We use our faces to open our phones. We pay for things with our fingerprints. Our kids record themselves performing on TikTok. And companies install facial recognition software on employees’ computers to monitor their every move. We are already living in a reality in which facial recognition and other forms of biometric surveillance pervade our daily lives.
But right now, in Maryland, there are essentially no restrictions on the ways corporations can collect, use and even sell our personal, unchangeable biological characteristics like fingerprints and faceprints. That is why we are sponsoring a bill in the Maryland legislature that would protect all Marylanders’ right to privacy by establishing guardrails around when and how companies can collect our biometric identifiers.
These technologies can pose a danger to all of our core constitutional rights. They’ve made it easier for abusers to stalk their victims, caused wrongful arrests, and led to arbitrary exclusion from businesses — like the 14-year old Black girl who was denied entry to a roller skating rink because its facial recognition system misidentified her as someone else who’d gotten into a fight. A 2019 federal study of facial recognition systems found that Asian and Black people were up to 100 times more likely to be misidentified than white men depending on the particular algorithm and type of search. Native Americans had the highest false-positive rate of all ethnicities. Women were also more likely to be falsely identified than men, and the elderly and children were more likely to be misidentified than those in other age groups.
The Biometric Identifiers’ Privacy Act — or BIPA — is common sense. Think about how terrifying it is when you get a notification alerting you someone stole your password or bank information. With biometric identifiers, the consequences are even more permanent. Unlike a credit card or even a Social Security number, our biometric data can’t be revoked or reissued. Once we lose control, as happened recently when the fingerprints and facial recognition markers of over 1 million people were found accessible on a public database, we are identifiable forever.
While we believe there can be beneficial uses of biometric identifiers, we also believe there should be rules. Our bill would require that companies get consent before taking our biometric identifiers; that they tell consumers what is being taken, stored and for how long; that there are rules on when they delete the identifiers; that they cannot profit off of them; and that there are consequences when they don’t follow the law.
It’s not enough for us to just pass laws that theoretically protect us from corporations capturing and monetizing our personal information without our knowledge or consent. These laws must make it impossible for companies to ignore these protections. The best way to hold powerful companies accountable is by empowering ordinary people, like you and me, to bring our own lawsuits against businesses that violate our privacy rights.
Only one other state has a law like this — Illinois. And the difference it’s made is clear: A Reuters review of lawsuits filed in Illinois since 2015 found widespread evidence that private companies, like Clearview AI, Facebook and TikTok had secretly collected, tagged and categorized biometric data gleaned from millions of unsuspecting Americans. With BIPA, Illinoisians were able to actually hold these companies accountable. Marylanders deserve the same protection.
Brian Feldman and Sara Love, Annapolis
The writers, both Montgomery County Democrats, are members of the Maryland Senate (District 15) and Maryland House of Delegates (District 16), respectively.
Add your voice: Respond to this piece or other Sun content by submitting your own letter.