Facial recognition

Facial recognition systems and software offer ways to identify orand confirm an individual's identity using their face. These systems can be used to identify people in photos, videos, or in real-timereal time. Facial recognition can also be used as a category of biometric security, similar to voice, fingerprint, orand iris recognition. A facial recognition system can be used to unlock electronic devices, orand for access control,. butIt is seeing increasingincreased use by law enforcement to identify people during routine police stops, or during moments of political unrest, orand during engagingevents infor protected speech and expression, such as in protests or riots, in order to target individuals.

Facial recognition systems use algorithms in order to generate a mathematricalmathematical or numerical map of a person's face. These are based on the details of the face, such as the distance between the eyes orand the shape of the chin. Some of these systems are developed to positively identify a person,; buthowever, asit is often is the case, whenthat a system cannot get enough of the specific details to make a positive identification, and it can make mistakes. Some systems, to combat the potential for these mistakes, provide a probability score for a match between an image or unknown person and faces from a database. The algorithm tends to go through three basic steps, which can also be three different standalone technologies combined to improve a facial recognition system, or otherwise adapt a system. These steps are the following:

• Detection: thisThis is the process of finding a face in an image, which is similar to face detection systems used in some cameras or onand smartphones. This system is only focused on finding a face, and can be used standalone, such as in those camera systems.
• Analysis: theThe analysis or attribution system works to map the face. This is done by a series of measurements, which will depend on the type of facial recognition system or algorithm used, which are converted into a string of numbers or points, also known as a "faceprint." Social media filters often use these systems to map a filter on a face. Analysis systems can suffer from glitches, especially in case of misidentification, which can prove problematic when paired with a recognition database.
• Recognition: theseThese are databases whichthat work to take the numbers generated by an analysis system to confirm the identity of the face. This process is oftenfrequently used for verification, such as in security features on smartphones or laptops, or for identification, such as at borders or onat traffic stops.

Depending on the system, and what it is developed to achieve - (as different systems can achieve different goals -), the system will vary in its ability to identify people. This is furthermore complicated under more challengingcertain conditions, such as poor lighting, low qualitylow-quality image resolution, or suboptimal angles ofor views. These can generate different types of errors: a "false negativenegatives" and a "false positive"positives."

A false negative error occurs when the face recognition system faislfails to match a person's face to an image that is contained in a database. In this kind of error, the facial recognition system will return zero results in a response to a query, even when the correct answer exists in a database. This type of error has been detected in various studies wherein which a system is tested against suboptimal images from a known database image.

A false positive error occurs when the facial recognition system does matchmatches a person's face in an image to a corresponding face in the database, but the match is actually incorrect. This error has also been studied, where a known image is given to a facial recognition system, and the facial recognition system presents an incorrect answer with the confidence of the algorithm. The false positive error tendsis to concern individuals,concerning as theyit can lead to misidentifications whichthat, especially in law enforcement scenarios, can cause an innocent individual to go to jail for a crime they did not commit.

A comparison threshold can use the false negative rates and false positive rates of a facial recognition system to generate a comparison threshold. The comparison threshold is a way of using the similarity scores calculated by facial recognition algorithms to tune a system's sensitivity to these types of errors, and thresholds can be adjusted to account for trade-offs between accuracy and risk when returning results. Comparison thresholds, essentially, are a way to use common errors in facial recognition systems to generate better, and more accurate results.

Another attempt to increase the accuracy and ability of facial recognition systems havehas been the development of three dimensionalthree-dimensional facial recognition systems, which can create more points of analysis in a face as the depth of facial features can be measured. Similarly, texture analysis systems have been developed, which use a patch of skin and use algorithms to turn the patch into a mathematical, measurable space and distinguish any lines, pores, and actual skin texture to identify differences between similar faces. The texture analysis is only meant to be applied to a larger facial recognition system, but furtheralso can be used in combination to develop a more comprehensive and more accurate facial recognition system.

Facial recognition systems tend to struggle with specific challenges. These, includeincluding changes in expression, such as blinking, frowning, or smiling, and can be challenged by; the inclusion of a mustache or beard,; and can be fooled bywearing eyeglasses, especially sunglasses. New systems and new topography systems have been developed to address these challenges. However, other factors thatcan evenstill trick these systems can be challenged by can include, including significant glare on eyeglasses, or sunglasses; long hair obscuring any central part of the face; poor lighting that can cause either underunder- or over-exposure of a face; and any lack of resolution.

There are various potential advantages for the use of facial recognition technology. These include its use for increased security, such as its use to helphelping identify wanted criminals or terrorists, used for; building access, for; building surveillance,; and used as a tool for locking and unlocking personal devices.

Facial recognition can make it easier to track down burglars, thieves, orand trespassers. Knowledge of the presence of a facial recognition system can further serve as a deterrence system, especially in the case of petty crime. FurtherAlso, similar to security, companies can use facial recognition for cybersecurity, and for digital access control, using the potential for devices to recognize a face in place of passwords whichsince, in theory, a face cannot be phished or, hacked, or changed.

EspeciallyFacial recognition technology can inhelp termsremove ofbias and ease public concern over certain law enforcement activities, such as stop and search activities, can be used to remove bias and ease public concern over unjustified stopspolice stop and searches and the controversy aroundthat thoseare practicescontroversial. This can be done by automatedautomating the process, with facial recognition technology scanning crowds or individuals and helphelping reduce searches on law-abiding citizens, while also picking out potential suspects or individuals for a stop and search, or related activity.

As the technology becomes more widespread, and more robust, more use cases aimed at convenience are being developed. For example, the use ofusing facial recognition for unlocking of personal electronic devices can be achieved faster than password or passcode entry, and it is similar in speed asto other biometric measures, but can be perceived as faster as the process can be initiated sooner. Further, itIt has been also been suggested for use for payment, with facial processing systems at checkout or ATM that could be used to link to an individual's bank account or payment system and not require them to pay for items without getting out a credit card or cash, making payment automatic and seamless.

Similar to the above example in convenience, because facial recognition can be achieved faster, it can outpace potential cyberattacks and advanced hacking tools to achieveensure thatthe verification of a person's identity happens before any information can be compromised.

Most facial recognition systems can further be integrated into other tools. This can increase the potential use cases and advantages of the use of facial recognition tools. For example, facial recognition could be used to help law enforcement agencies to track down missing persons, to identify criminals or suspects of crimes, and can increase security in airports, and to identify potential threats.

Facial recogntionrecognition has many uses, and more continue to be discovered orand developed. It can be used for marketing, sending targeted ads, for security and law enforcement, for access control for buildings or personal devices, for banking, tracking attendance, and for gaming.

Facial recognition systems are being developed and deployed for security and law enforcement, while the United States havehas no laws to protect an individual's biometric data. This has led to concerns, as more than half of the United States population is considered to have already had their faceprint captured with or without consent, and with that, data stored without their knowledge. Further, thisThis data could be accessed by malicious actors, or could be used by government agencies or advertisers to track individuals. This is furthereven more concerning when given the potential for false positives that could implicate an innocent individual in a crime they are not guilty of. Further, theGeneral Data Protection Regulations (GDPR), Europe’s data privacy regulationsand security laws, do not address biometric data. And, accordingAccording to the Department of Homeland Security, the only way for individual'sindividuals to avoid having their biometric information collected when travellingtraveling internationally, is to not to travel.

Facial recognition systems have been found to have around 90 percent accuracy or more, however this is not true when assessing facial recognition results of some, such as African Americans and women. This means, in testing, facial recognition systems have been found to falsely identify African American and Asian faces 10 to 100 times more often then white faces. Further, the technology has been found to misidentify or falsely identify women more than men, making African American women particularly vulnerable to algorithmic bias. And some algorithms used by U.S. law enforcement falsely identified Native American more than peopel from other demographics.

Facial recognition systems have been found to have around 90 percent accuracy; however, this is not true when assessing the facial recognition results of some populations, such as people with darker skin and women. Facial recognition systems have been found to exhibit a racial bias and falsely identify Black and Asian faces 10 to 100 times more often than white faces. Further, the technology has been found to misidentify or falsely identify women more than men, making Black women particularly vulnerable to algorithmic bias. And some algorithms used by U.S. law enforcement falsely identified Native Americans more than people from other demographics.

Most developers of facial recognition algorithms have seen an increase in accuracy as models have been used in the wild, and havethe furthertechnology has improved drastically with the introduction of deep learning techniques. However, the bias havehas still been found to exist despite the increases in the accuracy of the models. This has led to calls for facial recognition software to be banned, or moratoriums to be put in place until those biases are removed from the algorithms, especially as they may injure the rights of individuals in specific demographic groups over others.

Another concern around facial recognition is the potential for privacy and data privacy intrusion. This is in partpartially due to the lack of transparency around how information is gathered, stored, and managementmanaged, with some suggesting the use of facial recognition infringes on citizens' inherent rightrights to not be under constant government surveillance, and to control the use of their own image. In 2020, the EureopanEuropean Commission banned facial recognition technology to allow for changes to be made to their legal framework in terms of guidelines on privacy and ethical abuse.

Privacy concerns tend to be focused aroundon unsecured data storage practices that could expose facial recognition data, creating potential security threats, especially as many organizations host the data on local servers where a lack of IT security professionals can fail to ensure network security and lead to security vulnerabilities. These are not always a concern when systems are used on a personal device, as often the data is handled and stored on the device.

However, other privacy concerns are centered around the lack of informed consent or transparency. Especially as any form of data mining, especially online, for facial recognition systems uses large datasetsdata sets of images, ideally captured multiple times under various lighting conditions and angles, and the largest sources of this type of data tend otto be online sites, such as social media sites, or an individual's cloud camera storage. And some of these services and copyright licenses allow for various liberal interpretations and sometimes illegimateillegitimate use.

Facial recognition could furtheralso lead to ubiquitous cameras and data analytics and eventually mass surveillance that could compromise citizens' libertyliberties and privacy rights. While it can help law enforcement and governments with criminals and boerderborder controls, it can compromise and eroderode the privacy rights orof ordinary and innocent people. These concerns have led to calls for blanket bans on all facial recognition tools, especially those used for mass surveillance, especially as the use of artificial intelligence can increase the power and reach of artificial intelligence. This opens the potential for malicious use of facial recognition to manipulate and threaten people, government agencies, and democracy, in similar ways artificial intelligence has been useused to create bot attacks.

As noted above, law enforcement agencies have begun more frequently using facial recognition in routine police duties. Agencies collect mugshots from arrestees and compare them againstwith local, state, and federal face recognition databases. Once an arrestee's photo is taken, the mugshot can be uploaded onto one or more database,databases and can be scanned every time a law enforcement agency does a facial recognition search. Some of these systems can furtheralso run these mugshots against photos from social media, CCTV, traffic cameras, or photographs officers have taken themselves in the field. Some estimates have 25 percent, if not more, of local, state, and federal law enforcement agencies in the U.S. arebeing capable of running facial recognition surveys on their own databases, or databases of other agencies. Further, theThe Washington Post reported that, as of 2013, 26twenty-six states allowedallow law enforcement agencies to search or request searches of driver's license databases to compare against mugshots.

Further, despiteDespite local law enforcement agencies keeping their own databases of mugshots, many of the agencies share access to those databases with each other. Often this is handled through the FBI's Next Generation Identification database, which contains more than 30 million facial recognition records, and access to this database is offered to local and state law enforcement agencies. The FBI has a department, focused on calledfacial therecognition Facialservices—Facial Analysis, Comparison, and Evaluation (FACE) Services which is focused on facial recognition services. This team, withhas access to over 400 million non-criminal photos from sources, including state DMV databases, and the State Department, and 16sixteen U.S. states whichthat allow access to driver's licenselicenses and ID photophotos to be utilized. Georgetown University has estimated that close to half of all American adults have been entered into at least one facial recognition database, hasdue to the access to overDMV 400databases million non-criminal photos. Withand the number of DMV databases, and the amount of American'sAmericans who are passport and U.S. visa holders and, and therefore, have photos in the State Department's database, has led Georgetown University to estimate that close to half of all American adults have been entered into one if not more facial recognition database.

The concerns with the use of facial recognition withby law inforcementenforcement comescome infrom how the facial data is generated and how it is applied. For law enforcement, a lot of facial recognition data is derived from mugshot images. These images are taken upon arrest, before guilt has been determined, and mugshot photos are almost never removed from the database, regardless of the outcome of the criminal trial. FurtherAlso, as noted above, facial recognition is prone to error, with the FBI admitting in its privacy impact assessment on facial recognition, that the system may not be sufficiently reliable to accurately locatedlocate other photos of the same identity, increasing the percentage of misidentification.

The FBI asserts its system can find the true candidate in the top 50fifty profiles 85 percent of the time, but this turns out to only be true in the case a true candidate exists in the gallery. If the true candidate is not in the system, it is possible the system will still produce one or more potential matches, creating false positive results. FurtherAs explored above, many facial recognition systems have difficulties and biases in results for specific communities, such as explored above, many facial recognition systems have difficulties and bias in results for specific communities, often including ethnic minorities in the United States. Meanwhile, the criminal databases across the United States are disproportionately filled with faces of African Americans, Latinos, and immigrants, due, in part, to racially biased police practices, which these facial recognition programs can replicate through false positives and the systemssystem's difficulties in identifying these communities.

The concerns with mass surveillance and invasions of data privacy, with a lack of informed consent, can be furthered by law enforcement agencies more than any other use of facial recognition, especially in the name of border security, airport security, and catching criminals. However, unlike other criminal searches, most jurisdictions do not require law enforcement agencies to file for a warrant for a facial recognition search. Some jurisdictions do not even require law enforcement to suspect someone of committing a crime before using facial recognition to identify them. And only some agencies or jurisdicationsjurisdictions have any rules or laws protecting individuals engaged in protected free speech.

In Canada, the RCMP was investigated for its use of facial recognition technology, which allowed the law enforcement agency to match photographs of people against a databank of more than 3 billion images scraped from the internetInternet and without the consent of the individuals. The result was that billions of people were unknowingly included in what was called a 24/7 lineup. This would be found to be mass surveillance, and a violation of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). During investigations into RCMP's unlawful use of facial recognition technology, the RCMP would acknowledge its use, but suggest it was limited, and primarily used to rescue children who have been or are victims of online sexual abuse.

However, further investigation proved the RCMP's allegations of its scope of use did not satisfactorily account for the vast majority of searches made. Perhaps more critical to this, the investigation found the RCMP had serious and systematic gaps in policies and systems to track, identify, assess, and control novel collections of personal information. These checks are important to ensure the RCMP complies with the law when using new technology and new sources of data.

However, the investigation into the RCMP's use of facial technology, and acknowledgementthe acknowledgment that the law enforcement agency contavenedcontravened PIPEDA, stopped its use of facial recognition technology. WhileDuring the investigation, the RCMP, during the investigation, suggested a third partythird-party legal compliance check to ensure the service remained in compliance with PIPEDA would create an unreasonable obligation on the RCMP, but the RCMP would agree to implement recommendations to improve policies, systems, and training. This included the privacy assessments of third partythird-party data collection practices, and ensuring they are used in accordance with PIPEDA and related privacy legislation. Further, thisThis case led to calls for the Canadian Parliament to amend PIPEDA to clarify the obligation of law enforcement in Canada in regardsregard to its collection of personal information.

Facial recognition systems and software offer ways to identify or confirm an individual's identity using their face. These systems can be used to identify people in photos, videos, or in real-time. Facial recognition can also be used as a category of biometric security, similar to voice, fingerprint, or iris recognition. A facial recognition system can be used to unlock electronic devices, or for access control, but is seeing increasing use by law enforcement to identify people during routine police stops, or during moments of political unrest or engaging in protected speech and expression, such as in protests or riots, in order to target individuals.

Facial recognition systems use algorithms in order to generate a mathematrical or numerical map of a person's face. These are based on the details of the face, such as the distance between the eyes or shape of the chin. Some of these systems are developed to positively identify a person, but, as often is the case, when a system cannot get enough of the specific details to make a positive identification, it can make mistakes. Some systems, to combat the potential for these mistakes, provide a probability score for a match between an image or unknown person and faces from a database. The algorithm tends to go through three basic steps, which can also be three different standalone technologies combined to improve a facial recognition system, or otherwise adapt a system. These are:

• Detection: this is the process of finding a face in an image, which is similar to face detection systems used in cameras or on smartphones. This system is only focused on finding a face, and can be used standalone, such as in those camera systems.
• Analysis: the analysis or attribution system works to map the face. This is done by a series of measurements, which will depend on the type of facial recognition system or algorithm used, which are converted into a string of numbers or points, also known as a "faceprint." Social media filters often use these systems to map a filter on a face. Analysis systems can suffer from glitches, especially in case of misidentification, which can prove problematic when paired with a recognition database.
• Recognition: these are databases which work to take the numbers generated by an analysis system to confirm the identity of the face. This process is often used for verification, such as in security features on smartphones or laptops, or for identification, such as at borders or on traffic stops.

Depending on the system, and what it is developed to achieve - as different systems can achieve different goals - the system will vary in its ability to identify people. This is further complicated under more challenging conditions, such as poor lighting, low quality image resolution, or suboptimal angles of views. These can generate different types of errors: a "false negative" and a "false positive".

A false negative error occurs when the face recognition system faisl to match a person's face to an image that is contained in a database. In this kind of error, the facial recognition system will return zero results in a response to a query, even when the correct answer exists in a database. This type of error has been detected in various studies where a system is tested against suboptimal images from a known database image.

A false positive error occurs when the facial recognition system does match a person's face in an image to a corresponding face in the database, but the match is actually incorrect. This error has also been studied, where a known image is given to a facial recognition system and the facial recognition system presents an incorrect answer with the confidence of the algorithm. The false positive error tends to concern individuals, as they can lead to misidentifications which, especially in law enforcement scenarios, can cause an innocent individual to go to jail for a crime they did not commit.

A comparison threshold can use the false negative rates and false positive rates of a facial recognition system to generate a comparison threshold. The comparison threshold is a way of using the similarity scores calculated by facial recognition algorithms to tune a system's sensitivity to these types of errors, and thresholds can be adjusted to account for trade-offs between accuracy and risk when returning results. Comparison thresholds, essentially, are a way to use common errors in facial recognition systems to generate better, and more accurate results.

Another attempt to increase the accuracy and ability of facial recognition systems have been the development of three dimensional facial recognition systems, which can create more points of analysis in a face as the depth of facial features can be measured. Similarly, texture analysis systems have been developed, which use a patch of skin and use algorithms to turn the patch into a mathematical, measurable space and distinguish any lines, pores, and actual skin texture to identify differences between similar faces. The texture analysis is only meant to be applied to a larger facial recognition system, but further can be used in combination to develop a more comprehensive and more accurate facial recognition system.

Facial recognition systems tend to struggle with specific challenges. These include changes in expression, such as blinking, frowning or smiling, and can be challenged by the inclusion of a mustache or beard, and can be fooled by eyeglasses, especially sunglasses. New systems and new topography systems have been developed to address these challenges. However, other factors that even these systems can be challenged by can include significant glare on eyeglasses, or sunglasses; long hair obscuring any central part of the face; poor lighting that can cause either under or over-exposure of a face; and any lack of resolution.

There are various potential advantages for the use of facial recognition technology. These include its use for increased security, such as its use to help identify wanted criminals or terrorists, used for building access, for building surveillance, and used as a tool for locking and unlocking personal devices.

Facial recognition can make it easier to track down burglars, thieves, or trespassers. Knowledge of the presence of a facial recognition system can further serve as a deterrence system, especially in the case of petty crime. Further, similar to security, companies can use facial recognition for cybersecurity, and for digital access control, using the potential for devices to recognize a face in place of passwords which, in theory, cannot be phished or hacked or changed.

Especially in terms of law enforcement activities, such as stop and search activities, can be used to remove bias and ease public concern over unjustified stops and searches and the controversy around those practices. This can be done by automated the process, with facial recognition technology scanning crowds or individuals and help reduce searches on law-abiding citizens, while also picking out potential suspects or individuals for a stop and search, or related activity.

As the technology becomes more widespread, and more robust, more use cases aimed at convenience are developed. For example, the use of facial recognition for unlocking of personal electronic devices can be achieved faster than password or passcode entry, and is similar in speed as other biometric measures, but can be perceived as faster as the process can be initiated sooner. Further, it has been suggested for use for payment, with facial processing systems at checkout or ATM that could be used to link to an individual's bank account or payment system and not require them to pay for items without getting out a credit card or cash, making payment automatic and seamless.

Similar to the above example in convenience, because facial recognition can be achieved faster, it can outpace potential cyberattacks and advanced hacking tools to achieve that verification of a person's identity before any information can be compromised.

Most facial recognition systems can further be integrated into other tools. This can increase the potential use cases and advantages of the use of facial recognition tools. For example, facial recognition could be used to help law enforcement agencies to track down missing persons, to identify criminals or suspects of crimes, and can increase security in airports and to identify potential threats.

Facial recogntion has many uses, and more continue to be discovered or developed. It can be used for marketing, sending targeted ads, for security and law enforcement, for access control for buildings or personal devices, for banking, tracking attendance, and for gaming.

Facial recognition systems are being developed and deployed for security and law enforcement, while the United States have no laws to protect an individual's biometric data. This has led to concerns, as more than half of the United States population is considered to have already had their faceprint captured with or without consent, and with that data stored without their knowledge. Further, this data could be accessed by malicious actors, or could be used by government agencies or advertisers to track individuals. This is further concerning when given the potential for false positives that could implicate an innocent individual in a crime they are not guilty of. Further, the GDPR regulations do not address biometric data. And, according to the Department of Homeland Security, the only way for individual's to avoid having their biometric information collected when travelling internationally, is not to travel.

Facial recognition systems have been found to have around 90 percent accuracy or more, however this is not true when assessing facial recognition results of some, such as African Americans and women. This means, in testing, facial recognition systems have been found to falsely identify African American and Asian faces 10 to 100 times more often then white faces. Further, the technology has been found to misidentify or falsely identify women more than men, making African American women particularly vulnerable to algorithmic bias. And some algorithms used by U.S. law enforcement falsely identified Native American more than peopel from other demographics.

Most developers of facial recognition algorithms have seen an increase in accuracy as models have been used in the wild, and have further improved drastically with the introduction of deep learning techniques. However, the bias have still been found to exist despite the increases in the accuracy of the models. This has led to calls for facial recognition software to be banned, or moratoriums to be put in place until those biases are removed from the algorithms, especially as they may injure the rights of individuals in specific demographic groups over others.

Another concern around facial recognition is the potential for privacy and data privacy intrusion. This is in part due to the lack of transparency around how information is gathered, stored, and management, with some suggesting the use of facial recognition infringes on citizens' inherent right to not be under constant government surveillance, and to control the use of their own image. In 2020 the Eureopan Commission banned facial recognition technology to allow for changes to be made to their legal framework in terms of guidelines on privacy and ethical abuse.

Privacy concerns tend to be focused around unsecured data storage practices that could expose facial recognition data, creating potential security threats, especially as many organizations host the data on local servers where a lack of IT security professionals can fail to ensure network security and lead to security vulnerabilities. These are not always a concern when systems are used on a personal device, as often the data is handled and stored on device.

However, other privacy concerns are centered around the lack of informed consent or transparency. Especially as any form of data mining, especially online, for facial recognition systems uses large datasets of images, ideally captured multiple times under various lighting conditions and angles, and the largest sources of this type of data tend ot be online sites, such as social media sites, or an individual's cloud camera storage. And some of these services and copyright licenses allow for various liberal interpretations and sometimes illegimate use.

Facial recognition could further lead to ubiquitous cameras and data analytics and eventually mass surveillance that could compromise citizens' liberty and privacy rights. While it can help law enforcement and governments with criminals and boerder controls, it can compromise and erod the privacy rights or ordinary and innocent people. These concerns have led to calls for blanket bans on all facial recognition tools, especially those used for mass surveillance, especially as the use of artificial intelligence can increase the power and reach of artificial intelligence. This opens the potential for malicious use of facial recognition to manipulate and threaten people, government agencies, and democracy, in similar ways artificial intelligence has been use to create bot attacks.

As noted above, law enforcement agencies have begun more frequently using facial recognition in routine police duties. Agencies collect mugshots from arrestees and compare them against local, state, and federal face recognition databases. Once an arrestee's photo is taken, the mugshot can be uploaded on one or more database, and can be scanned every time a law enforcement agency does a facial recognition search. Some of these systems can further run these mugshots against photos from social media, CCTV, traffic cameras, or photographs officers have taken themselves in the field. Some estimates have 25 percent, if not more, of local, state, and federal law enforcement agencies in the U.S. are capable of running facial recognition surveys on their own databases, or databases of other agencies. Further, the Washington Post reported that, as of 2013, 26 states allowed law enforcement agencies to search or request searches of driver's license databases to compare against mugshots.

Further, despite local law enforcement agencies keeping their own databases of mugshots, many of the agencies share access to those databases with each other. Often this is handled through the FBI's Next Generation Identification database, which contains more than 30 million facial recognition records, and access to this database is offered to local and state law enforcement agencies. The FBI has a department, called the Facial Analysis, Comparison, and Evaluation (FACE) Services which is focused on facial recognition services. This team, with access to state DMV databases, the State Department, and 16 U.S. states which allow access to driver's license and ID photo, has access to over 400 million non-criminal photos. With the number of DMV databases, and the amount of American's who are passport and U.S. visa holders, and therefore have photos in the State Department's database, has led Georgetown University to estimate that close to half of all American adults have been entered into one if not more facial recognition database.

The concerns with the use of facial recognition with law inforcement comes in how the facial data is generated and how it is applied. For law enforcement, a lot of facial recognition data is derived from mugshot images. These images are taken upon arrest, before guilt has been determined, and mugshot photos are almost never removed from the database, regardless of the outcome of the criminal trial. Further, as noted above, facial recognition is prone to error, with the FBI admitting in its privacy impact assessment on facial recognition, that the system may not be sufficiently reliable to accurately located other photos of the same identity, increasing the percentage of misidentification.

The FBI asserts its system can find the true candidate in the top 50 profiles 85 percent of the time, but this turns out to only be true in the case a true candidate exists in the gallery. If the true candidate is not in the system, it is possible the system will still produce one or more potential matches, creating false positive results. Further, as explored above, many facial recognition systems have difficulties and bias in results for specific communities, often including ethnic minorities in the United States. Meanwhile, the criminal databases across the United States are disproportionately filled with faces of African Americans, Latinos, and immigrants, due, in part, to racially biased police practices, which these facial recognition programs can replicate through false positives and the systems difficulties in identifying these communities.

The concerns with mass surveillance and invasions of data privacy, with a lack of informed consent, can be furthered by law enforcement agencies more than any other use of facial recognition, especially in the name of border security, airport security, and catching criminals. However, unlike other criminal searches, most jurisdictions do not require law enforcement agencies to file for a warrant for a facial recognition search. Some jurisdictions do not even require law enforcement to suspect someone of committing a crime before using facial recognition to identify them. And only some agencies or jurisdications have any rules or laws protecting individuals engaged in protected free speech.

In Canada, the RCMP was investigated for its use of facial recognition technology, which allowed the law enforcement agency to match photographs of people against a databank of more than 3 billion images scraped from the internet and without consent of the individuals. The result was that billions of people were unknowingly included in what was called a 24/7 lineup. This would be found to be mass surveillance, and a violation of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). During investigations into RCMP's unlawful use of facial recognition technology, the RCMP would acknowledge its use, but suggest it was limited, and primarily used to rescue children who have been or are victims of online sexual abuse.

However, further investigation proved the RCMP's allegations of its scope of use did not satisfactorily account for the vast majority of searches made. Perhaps more critical to this, the investigation found the RCMP had serious and systematic gaps in policies and systems to track, identify, assess, and control novel collections of personal information. These checks are important to ensure the RCMP complies with the law when using new technology and new sources of data.

However, the investigation into the RCMP's use of facial technology, and acknowledgement that the law enforcement agency contavened PIPEDA, stopped its use of facial recognition technology. While the RCMP, during the investigation, suggested a third party legal compliance check to ensure the service remained in compliance with PIPEDA would create an unreasonable obligation, the RCMP would agree to implement recommendations to improve policies, systems, and training. This included privacy assessments of third party data collection practices, and ensuring they are used in accordance with PIPEDA and related privacy legislation. Further, this case led to calls for the Canadian Parliament to amend PIPEDA to clarify the obligation of law enforcement in Canada in regards to its collection of personal information.