November 30, 2023
Biometric privacy is a topic of vital importance to Alcatraz AI, as safeguarding individuals' biometric data is fundamental to our commitment to creating secured spaces in an increasingly connected and technologically advanced world. As the adoption of biometric solutions has grown significantly in recent years, so has the integration of artificial intelligence. AI has enhanced these technologies' overall effectiveness and user-friendliness in safeguarding the privacy of individuals who rely on them for heightened security and seamless access.
As part of our ongoing commitment to advancing the conversation around biometric privacy and artificial intelligence, Alcatraz AI was honored to interview Jake Parker, the Senior Director for Government Relations at the Security Industry Association (SIA). Parker is working to educate local, state, national, and international lawmakers to better understand the deployed technologies and how they benefit end users and businesses while overcoming common misconceptions.
Parker brings robust experience earned in the U.S. House of Representatives as Legislative Director to former U.S. Congressman Tom Latham of Iowa. In that role, Jake saw effective advocacy by Industry groups from the other side of the table and now leverages that experience to benefit the Security Industry with the SIA. He chose to work with SIA due to the overall mission of the Security Industry to protect the lives of people and their property. Jake was kind enough to speak with us and share his perspective on biometric privacy and artificial intelligence.
SIA recently published an excellent Guide to US Biometric Privacy Laws that you helped author, which is an excellent resource for anyone inside or outside of the Security Industry to understand the current landscape for the US. Do you see the push for more state biometric privacy laws gaining or losing momentum?
The trend has moved to more states enacting comprehensive data privacy laws that include biometrics instead of specific biometric privacy laws. Since California passed the California Consumer Privacy Act (CCPA), more states have followed, including the Virginia Consumer Data Protection Act (CDPA), which other states see as an influential act. This trend holds for both “Red States” and “Blue States,” as Texas and Florida followed behind Virginia, which was blue when the law passed.
The idea of a federal data privacy law is a serious prospect, and I feel it would be better to have one federal standard, but currently, the House and Senate are not close to an agreement. There is some bi-partisan agreement in the Energy and Commerce Committee in the House, which would be a completely different framework than what the states recently passed, which would supersede those laws. I hope that in 2024, more states will join the group of 13 that have enacted comprehensive laws already, which could help drive momentum for action on a similar federal law.
There is a consensus that lawmakers did not consult industry or technology groups during the debate and eventual passage of Illinois’s Biometric Information Privacy Act (BIPA). Since then, technology has continued to advance and can better address the privacy concerns BIPA aimed to protect. Are there ongoing efforts to amend BIPA, and do Representatives actively engage with advocacy groups like yours during the process?
There is a significant movement of business in Illinois through the Chicago Chamber of Commerce and the greater Illinois Chamber of Commerce to reform BIPA, which has convinced more legislature members to be on board with that idea. Last year, the Illinois Senate Pro Tempore sponsored a BIPA reform bill with several proposed amendments that would blunt the negative impact on the business community of the “sue and settle” environment created under BIPA, disassociated from actual privacy harms. A bipartisan agreement was almost reached on a critical tenant to reduce and cap the penalties per violation to eliminate the enormous judgments that BIPA now allows. The reform bill, of course, was fought by the trial lawyers and other special interests, which insisted that such reforms only apply to cases in the future, which would not grandfather in any current cases, and that is where the reform momentum broke down.
The most important thing we advocate for the security industry is an exemption from the bill’s requirements for security solutions, which would require some critical types of security systems to function effectively. Such exemptions are a feature of many other data privacy laws. At SIA, we support the reform effort in Illinois, but more importantly, no BIPA-type laws get replicated elsewhere. For example, SIA successfully worked with banking, retail, and other business interests in Maryland to help advocate for a proposed privacy law that was not as onerous as BIPA.
What areas or topics are legislation conversations currently focused on, and how can companies like Alcatraz AI help SIA in its advocacy?
The focus seems to be shifting from privacy to artificial intelligence (AI) related legislation, which feels like the current “hot topic,” and D.C. policy representatives have varying opinions. We think it is an important topic on the horizon. In 2024, we may start to see regulatory measures modeled after the European Union’s AI Act. Momentum seems to be at the state level, and some attention is given at the federal level. California will consider a measure on automated decision-making systems, which could significantly impact different stakeholders, an effort intended to regulate AI.
SIA seeks to work with Alcatraz AI and other California-based companies so that we can be advocates for common sense policies on technology contemplated in the legislature, not only as experts in the field but also as impacted constituents that provide jobs and grow the state’s economy. Some states have legislative sessions as short as 60 days, so a lot can happen quickly. We work with SIA members in all 50 states to help advocate and represent the industry’s impact locally and nationally.
One anecdote on this was how Virginia enacted a ban on facial recognition by law enforcement in only a few days and little notice, which did not allow the law enforcement community or other stakeholders a chance to meet with the legislature before the law passed regarding the impact on criminal investigations. In the next Virginia legislative session in 2022, the law enforcement community worked with the legislature and agreed to amend the law with strict regulatory measures that govern the use of facial recognition without an outright ban on the technology.
In the AI debate, there is a risk that the focus is regulating technology based on how the technology works rather than on the use case. With privacy, you can always have policies that mitigate privacy concerns in implementing technology. Still, if there are blanket limits on how the technology actually works, that is difficult to overcome.
In the early stages of AI regulatory discussions by the European Union, some advocated deeming most applications of face biometrics as an 'unacceptable risk' technology and pushed to outlaw the use of real-time biometrics. Fortunately, advocacy groups have been making progress in recommending regulatory steps that would provide safeguards in law enforcement for biometric products that could eliminate an outright ban.
Currently, SIA is working with Euralarm, ASIS International, and IBIA to advocate for preserving beneficial uses of security technologies while considering these laws. We are also working with facial biometric providers headquartered in the EU or with a significant European presence to expand our reach.
Alcatraz AI uses Specialized AI tools, such as Computer Vision, to recognize human faces in the video and determine the person’s intent to enter a door, as well as Machine Learning to continuously improve the accuracy of our Digital Profiles to account for changes in people’s appearance over time. With the recent attention on AI, much of the focus is on Generative AI (which Alcatraz does not do). How do Alcatraz AI and other facial biometric providers proactively address the AI regulations that do not focus on each category of AI?
It’s incumbent on us to explain our Industry’s use cases for AI technology, which is not exactly new, even though the media attention is relatively new. SIA has been working on industry-specific messaging documents and initiatives to explain the benefits of facial biometrics regarding access control to highlight the virtues of improved security and user experience via products like the Alcatraz Rock.
Today, at the policy level, I haven’t encountered people concerned about biometric authentication products in Access Control, which is good. Concerns typically center around surveillance, especially by law enforcement. SIA was instrumental in exempting biometric systems for access control from a temporary ban imposed on facial recognition by the City of Baltimore in effect from 2021-2022.
What is your favorite feature of the Alcatraz Rock?
I'm really impressed by the modern design and how cool the Rock looks. I like that Alcatraz AI is focused on taking biometric privacy seriously and providing robust guidance to its customers. It is also committed to the ethical use of AI.