Facebook’s Photo Tagging Auto-Suggestion Feature: Another Silly Privacy Moral Panic

by on June 8, 2011 · 16 comments

Facebook announced yesterday that it had finished most of the global roll-out, begun in the U.S. last December. Now ZDNet reports that European Privacy regulators are already planning a probe of this. Emil Protalinski writes:

“Tags of people on pictures should only happen based on people’s prior consent and it can’t be activated by default,” Gerard Lommel, a Luxembourg member of the so-called Article 29 Data Protection Working Party, told BusinessWeek. Such automatic tagging “can bear a lot of risks for users” and the group of European data protection officials will “clarify to Facebook that this can’t happen like this.”

No doubt our friends at the Extra-Paternalist Internet Cops (EPIC) will jump into the fray with another of their many complaints to the FTC, dripping with outrage that Facebook has “opted us into” this feature. But what’s the big deal, really?  Emil explains how things work:

When you upload new photos, Facebook uses software similar to that found in many photo editing tools to match your new photos to other photos you’re tagged in. Similar photos are grouped together and, whenever possible, Facebook suggests the name(s) your friend(s) in the photos. In other words, the square that magically finds faces in a photo now suggests names of your Facebook friends to streamline the tagging process, especially with the same friends in multiple uploaded photos.

Lifehacker explains how easy it is for Facebook users to opt-out of having their friends seeing the automatically generated suggestion to tag their face (as Facebook did  in its own announcement):

  1. Head your Privacy Settings and click on Customize Settings.
  2. Scroll down to the “Suggest Photos of Me to Friends” setting and hit “Edit Settings”.
  3. In the drop-down on the right, hit “Disable”.

See the screenshots here. So, in short: The feature that’s upsetting the privacy regulationistas is a feature that saves us time and effort in tagging our friends in photos we upload—unless our friends have opt-outed of having their photos auto-suggested.

Just think about all the time users spent tagging their friends photo by photo—and the value lost from all the photos that aren’t tagged because they’re just not worth tagging. That’s exactly why Google’s Picasa photo management software has been using precisely this feature for some time—with nary a peep from the privacy regulationistas. Tagging is pro-user in a number of ways:

  • It’s actually pro-privacy! When you’re tagged in a photo, you get an email or an on-site notification telling you a friend has uploaded a photo of you to the site, giving you at least the opportunity to ask that person—your friend, after all—not just to remove the tag, but potentially to remove the photo, or to limit its visibility. Without tagging, you might never know the photo was on the site!
  • Tagging facilitates dialogue among friends about shared experiences.
  • It creates a sort of annotated phot0-diary of our lives. It’s easy to trivialize this, but over time, I think people will increasingly come to think of photos they and their friends and loved ones have been tagged in as the modern-day equivalents of their photo albums.

Now, if Facebook were automatically placing these tags on photos we uploaded, I could understand why some users would be upset.  But what’s the problem with making it easier for users to tag their friends? Facebook has apologized in comments to the BBC, saying: “We should have been more clear with people during the roll-out process when this became available to them.” It’s probably true that Facebook could do more to inform—or remind—privacy-sensitive users how to opt-out of features like this one or otherwise increase their privacy settings. For example, perhaps a quarterly reminder to all users about privacy controls could help to allay concerns that users don’t appreciate how protect their own privacy? And whenever launching new products, the company really should do more to flag changes clearly in a very direct way to users.

But I’m not sure any amount of prior explanation would have satisfied the privacy worrywarts at EPIC and and in Europe.

A Right Not to Be Mentioned?

Re-read Monsieur Lommel’s statement carefully: “Tags of people on pictures should only happen based on people’s prior consent and it can’t be activated by default.”  His second concern, again, seems misplaced here: tags are being “activated” only when the user who uploads photos chooses to activate them.  But think carefully about his first claim: Should tags really “happen” based on prior consent from everyone we tagged?  How would tagging work on Facebook if, every time a user uploaded photos, and tagged their friends, each tagged friend had to grant “prior consent” for each tag to appear?

Lommel is essentially arguing for a “Right not to be mentioned (without prior consent)”—a close cousin of the so-called “Right to be Forgotten.”  Sound crazy? It is, but it’s also the logical extension of the dangerous conception of privacy as a “fundamental human right” to, as free speech scholar put it so brilliantly a decade ago, “Stop People from Speaking About You”—the title of his superb 1999 law review article. In other words, this is privacy as censorship. It is, as Eugene noted, a dangerous idea, one fundamentally inconsistent with an open society in which we are free to observe and comment on the world around us. See Adam Thierer’s excellent post on these issues in the context of “forgetting” (i.e., mandatory deletion!).

The Alternative to Regulation: User Empowerment

In the end, features like auto-suggesting tagging will roll out because the vast majority of users find them incredibly useful and they increase the richness of user experience. EPIC and many Europeans seem intent on, as National Review once put it (at William F Buckley’s most reactionary moment in his rhetoric), “stand[ing] athwart history, yelling Stop!”  That’s what the opt-in obsession ultimately boils down to.

I can certainly understand that some users might not want their friends to tag them in certain photos (imagine the embarrassing or unflattering photo of last night’s drunken revelries). But that doesn’t mean Facebook shouldn’t use auto-suggestions—or that we should accept the European “Right Not to Be Mentioned.”

Instead, we should recognize the many layers of user empowerment and other forces at work here to to protect our privacy. That’s explained pretty well in the dialogue box that appears when users change their privacy setting to turn off the auto-suggestion feature:

You’re always in control of your tags on Facebook:

  • Only friends can tag you in photos
  • We’ll notify you when a friend has tagged you
  • You can remove a friend’s tag at any time
  • Tag suggestions are based only on photos you’ve allowed yourself to be tagged in

Update: Marc Rotenberg, President of EPIC, is already hard at work to stop this dastardly innovation because, after all, data is dangerous!

  • Anon410

    Why is EPIC so ready to complain to the government, anyway?

    http://www.theregister.co.uk/2011/06/01/google_epic_buzz_privacy_settlement/

  • http://icecreamheadache.wordpress.com Libby_J

    Yeah, and even better, the feature doesn’t work. My friend uploaded a bunch of pics from her recent trip to China, and facebook recommended that I (a blonde, white woman) be tagged in the place of some (dark-haired, asian) male live fashion model display. 

  • http://icecreamheadache.wordpress.com Libby_J

    Yeah, and even better, the feature doesn’t work. My friend uploaded a bunch of pics from her recent trip to China, and facebook recommended that I (a blonde, white woman) be tagged in the place of some (dark-haired, asian) male live fashion model display. 

  • http://twitter.com/Steve_Lockstep Stephen Wilson

    Assuming Libby_J you told Phacebook that the tag was wrong, you just provided them with another atom of facial recognition calibration.

    What they’re doing is crowdsourcing the fine tuning of their FR algorithms. I do believe this is insidious.  Phacebook talks about removing tags but by default it still retains the associations created by tagging between your name and biometric template information it has extracted from the images. There is nothing in its Privacy Policy about template information.  It took me some digging to find that special steps are required to request the templates (which they sotthingly call “summary information”) to be removed; see https://www.facebook.com/help/?faq=225110000848463.

    The biometric associations is very personal information; in Australia at least there is impending law reform that would make biometric data “Senstive Information” meaning there ineeds to be express consent prior to collection.  That is, removing tags later would not be enough; you wouldn’t be allowed to tag without asking permission first.

    I assume from his tone that Berin would object to this legislative interference in Phacebook’s right to compile biometric libraries.  I guess he would argue that any educated, aware and proactive individual is able to exercise their rights to ask them to stop.  My position is different, and includes such considerations as (a) not everyone is lucky enough to be so aware and capable, (b) the informopolies have a track record of exploiting their members’ ignorance, (c) the default should be to not presume that everyone is OK with surreptitious collection of biometric data, and (d) I am not at all happy with the capability that Phacebook is developing to automatically and covertly identify people amongst the billions of images gifted to its treasure trove.

    Stephen Wilson, Lockstep, http://lockstep.com.au.

  • Pingback: Facebook's Photo Tagging Auto-Suggestion Feature: Another Silly … - Magazine-News - Magazine-News

  • Jim Harper

    Beyond your opinion, shared by many, that this is somehow “insidious,” can you identify a concrete harm from this? Something that actually affects people’s lives? (Something non-circular, i.e. not just the feeling that one is being subjected to something “insidious.”) What is the objectively measurable injury?

    Or even, without showing harm, does this upset some settled custom regarding how biometric information is used? Though most people don’t think about it articulately, I think most people also know intuitively that the photons bouncing of them come to rest in the retinae and camera lenses of others, ultimately creating patterns (algorithms, if you will) that will identify them. Does some automation of that process upset the apple cart? (If so, why, then, does photography pass muster? It, after all, automates the collection and storage of biometrics—cough, cough, “sensitive information.”)

    I’m still not totally decided and regret Kashmir Hill’s characterization of Berin’s post as the opinion of the entire TLF, but the opponents of this will have to come up with something more than outrage to show that there is a problem here.

  • Pingback: Facebook Facial Recognition: Can We Please Save The Outrage For Real Privacy Violations? | BeeHiveTech.com

  • Anonymous

    The issue comes from the ambiguous nature of the terms “face recognition” that hide at least four different technologies.u00a0nFace detection is what your digital camera does, and face matching is what FB does on pictures.Manual face identification is what you do on the pictures you tag.Automatic face identification is what happens when FB suggests a tag.u00a0Implementation of automatic face identification has a profound meaning: facebook is implementing a face recognition search engine.The privacy implications of this are easy understandable (and understood, as Eric Schmidt has recently aknowledged) even if not immediately tangible to the single FB user, nor — I am afraid — to Berin.nnHaving a face recognition search engine puts FB in the position to be technically able to select all pictures where a given person (or face) is present: for this reason it will have to respond to authorities asking for pictorial data of a given person or to identify people in a given picture.u00a0nFill the dots and, since there is no opt-out from your face, you have the perfect tool foru00a0biometric identification.nnNo surprise Google has developed the same technologies but decided not to market them.nn[See more on that here:u00a0http://tagmenot.info/content/face-recognition-and-privacy ]nnAC

  • http://techliberation.com/author/berinszoka/ Berin Szoka

    Thanks for the thoughtful explanation. u00a0I actually share your concern, but my response would be to return to the Fourth Amendment: Government should not be able to access such pictorial data without establishing probably cause sufficient to justify to a judge that a warrant should issue.

  • http://twitter.com/Steve_Lockstep Stephen Wilson

    As you would know Jim, there is an ongoing debate about whether harm should be a necessary part of defining a privacy invasion. The debate is not settled.u00a0 I understand your apparent position that a privacy invasion must involve harm, but it is not a universal one, and you don’t win an argument merely appealing to it. nnHave you seen Ryan Calo’s treatment of the harm test in privacy?u00a0 It’s summarised here … nnhttp://blogs.wsj.com/digits/2010/08/26/qa-how-do-you-define-privacy-harmnnEuropean style privacy principles are more ‘principled’ than ‘pragmatic’, and my experience and leanings are in the European mode. So I don’t easily win an argument on that basis either, but I’ll go on and flesh out my concerns. The fact is — whether you agree with the underpinning philosophy or not — the handling of Personal Information (PI) in Europe, Australia and like jurisdictions is regulated.u00a0 The rest of my discussion relates to these sorts of jurisdictions.u00a0 A lot of what Facebook is doing with photos may breach their laws.u00a0 nnA business is not allowed to collect PI without consent or good cause, and they are not allowed to put PI once collected to arbitrary secondary purposes, without consent or some other sanctioned exception.u00a0 The definition of PI is straightforward: any information about someone where their identity is apparent is PI.u00a0 It’s a very clean legal framework, though it leans of course towards a low threshold for breaches.u00a0 Photos of strangers are not PI. Tagged photos are PI. If someone renders a photo identifiable, then the holder of that photographic data is suddenly in possession of (has collected) PI, and the person in the photo to whom the PI relates has a legal right to be informed of the collection, especiallywhen the collection is done indirectly, as is the case when a third party does the tagging.u00a0 nnNow, Facebook does alert members the instant they’ve been tagged, and that’s a good thing.u00a0 nnBut more subtle questions arise.u00a0 If Alice is informed by Facebook that she has been tagged, she can ask for the tag to be removed.u00a0 On its face that’s good, but Facebook is classically slippery on the details.u00a0 They are not at all clear about this in their Privacy Policy, but I found out by asking that there is a deeper level of “summary information” (the biometric templates) about names and photos. It seems clear that asking that a tag be removed does not cause the template to be deleted, because that’s subject to a separate request.u00a0 Instead, Facebook retains the tempalte afer the visible tag is removed, and does not disclose what it might do with it. nnThere is an impending legal technicality that will hit Facebook hard in Australia, namely law reforms that will treat biometric templates as Sensitive Information, a special class of PI that carries extra obligations.u00a0 In particular, while indirect collection of regular PI is usually permitted if the collector makes reasonable efforts to inform the subject after the fact, with Sensitive Information consent is required prior to collection.u00a0 So whether you like the law or not, the fact is that photo tagging by third parties will not be permitted without prior consent.u00a0 nnYour musings about photons and retinas are, at law, technically irrelevant.u00a0 It is not a “custom” that is being upset, it is a future Australian law that would be breached.u00a0 But I am happy to also tackle the theme of your argument about facial recognition by people vs computers.u00a0 People watching other people in public is not regulated (the sort of Information Privacy Law that I’ve been referring to does not apply to individuals, only governments and corporations).u00a0 But apart from that, the qualitiative difference between people watching people and computers recognising people relates to record keeping.u00a0 Automation absolutely makes a huge difference; how could it not?u00a0 A tourist might take a snapshot of a busy city square and file it away in their photo album, the scores of faces remaining unknown and unknowable forever.u00a0 But give that image to Facebook and they will be run it against their templates and populate it with covert naming labels. nnAnd then they will make connections.u00a0 I am not being paranoid about this — making connections is Facebook’s lifeblood.u00a0 Once they recognise that two different people were in the same place at the same time, they will treat this exactly the same as when two people are in the same address book of a third party: they will make introductions. I don’t want to be asked to befriend someone just because we were both spotted hanging around the Guggenheim. nnBack to harm, and to pick up on one of Ryan Calo’s themes, what if a government agency was processing “public” images it acquired from Internet pages, and automatically attaching names to the faces it could recognise?u00a0 Would civil libetarians apply a harm test or would they object on ‘first principles’?u00a0 I think the latter. nnFinally, I am myself comfortable predicting the prospects of harm arising from Facebook’s facial recognition, and protesting on grounds that it is only a matter of time before the harms eventuate.u00a0 These sorts of companies have a stark track record of commercially exploiting Personal Information.u00a0 The temptation will arise for FB to disclose names of people matched via facial recognition to businesses (the hotels they’re staying at, the airlines they’re checking into, the hire cars they;re driving, the notebooks they’re using), tourist attractions, employers and so on.u00a0 We could see this information used by competitors, head hunters, marketing companies, private detectives and so on.u00a0 I don’t trust Facebook not to exploit this information, especially when their Privacy Policy is totally silent on secondary use of photo templates, and isn’t even clear about tags versus templates.u00a0 nnPersonal Information is gold in the digital economy.u00a0 Facebook make Personal Information. They’re printing money. And sooner or later, that is going to have to regulated. n

  • desbest

    Is Facebook going to sell their face detection database to the CCTV companies? No. So I don’t see what all the fuss is about. If you don’t like it, you can turn it off. You also get notified when you get tagged in photos, so what are the privacy issues?

  • Anonymous

    Try to visit http://www.facebookphotoeditor.comnThat‘s my favorite photo editor for facebook..

  • Karlca1990

    I agree with the article. People like to whine over nothing!

  • Karlca1990

    I agree with the article. People like to whine over nothing!

  • Karlca1990

    I agree with the article. People like to whine over nothing!

  • Pingback: Benefactor » Blog Archive » Tag on pictures

Previous post:

Next post: