MegaFace facial recognition dataset

Transparency and accountability 🙈

MegaFace has been criticised for poor transparency and accountability.

• Lack of informed consent. Users whose images were included in the dataset were not notified or asked for permission. The photos were originally uploaded to Flickr, often years earlier, without users knowing they would later be used for facial recognition training.

• Unclear provenance. The dataset was created from Yahoo's Flickr collection, which was then further processed by University of Washington researchers. This chain of data handling was not transparent to the individuals whose images were included.

• Insufficient safeguards. While the original Flickr collection used links to photos rather than distributing them directly, this safeguard was flawed. A security vulnerability allowed access to photos even after users made them private on Flickr.

• Redistribution issues. Some researchers who accessed the database downloaded and redistributed the images, further removing them from the original context and user control.

• Limited user recourse. Most people have no way of knowing if their images are in the dataset, and limited means to have them removed if they are.

• Opaque usage. The dataset has been used by numerous companies and researchers, but the full extent of its usage and the resulting applications are not clear to the public or the individuals included in the dataset.

• Lack of age consideration. The dataset includes images of children, used without parental consent or knowledge.

• Geographical and legal oversight. The dataset's creation and distribution did not account for varying privacy laws in different jurisdictions, such as Illinois' biometric privacy law.

Risks and harms 🛑

By using 3.3 million images scraped from Flickr without user consent, the MegaFace dataset is seen to pose significant risks and harms leading to privacy violations, potential misuse in surveillance and military applications, and the perpetuation of biases in facial recognition technologies. 

Given the misuse of people's data and the fact that the dataset has been downloaded and used by thousands of organisations and individuals across the world, and used to create multiple derivative datasets, many of which continue to exist, it has also raised questions about liability.

Investigations, assessments, audits 👁️

• Harvey, A., LaPlace, J. (2019). Exposing.ai

• University of Washington. FOIA request release results

News, commentary, analysis 🗞️

• https://www.nytimes.com/interactive/2019/10/11/technology/flickr-facial-recognition.html

• https://www.dailymail.co.uk/sciencetech/article-3658797/Facial-recognition-ISN-T-reliable-Massive-test-using-million-faces-finds-controversial-technology-not-accurate-claimed.html

• https://parentology.com/photos-of-your-kids-may-be-in-a-giant-megaface-database/

• https://www.businessinsider.in/science/news/if-you-uploaded-photos-of-your-kids-to-flickr-they-might-have-been-used-to-train-ai/articleshow/71637448.cms

• https://datainnovation.org/2019/10/copyright-law-should-not-restrict-ai-systems-from-using-public-data/

• https://securitytoday.com/articles/2019/10/14/facial-recognition-database-facing-potential-legal-action-for-using-photos.aspx

• https://www.nature.com/articles/d41586-020-03187-3

• https://www.biometricupdate.com/201910/megaface-facial-recognition-dataset-origin-raises-privacy-and-liability-concerns

• https://www.biometricupdate.com/202102/online-tool-exposes-whether-face-biometrics-have-been-trained-with-your-photos

• https://www.insider.com/flickr-photos-kids-train-ai-facial-recognition-database-megaface-report-2019-10

• https://www.nytimes.com/2021/01/31/technology/facial-recognition-photo-tool.html