News

ACLU Report Pokes Holes in Microsoft's Facial Recognition Stance

Microsoft is not wholly opposed to selling its facial recognition solutions to at least one U.S. federal agency, according to a report that was published less than a week after Microsoft publicly called for more oversight around the use of such technologies by police departments.

The American Civil Liberties Union (ACLU) on Wednesday published e-mails between Microsoft and the U.S. Drug Enforcement Administration (DEA) that indicated that Microsoft has been actively trying to sell its biometric and facial recognition technology to the DEA over the past two years. The ACLU's exposé, described in this announcement, comes as the result of a discovery process associated with a lawsuit filed in 2019.

The correspondence between Microsoft and the DEA was published six days after Brad Smith, Microsoft's president, declared that Microsoft would make selling facial recognition technology to U.S. police agencies contingent upon there being a national law in place that's "grounded in human rights." Microsoft's position had followed similar positions taken recently by Amazon and IBM on the selling of facial recognition technology.

Fed Sales Not Excluded
Microsoft hasn't ruled out selling the technology to other federal agencies, though, noted Nathan Freed Wessler, a senior staff attorney with the ACLU's Speech, Privacy and Technology Project, per the ACLU announcement:

Even after belatedly promising not to sell face surveillance tech to police last week, Microsoft has refused to say whether it would sell the technology to federal agencies like the DEA. It is troubling enough to learn that Microsoft tried to sell a dangerous technology to the U.S. Drug Enforcement Administration given that agency's record spearheading the racist drug war, and even more disturbing now that Attorney General Bill Barr has reportedly expanded this very agency's surveillance authorities, which could be abused to spy on people protesting police brutality.

Other companies were trying to get DEA surveillance contracts, as well. For instance, Agintio's speaker identification solution was under consideration, as well as Batvox's voice biometrics tool, according to the DEA correspondence.

The e-mails between DEA officials and Microsoft representatives (PDF download) appear with most of the names redacted, and span the period between September 2017 and December 2018. One letter described DEA, military, law enforcement and "Five-Eye" officials attending a demonstration of the artificial intelligence capabilities of Azure Cognitive Services for biometric recognition, including identifying people by their voice prints.

"Five Eyes" is a term that refers to an alliance of countries that share secret global signals intelligence, namely Australia, Canada, New Zealand, the United Kingdom and the United States.

At a certain point, the DEA letters mentioned a critique of the FBI's implementation of facial recognition software by the U.S. Government Accountability Office (GAO). Possibly, the critique slowed a deal. The GAO's document includes a chart showing that the FBI initiated facial recognition procedures starting in 2010.

One letter, outlining what Azure Cognitive Services could do for the DEA, included this description:

  • Computer Vision- Extracts printed text from images of various objects with different surfaces and backgrounds, such as receipts, posters, and business cards.
  • Facial recognition- Detects human face in images and identifies attributes including nose, eyes, gender, age, etc. It can also do a face match.
  • Text analytics
  • Key phrase extraction- Extracts phrases to identify the main points.
  • Language detection - For up to 120 languages.
  • Sentiment Analysis- Analyzes raw text for clues about positive or negative sentiments.

Opaque Transparency
In the last year or so, Microsoft has generally issued positive public statements about artificial intelligence, with phrases like "ethical AI" and "AI for good," but it's acting as any other U.S. chartered corporation -- that is, solely for profits.

"Microsoft Workers 4 Good," a purported group of Microsoft employees, suggested in a June 17 Twitter post that Microsoft should "admit this mistake and learn from it." But, of course, U.S. corporate charters only specify that companies should make a profit.

Microsoft has taken stands at odds with government surveillance in drug enforcement cases in the recent past. For instance, the company has been resisting U.S. pressure to disclose the e-mails of an Azure customer that used Microsoft's Ireland datacenter region.

The ACLU disclosure, though, exposes Smith's declaration last week as a bit hollow or misleadingly narrow. The ACLU considers facial recognition technology to be inherently racist and dangerous, as described in this announcement.

Smith, arguably Microsoft's top lawyer, as well as Microsoft's president, has had bad PR timing in the recent past. For instance in 2013, he initially denied that Microsoft was involved with the U.S. National Security Agency's (NSA's) PRISM program, which harvests Internet, e-mail and phone traffic domestically and around the globe, as exposed by Edward Snowden. Later, he admitted Microsoft was likely involved, even though a leaked NSA contractor chart had clearly shown that Microsoft was the first ISP company that participated in the PRISM program.

The PRISM program evolved from the Defense Advance Research Project Agency's (DARPA's) Total Information Awareness program. After the Total Information Awareness program came under congressional scrutiny, it was scattered to various U.S. security agencies and was continued, according to the book, "The Pentagon's Brain," by Annie Jacobsen (p. 349).

Featured