Chapter 26: Biometrics and Facial Recognition Ethics

The Face as Data: Power, Identity, and Surveillance

Opening: A Wrong Face in Detroit

In January 2020, Robert Williams, a Black man in Detroit, was arrested in front of his wife and daughters. He was handcuffed in his driveway, loaded into a police car, and taken to a detention facility while his children watched. The charge: shoplifting watches from a Shinola store. The evidence: a facial recognition match.

The match was wrong.

It took Williams a day and a half in police custody before Detroit police investigators, shown Williams's driver's license, acknowledged that the face on the license and the face of the suspect were clearly not the same person. Williams had allegedly held up the driver's license and said, "This is not me." An investigator reportedly replied, "We know. The computer must have made an error."

Williams became one of the first known Americans wrongly arrested based on a facial recognition algorithm. He was not the last. Nijeer Parks in New Jersey was wrongly arrested in 2019 — his case only coming to light afterward. Michael Oliver, also in Detroit, was wrongly charged with a felony in 2021. All three men are Black. All three were matched by algorithms that researchers had spent years documenting performed dramatically worse on darker-skinned faces.

None of these cases involved a rogue system deployed without warning. In each instance, agencies were using commercially available or government-procured tools that had been evaluated, purchased, and integrated into investigative workflows. The systems functioned as designed. The design was the problem — or more precisely, the deployment of a flawed design in a context where errors imposed severe costs on those least able to absorb them.

Williams's case is the entry point for this chapter because it distills the central ethical tensions in biometrics and facial recognition into a single, indelible image: a man holding up his own driver's license and telling investigators, "This is not me." The gap between the algorithmic match and the human reality is not merely a technical error. It is an accountability failure, a governance failure, and — given the documented disparate impact across racial lines — a civil rights failure.

This chapter examines what biometrics are, how facial recognition works, what the bias evidence shows, how governments and corporations are deploying these systems, and what ethical and legal frameworks are emerging to govern their use. The stakes, as Williams's arrest makes plain, could not be higher.

Learning Objectives

By the end of this chapter, you should be able to:

1. Define biometrics and distinguish between physiological and behavioral biometric modalities, explaining why the permanence of biometric data creates unique ethical challenges.
2. Explain how facial recognition works at a conceptual level, distinguishing between 1:1 verification, 1:many identification, and categorization functions.
3. Describe the evidence base for differential bias in facial recognition systems, including NIST FRVT findings and the Gender Shades study.
4. Analyze the documented cases of wrongful arrest resulting from facial recognition errors and identify the systemic accountability failures they reveal.
5. Evaluate the privacy implications of commercial facial recognition deployment, including retail surveillance, employer monitoring, and database aggregation.
6. Assess the Clearview AI case as a study in the inadequacy of existing legal frameworks for governing facial recognition at scale.
7. Describe the current regulatory landscape for facial recognition, including city and state bans, the EU AI Act framework, and proposed federal legislation.
8. Apply a proportionality and purpose-limitation framework to evaluate whether a proposed biometric deployment is ethically justifiable.

Section 1: What Is Biometrics?

Defining the Category

Biometrics refers to the automated measurement and statistical analysis of unique biological or behavioral characteristics for the purpose of identification, authentication, or classification. The word combines the Greek "bios" (life) and "metron" (measure). What distinguishes biometric data from other forms of personal data is its organic origin: rather than a credential you hold (a key, a password, an ID card) or something you know (a PIN, a security question answer), biometrics are something you are.

This distinction has profound implications for both privacy and security. A stolen password can be changed. A compromised access badge can be revoked. A biometric — your fingerprint, your face, the pattern of your iris — cannot be revoked. Once that data is captured, processed, and stored (or breached), the compromise is permanent. No amount of regulatory remedy or technical patch restores the pre-breach state.

The Major Biometric Modalities

Biometric systems encompass a range of measurement types, each with different technical properties, accuracy rates, and ethical footprints:

Physiological biometrics derive from physical characteristics of the body. These include:

• Fingerprint: The oldest and most widely deployed biometric, fingerprints have been used in law enforcement since the late nineteenth century. Modern automated fingerprint identification systems (AFIS) can match prints against databases of millions in seconds. Fingerprint readers are now embedded in smartphones, laptops, and building access systems.

• Facial geometry: The spatial relationships between facial features — the distance between eyes, the width of the nose, the shape of the jawline — encoded as a mathematical vector and matched against stored templates. Facial recognition has become the dominant biometric modality in both public and commercial contexts.

• Iris pattern: The complex, random patterns in the colored ring of the eye, considered one of the most accurate biometric identifiers due to their stability and uniqueness. Iris scanners are used in high-security environments and some border control systems.

• Retinal vein pattern: A more invasive measurement requiring near-infrared illumination and close proximity to a scanner. Less widely deployed than iris recognition.

• Hand geometry: Shape and size of the hand and fingers. Common in older physical access control systems but less accurate than fingerprint or iris.

• DNA: The ultimate biometric — unique to each individual (with the exception of identical twins). DNA profiling has transformed forensic investigation but requires laboratory analysis, raising different deployment contexts and timelines than real-time biometric identification.

• Vein pattern recognition: Near-infrared imaging of the pattern of veins in the palm or finger. Used in some healthcare settings.

Behavioral biometrics derive from patterns in how a person acts, rather than what they physically are. These include:

• Voice recognition (speaker identification): Capturing the acoustic and vocal characteristics that distinguish individuals — not merely what is said, but how it is said. Applied in telephone banking authentication and increasingly in smart speakers.

• Gait analysis: Recognition by walking pattern. Security cameras can in principle identify individuals from their gait even when faces are obscured, raising significant surveillance implications.

• Keystroke dynamics: The rhythm, timing, and pressure patterns of typing. Used in continuous authentication systems for high-security applications.

• Signature dynamics: Not just the shape of a signature but the pen pressure, speed, and rhythm of signing — different from what a static image of a signature would reveal.

Soft biometrics are characteristics that are not unique identifiers but can narrow the field: height, weight, skin color, hair color, apparent age, apparent gender. These are increasingly used in combination with other modalities, and they raise their own discrimination concerns when used in identification contexts.

The Permanence Problem

The ethical architecture of data protection is built significantly on the principle of revocability. If your credit card data is breached, the card is canceled and replaced. If your email password is compromised, you reset it. The entire industry of "credential management" rests on the assumption that credentials can be replaced.

Biometric data breaks this architecture. There is no "reset" for your fingerprint. When a biometric database is breached — and they are breached regularly — the individuals whose data is exposed face a lifetime of residual risk. The Aadhaar database in India, containing biometric data on over a billion people, has reportedly experienced multiple security incidents. The Office of Personnel Management breach in the United States in 2014 exposed fingerprint data on approximately 5.6 million federal employees and contractors. Those employees cannot issue themselves new fingerprints.

This permanence creates what researchers call the "biometric revocability problem" and motivates significant investment in "cancelable biometrics" — technical approaches that store a transformed version of a biometric template such that, if breached, the transformation can be changed, protecting the underlying biometric. Cancelable biometrics are promising but add complexity and are not universally deployed.

Biometric Data as a Special Legal Category

Most major data protection frameworks recognize the distinctive sensitivity of biometric data and classify it as requiring heightened protection.

GDPR (General Data Protection Regulation, EU): Article 9 prohibits the processing of "biometric data for the purpose of uniquely identifying a natural person" except in specified circumstances, including explicit consent, substantial public interest, or vital interests of data subjects. The default is prohibition; processing requires a specific legal basis from the Article 9(2) exceptions. Violations carry the highest tier of GDPR fines: up to €20 million or 4% of global annual turnover.

CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act): Biometric information is a defined category of sensitive personal information under the CPRA, subject to enhanced rights including the right to opt out of sharing for targeted advertising and, in certain circumstances, limits on use.

Illinois BIPA (Biometric Information Privacy Act, 2008): The pioneering US state law specifically governing biometric data. BIPA requires informed written consent before collecting biometric identifiers; prohibits selling or profiting from biometric data; and creates a private right of action (meaning individuals can sue directly, without needing to show harm). BIPA has generated substantial litigation, including a $650 million settlement by Facebook (now Meta) over its face-tagging feature and a $228 million class action settlement involving BNSF Railway over fingerprint timekeeping.

The significance of these legal frameworks is that they establish biometric data as categorically different from other personal data — not just quantitatively more sensitive, but qualitatively different in ways that require distinct legal treatment. The gap between where law has arrived and the pace of biometric technology deployment remains, however, large.

Section 2: Facial Recognition — How It Works

A Technology Accessible to Non-Technical Readers

Facial recognition is not a single technology but a pipeline of techniques, each introducing potential for error or bias, working together to perform a function that humans do intuitively but computers perform through statistical mathematics.

Step 1: Detection. Before a face can be recognized, it must be detected — identified as a face within an image or video frame. Face detection algorithms scan images looking for patterns that match learned facial structure: the general arrangement of eyes, nose, and mouth in a characteristic spatial configuration. Detection is usually performed by convolutional neural networks trained on large labeled datasets. Detection fails when faces are partially occluded, at extreme angles, or in poor lighting — and error rates at detection vary across demographic groups, with some research showing higher detection failure rates for darker-skinned faces.

Step 2: Alignment. Once a face is detected, its geometric position within the image is normalized — typically aligned to a standard orientation with eyes at specific coordinates. This preprocessing step improves subsequent matching accuracy by ensuring consistent comparison geometry.

Step 3: Feature extraction. The aligned face image is processed by a deep neural network trained to extract a compact mathematical representation — typically a high-dimensional vector (often 128 to 512 numbers) — that captures the distinctive features of the face. This process is called "embedding." Two images of the same person should produce similar embedding vectors; images of different people should produce dissimilar ones. The training objective is precisely this: to maximize similarity within identities and maximize dissimilarity across identities.

Step 4: Matching. The extracted embedding is compared to stored embeddings in a database. The comparison is typically based on mathematical distance (cosine similarity or Euclidean distance). If the distance between the query embedding and a stored embedding falls below a threshold, the system declares a match.

The threshold is a critical design parameter with significant ethical implications. A low threshold (strict matching) reduces false accepts but increases false rejects. A high threshold (permissive matching) reduces false rejects but increases false accepts. In law enforcement contexts, the costs of these two error types are asymmetric and grave: a false accept can lead to wrongful arrest; a false reject allows a suspect to evade identification. System operators choose thresholds that reflect their priorities — and different priorities may be set for different use cases or, troublingly, for different demographic groups.

Three Distinct Use Cases

Conflating three distinct functional uses of facial recognition causes significant confusion in public debate. They have different technical properties, accuracy rates, and ethical implications.

1:1 Verification. The system compares a presented face against a single stored template to confirm claimed identity. "Is this person who they say they are?" A phone unlocking with Face ID is 1:1 verification. So is crossing a border where you present a passport and a scanner verifies your face matches the passport photo. Accuracy rates in 1:1 verification are generally high for state-of-the-art systems under good conditions, often exceeding 99.9% for certain demographic groups. Error rates are low partly because the search space is a single comparison, not a database of millions.

1:Many Identification. The system compares a probe face against a database of many stored templates to determine who the person is — or whether they appear in the database at all. "Who is this person?" Law enforcement use cases are primarily 1:many: an image from a surveillance camera is compared against a database of tens of thousands to millions of faces (DMV records, mugshot databases, prior arrest records). Error rates in 1:many identification are substantially higher than in 1:1 verification, for mathematical reasons: the larger the database, the more opportunities for a false match. The probability of a coincidental near-match increases with database size. This is sometimes called the base rate problem or the rarity problem.

Categorization. The system infers attributes from a face — apparent gender, apparent age, apparent emotion, apparent race — without necessarily identifying the individual. Categorization is used in advertising systems (serving different ads based on apparent demographics of viewers), in security screening (flagging individuals who appear distressed), and in aggregate analytics. Categorization systems have attracted particular criticism for encoding stereotypes and for the philosophical problems inherent in inferring internal states from external appearance.

Error Types and Their Asymmetric Costs

Every biometric system produces errors. Understanding error types is essential for evaluating fitness for purpose.

False Positive (False Accept): The system declares a match when none exists — identifies Person A as Person B. In a law enforcement context, this can mean wrongful arrest, interrogation, and prosecution. In an access control context, it means an unauthorized person gains entry.

False Negative (False Reject): The system fails to match a face that should match — fails to identify a person who is in the database, or rejects a person who should be authenticated. In law enforcement, this means a suspect goes unidentified. In access control, it means an authorized person is denied entry.

Equal Error Rate (EER): The operating point at which false positive and false negative rates are equal. Lower EER generally indicates better system accuracy, but the relevant question for ethics is not just accuracy but how errors are distributed across demographic groups.

The critical ethical concern is not that errors exist — all systems err — but that error rates are not evenly distributed. When one demographic group faces significantly higher false positive rates than another, the consequences fall disproportionately on that group. In law enforcement contexts, where false positives can mean wrongful arrest, the asymmetric distribution of errors across race and gender is not merely a technical imperfection. It is a civil rights problem.

Section 3: The Bias Evidence

NIST FRVT: The Definitive Technical Record

The National Institute of Standards and Technology (NIST) has conducted the most comprehensive independent evaluations of facial recognition accuracy through its Face Recognition Vendor Testing (FRVT) program. The December 2019 report, covering 189 algorithms from 99 developers, provided the most detailed public analysis of demographic differentials in facial recognition performance available.

The findings were stark. Across the majority of algorithms tested, NIST found:

• False positive rates for African American and Asian faces were often 10 to 100 times higher than for Caucasian faces when the algorithms were developed by US-based organizations.
• Women showed higher false positive rates than men across most algorithms.
• Older adults and children showed higher error rates than middle-aged adults.
• Algorithms developed in Asia showed different demographic patterns — performing better on Asian faces and worse on African American and Caucasian faces, suggesting that training data composition drives differential performance.

NIST was careful to note that not all algorithms showed the same patterns. Some algorithms showed minimal demographic variation; others showed extreme variation. This finding is important: differential performance is not an inherent property of facial recognition as a technology. It is a property of specific algorithms built with specific training data and specific design choices. It can, in principle, be reduced. The question is whether market incentives and regulatory pressure create sufficient motivation for developers to do so.

The NIST report also documented that demographic differentials vary by task. In 1:1 verification, differentials exist but are smaller. In 1:many identification — the law enforcement use case — differentials are larger because errors compound across larger search spaces.

Gender Shades: Intersectionality in Algorithmic Systems

In 2018, MIT Media Lab researcher Joy Buolamwini and Microsoft Research scientist Timnit Gebru published "Gender Shades: Intersectional Accuracy Disparities in Commercial Gender Classification," which became one of the most influential papers in the AI bias literature.

The study evaluated three commercial gender classification systems — products from IBM, Microsoft, and Face++ (now Megvii) — against a dataset specifically constructed to be balanced across gender and skin tone (the Fitzpatrick scale, a dermatological classification of skin tone from I to VI). The results demonstrated:

• Overall accuracy rates ranged from 79.4% to 96.9%, which might appear acceptable.
• But the error rates were dramatically distributed. The worst-performing combination across all three services was darker-skinned females, who were misclassified at rates as high as 34.7% — compared to error rates below 1% for lighter-skinned males on the best-performing service.
• The disparity was intersectional: neither darker skin alone nor female gender alone fully predicted error rates. The combination of both characteristics compounded the error.

The study's methodological contribution was the balanced dataset, which forced evaluation across demographic intersections rather than relying on aggregate accuracy figures that could mask dramatic group-level differences. Its impact was significant: the three companies named in the paper subsequently improved their algorithms, and IBM discontinued sale of its general-purpose facial recognition product in 2020.

Buolamwini's subsequent work, through the Algorithmic Justice League she founded, has continued to document demographic disparities in commercial computer vision systems and to advocate for algorithmic auditing as a regulatory requirement.

Why Differential Errors Matter More in 1:Many

The mathematical relationship between database size and error accumulation is essential for understanding why law enforcement facial recognition is particularly susceptible to bias harms.

In 1:1 verification, a system with a 0.1% false positive rate will produce, on average, one false match per thousand authentic comparisons. That is manageable.

In 1:many identification against a database of one million faces, the same 0.1% false positive rate means that any query face will produce approximately 1,000 false matches on average. The system must then rank these matches, and the top-ranked match may or may not be a true match. The probability of the correct identity appearing at the top of the list — and not being buried by false matches — decreases as the database grows.

Now consider the intersectional compounding: if a group has a false positive rate ten times higher than the baseline, their faces generate ten times as many false matches when queried against large databases. They are ten times as likely to appear in someone else's false-match pool. If law enforcement databases draw disproportionately from populations that already have elevated representation in arrest records — itself a product of disparate policing — the demographic skew compounds through the pipeline.

This is not a theoretical concern. The documented wrongful arrests in Detroit and New Jersey followed exactly this pattern: high false positive rates on darker-skinned faces, searched against large municipal or state databases, producing a match that investigators then treated as probative evidence without adequate human review.

Section 4: Law Enforcement Use

The Investigative Pipeline

Facial recognition has been integrated into law enforcement investigative workflows in ways that are poorly understood by the public, inadequately documented by agencies, and often insufficiently governed by departmental policy.

The typical workflow is: a surveillance image of a suspect (from a store camera, a transit system camera, or a bystander's phone video) is submitted to a facial recognition system. The system returns a list of potential candidates ranked by similarity score. An analyst reviews the candidates — but what constitutes "review" varies enormously. In some agencies, analysts apply careful judgment and additional corroborating evidence before passing a name to investigators. In others, the top match is passed to detectives who treat it as a lead and proceed to seek additional confirmation — confirmation that may be as minimal as showing a photo array to a witness who saw the suspect briefly.

The Robert Williams case followed a version of this pipeline. The initial facial recognition match was generated by Michigan State Police using the DataWorks Plus system. The match was then sent to Detroit police. An investigator assembled a photo array — a standard eyewitness identification procedure — that included Williams's photo. A witness, who had seen the suspect for approximately four seconds via security camera footage, selected Williams. Investigators did not disclose to the witness that they were investigating a facial recognition match, which would have helped the witness understand the probabilistic nature of the lead. Williams was then arrested.

Documented Wrongful Arrests

Three documented wrongful arrests in the United States have been attributed primarily to facial recognition matches:

Robert Williams (Detroit, 2020): As described above. Williams was arrested on a shoplifting charge. After spending a day and a half in custody, investigators showed him a blurry still from a surveillance video and the investigator's response to Williams's denial is now widely quoted in the academic literature. Williams filed a lawsuit through the ACLU. Detroit police subsequently announced a policy requiring that facial recognition matches not be used as the sole basis for arrest and that human review must occur — though critics noted the policy came after the harm and was not independently audited.

Nijeer Parks (Woodbridge, New Jersey, 2019): Parks was wrongly accused of shoplifting at a hotel gift shop and assaulting a police officer, based on a facial recognition match. Parks was in a location miles away at the time. He spent ten days in jail before the charges were dropped. He filed a lawsuit in 2020, one of the first suits in the United States directly challenging wrongful arrest via facial recognition.

Michael Oliver (Detroit, 2021): Oliver, a delivery driver, was charged with felony destruction of property in connection with an incident at a protest. The facial recognition match was wrong. After eight months of fighting the charge, it was dismissed. In 2022, Detroit's facial recognition policy was again scrutinized. Oliver filed a lawsuit.

These three cases — all involving Black men, all relying on matching against databases — represent only the documented cases. There is no comprehensive national registry of facial recognition use in criminal investigations, and many agencies do not disclose when facial recognition played a role in an arrest. The actual incidence of wrongful leads from facial recognition is unknown.

The San Francisco Arrest Report Controversy

San Francisco's 2019 ban on city agency use of facial recognition — the first such ban in the United States — did not mean the technology disappeared from Bay Area law enforcement. In 2023, investigative reporting revealed that the San Francisco Police Department had accessed facial recognition results through a regional information-sharing network, routing requests through agencies not covered by the ban. The controversy illustrated a pattern advocates call "laundromat surveillance": cities with restrictions effectively route requests through neighboring jurisdictions.

ACLU Audit of Amazon Rekognition

In 2018, the ACLU conducted an experiment that became nationally prominent: running every member of Congress through Amazon's Rekognition facial recognition product using a database of 25,000 public arrest photos. The system produced 28 false matches — members of Congress who were incorrectly identified as matching people in the arrest photo database. Disproportionately, the false matches fell on people of color: though people of color constitute roughly 20% of Congress, they comprised 39% of the false matches.

Amazon disputed the methodology, noting the ACLU had used a 70% confidence threshold rather than the higher thresholds Amazon recommended for law enforcement use. But the ACLU's point was not primarily technical — it was that the threshold question itself is a governance problem. Who decides what confidence threshold is appropriate? What disclosure is required when a product can be used in ways that produce disparate outcomes?

ICE and Immigration Enforcement

Immigration and Customs Enforcement (ICE) has used facial recognition extensively in immigration enforcement. The agency has accessed state driver's license databases — in states that issue licenses to undocumented immigrants — through facial recognition searches, without warrants and often without the knowledge of state officials who issued the licenses. An investigation by the Georgetown Law Center on Privacy and Technology found that the databases of at least 21 states were searchable by ICE, often without specific legislative authority.

This application raises particular concerns because the populations at risk — undocumented immigrants and their communities — have limited legal recourse and significant fear of engaging law enforcement, making accountability mechanisms even more difficult to access.

Section 5: Commercial Surveillance Use

Retail Facial Recognition

Retailers have adopted facial recognition for two primary purposes: identifying suspected shoplifters (often from prior incident databases) and identifying high-value customers for personalized service.

The shoplifter identification use case raises the Williams problem in a commercial context. Retailers typically compile databases of individuals identified as involved in prior theft incidents — sometimes their own incidents, sometimes sourced from industry information-sharing networks. When a customer enters the store, cameras scan the face and compare it to the database. A match triggers an alert. Store security then observes or approaches the flagged individual.

The consent problem is immediate: customers entering a store do not typically expect to have their faces enrolled in a surveillance database. Some retailers post disclosures — a small sign near the entrance — but the adequacy of notice-based consent in this context is questionable. A person who needs to shop for groceries or medication is not in a position to meaningfully refuse biometric surveillance as a condition of entering the store.

The error rate problem is equally immediate. If a retail system has a relatively high false positive rate, and the system is deployed in a high-traffic environment, the cumulative number of innocent people flagged is significant. Being flagged by a retail system may lead to security surveillance, confrontation by store staff, or exclusion from the premises — harms that, while not equivalent to wrongful arrest, are real and recurring. And given what NIST found about differential error rates, the customers most likely to be wrongly flagged are again those with darker skin tones.

Madison Square Garden Entertainment drew significant attention in late 2022 when it emerged that the company was using facial recognition to identify and eject attorneys who had pending litigation against MSG-owned entities. MSG was operating venues including Madison Square Garden arena, Radio City Music Hall, and others, and the system was used to prevent lawyers working against the company from attending events — even holiday shows attended by their own children. New York state officials investigated, finding the practice likely violated laws governing places of public accommodation.

Employer Facial Recognition

Employers have deployed facial recognition for time and attendance tracking (replacing physical card-swipe systems), for access control to secure areas, for monitoring remote workers during video calls, and for emotional analysis during job interviews.

The remote worker monitoring application attracted particular attention during the COVID-19 pandemic, as employers sought to verify that remote employees were present and working. Some monitoring systems analyzed facial expressions and eye movements to infer attention levels or emotional states, then flagged employees whose metrics fell below thresholds. The scientific basis for inferring internal states from facial expressions is contested, and the deployment of such systems without employee consent raises significant labor rights concerns.

The Illinois BIPA has driven much of the litigation around employer biometric collection, with multiple class actions against employers who collected fingerprints for time-tracking purposes without obtaining the written consent BIPA requires.

Event and Venue Use

Sports stadiums, concert venues, airports, and theme parks have adopted facial recognition for entry processing, credential verification, and crowd monitoring. The consent dynamics vary: some venues require consent as a condition of entry and offer alternative identification methods; others deploy facial recognition without meaningful disclosure.

The "Taylor Swift stalker" case is often cited in industry discussions: at a 2018 concert, Taylor Swift's team deployed facial recognition in a kiosk at the venue to identify known stalkers from a database, matching attendees against the list as they approached the kiosk. The use case — protecting a specific individual from documented threats — may represent a legitimate purpose, but the operational model (secretly scanning faces) raises consent concerns even for a sympathetic application.

The Consent Vacuum

Commercial facial recognition has proliferated in a legal environment where the general rule is that facial recognition in public or quasi-public spaces is permitted unless specifically prohibited. The consent vacuum — the absence of a general requirement for affirmative consent before deploying facial recognition — means that the default is surveillance.

This represents a significant departure from the architecture of informed consent that underlies other sensitive data practices. Medical procedures require informed consent. Financial account access requires authentication. But biometric surveillance in commercial spaces has, in most of the United States, no general consent requirement. Illinois BIPA is the primary exception — and the litigation it has generated suggests how significant that requirement is when it exists.

Section 6: Clearview AI

Origins and Business Model

Clearview AI was founded around 2017 by Hoan Ton-That and Richard Schwartz. The company built a facial recognition product on a foundation that distinguished it from all prior commercial offerings: a database assembled by scraping billions of images from public social media platforms — Facebook, Instagram, Twitter, Venmo, YouTube, LinkedIn, and others — together with the associated names and metadata.

By 2020, Clearview claimed a database of more than three billion images. By 2022, it claimed ten billion. By 2024, the company reported forty billion images. The database is assembled without consent from the individuals photographed, without licensing agreements with the platforms from which images are scraped (all of which have terms of service prohibiting scraping), and without any engagement with the people whose faces appear in it.

The business model is straightforward: sell search access to law enforcement agencies. A detective submits a photo of an unknown suspect. Clearview's system compares the face against the database and returns matches with the associated names, platforms, and linked content. The detective now has a name.

Media Exposure and Fallout

In January 2020, the New York Times published an investigation by Kashmir Hill that revealed Clearview AI's existence and operations to the general public. The investigation documented that the company had clients including the FBI, the Department of Homeland Security, and hundreds of local police departments; that the company had previously operated in obscurity; and that its scraping practices had violated the terms of service of every major social media platform.

The immediate response was significant. Facebook, Google, Twitter, and other platforms sent cease-and-desist letters demanding Clearview stop scraping their sites. Clearview's response was essentially to dispute the platforms' legal authority to prevent scraping of publicly accessible content — an argument with some legal support under the Computer Fraud and Abuse Act jurisprudence (hiQ Labs v. LinkedIn being the relevant circuit court precedent).

Venture capitalists who had early associations with the company distanced themselves. Former investors included Peter Thiel's Founders Fund, which had provided early capital, though Thiel denied awareness of the business model at the time of investment.

Regulatory Responses Across Jurisdictions

Clearview AI has faced regulatory action in multiple jurisdictions:

UK: The Information Commissioner's Office (ICO) issued a fine of approximately £7.5 million (reduced from an initial notice of £17 million) and an enforcement notice requiring Clearview to delete data on UK residents and stop collecting such data. Clearview appealed, and a tribunal in 2023 partially overturned the ICO's enforcement notice, ruling that the ICO lacked jurisdiction over Clearview's activities since they were performed on behalf of foreign law enforcement agencies.

EU: Multiple EU data protection authorities have ordered Clearview to stop processing EU residents' data. Italy's Garante fined Clearview approximately €20 million. France's CNIL, Greece's Hellenic DPA, and others issued similar enforcement orders. Clearview has generally disputed jurisdiction.

Canada: The Privacy Commissioner of Canada, joined by provincial commissioners, found Clearview's practices violated Canadian federal and provincial privacy laws. Clearview announced it would stop operating in Canada.

Australia: The Office of the Australian Information Commissioner (OAIC) found Clearview in breach of Australian privacy law and ordered it to cease collection and destroy data on Australians.

United States: Despite the most extensive law enforcement use being in the US, regulatory action has been most limited domestically. The FTC reached a settlement in 2023, prohibiting Clearview from selling access to its database to private businesses (but not to government and law enforcement customers), requiring it to implement a "face print opt-out" tool, and requiring enhanced data security. Critically, the settlement did not require Clearview to delete existing data.

What Clearview Reveals

The Clearview case is instructive precisely because the company has operated through every attempted constraint, continued to grow its database, and retained substantial law enforcement clientele in the United States while being effectively banned in most other developed economies.

It reveals several things about the adequacy of existing law:

First, a company can build the world's largest private facial recognition database by scraping publicly accessible internet content, and existing US law does not clearly prohibit this. The gap between platform terms of service and law is large enough for a multi-billion-dollar database to exist within it.

Second, regulatory action in other jurisdictions has been constrained by questions of extra-territorial jurisdiction and by Clearview's claims that it operates as a law enforcement support service, invoking government-activity exceptions in privacy frameworks.

Third, the combination of law enforcement clientele and national security framing makes legislative action politically difficult in the United States. Proposals to restrict Clearview's operations can be framed as "weakening law enforcement" — effective political cover for inaction.

Fourth, the consent architecture of the internet — where posting a photo on social media does not mean consenting to facial recognition database inclusion — is inadequate for the world of ubiquitous computer vision. The frameworks built for targeted advertising and social media engagement were not designed to govern a world in which any publicly accessible photo can be enrolled in a biometric search system.

Section 7: Regulatory Responses

City and State Bans

Municipal and state governments in the United States have been the primary source of facial recognition regulation, in the absence of comprehensive federal action.

San Francisco (2019): In May 2019, San Francisco became the first city to ban government use of facial recognition technology, with the Stop Secret Surveillance Ordinance. The ban applies to city agencies, including the police department. Private use is not covered.

Oakland and Berkeley, California (2019–2020): Both cities followed San Francisco with similar bans on government use.

Boston, Massachusetts (2020): Boston passed a ban on city government use of facial recognition in 2020.

Massachusetts (2020): The Commonwealth of Massachusetts imposed a moratorium on police use of facial recognition while the legislature considered comprehensive regulation — one of the few state-level moratoria.

Maine (2021): Maine enacted legislation restricting government use of facial recognition, prohibiting its use for real-time identification in public spaces and requiring judicial authorization for investigative use.

Virginia and Montana: Have enacted regulations imposing requirements on commercial biometric data collection, building on BIPA-like frameworks.

The patchwork of city and state restrictions creates a complex compliance environment for companies and agencies operating across jurisdictions, and the loopholes — particularly the ability of police departments in restricted cities to route requests through neighboring agencies — have already been documented.

Illinois BIPA

The Illinois Biometric Information Privacy Act, enacted in 2008, remains the most significant US law specifically governing biometric data. Its key provisions:

• Private entities collecting biometric identifiers must: inform the subject in writing; inform the subject of the purpose and duration of collection; obtain a written release.
• Private entities cannot sell, lease, trade, or profit from biometric data.
• Private entities must develop and follow a publicly available retention and destruction policy.
• The Act creates a private right of action: individuals can sue for $1,000 per negligent violation or $5,000 per intentional or reckless violation.

BIPA's private right of action has made it uniquely powerful. It does not depend on resource-constrained regulators initiating enforcement. It has generated class action settlements including $650 million by Meta, $228 million by BNSF Railway, and $100 million by Google. The scale of litigation has made BIPA compliance a material business consideration for any company collecting biometrics from Illinois residents.

Critics argue BIPA is too blunt — that its per-violation damages can generate crippling liability even for technical violations without real harm. The Illinois Supreme Court ruled in Cothron v. White Castle System (2023) that each biometric scan constitutes a separate violation, creating potential for enormous aggregate damages for companies using fingerprint time-clocks without proper consent. The business community has lobbied for modifications; privacy advocates have resisted.

EU AI Act

The EU Artificial Intelligence Act, finalized in 2024, includes specific provisions on biometric identification in public spaces that represent the most comprehensive regulatory response to facial recognition globally.

The Act classifies real-time remote biometric identification in public spaces for law enforcement purposes as a prohibited AI practice — with three specific exceptions:

1. Targeted searches for victims of specific crimes (abduction, trafficking, sexual exploitation).
2. Prevention of specific, substantial, and imminent terrorist threats.
3. Identification of persons suspected of having committed serious criminal offenses (those punishable by more than three years imprisonment).

Even for the permitted exceptions, the Act requires prior judicial or independent administrative authorization, except in genuine emergencies where authorization must be obtained as quickly as possible after deployment.

Post-remote biometric identification — searching surveillance footage after the fact, rather than in real time — is classified as a high-risk AI system, subject to requirements including conformity assessment, transparency obligations, human oversight, and registration in the EU AI Act database.

The Act also prohibits biometric categorization systems that infer sensitive characteristics (race, political opinions, religious beliefs, sexual orientation) from biometric data.

The EU Act represents the furthest development of a regulatory model that treats facial recognition as presumptively prohibited in law enforcement contexts except in narrow, judicially authorized circumstances — the opposite of the US approach, where use has been presumptively permitted in the absence of specific restrictions.

Proposed US Federal Legislation

Multiple federal bills addressing facial recognition have been introduced in Congress, none enacted as of this writing:

• Commercial Facial Recognition Privacy Act (introduced multiple times, bipartisan sponsorship): Would require express consent before collecting facial recognition data commercially.
• Facial Recognition and Biometric Technology Moratorium Act: Would prohibit federal agencies from using facial recognition until Congress passes affirmative legislation authorizing it.
• Fourth Amendment Is Not for Sale Act: Would restrict government acquisition of commercial databases assembled from biometric and location data.

The absence of federal legislation reflects the political complexity of facial recognition: law enforcement interests support continued access, civil liberties groups and some racial justice advocates oppose unrestricted use, and the technology industry has mixed interests depending on the specific application.

Section 8: The Consent Problem

Can Meaningful Consent Exist in Public Spaces?

The concept of consent — genuinely informed, freely given, and revocable — is foundational to data protection frameworks. But consent in the context of facial recognition in public spaces encounters structural obstacles that may make meaningful consent theoretically impossible.

For consent to be meaningful, it must be:

Informed: The subject must know what data is being collected, by whom, for what purpose, retained for how long, and shared with whom. Facial recognition in public spaces typically provides none of this information.

Freely given: Consent given under coercion or as a condition for accessing essential services is not freely given under GDPR and most consent frameworks. If entering a subway station, a shopping mall, or a public park involves biometric scanning, and these are spaces people must access to function in daily life, the "choice" to be scanned is not freely given.

Revocable: The subject must be able to withdraw consent. But a face is always visible in public. Once in a space with cameras, the face cannot be masked without raising its own problems. Revocability is practically impossible for real-time surveillance.

The "public space argument" — often deployed in defense of surveillance — holds that people who appear in public accept being seen and photographed. This is true in a limited sense: a person walking down a street has no reasonable expectation that their face will not be visible to passersby. But there is a categorical difference between being visible and being enrolled in a biometric identification database linked to a persistent identity profile. The legal construct of "no expectation of privacy in public" was developed in a context of human observation; courts and scholars are actively revisiting whether it can appropriately be extended to automated surveillance.

The CCTV-to-Recognition Transition

Closed-circuit television (CCTV) surveillance has been present in public spaces for decades. In the UK, for example, an extensive network of CCTV cameras covers most of central London. The implicit social accommodation reached with CCTV — visible cameras, primarily used for incident review after the fact — rested on certain limitations: footage was not systematically analyzed, faces could not easily be identified in real time, and the practical opacity of large video archives constrained their use.

Facial recognition fundamentally changes this accommodation. It converts passive observation into active identification. A CCTV network with facial recognition enabled can track an individual's movements across a city, automatically and continuously. The social contract negotiated around CCTV — you may be recorded, but you are not systematically tracked — is dissolved.

This transition has occurred without renegotiation. Cameras already in place have been upgraded, or access to their feeds has been provided to systems that were not contemplated when their deployment was authorized. The facial recognition capability has been retrofitted onto an infrastructure whose social license was premised on its absence.

Section 9: Voice Recognition and Other Biometrics

Voice Cloning and Fraud

Voice recognition has two distinct applications: speaker identification (authenticating that a voice belongs to the claimed individual) and content transcription (converting speech to text). The former is a biometric application; the latter is not.

Voice authentication is used in telephone banking ("voice banking"), customer service centers, and some government services. The security of these systems has been substantially challenged by advances in voice cloning technology — AI systems capable of generating a convincing reproduction of a target person's voice from a relatively small sample of their speech.

In 2019, The Wall Street Journal reported that a German energy company's CEO transferred €220,000 to a fraudulent account after receiving what he believed was a call from his parent company's chief executive — but was a voice-cloned impersonation. Voice cloning fraud has subsequently been documented in multiple contexts, including scams targeting elderly people receiving apparent calls from grandchildren in distress ("grandparent scams").

The implications for voice authentication are severe: a biometric modality used specifically to verify identity is compromised by the ability to create synthetic reproductions of the biometric itself. Voice authentication systems need to incorporate liveness detection — verification that the voice is produced by a live human in real time — which adds complexity and cost.

Amazon Alexa and Smart Speaker Data

Smart speakers continuously monitor audio environments for wake words, and when activated, transmit recordings to cloud servers for processing. Amazon has acknowledged retaining these recordings and using them to improve recognition models. Questions about the extent of retention, the use of recordings for advertising purposes, and the security of the audio data have generated ongoing controversy.

Amazon announced in 2023 a "Don't save recordings" setting that allows users to opt out of human review of their Alexa recordings, but default settings have historically favored data retention.

The Federal Trade Commission settled with Amazon in 2023, requiring the company to delete voice recordings and geolocation data collected from Alexa without meaningful consent, and paying a civil penalty — partly connected to collection of voice and geolocation data from children through related devices.

DNA Databases and Law Enforcement Access

Genealogical DNA databases such as 23andMe and AncestryDNA have accumulated genetic profiles from tens of millions of people who submitted samples voluntarily for ancestry and health analysis purposes. These databases contain an extraordinary concentration of biometric data that, because of the genetic relatedness of family members, represents not only the individuals who submitted samples but their biological relatives who did not.

Law enforcement agencies have sought to access these databases to identify suspects through familial DNA matching — finding relatives of an unknown suspect by comparing crime scene DNA against consumer genealogy databases, then constructing a family tree to identify the suspect. The technique, called forensic genealogy or investigative genetic genealogy, led to the identification of the Golden State Killer, Joseph James DeAngelo, in 2018 and has subsequently been used in hundreds of cases.

GEDmatch, a database of approximately one million genetic profiles, updated its privacy policy in 2019 to allow law enforcement searches only of profiles from users who opted into law enforcement access — after controversy over unrestricted law enforcement use under the previous terms. FamilyTreeDNA similarly reached an agreement with the FBI to allow law enforcement access to its database.

The ethical questions in forensic genealogy are significant: individuals who submitted DNA for one purpose (understanding ancestry) have not consented to contributing to criminal investigations. Their genetic relatives — who have never submitted a sample and may have no awareness of the database — may be identified based on their family members' data.

Section 10: The Path Forward

What Ethical Biometric Use Looks Like

The history surveyed in this chapter does not suggest that all biometric use is unethical, but it does suggest a set of principles that distinguish acceptable from unacceptable deployment.

Proportionality: The intrusiveness of biometric surveillance must be proportionate to the interest it serves. Biometric identification to access a bank account may be proportionate; real-time facial recognition of all pedestrians on a city street to improve retail traffic analytics is not. The greater the intrusiveness, the weightier the justifying interest must be.

Purpose Limitation: Data collected for one biometric purpose should not be repurposed for another without renewed consent or specific legal authorization. DNA submitted for ancestry research should not become a law enforcement database. Attendance-tracking fingerprints should not become a theft-investigation resource.

Meaningful Consent: Where consent is the legal basis for biometric collection, it must meet genuine standards of informed, freely given, and revocable consent — not notice buried in terms of service or consent framed as a condition of entry.

Independent Audit and Transparency: Systems deployed in high-stakes contexts (law enforcement, employment, access to essential services) should be subject to regular independent auditing for demographic bias, accuracy, and appropriate use. Audit results should be publicly available.

Human Review in Consequential Decisions: Facial recognition matches should not be the sole or primary basis for consequential decisions — arrest, denial of benefits, termination of employment. Human review with genuine decision-making authority (not rubber-stamping) should be required.

Accuracy Standards by Deployment Context: Accuracy requirements should be calibrated to the consequences of error. Systems used in law enforcement identification should be required to meet accuracy standards that are validated across demographic groups before deployment, not after incidents.

Moratorium and Reset: Given the pace of deployment relative to the maturity of governance frameworks, moratorium arguments — freezing new high-risk deployments until regulatory frameworks are adequate — have substantial merit. The AI Act's approach of presumptive prohibition with narrow exceptions represents a governance model that takes the asymmetry between technology pace and regulatory pace seriously.

The Accountability Gap

The most consistent theme across the cases in this chapter is the accountability gap: a gap between who bears the costs of biometric surveillance errors and who makes decisions about deploying these systems.

Robert Williams bore the cost. The detective who submitted the facial recognition query, the investigator who arranged the photo array, the department that adopted the technology without adequate policy safeguards, the company that sold the algorithm without adequate disclosure of its differential error rates, and the legislators who failed to require accuracy standards or audit obligations — none bore equivalent costs.

Closing this accountability gap requires distributed responsibility: technical standards for accuracy across demographic groups; legal liability for deploying systems below those standards; governance requirements including documentation, policy, and audit; and transparency that makes misuse visible rather than hidden in proprietary systems behind law enforcement exemptions.

The face — the most public and personal thing about us, simultaneously our social identity and our biometric signature — deserves governance proportionate to its significance.

Summary

Biometrics and facial recognition represent one of the most concrete and consequential frontiers in AI ethics. Unlike abstract concerns about future AI risks, the harms documented in this chapter — wrongful arrests, discriminatory retail surveillance, unconsented database enrollment — are happening now, to real people, with documented demographic disparities.

The technical record is clear: facial recognition systems, as currently deployed, perform significantly worse on darker-skinned faces and on women, and the consequences of those errors fall disproportionately on the populations least equipped to seek legal remedy. The governance record is equally clear: existing frameworks — patchwork city bans, a single state biometric law with private enforcement, an FTC settlement that left Clearview's core operation intact — are inadequate to the scale and pace of deployment.

The path forward requires treating biometric data as what it is: a permanent, irrevocable, uniquely sensitive category of personal information whose collection and use demands the highest standards of consent, accuracy, purpose limitation, and accountability. The stakes, as Robert Williams's arrest makes plain, are not abstract.

This chapter is part of AI Ethics for Business Professionals. Chapter 26 connects to Chapter 23 (Data Privacy Fundamentals), Chapter 24 (Surveillance Capitalism), and Chapter 30 (AI in the Criminal Justice System).