In the past year, with the continuous deepening of the face recognition landing scene, the incident of "not brushing your face and not going home" has been exposed in many places and has been controversial. In July this year, the Supreme People's Court issued the Provisions on Several Issues Concerning the Application of Law in the Trial of Civil Cases Involving the Use of Face Recognition Technology to Handle Personal Information, which regulates the application of face recognition and explicitly says "no" to compulsory face brushing. After the document was issued, was the chaos of forced face brushing curbed? Has the dilemma of "rubbing" the face home been solved?
On December 17, the "2021 Woodpecker Data Governance Forum" hosted by the Nandu Personal Information Protection Research Center was held in Beijing. At the meeting, the Nandu Artificial Intelligence Ethics Research Group released the "Face Recognition Application Scenario Compliance Report (2021)" (hereinafter referred to as the "Report"), which made field investigations on whether the community access control system compulsorily uses face recognition, whether it clearly informs the rules for processing face information, how to store and delete it, and other issues.
In a survey of ten residential areas in Beijing that installed face recognition access control, it was found that although the document explicitly prohibited it, forced face brushing is still widespread in Beijing. Six of the ten neighborhoods measured forced residents to enter faces in different forms.
In some communities, although the device is a "face brush card all-in-one machine", the swipe area is useless. The evaluation team learned from the security and property offices of each community that some of the six compulsory face brushing communities could not work; some swipe areas were artificially covered; some could still swipe cards, but after installing face recognition, they no longer applied for access control cards for new residents; some did not provide access control cards to tenants. The report argues that these practices constitute "coercion" for all or part of the residents of the community.
The access control card swiping area of the No. 6 courtyard of Anxin Road in Beijing was covered
In addition, the measured community has a big problem in collecting the "notification" of face information. The process of face recognition access control in the ten communities in this evaluation is relatively simple, generally only need "ID card + real estate certificate" or "ID card + rental agreement", do not require residents to sign any written authorization consent, and will not take the initiative to clearly indicate the rules for processing face information or the purpose, method, scope, etc. of processing.
How is the face information of residents stored and stored? On these issues of public concern, the community practices are mixed. Some communities clearly exist locally, and some communities cooperate with third-party apps to upload face photos to the cloud. However, there are also some residential properties that are not clear about where face information is stored. For example, the property owner of No. 6 Anxin Road said it was "unclear whether the equipment provider could see the face data." Huajiadi Xili Community also uses third-party equipment, and the property said that "the specific existence is not clear".
In terms of face information deletion, the report shows that the measured community can contact the property to request the deletion of face information, but it is different for tenants. Some will automatically delete the tenant's information after expiration according to the duration of the rental contract. Some communities will not take the initiative to delete, and need to contact the property to delete when residents move out of the community. In two communities where a third-party App or Mini Program must be bound, residents also need to contact the customer service of the App or Mini Program to cancel their accounts, and their personal information will be deleted.
In addition, the evaluation found that most communities do not promise residents to be responsible for the security risks that occur due to face recognition. In the "Taijia Community Military-Civilian Terminal" mini program associated with the access control of a community, it even states a disclaimer clause - "You understand and agree to any intrusion due to computer hacking, computer virus intrusion... Our operators shall not be liable for the leakage, loss, theft or alteration of your personal information caused by force majeure that affects the normal operation of the network."
The report believes that after the Supreme People's Court issued regulations on face recognition access control, the phenomenon of forced face brushing is still very prominent, and there are widespread non-compliances of different degrees. Moreover, such a phenomenon not only exists in the residential property, the evaluation found that some office building properties also force employees of different companies in the building to brush their faces to enter, and there are obvious loopholes in the process of storing, using, deleting and other processes of face information, for example, some office buildings will not actively delete their face information after employees leave their jobs, and there may be a risk of sensitive personal information leakage.
Wen/Nandu Artificial Intelligence Ethics Research Group researcher Hu Gengshuo
![Fined 100,000 for taking 430,000 photos of faces without authorization? Xiaopeng Motors responded[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)