It was discovered last month that a South Korean government project has been providing millions of facial images taken at Incheon International Airport to private industry without the consent of those photographed. Several civic groups called this a “shocking human rights disaster” in a 9 Nov press conference, and formally requested that the project be cancelled. In response, the government has only promised that “the project would be conducted at a minimum level to ensure personal information is not abused”. These groups are now planning a lawsuit to challenge the project.
Facial information and other biometric data aren’t easily altered and are unique to the individuals concerned. If this data were to be leaked, it would constitute a devastating infringement upon their privacy. It’s unheard of for state organizations — whose duty it is to manage and control facial recognition technology — to hand over biometric information collected for public purposes to a private-sector company for the development of technology.
The program itself wasn’t secret, and had been publicly announced back in 2019. But the project’s scope and implementation weren’t made clear until a lawmaker recently requested documents on the project from the responsible government agencies. The system, called the Artificial Intelligence and Tracking System Construction Project, was a pilot program set to run until 2022. Its goals were to simplify the security and immigration screening of passengers, improve airport security, and to promote the local AI industry in South Korea. If the project proves successful, the plan is to expand it to other airports and ports in the country.
Current systems at the airport do one-to-one facial recognition. For example, they try to determine whether the face of the person presenting a passport matches the photo in the passport. The goal of this new project was to develop one-to-many matching algorithms, which can match one face against the plethora of faces in an airport, track the movement of a face within the airport, and flag “suspicious” activities which could be a security concern.
The groups protesting the project note that the collection and sharing of these images without the travelers’ consent is prohibited by the Personal Information Protection Act, the South Korean law which governs such things. Under this act, a project like this would ordinarily require consent of the participants. But the government’s interpretation relies on an exception in the act, specifically, Article 15 Section 3, which states:
A personal information controller may use personal information without the consent of a data subject within the scope reasonably related to the initial purpose of the collection
Basically they are saying that since the images were collected at the security and immigration checkpoints, and that the project will be using them to improve the security and immigration checkpoints, no consent is required.
- Foreigners: 120 million individuals, face image, nationality, gender, age
- Korean citizens: 57.6 million individuals, face image, nationality, gender, age
- Other: unknown number of individuals, images and videos of atypical behavior and travelers in motion
The breakdown of the numbers above reveals that 57 million Korean citizens are in the data set, a bit surprising to many since the collection of biometric data on Korean citizens at immigration is prohibited by law. The project circumvented this by only collecting data from citizens who participate in the automated Smart Entry service, a voluntary program which uses fingerprints and facial recognition. It’s interesting to note that the number of passengers using Incheon airport since May 2019 (the program was announced 30 Apr 2019) is only 62 million, so the average passenger appears approximately three times in the data set.
Are there any similar programs in your region? How do they handle the issue of consent, if at all? Let us know in the comments below.
[Banner image: “Customer uses facial recognition as identification at TSA security checkpoint” by DeltaNewsHub, CC BY 2.0 — Yes, it’s from another country with similar problems, but much less public outcry. Discuss in the comments!]