Face matching has moved from controlled environments (border posts, secure buildings, phone unlocking) to ambient infrastructure. The technical step that made the move possible was the development of systems that work on faces in everyday photographs (with varied lighting, partial visibility, and ordinary expressions) and on databases assembled without permission from publicly available images.
The most consequential of these databases were built by scraping social media and the open web. A face that appeared in a photograph posted anywhere online could be added to a reference set against which any subsequent image could be searched. The result was the ability, in principle, to identify any person whose face had been photographed and posted in any context across the previous twenty years.
The systems are used by some law enforcement agencies, by some commercial operators (retail security, event security, insurance investigation), and by some private intelligence firms. Their use varies by jurisdiction; in some it is constrained or prohibited, in others permitted, in others unregulated. The constraints, where they exist, tend to be on the use rather than on the existence of the underlying database.
For a private individual, the implication is that any photograph in which their face was clearly visible (a wedding, a charity gala, a news article, a school yearbook, an old social media post) is potentially in a reference set against which future images can be matched. A photograph taken of them today, by anyone, may be linked to the older record without any further action on their part.
· · ·
The picture in the reference set may be inaccurate, mismatched, or attached to the wrong identity. The corrections are difficult and slow. The principle has been established that the face is, in effect, an identifier that the person has not opted into and cannot easily withdraw.
The desk reads the present situation with respect to face matching as one of widening application and uncertain regulation. It works with clients on what their photographic exposure presently is, and on what can practically be done to limit further additions to the record. It does not offer assurances about removal from databases the desk does not control.
The desk reads identity exposure of this kind as a recurring concern for the clients it works with, and considers what is presently addressable.
More from the desk
The vehicle registration trail
The private property and the foreign register
The identifier that survives a name change
Why what can be found is always underestimated
The recovery flow, and its quiet weaknesses
When a jurisdiction changes, what becomes visible