfect opportunity to make changes to its facial recognition 
program when it brings Tag Suggestions back online.
    I am also calling the Federal Trade Commission to testify 
because they are in the process of actually writing best 
practices for the use of this technology in industry. I urge 
the Commission to use this as an opportunity to guarantee 
consumers the information and choices they need to make 
informed decisions about their privacy.
    In the end, though, I also think that Congress may need to 
act, and it would not be the first time it did. In the era of 
J. Edgar Hoover, wiretaps were used freely with little regard 
to privacy. Under some Supreme Court precedents of that era, as 
long as the wiretapping device did not actually penetrate the 
person's home or property, it was deemed constitutionally 
sound--even without a warrant. And so in 1968, Congress passed 
the Wiretap Act. Thanks to that law, wiretaps are still used to 
stop violent and serious crimes. But police need a warrant 
before they get a wiretap. And you cannot wiretap someone just 
because they are a few days late on their taxes. Wiretaps can 
be used only for certain categories of serious crimes.
    I think that we need to ask ourselves whether Congress is 
in a similar position today as it was 50 or 60 years ago before 
the passage of the Wiretap Act. I hope the witnesses today will 
help us consider this and all of the different questions raised 
by this technology.
    I was going to turn it over to my friend and Ranking 
Member, Senator Coburn, but I do not think he would have a lot 
to say at this moment.
    [Laughter.]
    Chairman Franken. I am sure he will have some great 
questions.
    What I would like to do is introduce our first panel of 
witnesses. But before I do, I would like to give my esteemed 
colleague, Senator Sessions, the opportunity to make an 
introduction of the sheriff, who is going to be on the second 
panel from your own State.

STATEMENT OF HON. JEFF SESSIONS, A U.S. SENATOR FROM THE STATE 
                           OF ALABAMA

    Senator Sessions. That would be wonderful. Thank you, Mr. 
Chairman. Those are remarks that we need to think about as we 
go forward with new technologies, and it takes some effort to 
get to the bottom of it.
    I am honored to take a few moments to introduce my friend, 
Sheriff Larry Amerson, who has served for 18 years as sheriff 
in Calhoun County, Alabama, and Anniston. He is a graduate of 
Jacksonville State University, one of my superb universities, 
with a B.A. in law enforcement, finally becoming sheriff. He 
served for 14 years as deputy sheriff in Calhoun County. He 
currently serves as the 71st president of the National 
Sheriffs' Association and is also the chairman of the National 
Sheriffs' Institute Education and Training Committee and vice 
chair of the Court Security Committee. He is a certified jail 
manager and past member of the FBI Criminal Justice Information 
System's Southern Working Group, and that Criminal Justice 
Information System is a lot of what we will be talking about 
today, how that system works.
    Sheriff, it is great to see you. Thank you for coming, and 
I am pleased to have this opportunity to introduce you.
    Mr. Chairman, could I just say a couple of things?
    Chairman Franken. Absolutely.
    Senator Sessions. I would like to come back if you would 
allow me, but I might not be able to.
    Chairman Franken. I understand.
    Senator Sessions. We need to look at facial recognition and 
see how it works and where it can be beneficial consistent with 
our constitutional rights and privileges that we value in our 
country. But it is a matter that I have dealt with for a long 
time, and there are a lot of people who would like to see a 
major enhancement of the facial identification system used at 
airports for security and that sort of thing. And there are 
some fundamental weaknesses at this point with that as a 
practical matter.
    The fingerprint has been in use for 50 years, I guess. 
Virtually every criminal in America has had his fingerprint 
placed in records that can be ascertained by even a local 
police officer at his police car. He can have people put their 
hands on a machine, and it will read that to see if the ID he 
presented may be false and he may be somebody else, maybe a 
fugitive from justice. So the fingerprint system is really, 
really proven. And you have the criminal histories that are 
available to law officers when they produce that.
    So if we start with the facial recognition--and maybe it is 
time to start with some of that. But if we start with it, we do 
not have many people in it. There are not that many people who 
have been identified who have had their visage imprinted and 
can be drawn. And terrorists around the world, presumably we do 
not have their facial things, where we may have been collecting 
their fingerprints for years.
    Secretary Ridge, when he was Homeland Security Secretary, 
tried to figure a way to deal with the situation at the 
airports. A lot of people wanted to use facial recognition, Mr. 
Chairman, because they thought it would be quicker, people 
would just go right on through the system. But, you know, I 
would ask a simple question: If there is no bank of visages, 
what good is it? And why couldn't you use a fingerprint 
situation where you put your fingerprint in, the computer reads 
it, even if you check through and you go down and wait to get 
on the plane, if a minute, five minutes, three minutes later, 
it comes back this is a terrorist, you can go down and get the 
man.
    When he left, I would say I was kind of pleased. I had not 
talked to him for some time about it. He said, ``Well, I have 
one bit of advice for my successor: Emphasize the 
fingerprint.'' So I felt like he had concluded that is a 
suggestion.
    So I do not know how far you can go with utilizing the face 
system effectively. I was a Federal prosecutor for 15 years. 
Knowing how the system works today, I know it would take many 
years to get it to compete with the fingerprint system for 
basic law enforcement work. But, Mr. Chairman, there could be 
certain things, like in a jail. You suggested that. There are 
other things that could work right now.
    So thank you for giving me the opportunity to share those 
thoughts. You have got a great panel of witnesses. I salute you 
for investing the time and effort to wrestle with these 
important issues.
    Chairman Franken. Well, thank you for your very well-made 
comments, and these are questions that we are starting to deal 
with in today's hearing, so thank you.
    Senator Sessions. If I come back, I would like to ask some 
of those. If not, I will try to submit it for the record, if 
you do not mind.
    Chairman Franken. Absolutely.
    Senator Sessions. Thank you.
    Chairman Franken. Maybe we should call it, after listening 
to you, ``visage recognition technology.''
    [Laughter.]
    Chairman Franken. Just to confuse people, I would like to 
do that.
    Chairman Franken. Now I would like to introduce our first 
panel of witnesses.
    Jerome Pender is the Deputy Assistant Director of the 
Operations Branch at the FBI's Criminal Justice Information 
Division. He manages information technology for many of the 
FBI's biometric systems and helps oversee the deployment of a 
pilot facial recognition program as part of the FBI's Next 
Generation Identification Initiative. Prior to joining the FBI, 
Mr. Pender served as the executive director of Information 
Technology for UBS Warburg. He holds a master's degree in 
computer science from Johns Hopkins and is a graduate of the 
United States Air Force Academy. Thank you for being here.
    Maneesha Mithal is the Associate Director of the Federal 
Trade Commission's Division of Privacy and Identity Protection. 
She oversees work on commercial privacy, data security, and 
credit reporting, and works to ensure companies comply with the 
FTC Act's unfair or deceptive practices provision. Before 
joining the FTC, Ms. Mithal was an attorney at the Washington 
office of Covington & Burling. She earned her undergraduate and 
law degrees from Georgetown University.
    Thank you again, both of you, for being here today. I 
really hope that your presence here will mark the start of a 
productive dialogue about this technology going forward. Your 
complete written testimony will be made a part of the record. 
You each have about 5 minutes for opening remarks that you 
would like to make.
    Mr. Pender, would you like to begin?

   STATEMENT OF JEROME M. PENDER, DEPUTY ASSISTANT DIRECTOR, 
CRIMINAL JUSTICE INFORMATION SERVICES DIVISION, FEDERAL BUREAU 
OF INVESTIGATION, U.S. DEPARTMENT OF JUSTICE, CLARKSBURG, WEST 
                            VIRGINIA

    Mr. Pender. Certainly. Thank you. Mr. Chairman, I would 
like to thank the Subcommittee for the opportunity to discuss 
the FBI's Next Generation Identification Program, NGI. The FBI 
is committed to ensuring appropriate privacy protections are in 
place as we deploy NGI technologies, including facial 
recognition, and that the capabilities are implemented and 
operated with transparency and full disclosure.
    The FBI began collecting criminal history on a national 
level in 1924. From 1924 until 1999, fingerprints and 
associated criminal history information, including mug shot 
photographs, were received in the U.S. mail and processed 
manually. In 1999, with the launching of the Integrated 
Automated Fingerprint Identification System, fingerprints were 
searched, processed, and stored using automation.
    The NGI Program, which is on scope, on schedule, and on 
cost, and 60 percent deployed, is enabling the FBI to meet its 
criminal justice mission. It will use facial recognition to 
automate for the first time the processing of mug shots.
    NGI is being deployed in seven separate increments. 
Increment four includes the facial recognition system. It was 
deployed as a pilot in February 2012 and is scheduled for full 
operational capability in the summer of 2014. The objective of 
the pilot is to conduct image-based facial recognition searches 
of the FBI's national repository and provide investigative 
candidate lists to agencies submitting queries.
    The goals of the pilot are to test the facial recognition 
processes, resolve policy and processing issues, solidify 
privacy protection procedures, and address user concerns.
    The pilot provides a search of the national repository of 
photos consisting of criminal mug shots, which were taken at 
the time of a criminal booking. Only criminal mug shot photos 
are used to populate the national repository. Query photos and 
photos obtained from social networking sites, surveillance 
cameras, and similar sources are not used to populate the 
national repository. It contains approximately 12.8 million 
photos.
    The Facial Recognition Pilot permits authorized law 
enforcement agencies to submit queries for a facial recognition 
search of the national repository. It can be queried by 
authorized criminal justice agencies for criminal justice 
purposes.
    Access is subject to all rules regarding access to FBI CJIS 
systems information and subject to dissemination rules for 
authorized criminal justice agencies. The investigative 
response provided to a submitting agency will include the 
number of candidates requested, in ranked order, along with a 
caveat noting that the response should only be used as an 
investigative lead.
    In accordance with Section 208 of the E-Government Act of 
2002, facial recognition was initially addressed by the FBI's 
June 9, 2008, Interstate Photo System Privacy Impact 
Assessment, or PIA. In coordination with the FBI's Office of 
the General Counsel, the 2008 PIA is currently in the process 
of being renewed by way of Privacy Threshold Analysis, with an 
emphasis on facial recognition. An updated PIA is planned and 
will address all evolutionary changes since the preparation of 
the 2008 PIA.
    Each participating pilot State or agency is required to 
execute a Memorandum of Understanding, MOU, that details the 
purpose, authority, scope, disclosure, and use of information, 
and the security rules and procedures associated with piloting. 
Pilot participants are advised that all information is treated 
as ``law enforcement sensitive'' and protected from 
unauthorized disclosure.
    Information derived from the pilot search requests and 
resulting responses are to be used only as an investigative 
lead. Results are not to be considered as positive 
identifications.
    In February 2012, the State of Michigan successfully 
completed an end-to-end Facial Recognition Pilot transaction 
and is currently submitting facial recognition searches to 
CJIS. MOUs have also been executed with Hawaii and Maryland; 
South Carolina, Ohio, and New Mexico are engaged in the MOU 
review process for Facial Recognition Pilot participation.
    In summary, the FBI's Next Generation Identification 
Program is on scope, on schedule, on cost, and 60 percent 
deployed. The Facial Recognition Pilot which began operation in 
February 2012 searches criminal mug shots and provides 
investigative leads. The Facial Recognition Pilot is evaluating 
and solidifying policies, procedures, and privacy protections. 
Full operational capability for facial recognition is scheduled 
for the summer of 2014.
    Thank you.
    [The prepared statement of Mr. Pender appears as a 
submission for the record.]
    Chairman Franken. Thank you, Mr. Pender.
    Ms. Mithal.

 STATEMENT OF MANEESHA MITHAL, ASSOCIATE DIRECTOR, DIVISION OF 
  PRIVACY AND IDENTITY PROTECTION, FEDERAL TRADE COMMISSION, 
                        WASHINGTON, D.C.

    Ms. Mithal. Thank you, Chairman Franken. I am Maneesha 
Mithal with the Federal Trade Commission. I appreciate the 
opportunity to present the Commission's testimony on the 
commercial uses of facial recognition technology, the potential 
benefits, and privacy implications.
    Imagine a world where you are walking down the street and a 
stranger takes a picture of you with their smartphone. The 
stranger is then able to pull up not only your name but where 
you live, how much you paid for your house, and who your close 
friends are.
    Imagine another scenario where you walk into a store and a 
digital sign scans your face, links you with a loyalty card, 
and greets you with a message: ``Jane Doe, I see you have 
bought Slimfast before. Here is a coupon for $1 off your next 
purchase.''
    These scenarios are not far from becoming a reality. Some 
consumers might think they are innovative and they want to 
participate in them. Others may find them invasive. Today 
facial recognition is being used commercially for a variety of 
purposes, many of them beneficial to consumers. For example, as 
you mentioned, companies are using the technology to allow 
consumers to unlock their smartphones using their faces rather 
than their passwords, to allow consumers to upload their faces 
to a website to try on make up hair styles and eyeglasses, and 
to help consumers manage and organize photos.
    In December 2011, the Commission hosted a workshop to 
examine these current and future uses of facial recognition, as 
well as the privacy implications they raise. In my statement 
today, I would like to discuss four themes that emerged from 
the workshop and conclude by setting forth our next steps in 
this area.
    First, many workshop participants highlighted the recent 
growth in the commercial use of facial recognition 
technologies. Until recently, because of high costs and limited 
accuracy, companies did not widely use these technologies. 
However, several recent developments have brought steady 
improvements. For example, better quality digital cameras and 
lenses create higher-quality images from which biometric data 
can be more easily extracted. Recent technological advances 
have been accompanied by a rapid growth in the availability of 
online photos. For example, approximately 2.5 billion photos 
are uploaded to Facebook each month. As a result, companies do 
not need to purchase proprietary sets of identified images, 
thereby lowering costs and making facial recognition 
technologies commercially viable for a broad range of entities.
    Second, we learned about current applications of facial 
recognition technologies. In one application, the technology 
can simply be used for pure facial detection--that is, to 
determine that a photo has a face in it. Current uses include 
refining search engine results to include only those results 
that contain a face, locating faces in images in order to blur 
them, or ensuring that the frame for a video chat feed actually 
includes a face.
    In another application, the technology allows companies to 
assess characteristics of facial images. For instance, 
companies can identify moods or emotions from facial 
expressions to determine a player's engagement with a video 
game or a viewer's excitement during a movie.
    Companies can also determine demographic characteristics of 
a face such as age and gender to deliver targeted ads in real 
time in retail spaces.
    The use of facial recognition technology that potentially 
raises the most privacy concerns is the use to identify 
anonymous individuals in images. One of the most prevalent 
current uses of this application is to enable semiautomated 
photo tagging or photo organization on social networks and in 
photo management applications.
    Third, in addition to these current uses, panelists 
discussed the ways in which facial recognition could be 
implemented in the future. For example, will it become feasible 
to use facial recognition to identify previously anonymous 
individuals in public places or in previously unidentified 
photos online? In a 2011 study, which we will be hearing about, 
Carnegie Mellon researchers were able to identify individuals 
in previously unidentified photos from a dating site by using 
facial recognition technology to match them to their Facebook 
profile photos.
    Finally, panelists discussed the privacy concerns 
associated with facial recognition. For example, a mobile app 
that could, in real-time, identify previously anonymous 
individuals on the street or in a bar and correlate a name with 
a person's physical address could raise serious physical safety 
concerns.
    Following the workshop, Commission staff has been 
developing a report that builds on the principles that the 
Commission outlined in its March 2012 privacy report. Those 
principles are: privacy by design, simplified choice, and 
improved transparency. The report discusses the application of 
these principles to the realm of facial recognition, and we 
should be issuing a report in the coming months.
    Thank you for the opportunity to provide the Commission's 
views, and we look forward to working with Congress on this 
important issue.
    [The prepared statement of Ms. Mithal appears as a 
submission for the record.]
    Chairman Franken. Thank you, Ms. Mithal.
    Mr. Pender, the FBI allows searches of its facial 
recognition data base. They are done only for criminal justice 
purposes, and that is a good thing. But the term ``criminal 
justice purpose'' is kind of broad, so I am concerned that this 
system allows law enforcement to identify and target people 
marching in a rally or protesting in front of a courthouse 
because in all three States where the pilot is operating, it is 
technically a crime to block a sidewalk or obstruct the 
entrance to a building.
    Mr. Pender, has the FBI issued a rule prohibiting or 
discouraging jurisdictions from using facial recognition 
technology in a way that could stifle free speech? And if not, 
will the FBI consider doing this?
    Mr. Pender. Certainly as we are deploying the NGI system, 
we are extremely concerned to make sure that we have 
appropriate protections in it to ensure there is not any 
invasion of privacy or those sorts of things.
    The definition of ``criminal justice purpose'' is defined 
in 28 CFR Section 20.3(b), and it has nine particular 
activities that are part of the administration of criminal 
justice. In the scenario that you mentioned about the 
protesters and potentially blocking the sidewalk, I think you 
are implying that an officer is taking a photo of someone for 
blocking the sidewalk on the pretext of putting them into some 
type of data base. So I can say a few things about that.
    First of all, the only photos that will go into the data 
base are the criminal mug shot photos, so the probe photos that 
are being searched through the system do not ever go into the 
data base.
    Then as regards to whether or not the particular person 
blocking the sidewalk could even be searched, the officer would 
have to clearly articulate which of those administration of 
criminal justice functions that they are trying to perform, and 
the way you have let out the scenario there, you are implying 
that they are not really interested in blocking the sidewalk. 
They are using it as a pretext for something else, and that 
would not be a valid use of the system under the current rules.
    Again, we take this very seriously, so that is certainly 
the reason that we are deploying the system slowly in a pilot 
phase to work out any details, make sure that there is 
appropriate training and guidance in place, and so that is an 
important part of our process.
    One of the things that the MOUs that we sign with the 
agencies that are going to access the system require is an 
audit process, so the local agencies are required to audit the 
use of the system on an annual basis to detect any type of 
misuse. And then, in addition to that, within our FBI CJIS 
Division we have an audit unit that goes out and does triennial 
audits of the same agencies, and that is done as a little bit 
of a safety net, a double-check on the audits, as well as to be 
sure that the audit processes are in place and being done 
effectively.
    In those audits, if any misuse is detected, there is a full 
range of options that is defined in the sanctions process, and 
that could range from administrative letters, that sort of 
thing, to removal of access from the system, either on an 
individual or an agency basis, if the controls are not 
effective, up to and including criminal prosecution for misuse.
    Chairman Franken. OK. How do you define ``misuse'' ? First 
of all, have any audits been produced yet?
    Mr. Pender. The audit process that I am talking about is 
with regards to access to criminal history in general. It has 
been longstanding for the last many decades. The photos are 
part of that criminal history data base, so all of those same 
standards apply.
    At this point, we have not done any audits specific to the 
use of facial recognition. That is what we are in the process 
of developing through the pilot.
    Chairman Franken. OK. So is there anything that explicitly 
in your pilot discourages the use of this technology at a rally 
or a political event?
    Mr. Pender. I cannot think of something that says you 
should not use this at a political event. I think it is defined 
in the terms of the positive where it is allowed to be used, 
and that would be outside of what is permitted. But certainly 
we are--that is the purpose of doing the slow deployment, is to 
identify if there are particular gray areas that need to be 
trained----
    Chairman Franken. Part of the reason I bring this up is 
that the FBI's own presentations of this technology--I do not 
know if we have a blow-up of this, but it shows it being used 
to identify people at a political rally. That is what the FBI 
did. So that is--you know, I mean, this is done by the Obama 
administration. It is at an Obama rally. One of them is. And 
one is at a Hillary rally, and, you know, they have made up.
    [Laughter.]
    Chairman Franken. She is a great Secretary of State. But 
they might be sending the wrong message, don't you think?
    Mr. Pender. I am not familiar with that particular 
presentation. I am not familiar with the photos, but certainly 
if there are photos of a political rally, what we are--the NGI 
system that we are deploying and what we are doing, we 
absolutely have no intention of going out. It absolutely will 
be limited to the mug shot photos and the criminal history data 
base.
    Chairman Franken. OK. In a similar vein, will the FBI 
consider telling States in its facial recognition program that 
they should use the technology to identify someone only if they 
have a probable cause that they have been involved in a 
criminal activity?
    Mr. Pender. The mug shot photos are part of the criminal 
history data base, and so this is an issue that we have been 
working with for many years on when is it appropriate to 
distribute information out of the criminal history data base. 
And so in April 2001, there were some questions about that, and 
we sent out what we call a contributor letter that clarifies 
when it is appropriate to use the system or not. And the 
language in that particular letter says that the officer must 
clearly articulate one of the administration of criminal 
justice purposes that they are administering, and if they are 
basing it on the detection or apprehension function, they have 
to have an articulable suspicion or a reasonable basis for the 
search.
    So, again, that was in the context of criminal history, but 
mug shots are part of that. And certainly as we are deploying 
the system----
    Chairman Franken. Well, I understand that the mug shots are 
the data base from which they are looking. I am wondering who 
they choose to search, I mean, who they choose to take a 
picture of, say, to see if they match the data base. That is 
what I am asking.
    Mr. Pender. Right. The probe photos are photos that they 
are searching against the data base. They have to be able to 
have that articulable suspicion or reasonable basis for 
performing the search. And certainly, again, that is the reason 
for going slowly. We have a series of working groups that we 
are working with, our State and local partners from the 
Advisory Policy Board, as Senator Sessions was talking about, 
that were working on it and making sure that the policies are 
clear, that we have appropriate training programs in place as 
well. Prior to accessing our NCIC system, for example, an 
individual is required to have training and a certification 
test that is repeated every two years to maintain the current 
certification. And we require annual training on security 
practices as well.
    So if there are appropriate enhancements that we need to 
make specific to facial recognition, we are very open to doing 
that.
    Chairman Franken. OK. Thank you.
    Ms. Mithal, my understanding is that the Commission is in 
the process of proposing best practices for the commercial use 
of facial recognition. I want to urge you to make a very simple 
rule one of your best practices; that is, if a company wants to 
create a unique faceprint for someone to identify them, they 
need to get their permission first. Will the Commission do 
that?
    Ms. Mithal. Thank you. As I mentioned, the Commission is 
considering best practices, and I am certainly sure that that 
is one of the issues that they are considering, and I will take 
it back to them that you have requested us to consider this.
    The other thing I would note is that in our March 2012 
privacy report, we talked about the importance of providing 
consumers with meaningful choice when their information is 
collected. At a minimum, what we think that means is that a 
disclosure has to be provided very clearly outside the privacy 
policy so that consumers can make informed decisions about 
their data.
    Chairman Franken. That does not sound like a yes. I do not 
think this is a heavy lift, frankly. While Federal law says 
nothing about this, two States--Illinois and Texas--both 
require a company to get a customer's consent before they 
create a biometric for them. So, at least in theory, this is 
already the standard that national companies have to meet, and 
without objection, I would like to enter these laws into the 
record.
    [The information appears as a submission for the record.]
    Chairman Franken. Could you pass this on to the Commission? 
I will give it to you.
    Ms. Mithal. We will take a look, and I will pass it on, 
yes. Thank you.
    Chairman Franken. Thank you. Thank you very much.
    Ms. Mithal, when a social network or an app company is 
creating a faceprint to identify someone in a photo, what is 
the Commission's position on the kind of notice they need to 
provide their users? Is the best practice to tell their users, 
you know, ``We are going to create a unique faceprint for you'' 
? Or is it something less than that?
    Ms. Mithal. Sir, again, this is exactly the type of issue 
the Commission is currently considering, and I cannot get in 
front of my Commission on this. They are really considering 
these issues. But if you look at what the Commission has said 
publicly in terms of our privacy report, we have called for 
transparency. And what that means is clear, simple, concise 
notices, not in legalese.
    Chairman Franken. OK. Clear, simple, and precise.
    Ms. Mithal. Concise.
    Chairman Franken. Concise. Oh, I am sorry.
    Ms. Mithal. Precise would be good, too.
    Chairman Franken. Thank you for that validation.
    [Laughter.]
    Chairman Franken. OK. Well, I want to thank you both for 
your testimony and call the second panel. Thank you, Ms. Mithal 
and Mr. Pender.
    Ms. Mithal. Thank you.
    Mr. Pender. Thank you.
    Chairman Franken. We have now our second panel, and let me 
introduce them while they take their seats.
    We have Mr. Brian Martin, who is director of Biometric 
Research for MorphoTrust USA, a leading biometrics company that 
supplies facial recognition technology to the Federal 
Government and many State governments. Mr. Martin has over 15 
years of experience in the biometrics and has helped develop 
numerous biometric technologies involving iris, fingerprint, 
and facial recognition. He earned his Ph.D. in physics from the 
University of Pittsburgh. I called Mr. Martin to be our star 
technical witness who can begin our second panel by explaining 
how the technology actually works.
    Alessandro Acquisti is an associate professor of 
information technology and public policy at Carnegie Mellon 
University where his research focuses on the economics of 
privacy. Professor Acquisti is at the helm of not just one but 
several pioneering studies evaluating the privacy implications 
of facial recognition technology. He has received numerous 
awards for his research and expertise on privacy issues. 
Professor Acquisti earned a master's and Ph.D. in information 
systems from UC-Berkeley and received a master's in economics 
from Trinity College, Dublin, and from the London School of 
Economics.
    Sheriff Larry Amerson, whom Senator Sessions introduced 
earlier, is the president of the National Sheriffs' Association 
and is also serving in his 18th year as sheriff of Calhoun 
County, Alabama, and that is in Anniston as the county seat?
    Mr. Amerson. Yes, sir.
    Chairman Franken. As part of his mission to modernize 
police operations, Sheriff Amerson is overseeing the 
implementation of iris and facial recognition in Calhoun County 
jails and in the field. Sheriff Amerson has had a long, 
successful career in law enforcement. Sheriff Amerson earned 
his bachelor's degree in law enforcement from Jacksonville 
State University.
    Nita Farahany is an associate professor of law at the Duke 
University School of Law and is a leading scholar on the 
ethical, legal, and social implications of emerging 
technologies. She was appointed in 2010 by President Obama to 
serve on the Presidential Commission on the Study of Bioethical 
Issues. Professor Farahany has written on the application of 
the Fourth Amendment to emerging technology. She received her 
bachelor's degree from Dartmouth College and a J.D. and Ph.D. 
in philosophy from Duke University.
    Rob Sherman is the manager of privacy and public policy at 
Facebook. He manages policy matters involving privacy, 
security, and online trust. Prior to joining Facebook, Mr. 
Sherman was an attorney at Covington & Burling, where he 
focused his practice on issues relating to privacy and online 
security. Mr. Sherman received his law degree from the 
University of Michigan and his undergraduate degree from the 
University of Maryland.
    Jennifer Lynch is a staff attorney at the Electronic 
Frontier Foundation, where she focuses on Government 
transparency and privacy issues. Ms. Lynch has written and 
spoken on biometrics collection, including the Government's use 
of facial recognition technology. Before joining EFF, she 
served as a clinical teaching fellow with the Samuelson Law, 
Technology, and Public Policy Clinic at the UC-Berkeley School 
of Law and clerked for Judge A. Howard Matz in the Central 
District of California. She received both her undergraduate and 
law degrees from UC-Berkeley.
    Thank you all for joining us, and your complete written 
testimonies will be made part of the record. You each have 
approximately five minutes for any opening remarks that you 
would like to make. Mr. Martin, please start us off.

    STATEMENT OF BRIAN MARTIN, PH.D., DIRECTOR OF BIOMETRIC 
       RESEARCH, MORPHOTRUST USA, JERSEY CITY, NEW JERSEY

    Mr. Martin. Thank you. Good afternoon, Chairman Franken. 
Thank you for asking MorphoTrust to testify on the capabilities 
of face recognition.
    As the director of Biometric Research for MorphoTrust, my 
team is responsible for the biometric technologies used by the 
U.S. Department of State, the Department of Defense, the FBI, 
and numerous motor vehicle/driver's license systems. I am here 
today to testify on the state-of-the-art of face recognition.
    First, I would like to briefly explain how face recognition 
works. Now, face recognition is not new. The idea has been 
around for almost half a century. But only in the late 1990s 
did these ideas become commercialized. The different approaches 
are varied. They can be 2-D, a regular image; they can be 3-D 
from a special 3-D scanner. Face recognition can look at the 
shape of the face, or it can even look at microscopic features 
like your pores and wrinkles on your skin.
    In all cases, though, modern face recognition approaches 
are vastly more complicated than commonly perceived, where 
people say, oh, they are just measuring, you know, the distance 
between the eyes and the nose or something.
    While there are several different approaches to face 
recognition, there are some general steps to face recognition. 
The first is what is called face detection, and this is exactly 
what your camera is doing when it tries to focus on the face. 
It is just trying to see if there is a face in the image.
    Another step is called feature registration and extraction, 
and this is maybe the more interesting case because this is 
where the individualized features of the face are extracted 
from an image and stored into a binary format which you have 
called a ``faceprint'' or ``facial template.''
    Now, these faceprints are vendor-specific, meaning they are 
not very useful outside of the face recognition system. They 
contain no more information than what was in the original 
image. They do not contain meta data or identity data about the 
person. They are just a different representation of what was 
already in the image. And they cannot be reverse engineered, so 
you cannot regenerate the image from the faceprint.
    After you have two or more faceprints, then you can perform 
facial matching, and facial matching, in the state of the art, 
can be as fast as tens of millions of matches per second on a 
modern computer. Typically, the faster you match, the less 
accurate the match is. This accuracy has been benchmarked by 
the U.S. Government since the early 1990s, and in a recent 
report from the National Institute of Standards and Technology 
in 2010, they said that the best face recognition algorithms 
are over 100 times better than they were a decade ago. So this 
means essentially from their report that an algorithm can 
determine if two faces belong to the same person 99.7 percent 
of the time, while only making a mistake about one in 1,000 
times. In fact, face recognition is as good is as good as a 
human if the human is not a trained expert.
    Now, these accuracy numbers are for a staged or controlled 
setting. When you have variable lighting, when the person is 
not looking directly at the camera, or when it is a low-
resolution image, then the accuracy does decrease, and that is 
an active area of research.
    Furthermore, when I quoted this 99 percent number, this is 
for verification when you are trying to determine if you are 
who you say you are, say, for instance, unlock your phone. Much 
more demanding is the application of identification where you 
are trying to determine an unknown identity from a gallery of 
individuals. So this would be where you are trying to generate 
an investigative lead from a mug shot data base.
    Identification is more complicated because it is 
essentially like performing many verifications. So if you had 
to perform a million verifications, then you are going to have 
a higher false positive rate because you have more chances to 
make a mistake. And that is why with identification 
applications, there is almost always a human in the loop, and 
this is even the case when you have a photo-tagging feature and 
you have to sit there and you actually have to tell that 
algorithm, ``Did you make a mistake or not? '' ``Yes, this is 
who the photo-tagging algorithm thinks it is.''
    So to summarize, and maybe speculate on the future a little 
bit, I do not think that the accuracy of face recognition for 
good-quality images will continue to improve at the rate that 
it has in the last 10 years. However, for the uncontrolled 
cases, where you are not looking at the camera, I do think that 
over the next couple decades, there will be a substantial 
improvement in accuracy to help these forensic type of face 
cases.
    Thank you for the opportunity to address the Subcommittee. 
I look forward to answering any of your questions.
    [The prepared statement of Mr. Martin appears as a 
submission for the record.]
    Chairman Franken. Thank you, Mr. Martin.
    Mr. Acquisti.

 STATEMENT OF ALESSANDRO ACQUISTI, ASSOCIATE PROFESSOR, HEINZ 
  COLLEGE AND CYLAB, CARNEGIE MELLON UNIVERSITY, PITTSBURGH, 
                          PENNSYLVANIA

    Mr. Acquisti. Thank you, Chairman Franken. It is an honor 
to appear before you today. I will discuss four findings from 
research on privacy and face recognition.
    The first finding is that while early computer algorithms 
vastly underperform humans in detecting and recognizing faces, 
modern ones have progressed to a point that they can outperform 
humans in certain tasks and can be found in consumer 
applications. Later on, billboards predicted the age of 
pedestrians, cameras estimated generation of crowds in a bar, 
online social networks identified people and tagged their names 
in photos.
    The second finding is that the convergence of face 
recognition, online social networks, and data mining will make 
it possible to identify people online and offline and infer 
sensitive information about them, starting from anonymous 
faces, and using only public data.
    In one experiment we completed last year, we took anonymous 
photos from a popular dating site where people used pseudonyms 
to protect their privacy, compared them using face recognition 
to public but identified photos from Facebook, and identified 
about 10 percent of the anonymous members of the dating site.
    In another experiment, we identified about one-third of the 
participants, students on a college campus, simply taking 
photos of them on a webcam and comparing these photos in real 
time to images from Facebook.
    In a final experiment, we predicted the interests and 
Social Security numbers for some of the participants of the 
second experiment, combining face recognition with the 
algorithms we had developed in 2009 to predict SSNs from public 
data. We also developed a phone application which completes the 
process I just described on the mobile device in real time 
showing on the device screen the predicted sensitive 
information of the target subject overlaid on their face, and 
this is a screen shot of the application there.
    Social Security numbers are just an example of many 
sensitive data it is possible to infer, starting from an 
anonymous face and using public data. The results we obtained 
are not yet scalable to the entire American population due to 
computational costs, false positives, availability of facial 
images. But each of these hurdles is being overcome by software 
and hardware improvements. In fact, some entities already have 
access to more powerful computational tools and larger and more 
accurate repositories of data than we do.
    In particular, online social networks are accumulating the 
largest known data bases of facial images, often tagged or 
linked to identified profiles, providing a public connection 
between a person's facial biometrics and their real names.
    The third finding is that the process through which face 
recognition can undermine our notions of privacy and anonymity 
has already started, and its consequences will be nuanced and 
complex. Your phone, we will remind you of the name of someone 
at a party. However, it will also tell a stalker in a bar where 
you live. The hotel will greet you as you arrive in the lobby. 
However, also such person may infer your credit score the 
moment you enter the dealership and also predict in real time 
based on your online posts a psychological profile for you, 
and, therefore, nudge you to accept the steepest price for a 
car. An agency will be able to find missing children in an 
online data base; however, another agency could chill free 
speech by identifying via remote, high-definition cameras all 
the thousands of participants in a peaceful protest.
    The fourth finding is that, depending on which goals 
Congress intends to achieve in this area, different approaches 
may be considered: price of technologies, more commercial 
applications, legislation. However, if privacy and civil 
liberties are the concern here, it is not a given, not 
guaranteed that industry self-regulatory approaches will 
suffice. I say this for two reasons. One reason is that facial 
biometric data is particularly valuable. It provides a 
permanent, ubiquitous, and invisible means for identification 
and tracking online and offline.
    First to control the base facial biometrics will be able to 
provide valuable identity recognition services to others. 
Hence, competition for control over the data will be fierce and 
will likely come at the cost of individuals' privacy.
    The second reason is that recent history in the markets for 
personal data suggest that firms will engage in progressively 
more invasive applications of face recognition over time. 
Current users of face recognition are limited not just by 
computational costs but by fear of consumer backlash. These 
initial applications that we see, however, could be considered 
as ``bridgeheads.'' In a way, they are designed to habituate us 
into accepting progressively more expansive services. Consider 
the frequency in which companies such as Facebook have engaged 
in changes to settings and defaults associated with users' 
privacy so as to nudge users into disclosing and sharing more. 
Why? Because information is power. In the 21st century, the 
wealth of data accumulated about individuals and the staggering 
progress of behavioral research in using the data to influence 
individual behavior make it so that control over personal 
information implies power over the person. As control is 
tilting from data subjects to data holders, it is the balance 
of power within different entities which is at stake.
    Thank you.
    [The prepared statement of Mr. Acquisti appears as a 
submission for the record.]
    Chairman Franken. Thank you, Mr. Acquisti.
    Sheriff Amerson, please.

 STATEMENT OF LARRY AMERSON, SHERIFF, CALHOUN COUNTY, ALABAMA, 
    ANNISTON, ALABAMA, ON BEHALF OF THE NATIONAL SHERIFFS' 
                          ASSOCIATION

    Mr. Amerson. Mr. Chairman, thank you for inviting me today 
to testify today on behalf of the National Sheriffs' 
Association. Chartered in 1940, the National Sheriffs' 
Association is a professional association dedicated to serving 
the Office of Sheriff and its affiliates throughout law 
enforcement with education, training, and information 
resources. NSA represents thousands of sheriffs, their 
deputies, and other law enforcement professionals, and 
concerned citizens nationwide.
    I applaud the Subcommittee for holding this important 
hearing on the implications of facial recognition for privacy 
and civil liberties. These are critical concerns that 
rightfully need to be debated and the rights of innocent 
citizens protected from unwarranted interference in their 
privacy and everyday lives.
    On the other hand, new technologies, especially facial 
recognition, already implemented in law enforcement, national 
defense, and the fight against terrorism, are a critical tool 
in protecting the rights of citizens, in ensuring the accurate 
identification of suspects, prisoners, and potential terrorists 
while it is protecting the safety of our citizens and law 
enforcement officers.
    There is a critical balance between protecting the rights 
of law-abiding citizens and providing law enforcement agencies 
with the most advanced tools to combat crime, properly identify 
suspects, catalogue those incarcerated in prisons and jails, 
and defending America from acts of terrorism.
    Most importantly, advances in facial recognition technology 
over the last 10 years will result in the end of the total 
reliance on fingerprinting, where it can take hours and even 
days to identify a suspect, fugitive, or person being booked 
into a jail, to the immediate identification of those known to 
have criminal records or who are wanted by law enforcement. It 
will surprise many in the room today to know that there is no 
national data base of those incarcerated in America's jails at 
any one time. The use of facial recognition to provide instant 
identification of those incarcerated or under arrest will 
eliminate many problems while protecting innocent civilians and 
law enforcement officers.
    For instance, utilizing facial recognition in law 
enforcement would:

     LInterconnect law enforcement and intel 
organizations to instantly share vital information with 
accurate identification results;
     LEstablish a national data base of those 
incarcerated, past and present, wanted fugitives, felons, and 
persons of interest among all law enforcement agencies;
     LAllow officers to quickly determine who they are 
encountering and provide notification if a suspect is wanted or 
a convicted felon;
     LA simple, cost-effective, software-based solution 
delivered in Windows-based computers with inexpensive, non- 
proprietary, off-the-shelf cameras will provide a huge cost 
savings;
     LDemonstrate new capabilities in alias detection, 
fugitive apprehension, and the speed of suspect recognition;
     LEnsure correct identification of prisoners being 
released and reduce costs associated with administrative 
procedures;
     LEstablish a complete national data base of 
incarcerated persons for the first time in U.S. history; no 
longer could wanted criminals escape detection and arrest due 
to inefficient processes.

    While fingerprints take hours and days for analysis, some 
advanced facial recognition in use today by U.S. law 
enforcement is as accurate as fingerprints, but results are 
obtained in seconds, not hours, in identifying criminals and 
perpetrators attempting to use false identities and aliases.
    It is also important to point out that facial recognition 
comes in two general forms, two-dimensional and three-
dimensional. Only All-aspect 3-D Facial systems can protect the 
privacy of participants who agree to be enrolled, except for in 
law enforcement or Homeland Security applications. All-aspect 
3-D cannot search on 2-D facial photographs and cannot be 
invasive of privacy by design. All-aspect 3-D facial 
recognition systems remove skin color and facial hair and, 
therefore, have no profiling capability.
    Currently, the National Sheriffs' Association, the Bureau 
of Prisons, and the United States Marshals Service are all in 
support of utilizing this new three-dimensional, holographic 
imaging technology to eliminate errors in identification; 
detecting false identities; and immediately identifying 
dangerous suspects, fugitives, or terrorists rather than 
learning who they are after they are released on traffic 
offenses or let go without suspicion because immediate 
identification is not possible.
    Accidental releases, sometimes of dangerous felons, could 
also be eliminated. This technology has been in use for over 
eight years in Georgia detention facilities with data bases of 
approximately five million inmates without a single erroneous 
release.
    And just last year, a dangerous murderer was released from 
the District of Columbia jail by switching a wrist band with 
another inmate. This cannot happen with facial recognition.
    In closing, the proper utilization of facial recognition 
for intelligence or law enforcement uses can protect civil 
liberties, save millions of dollars, and instantly identify 
fugitives, felons, and dangerous suspects while saving lives.
    Thank you, Mr. Chairman. I will be glad to answer any 
questions you may have.
    [The prepared statement of Mr. Amerson appears as a 
submission for the record.]
    Chairman Franken. Thank you, Sheriff.
    Ms. Farahany.

   STATEMENT OF NITA A. FARAHANY, PROFESSOR OF LAW, DUKE LAW 
SCHOOL, AND PROFESSOR OF GENOME SCIENCES& POLICY, INSTITUTE FOR 
   GENOME SCIENCES & POLICY, DUKE UNIVERSITY, DURHAM, NORTH 
                            CAROLINA

    Ms. Farahany. Thank you. Chairman Franken and distinguished 
Members of the Subcommittee, thank you for the opportunity to 
express my views about facial recognition technology and its 
implications for privacy and civil liberties.
    My fellow witnesses today have canvassed the science behind 
facial recognition technology and the myriad of privacy 
concerns about its use. Rather than repeat what has already 
been said, I will focus my comments on why I believe that law 
enforcement use of these technologies is not, in itself, a 
Fourth Amendment search, let alone an unreasonable one. 
Although the Supreme Court has not yet addressed this issue, as 
Senator Franken acknowledged earlier, the doctrine in analogous 
cases supports this view.
    A novel feature of facial recognition technology is that 
the first step of the investigative process--scanning a face of 
interest--can be done from a distance and without the awareness 
of the individual being scanned. No physical contact, 
proximity, or detention of an individual is necessary for law 
enforcement to obtain a faceprint.
    A faceprint is a form of identifying information that is 
the bread and butter of law enforcement: information about the 
physical likeness and other descriptive features of a suspect, 
which is routine practice for investigators to collect. Except 
in extraordinary circumstances, individuals have received only 
minimal constitutional protection against law enforcement 
collection of their personally identifying information.
    The Fourth Amendment guarantees the right of the people to 
be secure in their person, houses, papers, and effects against 
unreasonable searches and seizures. A Fourth Amendment search 
only occurs when the Government intrudes upon a legally 
cognizable interest of an individual. This technology may be 
used in different ways which may require different Fourth 
Amendment analyses. It may be used from afar without a 
subject's awareness or during a brief investigative stop based 
on reasonable suspicion. Under either approach, I believe that 
the facial scanning itself is neither a search nor an 
unreasonable one.
    If the police use facial recognition from afar without an 
individual's awareness, then no Fourth Amendment search has 
occurred. Neither his person nor his effects has been 
disturbed, and he lacks any legal source to support a 
reasonable expectation of hiding his facial features from 
Government view. He has chosen to present his face to the 
world, and he must expect that the world, including the police, 
may be watching.
    Cameras and machines may now be doing the scanning, but for 
constitutional purposes, this is no different from a police 
officer scanning faces in public places. This has never been 
thought to be a Fourth Amendment search. But even if the use of 
this technology did constitute a search, it would likely be a 
constitutionally reasonable one, consistent with the Fourth 
Amendment.
    Since the Court primarily uses property rights to inform 
Fourth Amendment privacy interests, it measures the 
reasonableness of a search based on the physical intrusiveness 
of the search rather than the personal indignity that one may 
have endured by having their personal information revealed. 
Mere observation without any physical intrusion is not 
tantamount to a search, and certainly not to an unreasonable 
one.
    The police might instead choose to use facial scanning 
technology during a brief investigative stop, which requires a 
slightly different constitutional analysis. Beginning with 
Terry v. Ohio, the Court has held that if a police officer has 
a reasonable suspicion that somebody has committed, is 
committing, or is about to commit a crime, the police may 
detain the individual without a warrant. A facial recognition 
scan to achieve the same is not constitutionally 
distinguishable. Such stops are Fourth Amendment searches, and 
a person is seized while they are detained. But using facial 
scanning during the stop is unlikely to change the Fourth 
Amendment reasonableness. The individual privacy interest that 
the Court recognizes during stop-and-frisk detentions is the 
personal security of that individual and the interest against 
interference with his free movement, not the secrecy of his 
personal identity. In other words, the Court has not included 
secrecy of personally identifying information as a relevant 
privacy concern to determine the reasonableness of a stop.
    The second step of the process, which is probing a data 
base for an identity match, is now a commonplace practice by 
law enforcement in other contexts. They regularly check local 
and national data bases to find the identity of individuals by 
using their license plates, Social Security numbers, 
fingerprints, or DNA, and all of this is nothing more than an 
automated version of what police have done for centuries: 
compare information acquired in the world with information held 
at police headquarters looking for a match.
    Ultimately, the privacy concern advanced in most debates 
regarding facial recognition technology is whether an 
individual has a right to secrecy of their personal 
information. The Court has never recognized a Fourth Amendment 
privacy interest in the mere secrecy of identifying 
information. This is likely because intrusions upon possession 
and privacy are the core individual interests protected by the 
Fourth Amendment. And so from the beginning, the Court has 
turned to property law to inform Fourth Amendment interests.
    Indeed, when the Court first encountered the modern 
investigative technique of wiretapping, which, like facial 
recognition, enables investigators to obtain evidence without 
physical interference, the Court found no search had occurred.
    Now, to be sure, the Court has subsequently extended the 
Fourth Amendment beyond property. The Court has held that the 
Fourth Amendment applies to tangible and intangible interests 
such as private conversations. But even with this expanded view 
of individual interests, an individual who is facially scanned 
in public cannot reasonably claim that the police have searched 
or seized something that he has sought to seclude from public 
view. Instead, he must argue that he has a reasonable 
expectation of privacy in his personal identity associated with 
his facial features. Under current doctrine, courts would 
properly reject such a claim.
    Most recently, in the United States v. Jones, the Court 
revisited this analysis. But what remains after Jones is an 
incomplete picture of which individual interest beyond real 
property interest, if any, the Fourth Amendment protects. The 
Jones majority emphasized that trespassed upon property and the 
Katz expectation-of-privacy framework co-exist under Fourth 
Amendment jurisprudence. But under either analysis, without 
trespass upon real property or upon information that a person 
has sought to hide, there is no legitimate source of law upon 
which a reasonable expectation of privacy could be founded.
    Again, I thank you for the opportunity to appear before you 
today, and I look forward to your questions.
    [The prepared statement of Ms. Farahany appears as a 
submission for the record.]
    Chairman Franken. Thank you, Doctor.
    Mr. Sherman.

STATEMENT OF ROB SHERMAN, MANAGER OF PRIVACY AND PUBLIC POLICY, 
                   FACEBOOK, WASHINGTON, D.C.

    Mr. Sherman. Chairman Franken, Members of the Subcommittee, 
my name is Robert Sherman. I am the manager of privacy and 
public policy at Facebook.
    Facebook is committed to building innovative tools that 
enhance people's online experiences while giving them control 
over their personal information. We appreciate the opportunity 
to share our views on what the use of facial recognition 
technology means for our users.
    Today I will describe how we use facial recognition 
technology as a part of our photo-sharing product, the 
important controls that we offer, and how Facebook safeguards 
the data that we use.
    At the outset, I want to provide some background on why we 
offer photo-sharing features on Facebook. We learned early on 
how important photo sharing was to our users when we realized 
that people were frequently changing their profile photos to 
show friends recent snapshots. In response, we built tools that 
allowed people to upload and share photos, and we continue to 
build on those tools today.
    One component of our photo sharing on Facebook is tagging, 
which is the 21st century version of handwriting captions on 
the backs of photos to label important events like birthdays or 
reunions and the people who participated. Tags promote 
transparency and control on Facebook because Facebook lets a 
person know when she is tagged. This allows the person included 
in the photo to interact with the user who uploaded it or to 
take action if she does not like the photo, for example, 
removing the tag or requesting that the photo be deleted.
    Our Tag Suggestion tool uses facial recognition technology 
to automate the process of identifying and, if the user 
chooses, tagging her friends in the photo she uploads. Tag 
Suggestions work by identified similarities among photos in 
which a person has been tagged. We use this information to 
create a template that allows us to offer recommendations about 
whom a user should tag when she uploads a photo. The user can 
then accept or reject that recommendation.
    Use of our photo-sharing tools continues to grow. In fact, 
as you noted, Mr. Chairman, a few months ago we took our Tag 
Suggestion feature down to improve its efficiency, and we plan 
to restore it soon.
    Individual control is the hallmark of Facebook's Tag 
Suggestion feature. It includes four important protections.
    First, we are transparent about the use of the technology. 
Across our site, we describe Tag Suggestions and the controls 
that we offer. This included providing information in our data 
use policy, on our Help Center, on our Privacy Settings page, 
and on our Facebook blog.
    Secondly, Tag Suggestions only use data people have 
voluntarily provided to Facebook and derives information from 
that data to automate the process of future tagging. We do not 
collect any new information as a part of this process.
    Third, Facebook's technology only uses a person's friends 
and does not enable people to identify random strangers.
    Fourth, through an easy-to-use privacy setting, Facebook 
enables people to prevent the user of their images and tag 
suggestions. If a user makes that selection, Facebook will not 
include her name when suggesting tags for uploaded photos. And 
we will delete the template in which we stored the user's 
facial recognition data if one was previously created.
    In addition to these controls, we protect facial 
recognition data from unauthorized disclosure to third parties, 
including to law enforcement. Two aspects of our technology 
significantly limit its use to third parties. First, our 
templates are encrypted, and they work only with our 
proprietary software, so they would be useless to a third 
party. Second, our software is designed to search only a 
limited set of potential matches, namely, an individual user's 
friends, and is not used to identify strangers.
    Last, we share our users' private information with law 
enforcement only in very limited circumstances and consistent 
with our terms of service and applicable law. A dedicated team 
of professionals scrutinizes each request for legal sufficiency 
and compliance with Facebook's internal requirements. We are 
one of the handful of major Internet companies that promotes 
transparency in this process by publishing our law enforcement 
guidelines on our website.
    I hope that my testimony has helped the Members of this 
Subcommittee understand how Facebook uses facial recognition 
technology and, more importantly, the privacy and security 
protections that define our implementation. We look forward to 
continuing our discussion with Members of Congress about the 
important issues raised in today's hearing.
    Thank you again for the opportunity to testify, and I look 
forward to answering any questions that you have.
    [The prepared statement of Mr. Sherman appears as a 
submission for the record.]
    Chairman Franken. Well, thank you, Mr. Sherman.
    Ms. Lynch.

    STATEMENT OF JENNIFER LYNCH, STAFF ATTORNEY, ELECTRONIC 
         FRONTIER FOUNDATION, SAN FRANCISCO, CALIFORNIA

    Ms. Lynch. Mr. Chairman, thank you very much for the 
invitation to testify on the important topic of facial 
recognition today. My name is Jennifer Lynch, and I am an 
attorney with the Electronic Frontier Foundation in San 
Francisco. We are a nonprofit, and for over 20 years, we have 
been focused on protecting privacy and defending civil 
liberties in new technology.
    Today, and in my written testimony, I would like to address 
the implications of government and private sector use of facial 
recognition on privacy and civil liberties and on the laws that 
do or do not apply.
    The collection of biometrics, including facial recognition, 
may seem like science fiction or something out of a movie like 
``Minority Report,'' but it is already a well-established part 
of our lives in the United States. The FBI and the DHS have the 
largest biometrics data bases in the world, with over 100 
million records each, and DHS alone collects 300,000 
fingerprints every day. Both of these and other agencies in the 
Federal Government are working quickly to add extensive facial 
recognition capabilities to these data bases.
    The scope of Government-driven biometrics data collection 
is well matched by private sector collection. Facebook, for 
example, uses facial recognition by default to scan all images 
uploaded to its site, and its 900 million members upload 
300,000 photos every day. Face.com, which is the company that 
developed Facebook's facial recognition system and was recently 
acquired by Facebook, stated in March that it had indexed 31 
billion face images. Other companies, from Google and Apple to 
smartphone app developers, also provide facial recognition 
services to their customers, and biometrics are used by private 
companies to track employee time, to prevent unauthorized 
access to computers or facilities or even the gym. And private 
companies, like Morpho, represented on the panel here today, 
and other companies, are building out large facial recognition 
systems for governments and agencies around the world.
    For example, Morpho has developed a facial recognition 
technology at 41 of the 50 DMVs in the United States and for 
the FBI. And companies like this often retain access to the 
data that is collected.
    So facial recognition is here to stay, and yet at the same 
time many Americans do not even realize that they are already 
in a facial recognition data base.
    Facial recognition technology, like other biometrics 
programs that collect, store, share, and combine sensitive and 
unique data poses critical threats to privacy and to civil 
liberties. Biometrics in general are immutable, readily 
accessible, individuating, and can be highly prejudicial. And 
facial recognition takes the risks inherent in other biometrics 
to a new level. Americans cannot take precautions to prevent 
the collection of their image. We walk around in public. Our 
image is always exposed to the public. Facial recognition 
allows for covert, remote, and mass capture and identification 
of images, and the photos that may end up in a data base 
include not just a person's face but also what she is wearing, 
what she might be carrying, and who she is associated with. 
This creates threats to free expression and to freedom of 
association that are not evident in other biometrics.
    Americans should also be concerned about the extensive 
sharing of biometric data that is already occurring at the 
government- and private-sector level. Data accumulation and 
sharing can be good for identifying people, for verifying 
identities, and for solving crimes. But it can also create 
social stigma when people end up in criminal data bases and 
their image is searched constantly. And it can perpetuate 
racial and ethnic profiling and inaccuracies throughout the 
system. It can also allow for Government tracking and 
surveillance on a level that has not before been possible.
    Americans cannot participate in society today without 
exposing their faces to public view. And, similarly, connecting 
with friends, family, and the broader world through social 
media has quickly become a daily--and many would say 
necessary--experience for Americans of all ages. Though face 
recognition implicates important First and Fourth Amendment 
values, it is unclear whether the Constitution would protect 
against the challenges it presents. Without legal protections 
in place, it could be relatively easy for the government or 
private companies to amass a data base of images on all 
Americans. This presents opportunities for Congress to develop 
legislation to protect Americans. The Constitution creates a 
baseline, but Congress can and has legislated significant 
additional privacy protections. As I discuss in more detail in 
my written testimony, Congress could use statutes like the 
Wiretap Act or the Video Privacy Protection Act as models for 
this legislation.
    Given that facial recognition and the accompanying privacy 
concerns are not going away, it is imperative that Congress and 
the rest of the United States act now to limit unnecessary 
biometrics collection, to instill proper protections on data 
collection, transfer, and search, to ensure accountability, to 
mandate independent oversight, to require appropriate legal 
process before government collection, and define clear rules 
for data sharing at all levels. All of these are necessary to 
preserve the democratic and constitutional values that are 
bedrock to American society.
    Thank you once again for the invitation to testify today. I 
look forward to your questions.
    [The prepared statement of Ms. Lynch appears as a 
submission for the record.]
    Chairman Franken. Thank you all for your testimony.
    Just for the sake of the record, I want to clarify that 
Facebook users upload 300 million photos to the site a day, not 
300,000. I will add a document to the record to that effect. I 
would not want to underestimate the power of Facebook.
    [The information appears as a submission for the record.]
    Chairman Franken. Professor Acquisti, one of the things I 
think is so special about your work is that it really shows us 
how a face can be a real conduit between your online world and 
your offline world in a way that other biometrics are not. Can 
you tell us why facial recognition technology is so sensitive 
and how it compares to taking someone's fingerprint and 
analyzing that?
    Mr. Acquisti. Senator, I believe facial biometrics are a 
more powerful and sensitive biometrics than fingerprints. Not 
only they are permanent, starting with childhood your face 
changes, but computers are learning to be able to predict these 
changes, and your face can be changed, as you mentioned 
earlier, only at very great cost. Also, this biometric can be 
captured remotely. In fact, we have a gigapixels camera, very 
remotely shot can be sufficient to make a good, effective 
faceprint of someone's face. Remote capturing means that this 
is happening without the person's consent or even knowledge.
    Also, the technology to capture facial images and do 
matching is becoming ubiquitous. Your phone probably can do it, 
my phone, iPad, and so forth.
    Also, unlike fingerprints, which are not usually publicly 
available online, facial data is, as our experiment showed and 
studies by others have shown, plenty available online.
    And, finally, as you mentioned, a face is truly the conduit 
between your different personas, who you are on the street, in 
real life, and who you are online, who you are online may be on 
a dating site, and who you are on a social network. And the 
face, therefore, allows these different sides of your life that 
you wanted to keep, perhaps, compartmentalized to be connected. 
Plus there is also the issue of the sensitive inferences one 
can make starting from a face, which is perhaps another story, 
but it is related to this topic as well.
    Chairman Franken. Thank you.
    Mr. Sherman, you have heard from almost everyone else at 
this hearing that facial recognition technology is extremely 
powerful and extremely sensitive. Why doesn't Facebook turn its 
facial recognition feature off by default and give its users 
the choice to turn it on?
    Mr. Sherman. Well, Senator, I think you are right to say 
that, like all of the other information that we store about our 
users, it is important that we take appropriate steps to 
protect information. We take that responsibility very 
seriously. And in terms of implementing choice throughout our 
site, and we do that in a lot of ways, we use a number of 
different mechanisms to do it.
    As you point out, with regard to the tag suggestion feature 
specifically, it is turned on by default, and we give people 
the opportunity to go in and disable it if they do not want to 
use it.
    The reason for that in part is we think that is the 
appropriate choice because Facebook itself is an opt-in 
experience. People choose to be on Facebook because they want 
to share with each other. Beyond that, tag suggestions are only 
used in the context of an opt-in friend relationship on 
Facebook, which means that you would not be suggested to 
somebody as a potential tag for a photo unless both parties to 
the relationship had already decided to communicate with one 
another on Facebook, had already seen each other's photos. So 
we are actually not exposing any additional information to 
anybody as a part of this process.
    And so given those things and the fact that we do a lot to 
be transparent and to let people know about the feature, we 
think that it is the right choice to let people who are 
uncomfortable with it decide to opt out.
    Chairman Franken. I understand what you are saying. We are 
just going to have to disagree on this a little bit. I just 
think that this information is so sensitive that it is the kind 
of thing that users should have to consciously opt themselves 
into. I will note that Facebook's competitor Google leaves 
their facial recognition feature off by default on its social 
network and then lets users opt into it. But I am worried about 
how Facebook handles the choices that it does give its users 
about this technology.
    Mr. Sherman, on page six of your written testimony, you 
write that, ``Through an easy-to-use privacy setting, people 
can choose whether we will use our facial recognition 
technology to suggest that their friends tag them in photos.''
    This is the screen that Facebook users get when they go to 
their privacy settings to find out about tag suggestions. 
Nowhere on this screen or on the screen that you get when you 
click ``Learn More'' do you see the words ``facial 
recognition'' or anything that describes facial recognition. 
Those words are elsewhere in your Help Center, but right now 
you have to go through six different screens to get there. I am 
not sure that is easy to use.
    How can users make an informed decision about facial 
recognition in their privacy settings if you do not actually 
tell them in their privacy settings that you are using facial 
recognition?
    Mr. Sherman. Well, the screen shot that you have displayed 
does not use the words ``facial recognition.'' I believe that 
the ``Learn More'' link at the bottom leads to the page in our 
Help Center. We have a series of frequently asked questions 
that we provide to users that explains in detail how----
    Chairman Franken. This is the page that it links to.
    [Laughter.]
    Chairman Franken. And nowhere does it talk about a facial 
recognition page, right?
    Mr. Sherman. I have not done that, so I do not know that--
--
    Chairman Franken. You have not done that?
    Mr. Sherman. I have done that. I did not create the visual, 
so I do not know that, but I can tell you that----
    Chairman Franken. What haven't you done?
    Mr. Sherman. I am sorry. I just have not seen the visual. I 
think the page that you are looking at is one of the pages in 
our Help Center that provides information about how tagging 
works on Facebook. The Help Center content that you are talking 
about, which I think is available from that page, does describe 
facial recognition, uses the words ``facial recognition'' 
specifically, and provides some detail about the way in which 
the templates that we use, the files that include the facial 
recognition data are stored.
    Chairman Franken. It is my understanding, am I right, that 
that is six clicks away?
    Mr. Sherman. I am not sure about the number. I do not think 
that is right, but I am not sure.
    Chairman Franken. OK. You are head of this at Facebook?
    Mr. Sherman. I am one of many people who work on privacy at 
Facebook.
    Chairman Franken. What is your title?
    Mr. Sherman. I am the manager of privacy and public policy.
    Chairman Franken. Thank you, Mr. Sherman.
    Mr. Sherman. Thank you.
    Chairman Franken. Ms. Lynch, you are a privacy and civil 
liberties lawyer. It is your job to interpret the law in a way 
that protects privacy and civil liberties. Can you summarize 
for us in a few sentences what concrete legal protections there 
are with respect to the use of facial recognition technology by 
the government and by the private sector?
    Ms. Lynch. Well, I think at the Federal level it is pretty 
clear that there are no specific laws that regulate facial 
recognition or that regulate the collection of images to be put 
into a facial recognition data base, whether from the 
government or the private sector.
    That said, the Constitution creates a baseline. I think we 
have seen in the U.S. v. Jones case that was decided in January 
that the Supreme Court and several other courts are concerned 
about collection of information on us when we are in public. 
And, also, the FTC, of course, has some ability to regulate 
companies that are engaged in deceptive or unfair trade 
practices. And then there are two State laws, which you 
mentioned earlier, in Illinois and Texas, that would govern the 
collection of biometrics on citizens within those States.
    Chairman Franken. Thank you.
    Right now, I know Senator Blumenthal has been here for a 
while. Since I am chairing this, I am going to be here. I want 
to be conscious of your time, so why don't I turn the 
questioning over to you, Senator?
    Senator Blumenthal. Thank you, Mr. Chairman.
    Mr. Sherman, let me first thank Facebook for being so 
cooperative in the Password Protection Act that I proposed, 
with the support of a number of other Members of the Judiciary 
Committee, that prohibits employers from compelling passwords 
and other such information that provides access to private 
personal accounts to being divulged in the course of 
employment, whether it is applications for employment or 
prospective employment or existing employment.
    Why does Facebook not require or not permit the kind of 
opt-in procedure that Senator Franken mentioned?
    Mr. Sherman. Well, we do not provide--we have implemented 
tag suggestions in a way that does not require people to opt in 
for a number of reasons, including the fact that, as I 
mentioned, Facebook is an opt-in service and the fact that we 
provide tag suggestions only in the context of existing 
friendships.
    I think we also work very hard to be transparent with 
people about how the feature works. We provide information 
about the tool on a lot of different places on the site. And we 
also think that there are benefits both in terms of social 
engagement and also in terms of privacy associated with photo 
tagging. And we think that making it easier for people to tag 
people on Facebook, again, people that they already know and 
already are in relationships with, promotes those benefits. It 
gives people the ability to know that they are in photos that 
have been posted on Facebook and to exercise control over them 
if they want to do so.
    Senator Blumenthal. Does Facebook share facial recognition 
data with any third parties?
    Mr. Sherman. We do not.
    Senator Blumenthal. Is there anything in your guidelines or 
company practices that precludes it?
    Mr. Sherman. As I mentioned, we publish on our website our 
law enforcement guidelines, which I think may be the 
circumstance that you are talking about, and with regard to 
that information, first, we--as far as I know, we have never 
received a request from law enforcement from the information 
that you are talking about. I think that reflects the fact that 
the templates that we have would not be useful outside of our 
service. They just cannot be used by law enforcement. I think 
there are other technologies that law enforcement might use. 
And I think beyond that there is a very rigorous standard that 
we describe in our policies under which we would provide any 
non-public personal information to law enforcement.
    Senator Blumenthal. And what about going beyond law 
enforcement? Is there anything in your guidelines or practices 
that precludes sharing with non-law enforcement?
    Mr. Sherman. I do not know whether we have said 
specifically with regard to facial recognition information, but 
we have a data use policy which we publish on our website which 
provides significant detail about the restrictions, and the 
general standard is that we do not disclose personal 
information to third parties without our users' consent.
    Senator Blumenthal. Does Facebook allow third-party apps to 
collect facial recognition data from users?
    Mr. Sherman. Just to make sure I understand your question, 
Senator, the facial recognition data that is in our data bases, 
the templates?
    Senator Blumenthal. Correct.
    Mr. Sherman. No, we do not provide those to any apps.
    Senator Blumenthal. And just assume that someone signs up 
for Facebook--you mentioned that it is, obviously, voluntary--
and he or she does not want to have facial data stored, 
collected, used by Facebook. What are the options available to 
that person?
    Mr. Sherman. So if a person signs up for Facebook and does 
not want facial recognition data to be collected or used about 
that person, the person can go to their Privacy Center, click 
on Tagging, and then the option to turn off the tag suggestion 
feature is there. If they do that, two things will happen: one, 
we will not suggest them to any of their friends when their 
friends upload photos; and, two, if a facial recognition 
template was created, it will be deleted. In the circumstance 
that I think you are describing, we probably would not have a 
facial recognition template in the first instance.
    If a user wanted to allow the use of the feature but to 
exercise other kinds of control, we offer that as well. For 
example, the user can be notified when he or she is tagged, can 
remove the tag from the photo. If he or she does that, then 
that removes that from the template that we use to power our 
tag suggestions feature.
    And, finally, the user can choose to exercise control 
before any photo in which he or she is tagged shows up on her 
timeline.
    Senator Blumenthal. Now that Facebook is considering 
allowing children under 13 to sign up for Facebook accounts, 
which obviously implicates a number of privacy concerns of a 
different nature and magnitude, does Facebook have any new 
policies or plans to develop new policies and what will those 
policies be regarding facial recognition technology on pictures 
of children who use Facebook?
    Mr. Sherman. Well, Senator, as you know, our current policy 
is that children under 13 are not allowed on Facebook, and we 
have a number of technical and procedural measures that we put 
in place to try to prevent children under 13 from gaining 
access to our service in violation of that policy.
    There have been some studies that have come out recently 
that have suggested that children, despite our efforts, are 
gaining access to Facebook, and in many cases with the 
assistance of their parents. And so one of the things that has 
been suggested is that we provide tools for parents to manage 
their children's access of Facebook if they do get on.
    We are in the process of thinking about those. Those are 
really important issues, and protecting children and all of our 
uses is a high priority at Facebook. And we are thinking 
through the right way to manage those questions. So we have not 
made any final decision about what we would do, if anything, 
about changing our under-13 policy.
    What I can tell you is we do implement the tag suggestion 
feature in a slightly different way for children who are over--
for teenagers, excuse me, who are over 13 but under 17. In 
those cases, the tag suggestion feature is off by default, and 
the teenagers can turn it on if they want to do so, but it is 
not on by default.
    Senator Blumenthal. Wouldn't it make sense to simply 
preclude those images for children under 13 to be in any way 
collected or stored?
    Mr. Sherman. Well, I mean, I think certainly there are 
difficult questions, and the one that you raise is one of a 
large number of questions that we would have to confront if we 
decided to allow children under 13. It is something certainly 
that we would consider actively, but until we make a decision 
about changing our policy, I think it is premature to say 
exactly how we would implement it.
    Senator Blumenthal. Well, I am going to ask that Facebook 
commit to not collecting or storing those facial recognition 
data for anyone under 13 if you decide to go ahead. I think it 
is a matter of public policy and public safety that Facebook 
adopt that kind of policy if you decide to go ahead.
    Mr. Sherman. OK, thank you. We absolutely appreciate the 
feedback, and if we go in that direction, that is something we 
will certainly consider.
    Senator Blumenthal. Thank you.
    Thank you, Mr. Chairman.
    Chairman Franken. Thank you, Senator Blumenthal.
    I just want to also correct the record that MorphoTrust has 
32 driver's license contracts that include facial recognition, 
not 40.
    Professor Acquisti, a month or two ago, a company called 
Face.com released an iPhone app that allowed you to point your 
iPhone at someone and have a little box pop up above that 
person's face on your screen that told you their name. The app 
was only supposed to work on your friends, but soon after the 
release of this app, a well-respected security researcher who 
has testified before this Subcommittee, Ashkan Soltani, 
revealed that the app could easily be hacked in a way that 
would appear to allow it to identify strangers.
    Facebook has since purchased Face.com and shut down this 
app. But were you familiar with this app and the vulnerability 
that it created or had? What did it tell you about the state of 
privacy when it comes to facial recognition technology? Is this 
something we should be thinking about?
    Mr. Acquisti. Senator, yes, I have been following the news 
and the research about Klik, this app. I will make a few 
points.
    One is that this app shows that the studies we presented 
last year are not just theoretical experiments. They happen in 
reality. The reality of face mobile, real-time face recognition 
is coming much faster than what some people may have believed.
    A second point is that the vulnerability Ashkan Soltani 
found shows that there are inherent risks in this technology in 
that they cluster and aggregate very sensitive information 
which becomes a desirable target for hackers and third parties. 
Soltani was able, through the vulnerability he discovered, to 
get access to non-public photos of individuals as well as to 
private data of other users, which means that conceivably he 
could have used these additional photos for face recognition 
not just of his own friends but friends of friends and many 
other people in the network.
    Which leads me to the third point. Currently, the 
limitations in this app come mostly from two directions. One is 
computational cost. In experiments we did, we were working on 
data bases of hundreds of thousands of images; therefore, we 
could do a match in real time. If we had tried to do it against 
300 million Americans or, in fact, 90 billion photos, it would 
take hours and hours and hours. However, this limit is 
transient; it is not systemic in the sense that cloud computing 
clusters are getting faster and faster. Therefore, we cannot 
guarantee that what is not possible to do now, extrapolating 
our results to nationwide to the entire population, will not be 
possible five years out.
    The second limitation is, like I mentioned in my testimony, 
there is a sort of a self-restraint in the providers of the 
services which can be found in statements such as, ``Don't 
worry. This only works with your friends. Only your friends 
will be able to tag you.'' Well, this is now. There is no 
guarantee that a few years from now it will be friends of 
friends or some years later it will be anyone in the network. 
In fact, the history of social media and online social networks 
in general shows that there is this progressive nudging of 
users toward more and more disclosure. So this is to me one of 
the concerns we have in this area.
    Chairman Franken. Well, then, I will turn to Mr. Martin. I 
am going to try to get everybody in here. We are really talking 
about how fast this technology is improving, and that is sort 
of what I was just asking Mr. Acquisti. What are we 
approaching? What kind of world are we approaching in terms of 
how quickly and reliably this technology can identify unknown 
individuals walking down a city street? I know we are not quite 
there yet, but tell me how fast this technology is improving 
and how far we are from that world.
    Mr. Martin. There is not a black-and-white answer to this. 
So certainly, today, if you have a small data base of 
individuals, a few thousand or even tens of thousands, and you 
had a controlled situation where somebody was walking through a 
metal detector but still they did not know the camera was on 
them, then you could reliably do identification on that small 
data base, say if you had a watchlist of criminals or 
terrorists or something.
    In the case where you now expand the data base to the size 
of multiple millions and you are just shooting a camera outside 
the window down the street, you cannot reliably do that for a 
large data base. What you could do is, for instance, have some 
humans that look at the results, and if you only were looking 
for a few people, not millions of people, then you could shoot 
something out the window and probably try to find a suspect. 
But certainly the technology is not there to do that on a large 
scale with 300 million people or a billion people. And even if 
you have more processors and it is faster, I do not think you 
are going to be there in the next several years.
    Chairman Franken. What about the scenario of going into--a 
guy goes into a bar, takes a picture of a woman, wants to stalk 
her, can find out where she lives?
    Mr. Martin. Some of the arguments here was that that is a 
concern that you can do something like that, and I think the 
only way it would be viable today is that you would need some 
additional information. Like you would have to know that she is 
a friend of somebody on Facebook and you are a friend with that 
person and you have access to see who their friends are. Then 
potentially you could look at images off of the Internet and 
link up that extra metadata that is on her profile with that 
picture and find out that information.
    But even just from the science side of it, taking a picture 
in the bar where it is dark and the person is not looking at 
your camera unless you ask them for a good picture, it is 
technically very hard even to do the face recognition matching, 
despite the other part that you need to have all this linking 
information to get it to work. So it is not easy.
    Chairman Franken. Sometimes you would say, ``Hey''----
    Mr. Martin. ``Can I get a picture of you? '' Right.
    Chairman Franken. A flash, and there it is.
    Mr. Martin. Right. So if you did that, though, then the 
question is: What is the data base that you are going to search 
against?
    Chairman Franken. I just want to ask this with Mr. Acquisti 
and Mr. Sherman. Mr. Acquisti said that the social networks--
the privacy policy has sort of loosened in a way. What did you 
mean by that in terms of--let us just get a little dialogue 
maybe between the two of you just on this. Has Facebook done 
that? Have they loosened their privacy policies? You are 
nodding, Ms. Farahany, so--I just go to whoever is nodding. 
That is my role as Chairman.
    [Laughter.]
    Chairman Franken. If you want to get called on, nod.
    Ms. Farahany. I am happy to nod and be called on. I think 
Facebook and other social media sites are changing our 
expectations of privacy. So I think part of the reason why the 
Fourth Amendment analysis is useful here is that it is tied to 
what does society expect to be able to keep private. And in 
today's world, we are moving toward much greater transparency. 
As I have been listening to the conversation, it does not seem 
like it is facial recognition itself that anybody is afraid of. 
It is linking it to other information that people are 
frightened by. And I think that is right, which is, there is 
nothing inherently frightening about having your face seen. We 
have it seen in public all the time. We do not try to hide it 
from view. It is the aggregation of data that frightens people.
    And so what is it, if anything, we should be doing about 
aggregation of data? Well, Congress has already taken a number 
of initiatives to keep some types of personal information 
private, like your health information, financial transactions, 
your genetic information for certain types of uses through the 
Genetic Information Nondiscrimination Act. But we do not stop 
the flow of information. We say there are certain applications 
of the information which are limited or impermissible. And I 
think there is nothing about for me personally--and this may be 
because, you know, I am a user of Facebook and somebody who is 
comfortable with greater transparency. There is nothing 
frightening to me about somebody having a photograph taken of 
me or even going into every store or every place on the street 
and having a photograph taken of me. It is the ability to make 
a complete dossier about me and know a lot of other 
information.
    And so if there is something about the use and application 
that we are frightened about, I think that is an appropriate 
place for Congress to focus very targeted interest, but it may 
not be facial recognition technology it should be focusing on 
then. It is the act of data aggregation itself and who can 
aggregate data, for what purpose, and to whom they can package 
and sell it.
    Chairman Franken. OK. Now, you are nodding, so that means 
you are going to be called on.
    Mr. Acquisti. I was nodding, Senator. In my written 
testimony, I made a short list of examples where Facebook 
indeed changed something--settings, defaults--to unilaterally 
create more disclosure or more sharing. The examples include 
Facebook News in 2006, Tagging in 2009; changes in privacy 
settings in early 2010; changing of the cache time limits in 
2010--that refers to how long third-party developers can keep 
your data; the introduction of Facebook Places in 2010, which 
allows others to tag you when you go in a certain location; the 
switch to the ``Timeline'' in early 2012, initially voluntary, 
then compulsory; more recent the switching of users to using 
Facebook emails rather than other parties' emails. So there is 
an extensive list of examples showing this trend.
    Chairman Franken. How do you respond to that?
    Mr. Sherman. Well, I think the examples that Professor 
Acquisti is offering are examples of ways in which we have 
changed our service, and I think you would want Facebook to 
innovate, you would want Facebook to continue to offer new and 
better products to our users, and that is something that we try 
to do every day. Anytime we make any change to our service, 
including the changes that Professor Acquisti referred to, we 
have a robust privacy process that includes professionals from 
all across our organization who review those changes to make 
sure that they are consistent with the commitments that we have 
made to our users and that they will help us maintain the trust 
of our users, because, after all, if people do not trust us, 
then they will not use our service, and that is something we 
very much want people to do. And I think if we did make a 
change of any sort--and I think in the instances that he has 
described--we let our users know about that and give them the 
ability to make choices about them.
    Chairman Franken. OK. And did it involve information 
retrospectively? In other words, did it involve loosening the 
privacy on information they had already put in there that they 
did not know would--I am saying this out of ignorance here. I 
am just asking.
    Mr. Sherman. There may be instances where we would change a 
default, so for new people who come onto the site, things might 
work in a slightly different way, and we would be very clear 
with them about how that works. But we have committed to the 
FTC that when we have information that we already have that is 
covered by a privacy setting, we will not disclose it in a way 
that materially exceeds the privacy setting after that has been 
done.
    Chairman Franken. OK. Thank you.
    I want to go to Ms. Lynch in kind of a final question, but 
I have not talked to the sheriff yet, and I want to thank you 
for being with us. I know that right now Calhoun County is 
about to roll out a facial recognition system for the field. If 
your deputy pulls someone over and that person refuses to 
identify him- or herself, this system will allow you to see if 
they are a wanted criminal or someone with an arrest record.
    Now, I know that the data base of photos you are using for 
this field system is still going to be a data base of mug shots 
from arrests.
    Mr. Amerson. Right.
    Chairman Franken. It is not going to be the data base from 
the Department of Motor Vehicles. Can you tell us why you 
decided to stick with the criminal data base and not use a 
bigger data base like the DMV's?
    Mr. Amerson. I think the key is for us to focus on the 
people that are of interest to us. Ordinary, honest people 
going about their daily business are not of interest to us. Our 
interests are people who are committing crimes, people who are 
wanted for questioning about crimes. It would have to be a very 
certain degree of information allowed--available for us to do 
that. But, again, the key to us is locating wanted criminals so 
that we can locate and arrest them and take them off the 
street.
    Chairman Franken. Thank you.
    Ms. Lynch, if Congress were to pass a law governing law 
enforcement use of facial recognition technology, what are the 
two or three protections you think need to be included?
    Ms. Lynch. Well, I think first we have to look at how law 
enforcement is getting the data. So law enforcement is 
currently getting data in general in two different ways. One is 
directly, so let us say they are bringing a suspected criminal 
into a police department and fingerprint them, or they are 
collecting an image on the street. And then the second way that 
law enforcement gets data is from a private company or a third 
party--bank records or data from Facebook, submitting a warrant 
to Facebook. And I think in both of those situations, we would 
like to see a warrant based on probable cause to get access to 
the data.
    Facial recognition data and faceprints and photographs are 
pretty sensitive data, and everyone though we do share our 
faces with the public and we share our images with third 
parties, there has been a lot of significant research done to 
show that people still have an expectation of privacy in this 
information. Even though we are sharing it with our friends and 
our family and our networks, we are not necessarily expecting 
that that data should be shared with the Government. And I 
think based on that, we do have a reasonable expectation of 
privacy in the data that would warrant a warrant standard. So 
that is the first thing.
    I think the second thing that I would like to see is that 
there would be some data minimization requirements put in 
place. This could be minimization of how much data the 
gvernment collects, so instead of getting 10 pictures of a 
person or crowd photos of a person--that include a person, it 
is limited to mug shots like the sheriff said. So that is one 
way of minimizing the data collection. Another is if the 
government is collecting crowd photo data for an individual 
investigation, that that crowd photo be deleted once the 
investigation is concluded, or that other faces in the crowd be 
scrubbed so that they are not identifiable. So that is the 
second.
    And then I think the third thing that I would like to see 
is that data that is gathered for one purpose is not combined 
with data gathered for another. So, for example, right now the 
FBI has two separate parts to its fingerprint data base. It has 
the records collected for civil purposes, like employment. If 
you are Federal employee, if you are a lawyer in California, if 
you are applying for a job to work with children, your 
fingerprints are collected and put in the FBI's civil 
fingerprint data base. And that is kept separate from the 
criminal data base where all of the fingerprints of anybody 
arrested in the United States go. And, currently, although 
those are kept separate, the FBI is planning to incorporate a 
master name system that would allow searching of both data 
bases at the same time, and I think this raises a lot of 
implications for privacy and civil liberties that we have not 
discussed. And even though we are talking about fingerprints 
here, when the FBI includes facial recognition into its data 
base--and it is supposed to do that by 2014--they will be 
searching facial recognition-ready photographs as well.
    Chairman Franken. Thank you.
    I have a note here that Professor Farahany has a plane to 
catch. Is that correct?
    Ms. Farahany. My flight is at seven.
    Chairman Franken. I am sorry?
    Ms. Farahany. I said my flight is at seven.
    Chairman Franken. Let us see. It is rush hour. Is it 
National or Dulles? Dulles.
    [Laughter.]
    Chairman Franken. Are you checking any bags?
    [Laughter.]
    Chairman Franken. OK. Well, I will ask my last question, 
and then you can get out of here.
    Mr. Sherman, once you generate a faceprint for somebody, 
even though you might not do it now, you can use it down the 
road in countless ways. You could. I would like for you to tell 
us on the record how Facebook will and will not use its 
faceprints going forward. We did have the matter of some 
changes in policy. For example, can you assure us that Facebook 
will share or sell users' faceprints along with the software 
needed to use them to third parties--will not do that? Can you 
assure us that they will not do that?
    Mr. Sherman. Well, Senator Franken, I think it is difficult 
to know in the future what Facebook will look like five or 10 
years down the road, and so it is hard to respond to that 
hypothetical. What I can tell you is that we have a robust 
process, as I have described, to vet any changes that we would 
make along those lines. We also have relationships with the 
Federal Trade Commission, the Irish Data Protection 
Commissioner which regulates our Irish affiliate, and consumer 
groups like the Electronic Frontier Foundation. We talk with 
them regularly about changes that we are making or are planning 
to make. I think if we would make a change that would be 
concerning, those are certainly groups that would express 
concern, and we obviously would be transparent with any change 
with our users.
    Chairman Franken. Well, I think that is a fair answer. Your 
company has every right not to lock itself into future business 
decisions and to keep your options open. But perhaps that is 
why Congress should be looking at this and considering whether 
we need to put in place protections so that users' faceprints 
are never shared or sold without their explicit permission, for 
example.
    Well, I want to thank you all for joining us. Ms. Farahany, 
you--you are all permitted to bolt.
    [Laughter.]
    Chairman Franken. But I want to thank you and, again, your 
complete written testimonies will be made part of the record.
    In closing, I want to thank Ranking Member Coburn, and I 
want to thank each of the witnesses who appeared with us today. 
I will add a statement from EPIC to the record.
    [The statement appears as a submission for the record.]
    Chairman Franken. We are adjourned. Thank you. Thank you 
all.
    [Whereupon, at 4:35 p.m., the Subcommittee was adjourned.]
    [Questions and answers and submissions for the record 
follow.]
                            A P P E N D I X

              Additional Material Submitted for the Record

                              Witness List

[GRAPHIC] [TIFF OMITTED] 86599.001

[GRAPHIC] [TIFF OMITTED] 86599.002

                    Prepared Statements of Witnesses

[GRAPHIC] [TIFF OMITTED] 86599.003

[GRAPHIC] [TIFF OMITTED] 86599.004

[GRAPHIC] [TIFF OMITTED] 86599.005

[GRAPHIC] [TIFF OMITTED] 86599.006

[GRAPHIC] [TIFF OMITTED] 86599.007

[GRAPHIC] [TIFF OMITTED] 86599.008

[GRAPHIC] [TIFF OMITTED] 86599.009

[GRAPHIC] [TIFF OMITTED] 86599.010

[GRAPHIC] [TIFF OMITTED] 86599.011

[GRAPHIC] [TIFF OMITTED] 86599.012

[GRAPHIC] [TIFF OMITTED] 86599.013

[GRAPHIC] [TIFF OMITTED] 86599.014

[GRAPHIC] [TIFF OMITTED] 86599.015

[GRAPHIC] [TIFF OMITTED] 86599.016

[GRAPHIC] [TIFF OMITTED] 86599.017

[GRAPHIC] [TIFF OMITTED] 86599.018

[GRAPHIC] [TIFF OMITTED] 86599.019

[GRAPHIC] [TIFF OMITTED] 86599.020

[GRAPHIC] [TIFF OMITTED] 86599.021

[GRAPHIC] [TIFF OMITTED] 86599.022

[GRAPHIC] [TIFF OMITTED] 86599.023

[GRAPHIC] [TIFF OMITTED] 86599.024

[GRAPHIC] [TIFF OMITTED] 86599.025

[GRAPHIC] [TIFF OMITTED] 86599.026

[GRAPHIC] [TIFF OMITTED] 86599.027

[GRAPHIC] [TIFF OMITTED] 86599.028

[GRAPHIC] [TIFF OMITTED] 86599.029

[GRAPHIC] [TIFF OMITTED] 86599.030

[GRAPHIC] [TIFF OMITTED] 86599.031

[GRAPHIC] [TIFF OMITTED] 86599.032

[GRAPHIC] [TIFF OMITTED] 86599.033

[GRAPHIC] [TIFF OMITTED] 86599.034

[GRAPHIC] [TIFF OMITTED] 86599.035

[GRAPHIC] [TIFF OMITTED] 86599.036

[GRAPHIC] [TIFF OMITTED] 86599.037

[GRAPHIC] [TIFF OMITTED] 86599.038

[GRAPHIC] [TIFF OMITTED] 86599.039

[GRAPHIC] [TIFF OMITTED] 86599.040

[GRAPHIC] [TIFF OMITTED] 86599.041

[GRAPHIC] [TIFF OMITTED] 86599.042

[GRAPHIC] [TIFF OMITTED] 86599.043

[GRAPHIC] [TIFF OMITTED] 86599.044

[GRAPHIC] [TIFF OMITTED] 86599.045

[GRAPHIC] [TIFF OMITTED] 86599.046

[GRAPHIC] [TIFF OMITTED] 86599.047

[GRAPHIC] [TIFF OMITTED] 86599.048

[GRAPHIC] [TIFF OMITTED] 86599.049

[GRAPHIC] [TIFF OMITTED] 86599.050

[GRAPHIC] [TIFF OMITTED] 86599.051

[GRAPHIC] [TIFF OMITTED] 86599.052

[GRAPHIC] [TIFF OMITTED] 86599.053

[GRAPHIC] [TIFF OMITTED] 86599.054

[GRAPHIC] [TIFF OMITTED] 86599.055

[GRAPHIC] [TIFF OMITTED] 86599.056

[GRAPHIC] [TIFF OMITTED] 86599.057

[GRAPHIC] [TIFF OMITTED] 86599.058

[GRAPHIC] [TIFF OMITTED] 86599.059

[GRAPHIC] [TIFF OMITTED] 86599.060

[GRAPHIC] [TIFF OMITTED] 86599.061

[GRAPHIC] [TIFF OMITTED] 86599.062

[GRAPHIC] [TIFF OMITTED] 86599.063

[GRAPHIC] [TIFF OMITTED] 86599.064

[GRAPHIC] [TIFF OMITTED] 86599.065

[GRAPHIC] [TIFF OMITTED] 86599.066

[GRAPHIC] [TIFF OMITTED] 86599.067

[GRAPHIC] [TIFF OMITTED] 86599.068

[GRAPHIC] [TIFF OMITTED] 86599.069

[GRAPHIC] [TIFF OMITTED] 86599.070

[GRAPHIC] [TIFF OMITTED] 86599.071

[GRAPHIC] [TIFF OMITTED] 86599.072

[GRAPHIC] [TIFF OMITTED] 86599.073

[GRAPHIC] [TIFF OMITTED] 86599.074

[GRAPHIC] [TIFF OMITTED] 86599.075

[GRAPHIC] [TIFF OMITTED] 86599.076

[GRAPHIC] [TIFF OMITTED] 86599.077

[GRAPHIC] [TIFF OMITTED] 86599.078

[GRAPHIC] [TIFF OMITTED] 86599.079

[GRAPHIC] [TIFF OMITTED] 86599.080

[GRAPHIC] [TIFF OMITTED] 86599.081

[GRAPHIC] [TIFF OMITTED] 86599.082

[GRAPHIC] [TIFF OMITTED] 86599.083

[GRAPHIC] [TIFF OMITTED] 86599.084

[GRAPHIC] [TIFF OMITTED] 86599.085

[GRAPHIC] [TIFF OMITTED] 86599.086

                Subcommittee Chairman Prepared Statement

[GRAPHIC] [TIFF OMITTED] 86599.087

[GRAPHIC] [TIFF OMITTED] 86599.088

[GRAPHIC] [TIFF OMITTED] 86599.089

[GRAPHIC] [TIFF OMITTED] 86166.090

            Questions for Witnesses from Senator Al Franken

[GRAPHIC] [TIFF OMITTED] 86599.091

[GRAPHIC] [TIFF OMITTED] 86599.092

[GRAPHIC] [TIFF OMITTED] 86599.093

[GRAPHIC] [TIFF OMITTED] 86599.094

[GRAPHIC] [TIFF OMITTED] 86599.095

[GRAPHIC] [TIFF OMITTED] 86599.096

                         Questions and Answers

[GRAPHIC] [TIFF OMITTED] 86599.097

[GRAPHIC] [TIFF OMITTED] 86599.098

[GRAPHIC] [TIFF OMITTED] 86599.099

[GRAPHIC] [TIFF OMITTED] 86599.100

[GRAPHIC] [TIFF OMITTED] 86599.101

[GRAPHIC] [TIFF OMITTED] 86599.102

[GRAPHIC] [TIFF OMITTED] 86599.103

[GRAPHIC] [TIFF OMITTED] 86599.104

[GRAPHIC] [TIFF OMITTED] 86599.105

[GRAPHIC] [TIFF OMITTED] 86599.106

[GRAPHIC] [TIFF OMITTED] 86599.107

[GRAPHIC] [TIFF OMITTED] 86599.108

[GRAPHIC] [TIFF OMITTED] 86599.109

[GRAPHIC] [TIFF OMITTED] 86599.110

[GRAPHIC] [TIFF OMITTED] 86599.111

[GRAPHIC] [TIFF OMITTED] 86599.112

                Miscellaneous Submissions for the Record

[GRAPHIC] [TIFF OMITTED] 86599.113

[GRAPHIC] [TIFF OMITTED] 86599.114

[GRAPHIC] [TIFF OMITTED] 86599.115

[GRAPHIC] [TIFF OMITTED] 86599.116

[GRAPHIC] [TIFF OMITTED] 86599.117

[GRAPHIC] [TIFF OMITTED] 86599.118

[GRAPHIC] [TIFF OMITTED] 86599.119

[GRAPHIC] [TIFF OMITTED] 86599.120

[GRAPHIC] [TIFF OMITTED] 86599.121

[GRAPHIC] [TIFF OMITTED] 86599.122

[GRAPHIC] [TIFF OMITTED] 86599.123

[GRAPHIC] [TIFF OMITTED] 86599.124

[GRAPHIC] [TIFF OMITTED] 86599.125

[GRAPHIC] [TIFF OMITTED] 86599.126

[GRAPHIC] [TIFF OMITTED] 86599.127

[GRAPHIC] [TIFF OMITTED] 86599.128

[GRAPHIC] [TIFF OMITTED] 86599.129

[GRAPHIC] [TIFF OMITTED] 86599.130

[GRAPHIC] [TIFF OMITTED] 86599.131

[GRAPHIC] [TIFF OMITTED] 86599.132

[GRAPHIC] [TIFF OMITTED] 86599.133

[GRAPHIC] [TIFF OMITTED] 86599.134

[GRAPHIC] [TIFF OMITTED] 86599.135

[GRAPHIC] [TIFF OMITTED] 86599.136

[GRAPHIC] [TIFF OMITTED] 86599.137

[GRAPHIC] [TIFF OMITTED] 86599.138

[GRAPHIC] [TIFF OMITTED] 86599.139

[GRAPHIC] [TIFF OMITTED] 86599.140

[GRAPHIC] [TIFF OMITTED] 86599.141

[GRAPHIC] [TIFF OMITTED] 86599.142

[GRAPHIC] [TIFF OMITTED] 86599.143

[GRAPHIC] [TIFF OMITTED] 86599.144

[GRAPHIC] [TIFF OMITTED] 86599.145

[GRAPHIC] [TIFF OMITTED] 86599.146

[GRAPHIC] [TIFF OMITTED] 86599.147

[GRAPHIC] [TIFF OMITTED] 86599.148

[GRAPHIC] [TIFF OMITTED] 86599.149

[GRAPHIC] [TIFF OMITTED] 86599.150

[GRAPHIC] [TIFF OMITTED] 86599.151

[GRAPHIC] [TIFF OMITTED] 86599.152

[GRAPHIC] [TIFF OMITTED] 86599.153

[GRAPHIC] [TIFF OMITTED] 86599.154

[GRAPHIC] [TIFF OMITTED] 86599.155

[GRAPHIC] [TIFF OMITTED] 86599.156

[GRAPHIC] [TIFF OMITTED] 86599.157

[GRAPHIC] [TIFF OMITTED] 86599.158

[GRAPHIC] [TIFF OMITTED] 86599.159

[GRAPHIC] [TIFF OMITTED] 86599.160

[GRAPHIC] [TIFF OMITTED] 86599.161

[GRAPHIC] [TIFF OMITTED] 86599.162

[GRAPHIC] [TIFF OMITTED] 86599.163

[GRAPHIC] [TIFF OMITTED] 86599.164

[GRAPHIC] [TIFF OMITTED] 86599.165

[GRAPHIC] [TIFF OMITTED] 86599.166

[GRAPHIC] [TIFF OMITTED] 86599.167

[GRAPHIC] [TIFF OMITTED] 86599.168

[GRAPHIC] [TIFF OMITTED] 86599.169

[GRAPHIC] [TIFF OMITTED] 86599.170

[GRAPHIC] [TIFF OMITTED] 86599.171

[GRAPHIC] [TIFF OMITTED] 86599.172

[GRAPHIC] [TIFF OMITTED] 86599.173

[GRAPHIC] [TIFF OMITTED] 86599.174

[GRAPHIC] [TIFF OMITTED] 86599.175

[GRAPHIC] [TIFF OMITTED] 86599.176

[GRAPHIC] [TIFF OMITTED] 86599.177

[GRAPHIC] [TIFF OMITTED] 86599.178

[GRAPHIC] [TIFF OMITTED] 86599.179

[GRAPHIC] [TIFF OMITTED] 86599.180

[GRAPHIC] [TIFF OMITTED] 86599.181

[GRAPHIC] [TIFF OMITTED] 86599.182

[GRAPHIC] [TIFF OMITTED] 86599.183

[GRAPHIC] [TIFF OMITTED] 86599.184

[GRAPHIC] [TIFF OMITTED] 86599.185

[GRAPHIC] [TIFF OMITTED] 86599.186

[GRAPHIC] [TIFF OMITTED] 86599.187

[GRAPHIC] [TIFF OMITTED] 86599.188

[GRAPHIC] [TIFF OMITTED] 86599.189

[GRAPHIC] [TIFF OMITTED] 86599.190

[GRAPHIC] [TIFF OMITTED] 86599.191

[GRAPHIC] [TIFF OMITTED] 86599.192

[GRAPHIC] [TIFF OMITTED] 86599.193

[GRAPHIC] [TIFF OMITTED] 86599.194

[GRAPHIC] [TIFF OMITTED] 86599.195

[GRAPHIC] [TIFF OMITTED] 86599.196

[GRAPHIC] [TIFF OMITTED] 86599.197

[GRAPHIC] [TIFF OMITTED] 86599.198

[GRAPHIC] [TIFF OMITTED] 86599.199

[GRAPHIC] [TIFF OMITTED] 86599.200

[GRAPHIC] [TIFF OMITTED] 86599.201

[GRAPHIC] [TIFF OMITTED] 86599.202

[GRAPHIC] [TIFF OMITTED] 86599.203

[GRAPHIC] [TIFF OMITTED] 86599.204

[GRAPHIC] [TIFF OMITTED] 86599.205

[GRAPHIC] [TIFF OMITTED] 86599.206

[GRAPHIC] [TIFF OMITTED] 86599.207

[GRAPHIC] [TIFF OMITTED] 86599.208

[GRAPHIC] [TIFF OMITTED] 86599.209

[GRAPHIC] [TIFF OMITTED] 86599.210

[GRAPHIC] [TIFF OMITTED] 86599.211

[GRAPHIC] [TIFF OMITTED] 86599.212

[GRAPHIC] [TIFF OMITTED] 86599.213

[GRAPHIC] [TIFF OMITTED] 86599.214

[GRAPHIC] [TIFF OMITTED] 86599.215

[GRAPHIC] [TIFF OMITTED] 86599.216

[GRAPHIC] [TIFF OMITTED] 86599.217

[GRAPHIC] [TIFF OMITTED] 86599.218

[GRAPHIC] [TIFF OMITTED] 86599.219

[GRAPHIC] [TIFF OMITTED] 86599.220

[GRAPHIC] [TIFF OMITTED] 86599.221

[GRAPHIC] [TIFF OMITTED] 86599.222

[GRAPHIC] [TIFF OMITTED] 86599.223

[GRAPHIC] [TIFF OMITTED] 86599.224

[GRAPHIC] [TIFF OMITTED] 86599.225

[GRAPHIC] [TIFF OMITTED] 86599.226

[GRAPHIC] [TIFF OMITTED] 86599.227

[GRAPHIC] [TIFF OMITTED] 86599.228

[GRAPHIC] [TIFF OMITTED] 86599.229

[GRAPHIC] [TIFF OMITTED] 86599.230

[GRAPHIC] [TIFF OMITTED] 86599.231

[GRAPHIC] [TIFF OMITTED] 86599.232

[GRAPHIC] [TIFF OMITTED] 86599.233

[GRAPHIC] [TIFF OMITTED] 86599.234

[GRAPHIC] [TIFF OMITTED] 86599.235

[GRAPHIC] [TIFF OMITTED] 86599.236

   Submissions for the Record Not Printed Due to Voluminous Nature, 
  Previously Printed by an Agency of the Federal Government, or Other 
Criteria Determined by the Committee, List of Material and Links Can Be 
                              Found Below:

    EPIC Comments--January 31, 2012.:
        http://www.ftc.gov/os/comments/
        facialrecognitiontechnology/00083-0982624.pdf
    National Institute of Justice (NIJ), William A. Ford, 
Director, State of Research, Development and Evaluation.:
        https://www.eff.org/sites/default/files/ford-State-of-
        Research-Development-and-Evaluation-at-NIJ.pdf#page=17
    Farahany, Nita A., Testimony Attachment--Pennsylvania Law 
Review:
        http://www.pennumbra.com/issues/pdfs/160-5/Farahany.pdf
        [GRAPHIC] [TIFF OMITTED] 86599.237