One of my former students has an excellent Op-ed in The NY Times.

Hoorah!

Defenders of this technology will say that no one has a legitimate expectation of privacy in public. But as surveillance technology improves, the distinction between public spaces and private spaces becomes less meaningful. There is a vast difference between a law enforcement officer’s sifting through thousands of hours of video footage in search of a person of interest, and his using software to instantly locate that person anywhere, at any time.

A person in public may have no reasonable expectation of privacy at any given moment, but he certainly has a reasonable expectation that the totality of his movements will not be effortlessly tracked and analyzed by law enforcement without probable cause. Such tracking, as the federal appellate judge Douglas H. Ginsburg once ruled, impermissibly “reveals an intimate picture of the subject’s life that he expects no one to have — short perhaps of his wife.”

Before the advent of these new technologies, time and effort created effective barriers to surveillance abuse. But those barriers are now being removed. They must be rebuilt in the law.

Two policies are necessary. First, facial-recognition databases should be populated only with images of known terrorists and convicted felons. Driver’s license photos and other images of “ordinary” people should never be included in a facial-recognition database without the knowledge and consent of the public.

Second, access to databases should be limited and monitored. Officers should be given access only after a court grants a warrant. The access should be tracked and audited. The authorities should have to publicly report what databases are being mined and provide aggregate numbers on how often they are used.

We cannot leave it to law enforcement agencies to determine, behind closed doors, how these databases are used. With the right safeguards, facial-recognition technology can be employed effectively without sacrificing essential liberties.