ST Louis, on the night of Sept. 16, a clerk in a 24-hour frenzy motelmart swung a switch behind the counter.
Electromagnetic locks close the door. The window sign, which is now red in color, warned of “facial recognition technology in use” and directed customers to “look at the camera.”
This latest weeknight, the woman who wanted a cigarette was locked up. Confused at first, she quickly realized that she needed to remove her medical mask. After scanning the image of her uninhibited face to a store computer, and scanning the company’s photo archives of former customers convicted of shop-related offenses, the doors opened.
Just a few miles away, across the Missouri State Line in Illinois, such screening is against the law under the country’s stringent privacy laws. Private companies must obtain written consent before collecting facial images or any biometric identification – fingerprints, palms, eyes and voice.
Contrast speaks of America’s digital privacy divide. On the one hand, Illinois, two other states, and several US cities currently require approval for public disclosure or biometric screening. On the other hand, there are parts of the rest of the country, including Missouri, where private sector uses are large and unregulated.
Illinois law prohibits private sector companies and organizations from collecting biometric data from unexpected citizens in the state or online, no matter where the business is located. Data cannot be sold, transferred or traded. Unlike any other state, citizens can sue for alleged violations, which sparked hundreds of David and Goliath legal battles against some of the world’s strongest companies.
A lbl review of nearly 750 personal and class-action suits filed in Illinois since 2015 found extensive evidence that private companies collect, tag, and classify biometric data collected from millions of unexpected Americans, without disclosure or consent. Most lawsuits have been filed since 2019, when the Illinois Supreme Court ruled in a bombshell ruling that plaintiffs did not have to show harm to collect damages.
Privacy advocates warn that the rapid, often unverified development of such tracking technologies exceeds existing laws in most states, making individuals vulnerable to identity theft, invasion of privacy and discriminatory practices. Unlike a credit card or driver’s license, an individual’s biometric data is unique and cannot be changed or changed.
St. Louis police detective Thomas Sawyer said the Motomart system is designed to protect privacy with tamper-proof software that prohibits the import or export of biometric data from any outside source. He co-founded Blue Line Technology, LLC, which created the store’s face recognition system, with a group of former and active law enforcement officers.
“We want people to know that they are watching,” he said. “That’s why we have signs and flashing light.”
Court documents show that many companies use biometric systems to track the performance of employees and students or monitor customers to develop marketing and sales strategies. The suits explain how companies or organizations used the amusement park visitor’s fingerprint database, including children, to look for signs of ticket fraud; Typing cadence has been examined for eye movements and signs of cheating by college students; And supervised employee interactions – with whom and how long they spoke – and the frequency of their bathroom breaks.
There are also cases pending against global web-based giants, including Amazon.com Inc (AMZN.O), Apple Inc. (AAPL.O) And Google of Alphabet Inc. (GOOGL.O), As well as brick and mortar corporations such as McDonald’s Corp. (MCD.N). According to the suit, the food chain is accused of recording the voices of some drive-thru customers to track purchase patterns. Complaints against four companies are pending. All four declined to comment.
In court papers, Amazon, Apple and Google denied any violation of Illinois law, providing privacy disclosure to all users. In court filings, McDonald’s disputed the allegations against the company and asserted that voice data was used for training purposes and “not to identify individual speakers.”
If a company is found to be in violation of Illinois law, citizens can collect civil penalties for each violation, including the number of people affected and up to a total of $ 5,000 from the days involved. No state regulatory body is involved in enforcement.
Some companies have chosen staggering settlements. Facebook settled for $ 650 million last year after allegations that social media giants collected millions of face photos without proper consent. Earlier this year, Tic Tac’s China-based parent Bite Dance paid $ 92, including similar charges. Neither company has pleaded guilty and did not respond to lbl requests for comment.
Half of the pending suits involve regional or local companies. Jack LaVine, chief executive officer and president of the Chicagoland Chamber of Commerce, said the court’s verdict or remedy – even infringements that do not cause measurable harm – could result in a financial slowdown and dismissal.
“Illinois law is armed,” he said. “This has created a good industry for litigation companies.”
The US Chamber of Commerce Institute for Law Reform labeled Illinois a “hole of judicial hell.”
Typing in the grocery store
This seems like an idea emerging from science fiction: using a fingerprint scanner to buy groceries. But in 2008, the California company headed to Illinois with such a futuristic online marketing pitch: “Imagine this. At checkout, you put your finger on a small scanner. You immediately see a list of your payment accounts, checking your account, credit or debit card … no cards, No checks, no cash – or hassle. ”
After the buyers signed, the company declared bankruptcy. Court filings revealed that the company plans to liquidate its inventory, including the fingerprint database, to outside companies.
The Illinois Chapter of the American Civil Liberties Union stepped in and sponsored the Illinois Biometric Information and Privacy Act, or BIPA’s own legislation. The California company’s fingerprint database has been destroyed.
“We’re not trying to ban technology,” said Ed Yonka, a spokesman. “We want to put protections in place to regulate, manage, inform and consent.”
Only two other states currently enact comprehensive biometric privacy laws. Texas and Washington regulate compliance through a government agency like the Attorney General, a lbl review of state records shows. However, the laws of both states are generally considered weaker than those issued by Illinois privacy lawyers; If violations are found, agencies will seek voluntary reform. California will enact more comprehensive privacy protection in 2022, limiting how it collects data and creating a new state regulatory body focused on consumer privacy laws.
Meanwhile, pro-business groups are fighting to modify Illinois law.
In January, the Chicago Chamber of Commerce sponsored legislation to soften financial penalties and eliminate the right of citizens to sue, known in the language of the law as a “private right of action.” The measure failed due to lack of support.
“We can do all kinds of things with this.”
Missouri was the first store in the country to install a surveillance lock-out device created by the MotoMart Blue Line. The firm represents one of America’s tens of thousands of new companies that are struggling to gain prominence in the face recognition industry, focusing on small businesses with tight budgets.
The Blue Line was launched in 2015 after Sawyer met his friend Marcos Silva, who works as a St. Louis police detective.
“Do you want to see something in my garage?” Sawyer recalled hearing Silva.
Silva demonstrated the prototype for the face recognition program. Sawyer blurted out, “We can do all sorts of things with this!”
Today, Blue Line operates about 50 systems, each valued at $ 10,000, at convenience stores and gas stations in 12 states. A private Catholic high school in suburban St. Louis uses the Blue Line system to verify students’ identities before entering the building.
But the Blue Line is facing a regulatory landscape of change. The Portland store dropped its system after the city council voted to ban the private sector’s use of face recognition earlier this year. The ban does not apply to government or law enforcement.
Tens of cities are now weighing new biometric restrictions. New York City has drafted its new privacy law later this year in Illinois; Businesses need to disclose publicly and prominently when using biometric systems.
Cities must “pause to allow biometric technologies as long as the law requires public transparency and corporate accountability,” said Alan Butler, executive director of the Wash. DC-based Electronic Privacy Information Center.
Without legal protections, real-time face recognition systems such as those developed by Blue Line represent a “systemic threat to privacy,” he said.
But Sawyer said he has proof that the Blue Line program works. He showed lbl a six-second video from July 2018 at the AM / PM Convenience Store in Yakima, Washington.
At 1:20 pm, two youths wearing a ski mask rushed to the front door of the store. Both were found holding gloves under dark clothing. A man pulled the door handle, locked by the Blue Line system. They both turned and ran.
The store’s owner, Kush Hans, said a mask-wearing gangster in 2017 set up a Blue Line system after fatally hitting a 25-year-old clerk, family relatives.
Because facial recognition was implemented, there were no robberies, he said.