Is Facebook sharing your face with the cops?

What is Facebook doing with all those photos you upload? Is it sharing them with law enforcement? Is it helping the secret police in foreign countries locate and imprison dissidents? Are you taking part in a police lineup and you don’t even know it?

As Silicon Valley quivers in anticipation of a likely Facebook IPO, those are the questions on my mind. So I went in search of answers.

But first, some backstory.

In December, the New York Observer’s Adrianne Jeffries wrote a brilliant piece about how banks are looking at social media profiles to determine whether people qualify for loans (which I blogged about here). As part of her research, she contacted Columbia law professor Eben Moglin Moglen, a privacy purist, to say the least. (He makes me look like Mark Zuckerberg.)

Instead of answering her questions, Moglen took the young reporter to the woodshed for contributing to everyone else’s loss of privacy by maintaining a Facebook account. Jeffries blogged about her tongue lashing here.

One of the things Moglen said has been bouncing around in my head ever since. It was about Facebook’s facial recognition technology, which automatically scans photos you upload and suggests tags if it recognizes friends of yours in the picture.

I’m not the biggest fan of this feature, though in my opinion the real problem is how Facebook allows other people to tag you without your permission. But Moglen says Facebook’s face recognition is far more evil than that:

Facebook now acknowledges what we said for a long time and they didn't acknowledge, that every single photograph uploaded to Facebook is put through facial recognition software they call PhotoDNA which is used to find people for whom any law enforcement agency in the world is looking. You understand? So every time you upload a photograph to Facebook or put one on Twitter for that matter you are now ratting out anybody in that frame to any police agency in the world that’s looking for them.

To me, it sounds like Moglen is talking about the technology Facebook uses to identify child pornography and prevent it from being uploaded. But Moglen seems to believe Facebook is using its technology to identify photos of known criminals, and then cooperating with the police in their capture.

A colleague, the lovely and talented Sarah Downey of privacy software provider Abine Inc, asked Moglen where he got this information. He pointed her to an article in The Daily Beast posted last October by Alan Dodds Frank, who quotes Facebook security chief Joe Sullivan thusly.

… when contacted by The Daily Beast. Joe Sullivan, the company’s chief of security, said Facebook’s security software constantly searches the site’s pages for evidence of sexual predators and child abusers. Every picture uploaded by Facebook users is run through a program called “Photo DNA,”  he said, to look for possible matches with offenders. The company saves the data, he said, and makes referrals to law-enforcement agencies.

The company concedes that it is under attack from offenders all the time. When an offender is “trying to target someone on Facebook, that person is going to lie about their name or age or both…our systems are designed to prevent that kind of abuse,” said Sullivan. “When someone is creating a fake account on Facebook to try and solicit 15-year-old females…they are going to send all their ‘friend’ requests to 15-year-old girls. That is going to be caught in our filters. It is going to be flagged and their accounts are going to be disabled.”

Sullivan’s explanation – or at least Frank’s account of their conversation – is disturbingly vague. Does PhotoDNA work the way Facebook originally said it does – to identify known child porn images -- or is it being used for more sinister purposes?

I asked Facebook. A spokesperson had this to say via email:

PhotoDNA is not photo recognition software-- it simply fingerprints an image and recognizes if that exact image is being shared again. We use the technology to detect the re-sharing of a known image. We review new images uploaded through the tool, but that tool will only tell us whether the image is an already previously identified image of child exploitation.  It does not have the ability to look for identities in the image and compare them to known individuals.

Tag Suggestions attempts to match the images in the photos you upload to the images of your close friends on Facebook so that it is easier for you to tag someone, but that does not run against all uploaded photos, only makes suggestions for tags (and the person using Facebook chooses whether to tag or not), and any user can turn off tag suggest for their profile/account.

In other words, Moglen apparently conflated two entirely separate technologies (which is what I suspected all along) and got a little overexcited by it.

I asked Moglen via email if he had any other evidence Facebook was using photo recognition in secret ways. At blogtime I was still awaiting a response and/or a verbal whipping about how I shouldn’t use Facebook, ever.

[UPDATE: Moglen responds here.]

It’s no secret – at least, it shouldn’t be – that anything you make public on Facebook is also accessible by the authorities, which can and do troll social networks looking for bad guys and can lead to you getting arrested. But scanning all of your photos as they’re uploaded and sharing that with the cops? Even Facebook knows what a bad idea that would be.

Got a question about privacy and/or social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter:@tynan_on_tech. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.