They aren't fines. They are damages and go to the people affected.
In the case of the $650 million proposed settlement for Facebook proper (The judge in the case already rejected a $550 million settlement agreement as "far too little"), all Illinois Facebook users would get a check for $1000+
By the way, this article is really poorly written. The $5000 * 100 million users is not the way it works. The Illinois law says it is $1000-$5000 per violation, so the few million Illinois Instagram users (I have absolutely no idea how many there are) would be entitled to $1000-$5000 every time Instagram did a facial recognition lookup on them, which could easily cause a total liability to be in the tens or hundreds of billions of dollars.
Facebook fought against their lawsuit for years until it was finally ruled that they would have to go to trial. And now they are settling. That's likely what is going to happen here too. If they can keep it out of the courtroom, they'll pay nothing. If they can't, they'll offer up a few hundred million to make it go away.
Given it is class action suit, I would say the lawyers make most of the money and the people who have the standing to sue will get nowhere close to $1,000 .
It's pretty obvious that the fine won't be $500B since it was likely set that high specifically so when it's knocked down it doesn't go to something absurd like $1,000. However, I do hope this sees some traction, especially as Facebook is now fully moving forward with its plan to merge Instagram, WhatsApp and Facebook.
This sounds almost like the previous lawsuit (mentioned in the article) that was settled by Facebook for $650 million, which was concerning Facebook’s use of facial recognition, wasn’t noticed by the lawyers of this case. The best they can hope for would be one more settlement that will be a tiny fraction of a percentage of the $500 billion ask. Hopefully they have strong evidence against Facebook’s statement that Instagram doesn’t do facial recognition.
> “The Illinois Legislature said this is meant to be an expensive violation,” U.S. District Judge James Donato said during a preliminary settlement approval hearing held via video Thursday.
> The Illinois statute carries civil penalties of $1,000 for each negligent violation and $5,000 for each knowing violation. With a class of millions of Facebook users who had photos of themselves uploaded in Illinois, damages could have reached tens of billions of dollars.
> Donato demanded lawyers for Facebook and the plaintiff class explain why the higher damages amount of $5,000 per violation was taken off the table.
> Last year, Facebook paid a $5 billion fine to the Federal Trade Commission to settle claims that it violated a 2012 FTC order by allegedly deceiving users about their ability to control private information. Donato said that settlement could provide adequate evidence to support a push for higher damages.
> “It looks to me that what Facebook did to violate the BIPA may also have been a violation of that prior FTC consent decree, in which case you have a pretty good argument that this is an intentional or reckless violation of BIPA that would warrant $5,000,” Donato said.
> "Under the Illinois law, Facebook could be forced to pay $1,000 to $5,000 per violation, meaning the full damages could reach $500 billion if Facebook is found responsible."
$500B is pretty nuts. Does anyone else here feel that this whole thing is nuts?
Facebook's market cap is $700B. Making them pay $500B in damages would put them out of business. So, to be clear with what we're talking about here, we're considering the corporate death penalty.
The alleged crime? Processing photo data to find objects that look like people that look similar to other objects that look like people. Yes, by the letter of the law, that's against BIPA (which is a problematic law motivated by a historically anti-tech cash-grabby legislature (see: Netflix Tax)), but what are the actual damages to the injured party? It is a tall order to convince me that having your name pop up as a recommended tag in your friend's photo caused you any material harm, let alone $1000+ per incident.
I get that there's a privacy angle, I get that PII is toxic, I get that we care about data protection and all now. But this? This is a dumb law, and a dumb lawsuit.
Hmm, I question whether it really would put them out of business. FB made about $18B net income last year. Shouldn't that be more than enough to pay the interest on issuing $500B of long term bonds? It almost seems like a sweet spot of a massive fine that wouldn't kill them.
Also, it would just be satisfying to demonstrate they aren't above the law. Ordinary people don't get to say "but that law is obviously unreasonable" when, you know, it's very debatable, and get exempted.
Today I learned: the idea that a corporation can commit a crime is a very new one. [1]
People commit crimes, not companies.
[1] William Blackstone, Commentaries on the Laws of England 464 (1765) (“A corporation cannot commit treason or felony or other crime in its corporate capacity
though it’s members may in their distinct individual capacities.”)
Corporations are "people" when it comes to their thirst for massive political influence, but just when they get into legal trouble, they are suddenly NOT a person, but a vague multi-layered blob, impossible to prosecute.
> but just when they get into legal trouble, they are suddenly NOT a person, but a vague multi-layered blob, impossible to prosecute.
This is exactly why corporations are legally people. We can prosecute the whole blob instead of trying to assign blame to individuals.
To see how this works, take a look at People v Rochester Ry. Light co (NY 1909)[1]. A corporation killed someone through negligence, but nobody was ever punished because a corporation was not considered a legal person and it was impossible to reach into the vague blob and charge individuals.
Yup, you're definitely confused. The people who went to jail as a result of the enron scandal (fastow) were charged as individuals. You can't charge a corporation and then have other people serve jail time on it's behalf.
If jail time is the only thing that satiates you, then you need to clearly show that an individual broke the law. Failing that, we have the ability to charge the whole corporation to make sure that they are still held liable.
I think it’s not productive calling each other confused, because I think what’s going on is that you’re both approaching this from a different perspective.
In a working system, yes. In the America that we have today, I can crime all I want, behind a wall of indirection, lawyers, and preferential treatment of the Church of Business. It requires prosecutors with a special set of skills, perseverance, and resources, which we simply don't have.
Mountains of corporate money is flowing into the government, thanks to stuff like Citizens United (a nuclear bomb under American politics), and absolutely out of control lobbying, creating a castrated government that simply cannot or wants to do anything.
FWIW starting a conversation that way is going to put people in a defensive mindset and make them less likely to properly consider what you have to say.
Yep, it’s just noise in the discussion, and doesn’t add any value other than putting the other person on defense mode.
Proper discussions are difficult though, but i learned that starting out with acknowledging positive things, and most certainly stick to facts, not attacking the people you’re talking with.
That's why I like HN comment threads. So many good examples on how to make progress in discussions and conversations, and even analysis of why certain behavior is counter-productive
If an individual kills someone they will be arrested and imprisoned. If a corporation kills someone they may be fined a token amount or have a pay restitution. Hardly equivalent.
This seems to me to be a parody of queer theory or the idea of socially-constructed gender from critical social justice theory. Those theories shouldn't be off limits from parody or criticism.
>Very famously the US supreme court ruled in 2010 that corporations have free speech and money is speech
Not quite. They ruled that that corporations can spend unlimited money because money is is speech, which was an established precedent set by the much earlier Buckley v. Valeo:
>The majority ruled that the Freedom of the Press clause of the First Amendment protects associations of individuals in addition to individual speakers, and further that the First Amendment does not allow prohibitions of speech based on the identity of the speaker. Corporations, as associations of individuals, therefore have free speech rights under the First Amendment. Because spending money is essential to disseminating speech, as established in Buckley v. Valeo, limiting a corporation's ability to spend money is unconstitutional because it limits the ability of its members to associate effectively and to speak on political issues.
1) The "my friend" at the end of OPs comment is the connection to Mitt Romney. It's a relatively famous quote, much to my dismay.
2) No corporations are not people. That is, quite obviously, a non-sequitur. They do, however, have some (but not all!) of the rights that people do because of the fact that they are made up of people.
That nicely illustrates the importance of the context of quotes: At that time the concept of limited liability didn't yet exist like today. The corporation itself wasn't the same as a modern corporation, yet had the same name.
A company is a legal person [1], just as you and me (but we're also natural persons). Otherwise it wouldn't have the ability to sign contracts, borrow money, sue... Or get sued for crimes it committed.
Not sure why this is downvoted as it brings up an interesting position. Why can't there be violations so severe that they force the corporation to be dissolved?
I wished that was meted out as a punishment much more often than it is done today. It is a very powerful message to send: these execs are not bankable because they caused all of their shareholders to lose money.
So what you're saying is that whenever i commit a crime i just need to do it under a business name and it's all good? It's simply ridiculous to think that.
I'm not a user, have been a user for about 5 minutes. People have never tagged me on FB as far as I'm aware of. If someone did I'd be quite pissed off. To the best of my knowledge there are only two pictures of me online and both are well over a decade old.
You would be surprised with the amount of group class photos that get uploaded. If you have attended public school where they sold class pictures you are probably already classified.
Yes, though it would be equivalent to a label or sticker on an item in a store (note: not a barcode). It wouldn't carry meaning from a technological perspective (though I guess Facebook could try to mine that).
The problem with Facebook's facial recognition features is that it has to recognize all faces, even faces that don't want to be recognized, to know which faces to legally not recognize. It's an all-or-nothing feature across its entire user base. It can't even be geofenced because users travel and upload from all sorts of parts of the world and wind up in the background of several photos.
Facial recognition is a "logical feature" in that it mimics how people recognize people, but is problematic when applied at scale.
If I don’t upload a picture of my face and tell Facebook “please let me know when you’d see my face, it looks like this”. Then any time they see a face they don’t recognize they should just do nothing.
That’s not at all how Facebook chose to implement their face detection and pretending it’s a hard problem does a disservice to anyone interested in their privacy.
Parsing the image and seeing faces is one thing. Persisting and correlating that data is another.
> the tool automatically scans the faces of people pictured in other users' posts, even if they don't use Instagram and didn't agree to the terms of service.
This suggests to me that the number of people affected is much more than the 100 million Instagram users, and the potential fine much higher.
Sort of related. I always wondered how people in my photos would react knowing Google Photo was essentially scanning their face without their approval. I am sure this is covered by Google Photos T&Cs somehow, nevertheless, it's a real problem. Should I disclose anyone I snap about this? Even someone walking in the background?
Not sure what you "should" do but I suppose it would be more ethical to use an alternative service than google photos.
Somewhat similar to what you describe, the "Access Contacts" permission usually present in mobile operating systems essentially leaks the contact information of everyone stored in ones contact, if permitted.
The names and associated phone number can be used to build advertising/tracking profiles by apps.
The problem is that even if someone does not use those apps and instead chooses privacy-respecting alternatives, it only takes another person who does use these apps to have their information saved in their contacts.
I would imagine it to be quite similar with these photos and also with the facebook case.
It seems unethical to put other people who might not be on facebook and have not read the terms of service or privacy policy through these algorithms.
I think the contacts example illustrates how hard of a problem this is, I definitely don't have a viable solution. Even if you ask someone for permission, they might change their mind or not fully understand.
I was thinking about this on a visit to a major tourist spot I had visited years previously. Because I had been before I decided to go with no camera or phone to just look around.
As I was walking around I realized that so many other people were taking photos where I was in the background that it felt like Facebook or Google knew I was there even though no one else did.
> scans the faces of people pictured in other users' posts
Why is this wrong? You're just scanning a bunch of pixels, and the data was given to you, so any liability or violation of use of someone's likeness is on the person who gave you the data.
Autonomous cars scan the poses and faces of people even if they didn't agree to any ToS, to try to determine what those people are about to do based on their physical expression. Autonomous cars track the movements of strangers over a short time as well by re-identifying a person that moved behind an obstacle and emerged on the other side. It would be silly and unsafe to say they are not allowed to do that, because human drivers do exactly that.
Autonomous cars do so when you're in a public space. And by pixels, you could make that same reductive argument when violating anyone's private space via digital or physical, that it's only pixels, bits, molecules, etc. Don't forget laws and ethics work on scales.
People are tripping over the reductive part of your post, but ignoring what is the strongest argument:
> so any liability or violation of use of someone's likeness is on the person who gave you the data.
That's what I feel too. Presumably, by uploading a picture to FB you are giving your consent for it to be processed however their terms outline. And representing that you have the consent of others in the photo too. Otherwise, what are you doing uploading the photo, if you do not agree with the terms by which it will be used?
The liability for irresponsibly handling someone else's biometric data (per BIPA) to me makes more sense to pin on the person who actually uploaded the data to a known data processing application, rather than blaming the tool.
I gather that that's not a popular opinion here though, and the Illinois law is written in a way that it targets the corporation that winds up with the data.
The problem with this argument is that it would be self-servingly naive for the recipient of the images to assume that the source of the data had obtained the appropriate permissions. Of course, the people creating this policy are not that naive; they are simply adopting the attitude cynically, as cover for what they know to be unethical.
To be clear, this does not absolve the supplier of the data for their responsibility, but the supplier’s culpability does not absolve the recipient.
Why should the recipient/platform be culpable if the supplier is already acknowledged as being both culpable and dishonest as far as the ToS? It might be sexier in a David vs. Goliath sense to go after Facebook but Facebook isn't the party creating and uploading all of this content. If the risks of supplying a platform without consent aren't sufficiently high then suppliers will never have an incentive to verify consent. And if the suppliers were already verifying for consent then this would be a non-issue because consent would be implied as far as the platform was concerned.
The ToS might as well force people to promise away their firstborn and people would still upload photos.
Platforms have ToS that are non-negotiable and almost nobody reads them. The plaform knows this and that users upload photos without proper permissions and instead of warning users, they make it very convenient to agree (or even preselect it), otherwise it couldn't use the data in an almost-cover-your-ass way.
Note: I don't use these services, please correct me if I'm wrong.
In any worthwhile system of ethics, willfully ignoring very reasonable doubts about the provenance of something is itself unethical, separately from what was done by others. Similarly, it is unethical in itself to take advantage of another’s indifference to a third party’s rights in order to do to that third party something they would object to.
As for the question of what the platforms can do, it is simple: treat third parties as if they have refused permission. There’s nothing difficult about it once you filter out the self-serving attitude of the platforms. This has nothing to do with what’s “sexy” and everything to do with what’s right.
Let me stop you right there, because that's the difference.
An autonomous car, one would presume, or its builder would find themselves here too, is not permanently scanning every object it finds, tagging it, coalescing it into a giant database, and cross referencing that with an enormous amount of individually identifying information.
The autonomous car doesn't know you're "Jonaldo Stevensmith of Braunschweiger, Texas, 28 years old, working for Brogrammer Inc" nor what you've been doing for the last ten years. Its capability goes only as far as knowing you're one of ten living (human) things it must not run over.
Instgram/Facebook do know who you are. Fb/I have shown time and time again that they aren't capable of securely managing user data. Nor do they make it explicit what they will do with your data long-term, because they themselves do not know.
Let me illustrate the problem further, if I understand things correctly Instgram works primarily on phones. Mobile phones for the last five years by and large have amazing cameras, with sensors ranging from 8 megapixels all the way up to "100 megapixels" in some current flagship models. Instagram, if I understand things correctly, allows you to upload any resolution of photo and stores the original in perpetuity BUT it will only show you very low resolution versions (even of your own photos).
Meaning, Instagram will not show users their original upload and only offers scaled down versions; all the while, performing biometric analysis on the originals. I don't think most people would upload photos if they knew, that their faces were being scanned at in extremely high resolutions and permanently attached to an already unfathomably deep profile. Even if they were okay with a few I don't think most folks would be okay once they realize the scale and true size. It's very likely every photo anyone has taken of you (and uploaded), whether you've been tagged or not (or as someone just in the background) Fb/I will know you're in it. I'm sure that wasn't clearly stated by their terms of service.
Truly, what's happening here could only end even worse for everyone, with an even larger lawsuit(s) than this... I'd wager a even a near company shattering fine of $150bn now would be a deal. Why?
An unfettered quest for growth would leave them blind to what they're creating. By Identifying people using biometric and superficial data and then attempting to predict human behavior combining them-- they will end up creating a fucking racist machine. The machine won't be based on science as a result of its dataset; it's going to be based on "AI" trained from incomplete bullshit data. It will be asked to predict things it is unable to, but the researchers will not be able to discern fact from fiction because there's too much noise. "It fits the curve, it must be right."
The more opaque the machine stays, the longer it will remain hidden, and the more racist it will be become feeding off of itself.
The lawsuit to stop that devil would be end-game for Facebook. I suspect, there would be no recovery, because the dual passage of antitrust and discrimination laws preventing, dismembering, and disemboweling such a wretch would leave only an unrecognizable corpse.
Do I think it's Facebook's intention to create a giant racist fucking machine? Fuck no. I do think it's entirely possible to repeat history, stupidly, and accidentally. The road to hell is paved with good intentions.
It'd be nice if the article explained how either itself or Illinois were arriving at that 100 million number considering that the population of Illinois is only 12.67m according to a cursory google search.
The most depressing part about this is: to me, as an individual who probably has my biometric data harvested, I see nothing of this money and my data is still gone. It’s almost as if there was a hidden price tag: "Do crime X and pay Y to make money Z." As long as Y<Z and the business can continue to operate with a new crime, it’s just like there was no law. Just costs.
This is most definitely not true where I live. You’re definitely not allowed to put someone’s picture online without their consent, and absolutely not allowed to build a database out of that based on facial recognition.
> In a statement to Business Insider, Facebook spokesperson Stephanie Otway said Instagram does not use facial recognition in the way the Facebook app does. "This suit is baseless. Instagram doesn't use Face Recognition technology," Otway said.
Later on in the article:
> Facebook did not immediately respond to a request for comment.
111 comments
[ 2.7 ms ] story [ 168 ms ] threadThey aren't fines. They are damages and go to the people affected.
In the case of the $650 million proposed settlement for Facebook proper (The judge in the case already rejected a $550 million settlement agreement as "far too little"), all Illinois Facebook users would get a check for $1000+
By the way, this article is really poorly written. The $5000 * 100 million users is not the way it works. The Illinois law says it is $1000-$5000 per violation, so the few million Illinois Instagram users (I have absolutely no idea how many there are) would be entitled to $1000-$5000 every time Instagram did a facial recognition lookup on them, which could easily cause a total liability to be in the tens or hundreds of billions of dollars.
Facebook fought against their lawsuit for years until it was finally ruled that they would have to go to trial. And now they are settling. That's likely what is going to happen here too. If they can keep it out of the courtroom, they'll pay nothing. If they can't, they'll offer up a few hundred million to make it go away.
At this moment, no.
During the time that this law was in effect, easily.
Though I no longer live in Illinois, I am probably one of the people covered by this lawsuit.
50 million tourists visit Chicago each year. They're probably covered.
104 million people travel through ORD and MDW airports each year. They're probably covered.
Probably another dozen or two million people travel to or through Illinois each year on business. They're probably covered.
It adds up.
https://www.courthousenews.com/judge-wont-sign-off-on-550m-f...
> “The Illinois Legislature said this is meant to be an expensive violation,” U.S. District Judge James Donato said during a preliminary settlement approval hearing held via video Thursday.
> The Illinois statute carries civil penalties of $1,000 for each negligent violation and $5,000 for each knowing violation. With a class of millions of Facebook users who had photos of themselves uploaded in Illinois, damages could have reached tens of billions of dollars.
> Donato demanded lawyers for Facebook and the plaintiff class explain why the higher damages amount of $5,000 per violation was taken off the table.
> Last year, Facebook paid a $5 billion fine to the Federal Trade Commission to settle claims that it violated a 2012 FTC order by allegedly deceiving users about their ability to control private information. Donato said that settlement could provide adequate evidence to support a push for higher damages.
> “It looks to me that what Facebook did to violate the BIPA may also have been a violation of that prior FTC consent decree, in which case you have a pretty good argument that this is an intentional or reckless violation of BIPA that would warrant $5,000,” Donato said.
Facebook's market cap is $700B. Making them pay $500B in damages would put them out of business. So, to be clear with what we're talking about here, we're considering the corporate death penalty.
The alleged crime? Processing photo data to find objects that look like people that look similar to other objects that look like people. Yes, by the letter of the law, that's against BIPA (which is a problematic law motivated by a historically anti-tech cash-grabby legislature (see: Netflix Tax)), but what are the actual damages to the injured party? It is a tall order to convince me that having your name pop up as a recommended tag in your friend's photo caused you any material harm, let alone $1000+ per incident.
I get that there's a privacy angle, I get that PII is toxic, I get that we care about data protection and all now. But this? This is a dumb law, and a dumb lawsuit.
Also, it would just be satisfying to demonstrate they aren't above the law. Ordinary people don't get to say "but that law is obviously unreasonable" when, you know, it's very debatable, and get exempted.
People commit crimes, not companies.
[1] William Blackstone, Commentaries on the Laws of England 464 (1765) (“A corporation cannot commit treason or felony or other crime in its corporate capacity though it’s members may in their distinct individual capacities.”)
I thought corporations are people, my friend.
> but just when they get into legal trouble, they are suddenly NOT a person, but a vague multi-layered blob, impossible to prosecute.
This is exactly why corporations are legally people. We can prosecute the whole blob instead of trying to assign blame to individuals.
To see how this works, take a look at People v Rochester Ry. Light co (NY 1909)[1]. A corporation killed someone through negligence, but nobody was ever punished because a corporation was not considered a legal person and it was impossible to reach into the vague blob and charge individuals.
[1]https://cite.case.law/nys/114/755/
Effectively, the last criminal prosecution of a corporate entity where actual people went to jail was Robert Mueller's team vs Enron.
After that, big money learned their lessons, plugged all the holes in their ships and now it's nearly impossible to do the same again.
If jail time is the only thing that satiates you, then you need to clearly show that an individual broke the law. Failing that, we have the ability to charge the whole corporation to make sure that they are still held liable.
Mountains of corporate money is flowing into the government, thanks to stuff like Citizens United (a nuclear bomb under American politics), and absolutely out of control lobbying, creating a castrated government that simply cannot or wants to do anything.
FWIW starting a conversation that way is going to put people in a defensive mindset and make them less likely to properly consider what you have to say.
Proper discussions are difficult though, but i learned that starting out with acknowledging positive things, and most certainly stick to facts, not attacking the people you’re talking with.
Corporations are people-fluid. They can chose to be people or not. Forcing people-ness onto them would be corporate-phobic.
That's true, yet in the reality of Cancel Culture, they are.
My post was now flagged. Oh well. Other people have lost their job and life for parodying those who can't be criticized.
https://www.youtube.com/watch?v=St1wSWtm_BI
Romney's point was that corporations are made up of people and that corporate taxes are, in the end, taxes on people.
The fact that this was treated as some kind of gaffe at the time, and is still being repeated almost a decade later is just terribly disappointing.
Anti-intellectualism has been a staple of American politics since approximately the 60s.
Very famously the US supreme court ruled in 2010 that corporations have free speech and money is speech [2]
[1] https://en.wikipedia.org/wiki/Corporate_personhood#Legislati...
[2] https://www.npr.org/templates/story/story.php?storyId=122805...
Not quite. They ruled that that corporations can spend unlimited money because money is is speech, which was an established precedent set by the much earlier Buckley v. Valeo:
>The majority ruled that the Freedom of the Press clause of the First Amendment protects associations of individuals in addition to individual speakers, and further that the First Amendment does not allow prohibitions of speech based on the identity of the speaker. Corporations, as associations of individuals, therefore have free speech rights under the First Amendment. Because spending money is essential to disseminating speech, as established in Buckley v. Valeo, limiting a corporation's ability to spend money is unconstitutional because it limits the ability of its members to associate effectively and to speak on political issues.
https://en.wikipedia.org/wiki/Citizens_United_v._FEC#Opinion...
2) No corporations are not people. That is, quite obviously, a non-sequitur. They do, however, have some (but not all!) of the rights that people do because of the fact that they are made up of people.
[1] https://en.wikipedia.org/wiki/Legal_person
But if individuals go to prison for their actions, people will be more careful how they act.
https://www.nytimes.com/2020/08/06/us/ny-nra-lawsuit-letitia...
https://en.wikipedia.org/wiki/Arthur_Andersen
1) Punishing those that did the illegal thing
2) Punishing those that profited from the illegal thing
If a mafia boss profits from getting a goon to rough up a shop owner for protection money, both the goon and the boss are punished.
I wouldn't be at all surprised if it's true, but still...do you have a source for that claim?
The problem with Facebook's facial recognition features is that it has to recognize all faces, even faces that don't want to be recognized, to know which faces to legally not recognize. It's an all-or-nothing feature across its entire user base. It can't even be geofenced because users travel and upload from all sorts of parts of the world and wind up in the background of several photos.
Facial recognition is a "logical feature" in that it mimics how people recognize people, but is problematic when applied at scale.
That’s not at all how Facebook chose to implement their face detection and pretending it’s a hard problem does a disservice to anyone interested in their privacy.
Parsing the image and seeing faces is one thing. Persisting and correlating that data is another.
This suggests to me that the number of people affected is much more than the 100 million Instagram users, and the potential fine much higher.
Somewhat similar to what you describe, the "Access Contacts" permission usually present in mobile operating systems essentially leaks the contact information of everyone stored in ones contact, if permitted.
The names and associated phone number can be used to build advertising/tracking profiles by apps.
The problem is that even if someone does not use those apps and instead chooses privacy-respecting alternatives, it only takes another person who does use these apps to have their information saved in their contacts.
I would imagine it to be quite similar with these photos and also with the facebook case.
It seems unethical to put other people who might not be on facebook and have not read the terms of service or privacy policy through these algorithms.
I think the contacts example illustrates how hard of a problem this is, I definitely don't have a viable solution. Even if you ask someone for permission, they might change their mind or not fully understand.
According to documentation, Google mentiones that face groups are deleted when you turn the feature off: https://support.google.com/photos/answer/6128838?hl=en
(And if they're not, winning a lawsuit against Google should be trivial.)
As I was walking around I realized that so many other people were taking photos where I was in the background that it felt like Facebook or Google knew I was there even though no one else did.
Why is this wrong? You're just scanning a bunch of pixels, and the data was given to you, so any liability or violation of use of someone's likeness is on the person who gave you the data.
Autonomous cars scan the poses and faces of people even if they didn't agree to any ToS, to try to determine what those people are about to do based on their physical expression. Autonomous cars track the movements of strangers over a short time as well by re-identifying a person that moved behind an obstacle and emerged on the other side. It would be silly and unsafe to say they are not allowed to do that, because human drivers do exactly that.
> so any liability or violation of use of someone's likeness is on the person who gave you the data.
That's what I feel too. Presumably, by uploading a picture to FB you are giving your consent for it to be processed however their terms outline. And representing that you have the consent of others in the photo too. Otherwise, what are you doing uploading the photo, if you do not agree with the terms by which it will be used?
The liability for irresponsibly handling someone else's biometric data (per BIPA) to me makes more sense to pin on the person who actually uploaded the data to a known data processing application, rather than blaming the tool.
I gather that that's not a popular opinion here though, and the Illinois law is written in a way that it targets the corporation that winds up with the data.
To be clear, this does not absolve the supplier of the data for their responsibility, but the supplier’s culpability does not absolve the recipient.
Platforms have ToS that are non-negotiable and almost nobody reads them. The plaform knows this and that users upload photos without proper permissions and instead of warning users, they make it very convenient to agree (or even preselect it), otherwise it couldn't use the data in an almost-cover-your-ass way.
Note: I don't use these services, please correct me if I'm wrong.
As for the question of what the platforms can do, it is simple: treat third parties as if they have refused permission. There’s nothing difficult about it once you filter out the self-serving attitude of the platforms. This has nothing to do with what’s “sexy” and everything to do with what’s right.
Let me stop you right there, because that's the difference.
An autonomous car, one would presume, or its builder would find themselves here too, is not permanently scanning every object it finds, tagging it, coalescing it into a giant database, and cross referencing that with an enormous amount of individually identifying information.
The autonomous car doesn't know you're "Jonaldo Stevensmith of Braunschweiger, Texas, 28 years old, working for Brogrammer Inc" nor what you've been doing for the last ten years. Its capability goes only as far as knowing you're one of ten living (human) things it must not run over.
Instgram/Facebook do know who you are. Fb/I have shown time and time again that they aren't capable of securely managing user data. Nor do they make it explicit what they will do with your data long-term, because they themselves do not know.
Let me illustrate the problem further, if I understand things correctly Instgram works primarily on phones. Mobile phones for the last five years by and large have amazing cameras, with sensors ranging from 8 megapixels all the way up to "100 megapixels" in some current flagship models. Instagram, if I understand things correctly, allows you to upload any resolution of photo and stores the original in perpetuity BUT it will only show you very low resolution versions (even of your own photos).
Meaning, Instagram will not show users their original upload and only offers scaled down versions; all the while, performing biometric analysis on the originals. I don't think most people would upload photos if they knew, that their faces were being scanned at in extremely high resolutions and permanently attached to an already unfathomably deep profile. Even if they were okay with a few I don't think most folks would be okay once they realize the scale and true size. It's very likely every photo anyone has taken of you (and uploaded), whether you've been tagged or not (or as someone just in the background) Fb/I will know you're in it. I'm sure that wasn't clearly stated by their terms of service.
Truly, what's happening here could only end even worse for everyone, with an even larger lawsuit(s) than this... I'd wager a even a near company shattering fine of $150bn now would be a deal. Why?
An unfettered quest for growth would leave them blind to what they're creating. By Identifying people using biometric and superficial data and then attempting to predict human behavior combining them-- they will end up creating a fucking racist machine. The machine won't be based on science as a result of its dataset; it's going to be based on "AI" trained from incomplete bullshit data. It will be asked to predict things it is unable to, but the researchers will not be able to discern fact from fiction because there's too much noise. "It fits the curve, it must be right."
The more opaque the machine stays, the longer it will remain hidden, and the more racist it will be become feeding off of itself.
The lawsuit to stop that devil would be end-game for Facebook. I suspect, there would be no recovery, because the dual passage of antitrust and discrimination laws preventing, dismembering, and disemboweling such a wretch would leave only an unrecognizable corpse.
Do I think it's Facebook's intention to create a giant racist fucking machine? Fuck no. I do think it's entirely possible to repeat history, stupidly, and accidentally. The road to hell is paved with good intentions.
How exactly is your data "gone"?
>Someone who also attended takes picture of party and posts in on instagram
>Instagram harvests your face from said picture
No public places involved in that scenario.
Comparing photos to one another to see if they match is hardly nefarious.
Paradoxically, it's probably irrelevant: it doesn't help them make money in ads, it probably has no otherwise material effect on the service.
I'm glad someone is suing FB but I'm not sure this is the right angle.
Later on in the article:
> Facebook did not immediately respond to a request for comment.
So, which one is it?