[House Hearing, 116 Congress] [From the U.S. Government Publishing Office] FACIAL RECOGNITION TECHNOLOGY (PART III): ENSURING COMMERCIAL TRANSPARENCY AND ACCURACY ======================================================================= HEARING BEFORE THE COMMITTEE ON OVERSIGHT AND REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTEENTH CONGRESS SECOND SESSION __________ JANUARY 15, 2020 __________ Serial No. 116-82 __________ Printed for the use of the Committee on Oversight and Reform [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Available on: http://www.govinfo.gov oversight.house.gov or docs.house.gov ______ U.S. GOVERNMENT PUBLISHING OFFICE 39-581PDF WASHINGTON : 2020 COMMITTEE ON OVERSIGHT AND REFORM CAROLYN B. MALONEY, New York, Chairwoman Eleanor Holmes Norton, District of Jim Jordan, Ohio, Ranking Minority Columbia Member Wm. Lacy Clay, Missouri Paul A. Gosar, Arizona Stephen F. Lynch, Massachusetts Virginia Foxx, North Carolina Jim Cooper, Tennessee Thomas Massie, Kentucky Gerald E. Connolly, Virginia Mark Meadows, North Carolina Raja Krishnamoorthi, Illinois Jody B. Hice, Georgia Jamie Raskin, Maryland Glenn Grothman, Wisconsin Harley Rouda, California James Comer, Kentucky Debbie Wasserman Schultz, Florida Michael Cloud, Texas John P. Sarbanes, Maryland Bob Gibbs, Ohio Peter Welch, Vermont Clay Higgins, Louisiana Jackie Speier, California Ralph Norman, South Carolina Robin L. Kelly, Illinois Chip Roy, Texas Mark DeSaulnier, California Carol D. Miller, West Virginia Brenda L. Lawrence, Michigan Mark E. Green, Tennessee Stacey E. Plaskett, Virgin Islands Kelly Armstrong, North Dakota Ro Khanna, California W. Gregory Steube, Florida Jimmy Gomez, California Fred Keller, Pennsylvania Alexandria Ocasio-Cortez, New York Ayanna Pressley, Massachusetts Rashida Tlaib, Michigan Katie Porter, California Deb Haaland, New Mexico David Rapallo, Staff Director Yvette Badu-Nimako, Senior Counsel Courtney French, Senior Counsel Gina Kim, Counsel Alex Kiles, Counsel Amy Stratton, Deputy Chief Clerk Christopher Hixon, Minority Staff Director Contact Number: 202-225-5051 ------ C O N T E N T S ---------- Page Hearing held on January 15, 2020................................. 1 Witnesses * Opening statements, and prepared statements for the witnesses are available at: docs.house.gov. Brenda Leong, Senior Counsel and Director of AI and Ethics Future of Privacy Forum Oral Statement............................................... 6 Dr. Charles Romine, Director, Information Technology Laboratory, National Institute of Standards and Technology Oral Statement............................................... 7 Meredith Whittaker, Co-Founder and Co-Director, AI Now Institute, New York University Oral Statement............................................... 9 Daniel Castro, Vice President and Director of Center for Data Innovation, Information Technology and Innovation Foundation Oral Statement............................................... 11 Jake Parker, Senior Director of Government Relations, Security Industry Association (SIA) Oral Statement............................................... 13 INDEX OF DOCUMENTS ---------- The documents listed below may be found at: docs.house.gov. * Report from the American Civil Liberties Union; submitted by Chairwoman Maloney. * Study from the National Institute of Science and Technology; submitted by Chairwoman Maloney. * Statement of Chief James Craig, Detroit Police Department; submitted by Rep. Higgins. * Letter from the BTU; submitted by Rep. Pressley. * Letter from the National Association for the Advancement of Colored People; submitted by Rep. Pressley. * Letter from the American Federation of Teachers, Massachusetts; submitted by Rep. Pressley. * Letter from the Massachusetts Teachers Association; submitted by Rep. Pressley. * Letter from the American Civil Liberties Union; submitted by Rep. Pressley. * Report from the Detroit Community Technology Projects; submitted by Rep. Tlaib. * Report from the American Civil Liberties Union, "Amazon's Face Recognition Software Falsely Matched 28 Members of Congress with Mugshots," submitted by Rep. Gomez. FACIAL RECOGNITION TECHNOLOGY (PART III): ENSURING COMMERCIAL TRANSPARENCY AND ACCURACY ---------- Wednesday, January 15, 2020 House of Representatives, Committee on Oversight and Reform, Subcommittee on Economic and Consumer Policy, Washington, D.C. The committee met, pursuant to notice, at 10:02 a.m., in room 2154, Rayburn House Office Building, Hon. Carolyn B. Maloney, presiding. Present: Representatives Maloney, Norton, Lynch, Cooper, Connolly, Krishnamoorthi, Kelly, DeSaulnier, Lawrence, Plaskett, Khanna, Gomez, Ocasio-Cortez, Pressley, Tlaib, Haaland, Jordan, Foxx, Massie, Meadows, Hice, Grothman, Comer, Cloud, Higgins, Miller, Green, Armstrong, Steube, and Keller. Chairwoman Maloney. The committee will come to order. Good morning, everyone. And without objection, the chair is authorized to declare a recess of the committee at any time. With that, I would now like to recognize myself to give an opening statement. Today, the committee is holding our third hearing this Congress on a critical issue, facial recognition technology. It is clear that despite the private sector's expanded use of technology, it is just not ready for primetime. During this hearing, we will examine the private sector's development, use, and sale of technology, as well as its partnerships with government entities using this technology. We learned from our first hearing on May 22 of 2019 that the use of facial recognition technology can severely impact Americans' civil rights and liberties, including the right to privacy, free speech, and equal protection under the law. We learned during our second hearing on June 4 how Federal, state, and local government entities use this technology on a wide scale, yet provide very little transparency on how and why it is being used or on security measures to protect sensitive data. Despite these concerns, we see facial recognition technology being used more and more in our everyday lives. The technology is being used in schools, grocery stores, airports, malls, theme parks, stadiums, and on our phones, social media platforms, doorbell camera footage, and even in hiring decisions, and it is used by law enforcement. This technology is completely unregulated at the Federal level, resulting in some questionable and even dangerous applications. On December 2019, the National Institute of Standards and Technology issued a new report finding that commercial facial recognition algorithms misidentified racial minorities, women, children, and elderly individuals at substantially higher rates. I look forward to discussing this study with Dr. Romine, the Director of NIST's Information Technology Laboratory, who is joining us today. I also look forward to hearing from our expert panel hailing from academia, industry, and the advocacy community on recommended actions policymakers should take into account to address potential consumer harm based on these findings. Our examination of facial recognition technology is a bipartisan effort. I applaud Ranking Member Jordan's tireless and ongoing advocacy on this issue. We have a responsibility to not only encourage innovation, but to protect the privacy and safety of American consumers. That means educating our fellow members and the American people on the different uses of the technology and distinguishing between local, subjective, identification, and surveillance uses. That also means exploring what protections are currently in place to protect civil rights, consumer privacy, and data security and prevent misidentifications, as well as providing recommendations for future legislation and regulation. In that vein, I would like to announce today that our committee is committed to introducing and marking up common sense facial recognition legislation in the very near future. And our hope is that we can do that in a truly bipartisan way. We have had several conversations, and I look forward to working together toward that goal. I now recognize the distinguished Ranking Member Jordan for his opening statement. Mr. Jordan. Thank you, Madam Chair. We appreciate your willingness to work with us on this legislation. We have a bill that we will want to talk about as well. Facial recognition is a powerful new technology that is being widely used by both government agencies and private sector companies. Its sales have experienced a 20 percent year- to-year growth since 2016, and the market is expected to be valued at $8.9 billion by 2022. Increasingly, local, state, and Federal Government entities are utilizing facial recognition technology under the guise of law enforcement and public welfare, but with little to no accountability. With this technology, the Government can capture faces in public places, identify individuals, which allows the tracking of our movements, patterns, and behavior. All of this is currently happening without legislation to balance legitimate Government functions with American civil liberties. That must change. And while this hearing is about commercial uses of facial recognition, I want to be very clear. I have no intention of unnecessarily hampering technological advancement in the private sector. We understand and appreciate the great promise that this technology holds for making our lives better. It is already improving data security and leading to greater efficiency in verification and identification that prevents theft and protects consumers. The urgent issue, the urgent issue we must tackle is reining in the Government's unchecked use of this technology when it impairs our freedoms and our liberties. Our late chairman, Elijah Cummings, became concerned about Government use of facial recognition technology after learning it was used to surveil protests in his district related to the death of Freddie Gray. He saw this as a deeply inappropriate encroachment upon the freedoms of speech and association, and I couldn't agree more. This issue transcends politics. It doesn't matter if it is a President Trump rally or a Bernie Sanders rally, the idea of American citizens being tracked and catalogued for merely showing their faces in public is deeply troubling. It is imperative that Congress understands the effects of this technology on our constitutional liberties. The invasiveness of facial recognition technology has already led a number of localities to ban its government agencies from buying or using digital facial recognition for any purpose. This trend threatens to create a patchwork of laws that will result in uncertainty and may impede legitimate uses of the technology. Unfortunately, this is not an issue we should leave to the courts. Facial recognition presents novel questions that are best answered by congressional policymaking, which can establish a national consensus. The unique Government-wide focus of this committee allows us to consider legislation to address facial recognition technology here at the Federal level. We know that a number of Federal Government agencies possess facial recognition technology and use it without guidance from Congress, despite its serious implications on our First and Fourth Amendment rights. At the bare minimum, we must understand how and when Federal agencies are using this technology and for what purpose. Currently, we do not know even this basic information. Because our committee has jurisdiction over the entire Federal Government's use of emerging technology, we must start by pursuing policy solutions to address this fundamental information. It is our intention as well to introduce legislation. We are trying to work with both sides here, trying to work together. That will provide transparency and accountability with respect to the Federal Government's purchase and use of this technology and this software. I am pleased to be working with my colleagues across the aisle on the bill that would address these questions. And again, I want to thank you, Madam Chairwoman. And I look forward to hearing from our witnesses today and thank them for being here. I yield back. Chairwoman Maloney. Thank you, Mr. Jordan. But before we get to the witnesses, I would like to make a unanimous consent request. I would like to insert into the record a report from the ACLU, which found that Amazon's recognition technology misidentified 28 Members of Congress as other individuals who had been arrested for crimes, including John Lewis, a national legend, a national civil rights leader. So, I would like to place that into the record. Chairwoman Maloney. And I would also like to mention that three members of this committee were misidentified, Mr. Gomez, Mr. Clay, and Mr. DeSaulnier. And they were misidentified--that shows this technology is not ready for primetime--along with 11 Republican Members of Congress. So, I would now like to recognize my colleague Mr. Gomez, who has personal experience with this, for an opening statement. Mr. Gomez. Thank you, Madam Chair. First, this is the committee is holding its third hearing on this issue, and up until two years ago, this issue was not even on my radar, until the ACLU conducted this test, which falsely matched my identity with somebody who committed a crime. Then all of a sudden, my ears perked up. But I had no doubt that I was misidentified because of the color of my skin than anything else. So, as I started to learn and do research on this issue, my concerns only grew. I found out that it is being used in so many different ways. Not only in law enforcement--at the Federal level, at the local level--but it is also being used when it comes to apartment buildings, when it comes to doorbells, when it comes to shoppers, when it comes to a variety of things, right? But at the same time, this technology is fundamentally flawed. For somebody who gets pulled over by the police, in certain areas, it is not a big deal. In other areas, it could mean life or death if the people think you are a violent felon. So, we need to start taking this seriously. This issue probably doesn't rank in the top three issues of any American out in the United States, but as it continues to be used and it continues to have issues, there will be more and more people who are misidentified and more and more people who are questioning if their liberties and their freedoms are starting to be impacted for no fault of their own, just some algorithm misidentified them as somebody who committed a crime in the past. So, this is something that we need to raise the alarm. And that is what these hearings are doing in a bipartisan way. To make sure that the American public doesn't stumble into the dark, and suddenly, our freedoms are a little bit less, our liberties are a little bit less. So, we will start having these important discussions in a bipartisan way to figure out how and what can the Federal Government do. What can Congress do? What is our responsibility? And with that, I appreciate the chair's commitment to legislation. I also appreciate the ranking member's commitment to legislation because I know that this issue is a tough one, and it only could be done in a bipartisan way. With that, I yield back. Chairwoman Maloney. I now recognize Mr. Meadows of North Carolina for an opening statement. Mr. Meadows. Thank you, Madam Chairman and the ranking member, both of you. Thank you for your leadership on this important issue. Two things that I would highlight. Certainly, we know Mr. Gomez, and we know that there is certainly no criminal background that he could ever be accused of being involved with. And so, I want to stress that his character is of the utmost as it relates to even us on this side of the aisle. And I say that in jest because one of the things that we do need to focus on--and this is very important to me, I think that this is where conservatives and progressives come together--and it is on defending our civil liberties. It is on defending our Fourth Amendment rights, and it is that right to privacy. I agree with the chairwoman and the ranking member and Mr. Gomez and others on the other side of the aisle, where we have had really good conversations about addressing this issue. To focus only on the false positives I think is a major problem for us, though, because I can tell you, technology is moving so fast that the false positives will be eliminated within months. So, I am here to say that if we only focus on the fact that they are not getting it right with facial recognition, we have missed the whole argument because technology is moving at warp speeds, and what we will find is, is not only will they properly--my concern is not that they improperly identify Mr. Gomez, my concern is that they will properly identify Mr. Gomez and use it in the wrong manner. So, for the witnesses that are here today, what I would ask all of you to do is, how can we put a safeguard on to make sure that this is not a fishing expedition at the cost of our civil liberties because that is essentially what we are talking about. We are talking about scanning everybody's facial features, and even if they got it 100 percent right, how should that be used? How should we ultimately allow our Government to be involved in that? I am extremely concerned that as we look at this issue that we have to come together in a bipartisan way to figure this out. I think it would be headlines on the, you know, New York Times and Washington Post if you saw Members of both parties coming to an agreement on how we are to address this issue. I am fully committed to do that. Madam Chair, I was fully committed to your predecessor. He and I both agreed at the very first time where this was brought up that we had to do something. And I know the ranking member shares that. So, I am fully engaged. Let's make sure that we get something and get something done quickly, and if we can do that, you know? Because I think if we start focusing again on just the accuracy, then they are going to make sure that it is accurate, but what standards should we have the accuracy there? Should it be 100 percent? Should it be 95 percent? You know, I think when Mr. Gomez was actually identified, the threshold was brought down to 80 percent. Well, you are going to get a lot of false positives when that happens, but we need to help set the standards and make sure that our Government is not using this in an improper fashion. With that, I yield back. Chairwoman Maloney. I thank the gentleman for his statement. I would now like to introduce the witnesses. We are privileged to have a rich diversity of expert witnesses on our panel today. Brenda Leong is a senior counsel and Director of AI and Ethics at the Future of Privacy Forum. Dr. Charles Romine is the Director at the Information Technology Laboratory of the National Institute of Standards and Technology. Meredith Whittaker is the co-founder and Co-Director of the AI Now Institute at New York University. Daniel Castro is the vice president and Director of Center for Data Innovation of the Information Technology and Innovation Foundation. And Jake Parker is the Senior Director of Government Relations at the Security Industry Association. If you would all rise and raise your right hand, I will begin by swearing you in. Do you swear or affirm that the testimony you are about to give is the truth, the whole truth, and nothing but the truth, so help you God? [Response.] Chairwoman Maloney. Let the record show that the witnesses all answered in the affirmative. Thank you, and please be seated. The microphones are very, very sensitive, so please speak directly into them. And without objection, your written testimony will be made part of our record. With that, Ms. Leong, you are now recognized for five minutes. STATEMENT OF BRENDA LEONG, SENIOR COUNSEL AND DIRECTOR OF AI AND ETHICS, FUTURE OF PRIVACY FORUM Ms. Leong. Thank you for the opportunity to testify and for considering the commercial use of facial recognition technology. This is an important challenge. The Future of Privacy Forum is a nonprofit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. We believe that the power of information is a net benefit to society and that it can be appropriately managed to control the risks to individuals and groups. Biometric systems, such as those based on facial recognition technology, have the potential to enhance consumer services and improve security, but must be designed, implemented, and maintained with full awareness of the challenges they present. Today, my testimony focuses on establishing the importance of technical accuracy in discussing face image-based systems, considering the benefits and harms to individuals and groups, and recommending express consent as the default for any commercial use of identification or verification systems. Understanding the specifics of how a technology works is critical for effectively regulating the relevant risks. Not every camera-based system is a facial recognition system. A facial recognition system creates unique templates stored in an enrolled data base. These data bases are used then to verify a person in a one-to-one match or identify a person in a one-to- many search. If a match is found, that person is identified with greater or lesser certainty depending on the system in use, the threshold and settings in place, and the operator's expertise. Thus, recognition systems involve matching two images. Without additional processing, they do not impute other characteristics to the person or image. There's been a great deal of confusion on this point in the media, particularly in contrast to facial characterization or emotion detection software, which attempts to analyze a single image and impute characteristics to that image, including gender and race. These systems may or may not link data to particular individuals, but they carry their own significant risks. Accuracy requirements and capabilities for recognition and characterization systems vary with context. The level of certainty acceptable for verifying an individual's identity when unlocking a mobile device is below the standard that should be required for verifying that an individual is included on a terrorist watch list. In addition, quality varies widely among suppliers, based on liveness detection, the diversity of training datasets, and the thoroughness of testing methodologies. The high quality of systems at the top of the NIST rankings reflect their ability to meet these goals. For example, the most recent NIST report highlights accuracy outcomes that were 100 times worse for certain groups, but the best systems achieved results across demographic groups with variations that were, in NIST's words, ``undetectable.'' However, the real harms arising from inaccurate recognition and characterization systems cannot be ignored. Individuals already use facial recognition to open their phones, access bank accounts, and organize their photos. Organizational benefits include more secure facility access, enhanced hospitality functions, and personalized experiences. New uses are being imagined all the time, but the potential harms are real. In addition to inaccuracy, concerns about real-time surveillance societies have led individuals and policymakers to express significant reservations. The decision by some municipalities to legislatively ban all use of facial recognition systems by government agencies reflects these heightened concerns. The ethical considerations of where and how to use facial recognition systems exceed traditional privacy considerations, and the regulatory challenges are complex. Even relatively straightforward legal liability questions prove difficult when many parties bear some share of responsibility. When considering the scope of industries hoping to use this technology, from educational and financial institutions to retail establishments, the potential impacts on individuals are mindboggling. As with many technologies, facial recognition applications offer benefits and generate risks based on context. Tracking online preferences and personalizing consumer experiences are features some people value, but others strongly oppose. Tying these options closely to the appropriate consent level is essential. While FPF prefers a comprehensive privacy bill to protect all sensitive data, including biometric data, we recognize that Congress may choose to consider technology-specific bills. If so, our facial recognition privacy principles provide a useful model, particularly in requiring the default for commercial identification or verification systems to be opt-in--that is, express affirmative consent prior to enrollment. Exceptions should be few, narrow, and clearly defined, and further restrictions should be tiered and based on the scope and severity of potential harms. Thank you for your attention and your commitment to finding a responsible regulatory approach to the use of facial recognition technology. Chairwoman Maloney. Thank you. The chair now recognizes Dr. Romine for five minutes. STATEMENT OF CHARLES ROMINE, PH.D., DIRECTOR, INFORMATION TECHNOLOGY LABORATORY, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Mr. Romine. Chairwoman Maloney, Ranking Member Jordan, and members of the committee, I'm Chuck Romine, Director of the Information Technology Laboratory at the Department of Commerce's National Institute of Standards and Technology, known as NIST. Thank you for the opportunity to appear before you today to discuss NIST's role in standards and testing for facial recognition technology. In the area of biometrics, NIST has been working with public and private sectors since the 1960's. Biometric technologies provide a means to establish or verify the identity of humans, based upon one or more physical or behavioral characteristics. Face recognition technology compares an individual's facial features to available images for verification or identification purposes. NIST's work improves the accuracy, quality, usability, interoperability, and consistency of identity management systems and ensures that United States interests are represented in the international arena. NIST research has provided state-of-the-art technology benchmarks and guidance to industry and to U.S. Government agencies that depend upon biometrics recognition technologies. NIST's Face Recognition Vendor Testing Program, or FRVT, provides technical guidance and scientific support for analysis and recommendations for utilization of face recognition technologies to various U.S. Government and law enforcement agencies, including the FBI, DHS, CBP, and IARPA. The NIST FRVT Interagency Report 8280, released in December 2019, quantified the accuracy of face recognition algorithms for demographic groups defined by sex, age, and race or country of birth for both one-to-one and one-to-many identification search algorithms. It found empirical evidence for the existence of demographic differentials in face recognition algorithms that NIST evaluated. The report distinguishes between false-positive and false-negative errors and notes that the impact of errors is application dependent. NIST conducted tests to quantify demographic differences for 189 face recognition algorithms from 99 developers, using four collections of photographs, with 18.27 million images of 8.49 million people. These images came from operational data bases provided by the State Department, the Department of Homeland Security, and the FBI. I'll first address one-to-one verification applications. Their false-positive differentials are much larger than those related to false negatives and exist across many of the algorithms tested. False positives might present a security concern to the system owner, as they may allow access to impostors. Other findings are that false positives are higher in women than in men and are higher in the elderly and the young compared to middle-aged adults. Regarding race, we measured higher false-positive rates in Asian and African American faces relative to those of Caucasians. There are also higher false-positive rates in Native American, American Indian, Alaskan Indian, and Pacific Islanders. These effects apply to most algorithms, including those developed in Europe and the United States. However, a notable exception was for some algorithms developed in Asian countries. There was no such dramatic difference in false positives in one-to-one matching between Asian and Caucasian faces for algorithms developed in Asia. While the NIST study did not explore the relationship between cause and effect, one possible connection and an area for research is the relationship between an algorithm's performance and the data used to train the algorithm itself. I'll now comment on one-to-many search algorithms. Again, the impact of errors is application dependent. False positives in one-to-many searches are particularly important because the consequences could include false accusations. For most algorithms, the NIST study measured higher false-positive rates in women, African Americans, and particularly in African American women. However, the study found that some one-to-many algorithms gave similar false-positive rates across these specific demographics. Some of the most accurate algorithms fell into this group. This last point underscores one overall message of the report. Different algorithms perform differently. Indeed, all of our FRVT reports note wide variations in recognition accuracy across algorithms, and an important result from the demographic study is that demographic effects are smaller with more accurate algorithms. NIST is proud of the positive impact it has had in the last 60 years on the evolution of biometrics capabilities. With NIST's extensive experience and broad expertise, both in its laboratories and in successful collaborations with the private sector and other Government agencies, NIST is actively pursuing the standards and measurement research necessary to deploy interoperable, secure, reliable, and usable identity management systems. Thank you for the opportunity to testify on NIST's activities in face recognition and identity management, and I'd be happy to answer any question that you have. Chairwoman Maloney. Ms. Whittaker? STATEMENT OF MEREDITH WHITTAKER, CO-FOUNDER AND CO-DIRECTOR, AI NOW INSTITUTE, NEW YORK UNIVERSITY Ms. Whittaker. Chairwoman Maloney, Ranking Member Jordan, and members of the committee, thank you for inviting me to speak today. My name is Meredith Whittaker, and I'm the co-founder of the AI Now Institute at New York University. We're the first university research institute dedicated to studying the social implications of artificial intelligence and algorithmic technologies. I also worked at Google for over a decade. Facial recognition poses serious dangers to our rights, liberties, and values, whether it's used by the state or private actors. The technology does not work as advertised. Research shows what tech companies won't tell you, that facial recognition is often inaccurate, biased, and error-prone. And there's no disclaimer to warn us that the populations already facing societal discrimination bear the brunt of facial recognition's failures. As Dr. Romine mentioned, the most recent NIST audit confirmed that some systems were 100 times less accurate for black and Asian people than for white people. But this isn't facial recognition's only problem, and ensuring accuracy will not make it safe. Facial recognition relies on the mass collection of our biometric data. It allows government and private actors to persistently track where we go, what we do, and who we associate with. Over half of Americans are already in a law enforcement facial recognition data base, and businesses are increasingly using it to surveil and control workers and the public. It's replacing time clocks at job sites, keys for housing units, safety systems at schools, security at stadiums, and much more. We've seen real-life consequences. A facial recognition authentication system used by Uber failed to recognize transgender drivers, locking them out of their accounts and their livelihoods. Facial recognition and analysis are also being used to make judgments about people's personality, their feelings, and their worth based on the appearance of their face. This set of capabilities raises urgent concerns, especially since the claim that you can automatically detect interior character based on facial expression is not supported by scientific consensus and recalls discredited pseudoscience of the past. Most facial recognition systems in use are developed by private companies, who license them to governments and businesses. The commercial nature of these systems prevents meaningful oversight and accountability, hiding them behind legal claims of trade secrecy. This means that researchers, lawmakers, and the public struggle to answer critical questions about where, how, and with what consequences this technology is being used. This is especially troubling since facial recognition is usually deployed by those who already have power--say, employers, landlords, or the police--to surveil, control, and in some cases oppress those who don't. In Brooklyn, tenants in the Atlanta Plaza Towers pushed back against their landlord's plans to replace key entry with facial recognition, raising questions about biometric data collection, racial bias, and the very real possibility that invasive surveillance could be abused by the landlord to harass and evict tenants, many of whom were black and Latinx women and children. To address the harms of this technology, many have turned to standards for assessment and auditing. These are a wonderful step in the right direction, but they are not enough to ensure that facial recognition is safe. Using narrow or weak standards as deployment criteria risks allowing companies to assert that their technology is safe and fair without accounting for how it will be used or the concerns of the communities who will live with it. If such standards are positioned as the sole check on these systems, they could function to mask harm instead of preventing it. From aviation to healthcare, it is difficult to think of an industry where we permit companies to treat the public as experimental subjects, deploying untested, unverified, and faulty technology that has been proven to violate civil rights and to amplify bias and discrimination. Facial recognition poses an existential threat to democracy and liberty and fundamentally shifts the balance of power between those using it and the populations on whom it's applied. Congress is abdicating its responsibility if it continues to allow this technology to go unregulated. And as a first step, lawmakers must act rapidly to halt the use of facial recognition in sensitive domains by both government and commercial actors. If you care about the over-policing of communities of color or gender equity or the constitutional right to due process and free association, then the secretive, unchecked deployment of flawed facial recognition systems is an issue you cannot ignore. Facial recognition is not ready for primetime. Congress has a window to act, and the time is now. Chairwoman Maloney. Thank you. The chair now recognizes Daniel Castro for five minutes. STATEMENT OF DANIEL CASTRO, VICE PRESIDENT AND DIRECTOR, CENTER FOR DATA INNOVATION, INFORMATION TECHNOLOGY AND INNOVATION FOUNDATION Mr. Castro. Thank you. Chairwoman Maloney, Ranking Member Jordan, and members of the committee, thank you for the invitation to testify today. There are many positive uses of facial recognition technology emerging in the private sector. Airlines are using it to help travelers get through the airports faster, saving people time and hassle. Banks are using it to improve security, helping reduce financial fraud. Hospitals are using it to verify the right patient receives the right treatment, preventing medical errors. There is even an app that says it uses facial recognition on dogs and cats to help find lost pets. Americans are increasingly familiar with commercial uses of the technology because it's now a standard feature on the latest mobile phones. It's also being integrated into household products like security cameras and door locks. There is one-- this is one reason why a survey last year found the majority of Americans disagreed with strictly limiting the use of facial recognition if it would mean airports can't use the technology to speed up security lines. And nearly half opposed strict limits if it would prevent the technology being used to stop shoplifting. But over the past year, I've also seen headlines suggesting that facial recognition technology is inaccurate, inequitable, and invasive. If that was true, I would be worried, too, but it isn't. Here are the facts. First, there are many different facial recognition systems on the market. Some perform much better than others, including in their accuracy rates across race, gender, and age. Notably, the most accurate algorithms NIST has evaluated show little to no bias. These systems continue to get measurably better every year, and they can outperform the average human. Second, many of the leading companies and industries responsible for developing and deploying facial recognition have voluntarily adopted robust privacy and transparency guidelines. These include voluntary standards for digital signs and consensus-based, multi-stakeholder guidelines developed for the broader technology community. But while the private sector has made significant progress on its own, Congress also has an important role. I'd like to suggest seven key steps. First, Congress should pass comprehensive legislation to streamline consumer privacy regulation, preempt state laws, and establish basic data rights. While it may be appropriate to require opt-in consent for certain sensitive uses, such as in healthcare or education, it won't always be feasible. For example, you probably can't get sex offenders to agree to enroll in it. So, opt-ins should not be required across the board. Legislation should also be technology neutral, and it shouldn't treat facial recognition differently than other types of biometrics. In addition, a Federal law should not establish a private right of action because that would significantly raise costs for businesses, and these costs would eventually be passed on to consumers. Second, Congress should direct NIST to expand its evaluation of commercial facial recognition systems to reflect more real-world commercial uses, including cloud-based systems and infrared systems. NIST also should continue to report performance metrics on race, gender, and age, and NIST should develop a diverse facial images dataset for training and evaluation purposes. Third, Congress should direct GSA to develop performance standards for any facial recognition system that the Government procures, including for accuracy and error rates. This will ensure Federal agencies don't waste tax dollars on ineffective systems or systems with significant performance disparities. Fourth, Congress should fund deployments of facial recognition systems in Government. For example, using it to improve security in Federal buildings and expedite entry for Government workers. Fifth, Congress should continue to support Federal funding for research to improve the accuracy of facial recognition technology as part of the Government's overall commitment to investing in artificial intelligence. One of the key areas of fundamental AI research is computer vision, and the U.S. Government should continue to invest in this technology, especially as China makes gains in this field. Sixth, Congress should consider legislation to establish a warrant requirement for authorities to track people's movements, including when they use geolocation data from facial recognition systems. Finally, Congress should continue providing due oversight of law enforcement. That should include ensuring that any police surveillance of political protests is justified and conducted with appropriate safeguards, and it should include scrutinizing racial disparities in the use of force among communities of color. Congress also should require the Department of Justice to develop best practices for how state and local authorities use facial recognition. This guidance should include recommendations on how to publicly disclose when law enforcement will use the technology, what sources of images will be used, and what the data retention policies will be. Congress should always consider the impact of new technologies and ensure there are proper guardrails in place to protect society's best interests. In the case of facial recognition technology, there are many unambiguously beneficial opportunities to use the technology, such as allowing people who are blind or who suffer from face blindness to identify others. So, rather than imposing bans or moratoriums, Congress should support positive uses of the technology while limiting the potential misuse and abuse. Thank you again. I look forward to answering any questions. Chairwoman Maloney. Thank you. Jake Parker is recognized for five minutes. STATEMENT OF JAKE PARKER, SENIOR DIRECTOR OF GOVERNMENT RELATIONS, SECURITY INDUSTRY ASSOCIATION Mr. Parker. Good morning, Chairwoman Maloney, Ranking Member Jordan, and distinguished members of the committee. My name is Jake Parker, Director of Government Relations for the Security Industry Association. SIA is a trade association representing businesses that provide a broad range of security products for the Government, commercial, and residential users while employing thousands of innovators in the United States and around the globe. Our members include many of the leading developers of facial recognition technology and many others that offer products that incorporate or integrate with this technology for a wide variety of applications. SIA members are developing tools and technologies to enhance security and convenience for consumers and enterprise users. It is because of the experience our members have in building and deploying this technology, we are pleased to be here today to talk to you about how it can be used consistent with our values. We firmly believe that all technology products, including facial recognition, should only be used for lawful, ethical, and nondiscriminatory purposes. That way, we as a society can have confidence that facial recognition makes our country safer and brings value to our everyday lives. So, in commercial settings, facial recognition offers tremendous benefits. For example, it could be used to allow individuals to securely, quickly, and conveniently prove their identity in order to enter a venue, board a commercial airplane, perform online transactions, or seamlessly access personalized experiences. In addition, companies are using the technology to improve the physical security of their property and their employees against the threat of violence, theft, or other harm. Additionally, as you know, Government agencies have made effective use of facial recognition for over a decade to improve homeland security, public safety, and criminal investigations. And one important example of the use of this technology is to identify and rescue trafficking victims. It's been used almost--in almost 40,000 cases in North America, identifying 9,000 missing children and over 10,000 traffickers. According to news reports, a law enforcement officer in California last year saw a social media post about a missing child from the National Center for Missing and Exploited Children. After law enforcement used facial recognition, the victimized child was located and recovered. In another notable success story, NYPD detectives last year used this technology to identify a man who sparked terror by leaving a pair of rice cookers at the Fulton Street Subway. Using facial recognition technology, along with human review, detectives were able to identify the suspect within an hour. The chief of detectives was quoted as saying, ``To not use this technology would be negligent.'' Both public and private sectors have seen that better cameras, better devices with more computing power, combined with more effective software, can provide security-enhancing tools. From unlocking mobile phones to securing critical infrastructure, facial recognition technologies abound. But in all applications, SIA members see transparency as the foundation that governs the use of facial recognition technology. It should be clear when and under what circumstances the technology is used, as well as the processes governing the collection, processing, and storage of related data. We support sensible safeguards that promote transparency and accountability as the most effective way to ensure the responsible use of the technology without unreasonably restricting tools that have become essential to public safety. Additionally, SIA does not support moratoriums or blanket bans on the use of this important technology. As the committee works on the proposals mentioned earlier requiring greater accountability for Federal Government use, we encourage private sector developers to be brought into the conversation to present our real-world views on how the technology works and should be best managed. We hope you also remember the important role the Government plays in supporting biometric technology improvements. At a minimum, Congress should provide NIST with the resources it needs to support the expansion of these efforts. As we think about regulation, we believe that any effort specific to commercial use makes sense in the context of the National Data Privacy Policy. Many legislative efforts in this area include biometric information, and was said earlier, we think this needs to be tech neutral. This is the right approach to include. In the meantime, we encourage our members to play an active role in providing end-users with the tools they need to use this technology responsibly. In order to make this come to fruition, SIA is developing a set of use principles on the technology. As this hearing comes on the heels of a recent NIST study, which generated a lot of news and a fair amount of controversy, it's important to note that biometric technology companies have been working closely with NIST for decades, handing over their technology and allowing the Government to rigorously test it and publicly post the results. And it's improving every year to the point where the accuracy is reaching that of automated fingerprint comparison, which is viewed as the gold standard for identification. The most important, significant takeaway from the NIST report is that it confirms facial recognition technology performs far better across racial groups than had been widely reported before. According to NIST data, only four out of 116 verification algorithms tested using the mug shot data base had false match rates more than 1 percent for any demographic. While that's tremendous progress for users of biometrics, we are committed to continuing to provide technology so that all users can be comfortable with it in the transparency and privacy policy surrounding its deployment to improve the technology. On behalf of SIA, thanks for the opportunity to appear before you today, and we look forward to working with you. Chairwoman Maloney. Thank you. Dr. Romine, I would like to ask you about the study that you released last month and that you mentioned in your testimony. And I would like to ask unanimous consent to place that study in the record, without objection. Chairwoman Maloney. We all know that commercial facial recognition technology continues to expand in both the public and private sectors, but your new study found that facial recognition software misidentified persons of color, women, children, and elderly individuals at a much higher rate. And in your study, you evaluated 189 algorithms from 99 developers. Your analysis found that false positives were more likely to occur with people of color, and is that correct? Mr. Romine. It is correct for the largest collection of the algorithms. That's correct. Chairwoman Maloney. And your report also found that women, elderly individuals, and children were more likely to be misidentified by the algorithms. Is that correct? Mr. Romine. That is correct for most algorithms. Chairwoman Maloney. Now in women's health, they used to do all the studies on men. When you were doing these studies, were you doing them on men's faces as a pattern, or were you using women's faces? Mr. Romine. No, we had a substantial set of images that we could pull from, and so we were able to represent a broad cross-section of demographics. Chairwoman Maloney. OK. Did these disparities and false positives occur broadly across the algorithms that you tested? Mr. Romine. They did occur broadly for most of the algorithms that we tested. Chairwoman Maloney. And your study states, and I quote, ``Across demographics, false-positive rates often vary by factors or 10 to beyond 100 times.'' These are staggering numbers, wouldn't you say? How much higher was the error rate when the algorithms were used to identify persons of color as compared to white individuals? Mr. Romine. So, as we state in the report, the error rates for some of the algorithms can be significantly higher, from 10 to 100 times the error rates of identification for Caucasian faces for a subset of the algorithms. Chairwoman Maloney. And what was the difference in the misidentification rate for women? Mr. Romine. Similar rates of---- Chairwoman Maloney. Ten to 100? Mr. Romine. Ten to 100. I'll have to get back to you on the exact number, but it's certainly a substantial difference on some algorithms. Chairwoman Maloney. What about black women? Is that higher? Mr. Romine. Black women have a higher rate of--on some algorithms, on the same algorithms that we're discussing, than either black faces broadly speaking or women broadly speaking. Black women were even--had differentials that were even higher than either of those two other demographics. Chairwoman Maloney. So, what were they? Mr. Romine. Substantially higher. On the order of 10 to 100. Chairwoman Maloney. OK. And misidentification, as we all know, can have very serious consequences for people when they are falsely identified. It can prevent them from boarding a plane or entering the country. It can lead to someone being falsely accused or detained or even jailed. So, I am deeply concerned that facial recognition technologies have demonstrated racial, gender, and age bias. Facial recognition technology has benefits to be sure, but we should not rush to deploy it until we understand the potential risks and mitigate them. Your study provides us with valuable insight into the current limitations of this technology, and I appreciate the work that you have done and all of your colleagues on the panel today that have increased our understanding. I would now recognize the ranking member. No? I am going to recognize the gentlelady from North Carolina, Ms. Foxx. She is now recognized for questions. Ms. Foxx. Thank you, Madam Chairman. Mr. Parker, how competitive is the facial recognition technology market? Mr. Parker. It's extremely competitive because of the advances in technology over the last couple years. Particularly the dramatic increase in accuracy in the last three to five years combined with advances in imaging technology have really made the products more affordable, and therefore, there's been more interest from consumers and then more entry to the market from competitors. Ms. Foxx. To what extent do the companies compete on accuracy, and how could a consumer know more about the accuracy rates of the facial recognition? Mr. Parker. OK. So, they do compete on accuracy, and you know, the NIST program plays a really helpful role here in providing a useful benchmark in measurement of accuracy. And so the companies are competing to get the best scores on those tests. Companies also do their own private testing and make those results available to their customers. And there is an important distinction, though, as well because in the NIST testing, you have static data sensors, specific photo sets they are using that are already there, whereas those aren't necessarily the same type of images that you'd be seeing in a deployed system. And so other types of tests need to be done of a fully deployed system to really determine what its accuracy is. Ms. Foxx. What private sector best practices exist for securing facial images and the associated data, such as face print templates and match results, in these facial recognition technology systems? Mr. Parker. So, as I mentioned earlier, SIA is developing a set of best use practices, but that's based on the fact that many of our members have produced best practices they work with their customers on to implement that would accomplish privacy goals. I have a couple of examples, but one of the most significant things to mention here is that many of these products already have built into them the ability to comply with data privacy laws in Europe, so the GDPR laws in Europe. And so this has to do with encrypting photos, encrypting any kind of personal information that's associated with it, securing channels of communication between the server and the device, as well as procedures for looking up someone's information, being able to delete that if requested, and being able to tell someone what information is in the system. Ms. Foxx. Could you summarize succinctly some of the best practices that exist for protecting that personally identifiable information that is incorporated into it? Is it too complicated a system to explain here? Is there something we could have to read or---- Mr. Parker. Sure. I'd be happy to provide some more details later, but certainly one of the most important things is encryption of the data. So, that prevents its usefulness if it there is a data breach. Also, it's important to point out that the--we talked about the face template is what the system uses to make a comparison between two photos. So, by itself, that's basically like the digital version of your fingerprint is turned into a number in the fingerprint system. By itself, if that data is compromised, it's not useful to anyone because the proprietary software is the only thing that can read it. Ms. Foxx. I have been reading a lot about the difference between Europe and us in developing these kinds of techniques recently. A number of state and international policies are impacting how information is collected. For example, Illinois, Washington, Europe's GDPR directly address privacy information. How have commercial entities conformed to these new legal structures? Mr. Parker. So, what we're seeing is that we're adapting here and that we're already building in these features to products in anticipation, first of all, because it's just good practices, right, many of the things the GDPR requires. But also, we anticipate there to be a similar framework here at this country at some point, and so being proactive in building some of those things in. Ms. Foxx. Thank you, Madam Chairman. I yield back. Chairwoman Maloney. We now recognize the gentlewoman from the District of Columbia. Ms. Norton is now recognized for questions. Ms. Norton. Thank you, Madam Chair. This is an important hearing, but I must say I think we are playing catch-up. And the way to demonstrate that, I think, most readily is what the cell phone companies are already doing with this technology. Private industry appears to be way ahead of where the Congress or the Federal Government is, and the interesting thing is they are responding to consumers. And it appears that consumers may already be embracing facial recognition in their own devices because the latest--as they compete with one another, almost all of them have incorporated facial recognition already in their latest mobile products. And of course, if one does it, the other is going to do it. And Apple and Samsung and all the rest of them already do it. You can unlock your cell phone by scanning your face. Now the public thinks this is, and I suppose they are right, this is a real convenience instead of having to log in those numbers. And they have grown accustomed, frankly, to cameras. I remember when cameras were first introduced in the streets, and people said, oh, that is terrible. Then, of course, there is no right to privacy once you go in the streets. But talking about my cell phone, there is a lot of private information in there. And according to recent reports, this technology is not foolproof. That is my concern. That, for example, a simple photograph can fool it in some instances or unauthorized individuals could get into your cell phone, and any sensitive information that you happen to have in there, and a lot of people store things like, of course, their email is there, but banking and the rest of it. Ms. Leong, do you see problems that are already there of companies now integrating facial technology onto consumer devices like this, and are we too far behind to do anything about it? Because it looks like the public sees convenience, and I don't hear anybody protesting it. Would you comment? Ms. Leong. Thank you very much. I think that's an excellent question, since we do see the use cases advancing quickly in many applications, as you say, with phones being one of the most personalized ones that people have. I think they make a good example, too, of some of the variations that are in place in the market of the different ways that facial recognition technology is being used. For example, in your phone, I'm going to use Apple as the example, and this is my best understanding. I obviously don't work for or speak for Apple. Takes a representative picture of your face, using both infrared technology and 3-D imaging in order to prevent things like using a photo or using another person. And it takes at a level of detail that stands up to about a 1 in 10 million error rate, which is a pretty substantive level for something that is, in fact, part of a two-factor process. You have to have the phone, and then you have to know whose phone it is and have their face, and then you have to match whatever that standard is. So, that's actually a pretty robust standard for the level of risk involved in what might be--you know, have a lot of personal data but is one level of concern for people being violated. A facial recognition system that identifies somebody off of a video feed as a suspect in a crime would be an entirely different level of risk, entirely different level of implication on that person, and certainly should be considered and potentially regulated in a very different way than that. So, yes, I do think we see those things being used in different ways already. Some of those have already started to have some blowback on them in things like the criminal justice system, and that, I think, is what has really gotten people's attention and said where are the places that we need to draw those lines and say it shouldn't be used here in these cases maybe at all, or if it is, it should be used in very limited and regulated ways. Ms. Norton. Ms. Whittaker, can I ask you about the average consumer? Does the average consumer have any way to confirm-- should they have any way to confirm that these cell phone manufacturers are, in fact, storing their biometric or other data on their servers? What should we do about that? Consumer knowledge? Ms. Whittaker. Yes, the average consumer does not, and indeed, many researchers, many lawmakers don't because this technology, as I wrote about in my written testimony, is hidden behind trade secrecy. This is a corporate technology that is not open for scrutiny and auditing by external experts. I think it's notable that while NIST reviewed 189 algorithms for their latest report, Amazon refused to submit their recognition algorithm to NIST. Now they claimed they couldn't modify it to meet NIST's standards, but they are a multibillion-dollar company and have managed some other pretty incredible feats. So, whatever the reason is, what we see here is that it's at the facial recognition company's discretion what they do or don't release. That they release accuracy numbers oftentimes that aren't validated or that it's not possible to validate by the general public. So, we're left in a position where we have to trust these companies, but we don't have many options to say no or to scrutinize the claims they make. Ms. Norton. Thank you, Madam Chair. Chairwoman Maloney. Thank you. The gentleman from Louisiana, Mr. Higgins, is now recognized for questions. Mr. Higgins. Thank you, Madam Chair. I would like to ask unanimous consent that the statement of Chief James Craig, the Detroit Police Department, his written testimony be entered into the record. The chief has had a tremendous amount of success using facial recognition technology. Chairwoman Maloney. Without objection. Mr. Higgins. Thank you. And I would also like to recognize and thank our esteemed colleague Representative Gomez for his opening statement. Standing upon principles of freedoms and liberties, protecting freedoms and liberties, and resisting and curtailing the manifestation of Big Brother, reducing and controlling the size and scope of Federal powers. And I want you to know, good sir, the Republican Party welcomes your transition. [Laughter.] Mr. Higgins. Madam Speaker, facial recognition technology is an emerging technology, and of course, it is produced by private entities. Law enforcement doesn't produce its own technologies. It is coming, and it is here. It will get better as the weeks and months move forward. It should be no surprise to us that the effective percentages of identification using a new technology will increase as time moves forward. And there is more coming. There is total person recognition technology coming that measures the specific physical features of individuals, their gait, length of their arms, et cetera. This technology is coming. Now what we should seek is a means by which to make sure that Big Brother is not coming. I have a background in law enforcement, and recognition technology has become manifest in many ways. You have license plate readers being used from sea to shining sea. These are readers in police units that drive around and read license plates. If we are looking for a suspect vehicle and, you know, we have an eye out for a particular vehicle, a particular color, that is human recognition. We see that vehicle. We read the license plate. We have license plate readers reading every plate we pass. If it is expired or the associated driver's license to that registered vehicle is a person that is wanted, then we will keep an eye on that vehicle. And if the guy that walks out the building and gets in that vehicle appears to be the suspect that we have identified or we have a warrant for, then there is going to be some interaction there. This is a technology that has evolved and become manifest over the last 15 or 20 years. It has gotten very effective. Prior to facial recognition technology, it was completely common that we used digital record from crime scene, images frozen, the best picture we could get from a crime scene video, from surveillance cameras at the business, or whatever was available to us. We would pass these images on, have the shifts watch these images. And someone at shift, the odds are pretty good somebody would recognize that guy. But this is the beginning. Recognition is the beginning of an investigation. It helps law enforcement cultivate a person of interest for us to speak to. There can never be a time where--there are just two things we stand against, and this is where the ranking member and I have had discussions at length. Both of us stand against live streaming the images of free Americans as they travel and enter businesses or go to-and-fro across America through some data base where, all of a sudden, the police show up to interview that guy. But solving a crime, we are already using digital images to the best of our ability to solve crimes, and every American should recognize that this is an important tool. The chief's written statement, which I have asked to be submitted and the chairwoman has graciously accepted, has several examples of incredible success using this technology. Now I am going to have a question I will submit in writing, if I may, Madam Chair, for Mr. Parker and Mr. Romine and Ms. Whittaker. I have three specific questions, which time will not allow. This is an important topic. We have had several hearings about it. I thank the majority party's focus on this, and I hope that we can come together with effective legislation that both allows the technology to move forward as a law enforcement tool and protects the freedoms and privacy of the American citizens we serve. I yield. Chairwoman Maloney. Thank you. I now recognize the gentleman from Massachusetts. Mr. Lynch is now recognized for questions. Mr. Lynch. Thank you very much, Madam Chair. And I want to thank you and the ranking member for collaborating on this hearing and approaching it in the right way, I think. First of all, I want to thank the witnesses for your testimony. I think it is very helpful. As I understand it, and I am not sure--I am a little skeptical--they tell me that the facial recognition that you use on your phone with the iPhone that at least the way iPhone says they handle this is that the indicia of identity stays on the phone and doesn't go up to a server at this point. But, you know, I sort of question whether they will have that ability to do that in the future. I think there is probably a greater danger that they will get facial recognition right. You know, it is not the misses that I am concerned about right now, although that has to stop. It is what happens when they have all this data out there, whether it is law enforcement or private firms. We had a massive data breach by Suprema, which is a big biometrics collector, 100 million people, I think. No, I am sorry, 27 million people in that breach. And then Customs and Border Patrol, 100,000 people that they identified, along with license plates, that was breached. So, the concern is once this information is collected, it is not secure. And that is a major problem for all of us. I want to ask some specific questions about TikTok. So, TikTok is a Chinese company--well, it was purchased by a Chinese company. It is a musical video app that the kids love, I think. They tell me that in the last 90 days a billion people have downloaded it in the U.S. and in Europe, and it is owned by the Chinese government. And--I am sorry. It is located in Beijing, and under Chinese law, the recent national security law in China, they have to cooperate, they have to cooperate with the Chinese government. And we already see it happening. If you look on TikTok, you don't see much about the protests in Hong Kong. They are already exercising censorship on TikTok. So, TikTok would have to cooperate with China. So, that is a national security concern for us. CFIUS is looking at it. It is under review. The other situation is Apple phone, the iPhone and our efforts, because of the Pensacola shootings, we are trying to get Apple to open up the iPhone so we can get that information. If you step back, it is sort of what we are worried about China doing, what we are doing with Apple. We are trying to get access to that data, just like China can get all that data from TikTok. How do we resolve that dilemma? Is there a way, Dr. Romine, that we can protect our citizens and others who share that data or have their identity captured, you know, their facial recognition captured? How do we resolve that so that we use it to the benefit of society? Mr. Romine. Thank you for the question. I think the bottom line really is balancing the understanding of the risks associated with policy decisions that are made. Those policy decisions are outside of NIST's purview, but with regard to the debate on, you know, access to Apple and encryption, we know that in the Government and broadly speaking, there are two---- Mr. Lynch. OK. If it is not in your discipline, let me ask Ms. Whittaker. Same question. Ms. Whittaker. Thank you for the question. I think that the short answer there is that we don't have the answer to that question. We have not done the research that is needed to affirmatively answer that, yes, we can protect people's privacy, their liberty when these technologies are deployed at wide scale in a complex geopolitical context. I think we need more of that research, and we need clear regulations that ensure that these are safe. Mr. Lynch. All right. Mr. Castro, anything to add? Mr. Castro. Yes, I'd just say, I mean, I think we need to unabashedly support encryption. I think when, you know, you have end-to-end encryption, consumers have control over the data, and then the third parties don't. If we back that, that's the way you give consumers control of the information. That's how you keep out the hand of government on either side. Mr. Lynch. All right. I have exhausted my time. Madam Chair, thank you for your courtesy. I yield back. Chairwoman Maloney. Thank you so much. The gentleman from Texas, Mr. Cloud, is now recognized for questions. Mr. Cloud. Hello. Thank you all again for being here and your work on this topic. This is an extremely important topic that, obviously, we are going through the birth pains of development on this new technology. Mr. Parker, the Government use of facial recognition technology, are they using technologies that are primarily developed by the Government or commercial entities? Mr. Parker. I believe that's a mixture of both. So, in some cases, especially with Federal agencies, they have developed their own systems over time, but I think increasingly it's moving to commercial solutions, I believe. Mr. Cloud. Commercial solutions. And Dr. Romine--maybe, Mr. Castro, you can help with this--what has been the industry response to the NIST report? Mr. Romine. From our perspective, industry has been involved from the outset. They've been very supportive of the efforts that we've undertaken in FRVT over the last 20 years. So, it's been a--it's generally a very positive thing. Industry feels challenged to do better. Mr. Parker. I can just add I think it depends on the industry. You know, those that are participating really value it, but as I noted, I mean, it's excluding a lot of the technologies that we're using today. So, it excludes, for example, Amazon because Amazon is a cloud-based system. It excludes Apple's because Apple's is an infrared system. We need to include those as well. Mr. Cloud. OK. And Mr. Castro and Mr. Parker, you both mentioned that it has been improving dramatically year by year, I guess. Would you say that we are weeks, months, years, decades away from getting this technology to an acceptable---- Mr. Castro. I think if you look at the best-performing algorithms right now, they are at that level of acceptance that we would want. There are, you know, error rates of 0.01 percent. I mean, that's incredibly small. And so when we're talking about even the magnitude of difference between error rates, if you have something that's 10 times worse, that's still 0.1 percent error rate. And it's 0.1 percent error rate. So, that's, you know, 1 out of 10,000; 1 out of 1,000. These are very small numbers. Mr. Cloud. All right. Mr. Parker? Mr. Parker. Yes, so we're reaching, right--as Mr. Castro said, we're reaching that point now. I think, you know, so there are some reasons why the industry is really focused on the false-negative type error rates and reducing that over time. And I think what--and that's down to extremely low levels now. And this is documented that it's 20 times better now than it was five years ago. But I think given the results of the demographic effect study, we are looking at now some of the false-positive rates in trying to make those more uniform. So, you know, the way that, you know, achieving homogenous rates, the way NIST defined that is those that are mostly the same across different demographic groups. And so, I think, there is important context to consider these in. One is, that has been mentioned already, the total relative scale. I mean 100 times 0.01 is 1 percent. But also, it's the context of what the consequences of errors could be, and in some cases, it matters more than others. So, like with law enforcement investigations, NIST actually says in its report, the false-positive differentials from the algorithm are immaterial. And the reason why that is, is because the way law enforcement uses the technology, they're looking at a set number of potential candidates that meet a criteria, usually like 50. In the case of a New York City incident I mentioned before, they actually looked through hundreds of photos that were potential matches. So, there is that human element there. The technology functions as a tool to enhance their job. It's still up to a human to decide whether there is an actual match. So, in that case, the false-negative error effect is much more important because you want to make sure that you're not missing someone that's actually in your dataset. Mr. Cloud. Yes. Could you speak potentially to the--how do we get this right from our perspective of where we sit? Because sometimes, you know, in advancements in technology or anything else, sometimes we step in as the Federal Government to fix a problem and actually end up creating an environment that prohibits the technological advancements or the natural market things that work to make us get to that solution. Sometimes we actually make us take a step back. So, what is the right approach here? Mr. Parker. So, I think, and this relates to what Mr.-- Congressman Higgins said earlier, facial recognition is just one of many advanced technologies. It's important that, you know, I think the issues that we have in talking about this are not really--don't really have to do with the technology, they have to do with how it's used. So, I think we need to focus on addressing the concerns we have through narrowly tailored restrictions, if warranted. And I think that's the more sensible approach, and I think we've actually seen a proposal in the Senate that would do something like that. Mr. Cloud. Thank you. I yield back. Chairwoman Maloney. I now recognize the gentlewoman from Illinois, Ms. Kelly, for questions. Ms. Kelly. Thank you, Madam Chair and Ranking Member, for holding this hearing and continuing to make this an important issue for our committee. We have talked previously about bias in facial recognition and artificial intelligence generally, but the recent NIST Face Recognition Vendor Test Part 3 on Demographic Effects provides useful data on the development of commercial facial recognition programs. As chair of the Tech Accountability Caucus, I have raised concerns about biased and unfair algorithms and the dangers of allowing these biases to perpetuate. The results of the Part 3 report were not particularly surprising, as has been discussed, with women and individuals of African and Asian descent having higher false-positive rates than middle-aged Caucasian men. Director Romine, in your testimony, I was hoping you could clarify the statement that policymakers and the public should not think of facial recognition as either always accurate or always error-prone. In my opinion, as policymakers, we should be pushing to have these technologies get as close to always accurate as possible. Why should we not strive to think of this technology as always accurate, and how long will we have to wait for this technology to reach close to always accurate for all demographic groups? Mr. Romine. Thank you for the question. I don't know how long it will be. I can't predict the future. The statement refers to the fact that the characteristics you have to include in any discussion are you have to know the algorithm that you are using. And as my testimony stated, while many of the algorithms that we tested exhibit substantial bias or substantial demographic effects across three different demographics, the most accurate ones do not in the one-to-many categories. So, you have to know the algorithm that you're using. You also have to know the context. So, the ability to automatically identify Aunt Muriel in a family photo doesn't have a very high risk if you get that wrong. And so I think compare that to, you know, the identification of a suspect, where there are some very serious concerns about ensuring that you get that right. So, those--you have to know the context in which you're using the algorithm. You have to know the algorithm that you're using. And then you have to know the overall system. We test mathematical algorithms at NIST. We don't have the capacity and we don't test systems that are deployed in the field. And those have implications as well. Ms. Kelly. While I have you, can you discuss the benefits of auditing facial recognition systems for bias? Mr. Romine. From our perspective, whether it's policymakers or Government entities or private sector entities that want to use face recognition, the most important thing to do is to understand--to have the accurate data--accurate, unbiased data that we can provide, so that appropriate decisions are made with regard to whether to regulate or not, what kinds of regulations might be needed, in what context. If you are in a procurement situation, procuring a system, you want to know the performance of that system and the algorithms that it depends on. So, those are the things that we think are appropriate. From an auditing capability or an auditing perspective, we don't view the testing that we do as an audit, so much as providing policymakers and Government and the private sector with actionable information. Ms. Kelly. Ms. Whittaker, I know you talked a little bit about auditing. I would like you to answer, as well as Ms. Leong. Ms. Whittaker. Absolutely. I think auditing is absolutely important, but we need to understand how we're measuring these systems. In my written testimony, I gave an example of one of the most famous facial recognition measurement systems. It was a dataset that we measure these systems against, and it's called Labeled Faces in the Wild. And in short, it features photos of mainly men and mainly white people. So, the way that the industry assessed accuracy was to be able to recognize white men, and that gives us a sense of why we're seeing these pervasive racial and demographic biases across these systems. So, the standards we choose to measure ourselves by matter greatly. And if those standards don't ask questions about what the data that will be used in these systems in a deployment environment will be, how these systems will be used. If they don't ask questions like what the Atlanta Plaza tenants were concerned about, will they be abused? Will they be used to---- Ms. Kelly. I just want to give Ms. Leong a chance before my time runs out. Ms. Whittaker. OK. Ms. Leong. I agree absolutely that the auditing function is critical, and as Ms. Whittaker said, the standards being used both during development and testing and by the companies afterwards matter. One of the regulatory options is to have requirements that say Government use or purchase of systems have to be NIST evaluated or have to be, have been ranked by some external objective tester that has clear transparency into what the standards were and how it was measured and what was done. Ms. Kelly. Thank you. I yield back. Chairwoman Maloney. From the great state of Georgia, Mr. Hice is now recognized for questions. Mr. Hice. Thank you, Madam Chair. There is no question this technology of facial recognition is extremely important and viable for our Government, I think, most notably, places like border patrol and law enforcement. At the same time, there is also no question that this technology allows for any individual to be identified in public spaces, be it through private sector or Government entities, and therein lies a potential problem and grave concern for many people. Both, whether we are dealing in private sector or Government, should bear the responsibility of individual privacy and data security. And so, I am not sure exactly where this question is best directed, be it Mr. Parker, Mr. Castro, Ms. Leong. I am not sure, so any of you jump in here. Are there--let's start with the private sector companies that are using facial recognition technology that are addressing this issue of civil liberty or the whole question of privacy. In other words, are there any within the private sector who are setting forth best practices, any of the stakeholders? Mr. Castro. I can start with that. Yes, we have identified a number of companies that have put out principles around privacy. Specifically, I can name some--Bank One, Microsoft, Amazon, Google. They all have public statements where they identify what specifically they are doing around facial recognition, how they want to protect privacy, how they're doing in terms of development of the technology, what they're doing with developer agreements. So, if anyone is using their technology, what they have to agree to, to use their technology. Mr. Hice. Like what are some of those principles? What are the guidelines? Mr. Castro. So, it has things around transparency, consent, data protection, notification. They go through a whole set of issues. And these match the type of consensus-based guidelines that we've seen come out of other forums as well. Mr. Hice. All right. So, we have a big concern, you just brought it up, that people are being identified without their consent. So, how--what are the safeguards? I mean, it is one thing to have policies, to have things written down. It is another thing to implement these things to protect the public, protect individuals who are not--have not consented to this type of technology. So, how will these facial recognition products, as they develop, inform individuals that they are being exposed, potentially without their knowledge? Mr. Castro. So, a number of the recommendations are around how you actually communicate with individuals, under what circumstances. And part of the source of confusion, I think, in some areas is that there's many different types of systems that are out there. So, some are just doing facial analysis. For example, in the digital signage industry, if you walk by an advertising sign---- Mr. Hice. Without consent? Mr. Castro. Without consent. What they're doing is they're just tracking the general demographics of who has seen the ad. They're not tracking anyone's identity. And so they've said for that type of purpose, they're not going to be doing--they're not going to be obtaining consent. But they have said if they're going to be targeting people ads, so for example, if they're targeting you based on your identity, they will require consent. So, you have to have signed up, for example, for the---- Mr. Hice. All right. So, let's go to the Atlanta airport, which right now is a pilot airport for some facial recognition technology. All right. You have the busiest airport in the world. You have thousands of people walking around all over the place. When this technology is implemented, there is no way to get consent from everyone walking around. Mr. Castro. So, for the Atlanta airport specifically, they have the ability to opt out. So, you don't have to go through that if you are going through the terminal, the international terminal. Mr. Hice. All right. So, how does a person opt out? Mr. Castro. You simply say that you don't want to use the self-serve kiosk, and you can go to an agent and show them your passport. Mr. Hice. So, you are saying that technology in airports would be used just in security lines? Mr. Castro. No, it's used for boarding and for screening and for bag check. It's used for a variety of purposes. In each of those areas, Delta has said that they have an ability to opt out, and they allow consumers to do that. Mr. Hice. OK. Do you know of any case where the Government in particular, using this type of technology without the knowledge, without the consent of an individual, where it actually violated the Fourth Amendment? Mr. Castro. I don't know that. I don't think we have good documentation of that. I do think that's why we need a search warrant requirement, so we know whenever those requests are made. Mr. Hice. Yes, I would agree. And therein lies the great potential problem with all this. I mean, we see the value of the technology, but somehow we have got to land the plane on a safe zone that does not violate people's rights. And I appreciate you being here. Thank you, Madam Chair. Chairwoman Maloney. Thank you. The gentlelady from Michigan, Mrs. Lawrence, is now recognized for questions. Mrs. Lawrence. Thank you so much, Madam Chair. This year, I introduced H.R. 153 with my colleague Representative Khanna, regarding the need for the development of guidelines for the ethical development of AI. Transparency of AI systems, processes, and what implications are a result of it in helping to empower women and underrepresented or marginalized populations. Right now, we have the wild, wild west when it comes to AI. Artificial intelligence isn't the only emerging technology that requires the development of ethical guidelines. The same discussion must be carried over to the use of facial recognition. There was a member who introduced a statement from the Detroit Police Department. So, I represent a majority minority district, and the city of Detroit is one of my cities. And approximately 67 percent of my constituents are minorities, meaning the vast majority of my constituents have a higher likelihood of being misidentified by a system that was intended to increase security and reduce crime. Last month, NIST released a study, the Facial Recognition Vendor Test Part 3, which evaluated facial recognition algorithms provided by the industry to develop the accuracy of demographic groups. The report yielded there are higher rates of inaccuracies for minorities to Caucasians. Ms. Whittaker, you stated that if we develop--when algorithms are developed and you do use a biased process, it is going to give you a biased result. And one of the things with the--and we asked the question initially, what can we do? First of all, there should not be any American citizen who is under surveillance, where it is not required that it is posted and identified in a place to contact that company to say, ``What are you using my image for?'' We in America have the right to know if we are under surveillance, and what are you doing with it. Another thing, any release of data that you are gathering should be required to go through some type of process for the release of that. So, I can't just put a camera up, gather information, and then sell it. We are having this conversation about the Ring doorbell. We know that that is helping to get criminals, but if you are going to give the information from Ring to the local police department, there should be some formal process of disclosure and inclusion to the public so that they know that is happening. I am very concerned about the movement of this technology. So, some places have just said we are not going to use it. And we know this technology is here and is moving forward. Instead of just saying don't use it, we need to be, as Congress, very proactive of setting ethical standards. Have an expectation that our public can say that if I am being--if my image is being used, I know, and I have a right to what are my rights. And that is something that I feel strongly. Mr. Whittaker, in your opinion, with so many--I am sorry, Ms. Whittaker, so many variations of accuracy in the technology, what can we do that will say that we will take out these biases. We know that there have not been the algorithms. What can we do as a Congress to ensure that we are stopping this? Ms. Whittaker. Thank you for the question. I think, you know, when we talk about this technology racing forward, I think we have had an industry that has raced forward selling these technologies, marketing these technologies, making claims to accuracy that end up not being totally accurate for everyone. What we have not seen is validation race forward. We have not seen public understanding and new mechanisms for real consent, not just a sort of notice equals consent. So, I think we need to pause the technology and let the rest of it catch up, so that we don't allow corporate interests and corporate technology to race ahead to be built into our core infrastructure without having put the safeguards in place. Mrs. Lawrence. Now, the police chief in Detroit submitted a record, and I said this to him face-to-face. And he made a promise that there will never be a trial in court based solely on facial recognition. There should be something in our civil rights law and our justice system that does not allow a person to be persecuted, based on the fact that we know this data is not accurate and it has biases based on facial recognition. And that is something I think we as a Congress should do. Thank you. My time is expired. Chairwoman Maloney. Thank you. You raised a lot of very good points. The gentleman from Ohio, Mr. Jordan, is now recognized for questions. Mr. Jordan. Thank you, Madam Chair. Ms. Whittaker, it is wrong sometimes, isn't it? And it is disproportionately wrong for people of color. Is that right? And this all happens--it is my understanding this all happens in a country, in the United States, where we now have close to 50 million surveillance or security cameras across the Nation. Is that right? You can say yes. You don't have to just nod. Yes, okay. And we talked earlier about context. I think a number of witnesses have talked about context, and you know, there is the context of opening your phone is different than your apartment complex having a camera there, when we are talking about in the private sector. But it seems to me the real context concern is what is happening in--as a number of my colleagues have pointed out, what is happening with the Government and how the Government may use this technology. And we know the American Bar Association said facial recognition was used by Baltimore police to monitor protesters after the death of Freddie Gray a few years ago in the city of Baltimore, which is scary in and of itself. And then, of course, you had five bullet points, I think, and I appreciate what you are doing with the institute that you co-founded. But point number five you said this, ``Facial recognition poses an existential threat to democracy and liberty.'' That is my main concern is how Government may use this to harm our First Amendment and Fourth Amendment liberties. So, and you have got to think about context even in a broader sense. I think we have to evaluate it in light of what we have seen the Federal Government do in just the last several years. You know how many times the FBI lied to the FISA court in the summer of 2016 when they sought a warrant to spy on a fellow American citizen? Are you familiar with Mr. Horowitz's report from last month, Ms. Whittaker? Ms. Whittaker. I am. I don't remember the exact number. Mr. Jordan. Seventeen times. Seventeen times they misled a court, where they go to the court, and there is no advocate there looking out for the rights of the citizen who is going to lose their liberty, who is going to be surveilled on. And 17 times they misled the court. And we found out it was worse than we thought. They didn't spy on one American. They spied on four Americans associated with the Presidential campaign. That has probably never happened in American history. So, when we talk about context, it is not just how facial recognition can be used by the Government. We already know it has been. It was used in Baltimore to surveil protesters. And you view it in a broader context, where the FBI went after four American citizens associated with the Presidential campaign, and we know they misled the court in the initial application and through renewals 17 times. And of course, that is after what happened a decade ago. A decade ago, the IRS targeted people for their political beliefs. There was no facial recognition technology there. They just did it. Went out and targeted groups. Asked them questions like ``Do you pray at your meetings? Who are the guests at your meetings?'' before they could get a tax-exempt status. So, this is the context. And so when we talk about why we are nervous about this, context is critical. And the context that is most critical and most concerning to, I think, Republicans and Democrats on this committee and, frankly, all kinds of people around the country who have taken some time to look into this a little bit is how the Government will use it and potentially violate their most basic liberties. And that is what we are out to get. And you said in your testimony--you said in your testimony, you are for--bullet point number five, ``It is time to halt the use of facial recognition in sensitive social and political contexts.'' Can you elaborate a little bit on that? What do you think that--when you say ``halt,'' are you looking for a just flat-out moratorium on Government expanding it, stopping its use? What would you recommend, Ms. Whittaker? Ms. Whittaker. Thank you for that question and that statement. Yes, I would recommend that. I would also recommend that the communities on whom this is going to be used have a say in where it's halted and where it may be deployed. Are the people who are the subjects of its use comfortable with its use? Do they have the information they need to assess the potential harm to themselves and their communities? And is this something that--have they been given the information they need to do that? Mr. Jordan. Are you talking in a private sector context? Like I think the reference would be like an apartment complex and whether you can enter versus a key or some kind of fob or something, it be that, or are you talking--explain to me-- elaborate on that if you could? Ms. Whittaker. Yes, absolutely. You know, I am talking about both. And I think the Baltimore PD example is instructive here because the Baltimore PD was using private sector technologies. They were scanning Instagram photos through a service called Geofeedia that gave them feeds from Freddie Gray protests. They then were matching those photos against their Faces facial recognition algorithm, which is a privately developed facial recognition algorithm, to identify people with warrants, whom they could then potentially harass. So, there is an interlocking relationship---- Mr. Jordan. Sure. Ms. Whittaker [continuing]. as I say in my written testimony, between the private sector, who are essentially the only ones with the resources to build and maintain these systems at scale, and the government use of these systems. So, there's two levels of obscurity. There is law enforcement exemption, military exemption, where we don't get the information about the use of these technologies by government, and then there is corporate secrecy. And these interlock to create total obscurity for the people who are bearing the costs of these violating technologies. Mr. Jordan. Thank you. My time has expired. I appreciate it, Madam Chair. Chairwoman Maloney. Thank you. The gentleman from California, Mr. Gomez, is now recognized for questions. Mr. Gomez. First, every time I listen to a discussion on facial recognition, more and more questions emerge. It is amazing. I would like to thank my colleagues on both sides of the aisle. I know folks think that Democrats don't care about liberties or freedoms, but we do. But we also care about not only the public space, but also in the bedroom and over one's body, right? That is the way I kind of approach this issue, from a very personal perspective. I made my concerns about this technology pretty clear. You know, the dangers it imposes on communities of color when used by law enforcement, racial bias in artificial intelligence. And as I was looking into it, Amazon continues to come up because they are one of the most aggressive marketers of this new technology. And they do it under a shroud of secrecy. I want to be clear. I know that this technology isn't going anywhere. It is hard to put limits on technology, especially when using the law. And I have seen this time and time again, coming from California, where you have large companies understand that the wheels of government turn slowly. So, if they can just move quickly, they will outpace, outrun the government in putting any kind of limitations. You have seen this with some scooter companies who dump thousands of scooters on the street, no regulations, and then all of a sudden, it forces the government to react. But we will react, and we will start putting some limitations on it. I know that it is tough, but there are a lot of questions. One of the things that I have been trying to figure out, what agencies--like what companies, what agencies, what Federal authorities are using it? How are they using it? Who sold it to them? And if there is a third-party validator, like NIST, who has evaluated its accuracy. Because when this technology does make a mistake, the consequences can be severe. According to the NIST study, it said an identification of application such as visa or passport fraud detection or surveillance of false positive to match another individual could lead to a false accusation, detention, or deportation. Dr. Romine, the recently released NIST study found that facial recognition technology not only makes mistakes, but the mistakes are more likely to occur when an individual identified are racial minorities, women, children, or elderly individuals. Is that correct? Mr. Romine. For most algorithms we tested, that's correct. Mr. Gomez. Did your study find that these disparities were limited to just a few developers, or was the bias in accuracy more widespread? Mr. Romine. It was mostly widespread, but there were some developers whose accuracy was sufficiently high that the demographic effects were minimal. Mr. Gomez. Are you aware if--I know Ms. Whittaker answered this question, but has Amazon ever submitted their technology for review? Mr. Romine. They have not submitted it, but we have had ongoing discussion with them about how we can come to an agreement about their submitting the algorithm. It's an ongoing conversation, so it's an active conversation that we're still having. Mr. Gomez. How long has it been ongoing? Mr. Romine. I don't know exactly, but it's been some months at least. Mr. Gomez. OK. And you know, this is in the context of them trying to put out a blog post, and that blog post regarding their principles that you are referring to was in response to a letter that myself and Senator Markey sent to them. And you would think that it would be more than just a blog post. You would think that it would be something more serious and rises to the level of our concerns. But with that, want to ask, Ms. Leong and Ms. Whittaker, I want to ask each of you, can you each discuss the implications of the newly released NIST report on the use of facial recognition software? What are the potential harms of using biased systems? Ms. Leong. I think the benefit of the report is that it discloses the bias that is present in many of the algorithms being used and gives consumers, both as individuals or businesses who might be selecting these algorithms for use, you know, good information on which to make their choices. I want to just make the point that even though a large number of algorithms were tested, those are not equally spread across the market in terms of representing market share. The vast majority of the market right now at the high end--and particularly, that is government contracts at Federal, state, and local levels, as well as the high-end, commercial uses, like the NFL or sport stadiums or venues or amusement parks or things like that--overwhelmingly already employ the algorithms that are at the top end of this spectrum and that have very low error rates. So, it's not an evenly distributed problem, and that's part of the problem is understanding where the algorithms are being used and by whom that are causing the most harm. Mr. Gomez. Ms. Whittaker? And with that, it will be my end, but I will let you answer. Ms. Whittaker. Thank you. Absolutely, I think it's important to emphasize, as Mr. Jordan did, that accurate facial recognition can also be harmful. So, bias is one set of problems, but this goes beyond that. I think any place where facial recognition is being used with social consequences, we will see harm from these racially and gender biased disparate impact. So, I think we can look at the case of Willie Lynch in Florida, who was identified solely based on a low-confidence facial recognition match that was taken by an officer of a cell phone photo. He is now serving eight years based on that photo and had to struggle and was eventually denied to get that evidence released during his trial. So, we're seeing high stakes that really compromise life and liberty here from the use of these biased algorithms. And you know, in response to the question of where they are being used, which algorithms are being used here, we don't have public documentation of that information. We don't have a way to audit that, and we don't have a way to audit whether they are--whether NIST's results in the laboratory represent the performance in different contexts, like amusement parks or stadiums or wherever else. So, there's a big gap in the auditing standards, although the audits we have right now have shown extremely concerning results. Mr. Gomez. With that, I yield back, Madam Chair. Chairwoman Maloney. Thank you. The gentlewoman from West Virginia, Mrs. Miller, is now recognized for questions. Mrs. Miller. Thank you, Chairwoman Maloney and Ranking Member Jordan. As technology evolves, it is important that we are on top of it. I saw firsthand how they were using facial recognition when I was in China as a form of payment. I was also exposed to several concerning uses of facial recognition technology. As a committee, it is our responsibility to make sure that anything that is done in the United States is done thoughtfully and prioritizes the safety and individual security. Mr. Parker, when I am at a busy airport, I am really glad that I have CLEAR to get through. Even though we have TSA, when you are in a hurry, it is really nice that you can use recognition and go forward. Can you elaborate on some examples of beneficial uses for consumers and businesses? Mr. Parker. Sure. And I'll stick, I guess, to the private sector uses, but also security and safety related. So, one really important one is protecting people against identify theft and fraud, something you may not think about. But here is how it works in many instances. So, someone walks into a bank and asks to open a line of credit using a fake driver's license with the customer's real information. As part of the process, the teller tells them they have to have their photo taken. That comparison is made, and they determine it may not be the person that they say they are. And so they say, ``I better talk to my management.'' By that time, the person that's going to commit fraud is probably long gone, right? But that's a really useful case for the technology that people don't think about. Also, so I guess from our industry, facial recognition is also able to provide additional security for facility access control. It's typically to augment, though, other credentials, such as keys or cards, but these things can be shared, stolen, or simply lost. Biometric entry systems provide an additional convenience to registered users. For example, when there is-- for expedited entry into an office building for commercial offices during rush times. Another example, the technology is being used to reduce organized retail crime and theft, which has skyrocketed in recent years, hurting American businesses, consumers, taxpayers alike. Mrs. Miller. Do you think that the mainstream media outlets have given an honest portrayal of how this technology is utilized and the reality of its capabilities? Mr. Parker. And so, I don't think so. I think this is a complex issue, as we've been talking about here, and I think it tends to get oversimplified and mischaracterized. Going back to what I said earlier, I think the issue is that what's causing some concern is about how the technology is used. It's not the technology itself. And I think there's other technologies that could be used in similar ways, and so we need to think more constructively about what the rules should be about the use of many different types of technology. Mrs. Miller. Thank you. Dr. Romine, I have a very good friend in West Virginia by the name of Chuck Romine, and his son is Dr. David Romine. But if we scanned both of you, you would not look anything alike. During a House Homeland Security Committee hearing on July 11, in your testimony you discussed accuracy rates across multiple demographics and how inaccurate results are diminishing. Now that you have published the report, is that still accurate, and in what other areas is this technology improving? Mr. Romine. So, I hope my statement in July was that the most accurate algorithms are exhibiting diminishing demographic effects. And we certainly do believe that this, the report that we released just last month, confirms that. Mrs. Miller. You also stated that anytime the overall performance of the system improves, the effects on different demographics decrease as well. Is that still something that is still true to this day? Mr. Romine. That is correct. Mrs. Miller. Good. Knowing that accuracy rates have improved within 2014 to 2018, can you further explain the role of performance rates and why they are important for the end- users of these technologies? Mr. Romine. Absolutely. It's essential that in the selection of a system, you understand the algorithm that the system uses and select for an accuracy that is sufficiently robust to provide you the minimized risk for the application. In some cases, the application may have very limited risk, and the algorithm may not be important. In other cases--or as important. But in other cases, the risk may be severe, such as identification of suspects, for example, or access to critical infrastructure. If there is facial recognition being used for that, then you want to have an algorithm basis for your system that is high-performing. Mrs. Miller. Could you speak to where your researching techniques that exist to mitigate performance differences among the demographics and what is emerging research and standards in NIST interested in supporting? Mr. Romine. Sure. Thank you for the question. Although we didn't specify too many of the mitigations that we would expect people to adopt today, one of the things that we do want to do is to point policymakers and consumers to ways in which these things can be mitigated. One of the mitigations can be a determination of an appropriate threshold to set to ensure that any algorithm that you use, you set an appropriate threshold for the use case. Another is a possible use of a separate biometric. So in addition to face, having a fingerprint or an iris scan or some other type of biometric involved that would help to reduce the error substantially more. Mrs. Miller. Thank you. I yield back my time. Chairwoman Maloney. Thank you. The gentlewoman from Massachusetts, Ms. Pressley, is recognized for questions. Ms. Pressley. Thank you, Madam Chair. The use of facial recognition technology continues to grow at a breathtaking pace and is now seeped into nearly every aspect of our daily lives. Many families are unaware that their faces are being mined as they walk through the mall, the aisles of the grocery store, as they enter their homes or apartment complexes, and even as they drop their children off at school. In response, several municipalities, including within the Massachusetts Seventh congressional District, which I represent--So,merville and Cambridge, respectively--have stepped up to the plate to protect their residents from this technology. We know that the logical end of surveillance is often over- policing and the criminalization of vulnerable and marginalized communities. It is also why I worked with my colleagues Representative Clarke and Representative Tlaib on legislation to protect those living in HUD public housing from this technology. More recently, school districts have begun to deploy facial analytics in school buildings and at summer camps, collecting data on teachers, parents, and students alike. Ms. Leong, how widespread is the use of this technology on children in schools? Ms. Leong. We're seeing facial recognition systems being implemented more and more in schools. I think the actual number is still very small in terms of percentage penetration of the number of schools in this country, but it's certainly spreading and growing. And it's one of the use cases we think is entirely inappropriate, that there's just really no good justification for a facial recognition system in a K-to-12 school. They are mostly being used in security applications, sometimes in a sort of fear-driven response to school shooter scenarios and things like that, which, in my opinion, they do not adequately address in any meaningful way and is not the best use of funds or the best way to heighten security around schools in response to those threats. The other part of your question that was the facial characterization programs, which I think are being used more and more in an educational context, where we are seeing systems that try to evaluate are students paying attention? What's the engagement rate? What's the response rate of students to certain teachers or types of teaching or things like that? As I think was mentioned once earlier in the hearing by someone else, that is based on very questionable data at this point, and I think in the not ready for primetime category definitely qualifies in the sense that we're seeing it very quickly applied in many use cases that the science and the research is not there to back up. And it's particularly concerning when you're talking about children in schools, not only because they're essentially a captive population, but because the labels or decisions that might be made about those children based on that data might be very, very difficult to later challenge or in any way reduce the effects on that particular child. Ms. Pressley. Well, yes, serious security and privacy concerns. Dr. Romine, your study found that the error rate of facial analytic software actually increased when identifying children. Is that correct? Mr. Romine. For most algorithms, that's correct. Ms. Pressley. OK. And why was that? Mr. Romine. We don't know the cause and effect exactly. There is speculation that children's faces are--have--with less life experience, there are less feature-rich faces, but we don't know that for sure because the convolutional neural networks that are used are--it's difficult to make a determination of the reason. Ms. Pressley. Got it. And many of you have mentioned in which these image data bases can be vulnerable to hacking or manipulation. Ms. Whittaker, when children's images are stored in data bases, are there any unique security concerns that they raise or that may arise? Ms. Whittaker. Absolutely. Security for minors is always a concern. Ms. Pressley. OK. Well, this technology is clearly biased, inaccurate, and even more dangerous when used in schools, where black and brown students are disproportionately already over- policed and disciplined at higher rates than their white peers for the same minor infractions. In my district, the Massachusetts Seventh alone, black girls are six times more likely to be suspended from school and three times more likely to be referred to law enforcement, again, for the same infractions as their white peers. Our students don't need facial recognition technology that can misidentify them and lead them to the school-to-confinement pathway. Last fall, I introduced the Ending PUSHOUT Act, which would urge schools to abandon over-policing and surveillance and to instead invest resources in trauma-informed supports, access to counselors and mental health professionals, resources that will really keep our kids safe. In my home state of Massachusetts, a broad coalition of educators, civil rights, and children's rights advocates are leading the fight and saying no to the deployment of facial recognition technology in our schools, and I am grateful for their activism and their solidarity on this issue. I would like to include, pardon me, for the record a letter from the BTU, the NAACP, AFT Massachusetts, MTA, the AFCLU Massachusetts, and many others, urging our state to reject additional surveillance and policing in our schools. Chairwoman Maloney. Without objection, so ordered. Ms. Pressley. Thank you. And I yield. Chairwoman Maloney. Thank you. And the gentleman from North Dakota, Mr. Armstrong, is now recognized for questions. Mr. Armstrong. Thank you, Madam Chair. I think there are a couple things that we should talk about for a second because I think they are important. And one of them--I am going to go to the Fourth Amendment and criminal context and how this could be deployed there. And this isn't the first time we have seen the crisis in Fourth Amendment. It happened with telephoto lenses. It happened with distance microphones, GPS trackers, drones, and now we are at facial recognition. And to be fair, the Fourth Amendment has survived over time pretty well, but biometric information has a different connotation, which I will get to in a second. I also agree with Ranking Member Jordan that we can't leave this for the courts to decide. And one of the reasons we can't is the courts are going to take a constitutional view of privacy, not a popular culture view of privacy. And so when we are into the civil context and data sharing and these types of issues, I will be the first to admit, my facial recognition didn't work on my phone over Christmas. You know what I did? Drove immediately to the cell phone store and got a new one. So, I understand the convenience of it and those things. But the Carpenter case is a pretty good example of how at least the U.S. Supreme Court is willing to change how they view privacy in the digital age. So, part of our job as Congress is to ensure that we write a law and write regulations that ensure that we can maintain those types of privacy standards. Now one of the reasons biometric--and I wish some people were here--is a little different is because there is one unique thing in a criminal case that is really, really relevant to facial recognition, and that is identity cannot be suppressed. I can suppress a search. I can suppress 40 pounds of marijuana. I can suppress a gun. I can suppress a dead body. But you cannot suppress identity. So, as we are continuing to carve through these, one thing I think we have to absolutely understand is in these types of cases, we need to apply a statutory exclusionary rule. Otherwise, any regulations we pass don't really, truly matter in a courtroom. And two, we have to figure out a way for meaningful human review in these cases. Because when they say, we will never prosecute somebody solely on facial identity, well, that is a fair statement, except there has to be an underlying offense of a crime, so they are prosecuting them on something else as well. And it is really, really important. But I also think it is important to recognize that not all populations are the same. There is a big difference between using facial recognition in a prison setting and even, quite frankly, in a TSA or a border setting than there is for a law enforcement officer walking around the street with a body camera or people getting profiled at a campaign rally. And so we have to continue to have those conversations. But I also want to point out that one of the things we have to do when we are dealing with these types of things in the law enforcement scenario, and I don't care what law enforcement it is--state, local, Federal, DEA--all of those issues have to figure out a way to account for false positives. And the reason I say that is, and I am going to use a not an apples-to-apples analogy, but in North Dakota, highway patrolmen have drug dogs. Not all of them, but some of them, and they are multi-use. I mean, our law enforcement usually has those. So, if you are speeding down the street or speeding down the highway going 75 in a 55, and you get pulled over and that highway patrolman happens to have a drug dog in his car, and he walks that drug dog around your car and that dog alerts, and they search your car and they don't find any drugs and they let you leave, and they give you your speeding ticket and you go along your way, that data never shows up in that dog's training records. It never shows up. So, when you are talking about the accuracy of a drug dog, when you are talking about the accuracy of finding a missing girl, or any of those issues, we cannot wait until that situation arises. Because if there is a missing girl on the Mall out here, I will be the first one standing at the top of the Capitol steps saying use whatever technology to deploy. Grab everybody you can. Let's find this little girl. And I agree with that there. But you cannot have meaningful regulation unless you have meaningful enforcement. And one of the concerns I have when deploying this technology in a law enforcement setting is it is very difficult, by the nature of how that works, to deal with those false positives. Like my questions are when we are talking about the missing girl or the rice cookers is, how many people were stopped? How many people were stopped that weren't that person? I am glad they found her. I am glad they caught the guys. But we have to be able to have a situation in place where we can hold people accountable. And the only ways I can think of to do that is to continue to develop this. One, use it in populations, where--I mean, and perfect it. Now the problem with the prison population is you have a static population. The problem with the Mall outside is it is a completely variable population. But I think when we move forward with this, and particularly in a law enforcement and criminal setting, we have to recognize the fact that you cannot suppress identity. So, it is different than a lot of other technologies. Because if your number is 90 percent and you stop somebody at 60 percent and it still happens to be that person, under current criminal framework, they are not--I can make that motion, the judge will rule in my favor, and say, ``Too bad, still arrested.'' So, with that, I yield back. Chairwoman Maloney. Thank you. The gentlewoman from Michigan, Ms. Tlaib, is now recognized for questions. Ms. Tlaib. Thank you, Madam Chair. I think many of you probably already know I am particularly disturbed by the aspect of facial recognition technology being used by landlords and property owners to monitor their tenants, especially in public housing units. In Detroit, for example, the city's Public Housing Authority recently installed security cameras on these public housing units that we believe is going to be something that encroaches onto people's privacy and their civil liberties. You know, these are people's homes. And so, I don't think being poor or being working class means somehow that you deserve less civil liberties or less privacy. And so, Ms. Leong, what are the privacy concerns associated in enabling facial recognition software to monitor public housing units? If you live in a low-income community, is your civil liberties or your privacy lessened? Ms. Leong. Thank you for the question. And of course not. At least hopefully not. I think this is a great example of the conversation that needs to happen at the beginning of this, which is what is the problem that they're trying to solve by putting this into a housing complex, any housing complex? What is the landlord or the owner's gain? What is it they're trying to do? Is it convenience? Is it some level of security? Is it just because it's a really cool technology that they offered him on a discount, and he wants to use it? What is he trying to gain from it? And then with that in mind, what are the risks to the occupants? In my opinion, that would be a commercial use, which would mean that even if it was installed, it would be only for those residents who chose to opt in and enroll and use it as their way in and out of the building. But for residents who didn't want to, they would not be enrolled in the data base and should not be included in that. But certainly, from a civil liberties point of view, if this was being used in some way, the other laws about inequitable impact or protected classes don't go out the window just because you use a new technology. They are still in place, still need to be applied. It's sometimes a new way of evaluating them because of new technologies, and so they raise challenging questions---- Ms. Tlaib. Ms. Leong, these new technologies, they are for profit, right? Ms. Leong. The company who designs them---- Ms. Tlaib. Yes. Ms. Leong [continuing]. sells them for profit. Ms. Tlaib. They are for-profit technology that are coming into communities like mine that is overwhelmingly majority black and testing these products, this technology, onto people's homes, the parks, the clinics. It is not stopping. Now I hear my good colleague from Massachusetts talk about them installing it in schools. They are using this, and I have a police chief that says, oh, this is magically going to disappear crime, but if you look, my residents don't feel less safe. They actually don't like this green light that is flashing outside of their homes, the apartment building, because for some reason he is telling everybody it is unsafe here. You know, it takes away people's kind of human dignity when you are being policed and surveillanced in that way. Now, and this is a question for Dr. Romine, they are now trying to say we are going to use facial technology as like the what do they call, the key fobs. They want to now use access to people's homes using facial recognition technology on key fobs. So, you know, one of the consequences of that is misidentification. I mean, my colleague on the other side just talked about how he couldn't even access his phone. I am really worried that they are testing my people, my residents are being used as testing ground for this kind of technology, of using it as a key fob. Do you have any comment in regard to that? Mr. Romine. The only comment I have from the NIST perspective is that the algorithm testing that we do is to provide information to people who will make determinations of what is and is not an appropriate use. That includes this--you know, this committee, any potential regulation or lack of regulation, and any deployment that's made in the private sector or otherwise is outside the purview of NIST. Ms. Tlaib. Well, I am really proud to be co-leading with Congresswoman Pressley, as well as Congresswoman Yvette Clarke, and leading No Biometric Barriers to Housing Act, which would prohibit any--you know, completely ban facial recognition technology on Federal-funded housing buildings and properties. We should be very careful. I think Congressman Mark Meadows is right. You know, I hear some of my colleagues on both sides say, well, we got to fix the algorithms, we got to do this. I said, well, I am not in the business and we shouldn't be in the business of fixing for-profit technology industries, you know, these new, you know, they call them tools. They give them all these great names, but they are processes in place of, you know, human contact, police officers on the street. I increasingly talk about this with, you know, the police chief and others, and all they can say is, well, we did this, and we were able to do that. But like my colleague said, how many people did you have to go through? Because I watched while they matched a suspect with 170-plus people. I watched as they took a male, a male suspect and matched him with a female. One hundred and seventy, I watched. And the kind of misleading the public of saying, well, you must not care about victims. No, I actually do care about victims. How about the victim that you are just now misidentifying, you are increasing? And so, with that, Chairwoman, I do really want--and I hope you all read this--but a report by the Detroit Community Technology Projects. It is a Critical Summary of Detroit's Project Greenlight and its greater contacts and the concerns with the use of facial recognition technology in Detroit. I would like to submit it for the record. Chairwoman Maloney. Without objection. Ms. Tlaib. Thank you, and I really do appreciate all of your leadership on this. And thank you so much, Chairwoman, in doing yet a third hearing on this and continuing this critical issue that I know was important to Chairman Cummings. Thank you very much. Chairwoman Maloney. The gentleman from Kentucky, Mr. Comer, is now recognized for questions. Mr. Comer. Thank you. And I ask that you bear with me. I am battling laryngitis. So, laryngitis with a bad accent doesn't spell success. [Laughter.] Mr. Comer. I think there is bipartisan concern here today for facial recognition technology as we move forward. My first question is for Dr. Romine, with respect to the National Institute for standards testing. What is NIST's role in establishing Government-wide policy? Mr. Romine. The only role that we have with respect to Government-wide policy is providing the scientific underpinning to make sound decisions. And so as a neutral, unbiased, and expert body, we are able to conduct the testing and provide the scientific data that can be used by policymakers to make sound policy. Mr. Comer. Well, how does a NIST technical standard differ from a policy standard? Mr. Romine. Well, certainly technical standards can be used by policymakers. So, in this case, a determination of a policy that was predicated on identification of algorithms that are based on their performance characteristics is--would be one example of that. But from a policy perspective of what to do or what not to do with face recognition technology, that's something we would support with scientific data, but not with policy proclamations. Mr. Comer. Let me ask you this. Is NIST the right agency to develop Government-wide policy? Mr. Romine. I don't think so, sir. I don't think that's a NIST role. Mr. Comer. OK. What is NIST's role in developing accuracy standards for facial recognition technology? Mr. Romine. Our role is in evaluating the accuracy, and in particular, one of the things that we've developed over the last 20 years is the appropriate measurements to make. These measurements didn't exist. We worked with the community to develop a set of technical standards for not just the measurement itself, but how to measure these things, including the reporting of false positives, false negatives, the very detailed definition of what those constitute. Mr. Comer. Thank you. Mr. Parker, I understand that the Security Industry Alliance supports the U.S. Chamber of Commerce's recently released facial recognition policy principles. What are the principles, and why do you support them? Mr. Parker. Yes. Thank you for the question. Yes, so I think that the Chamber put a lot of really great work into developing this framework. And basically, it mirrors some of the work that was done earlier by the Department of Commerce NTIA. They had convened a multi-stakeholder process that included industry, but also other parties from the commercial sector about what does appropriate commercial use look like. And I think, you know, some of the principles have to do with, you know, transparency is obviously the main one, but also, as we were discussing earlier, what should be done as far as opt-in consent in the commercial setting. I think that's going to cover most cases, for example. Mr. Comer. Well, can you describe how those principles balance the need for protecting civil liberties while also promoting industry innovation? Mr. Parker. Well, I think for the commercial use, we're primarily talking about data privacy. So, that's a little different. Civil liberties concerns surround Government use primarily. Mr. Comer. Well, let me followup, and this will be my last question. What does the path ahead look like for these principles? Mr. Parker. So, I think that the debate going on right now about establishing a national framework for data privacy is a really important one. And I think that how to set rules for use of the technology in the commercial setting, it's within that framework. And so, I know we've had the GDPR in Europe, but also in the United States, we have some states that are establishing their own frameworks. And that could be a real problem for our economy if we don't establish standardized rules. Mr. Comer. OK. Thank you. Madam Chair, I yield back the balance of my time. Chairwoman Maloney. Thank you. The gentleman from Virginia, Mr. Connolly, is now recognized for questions. Mr. Connolly. I thank the chair. And thank you all so much. It has been a stimulating conversation. It just seems to me, you know, we are going to have to really grapple with what are the parameters of protecting privacy and controlling the use of this technology. And one of the traps I hope, on my side of the aisle particularly, we don't fall into is continuously citing the false IDs. Because if we make the argument this technology is no good because there are a lot of false IDs, that may be true today and the concern is legitimate, but technology's nature is it will improve. So, what will we say when it becomes 95 percent accurate? Then what? Are we conceding the argument that, well, then you can used it with impunity? I would certainly argue, irrespective of its accuracy, there are intrinsic concerns with this technology and its use. And maybe we have to look at things like opt-in and opt-out, where you actually require the consent of anybody whose face is at issue to be able to transfer it to another party whether you are Government or not Government. Mr. Parker, you were talking about primarily being concerned about how Government uses facial recognition technology, but do we have any reason to believe the private sector might also generate some concerns? Mr. Parker. Sure. That's why we need to establish best practices about how it's used, you know, particularly in any applications where there is any kind of serious consequence for errors, you know, for example. Mr. Connolly. Errors. Well, let me give you a different example. So, IBM got a million photos from a photo hosting site called Flickr. It sent the link to that data base, a million faces, to Chinese universities. Now that wasn't the Government doing it. It was a private entity. And it wasn't about accuracy, it was about an entire dataset going to a foreign adversary who has a track record of actually using this technology to suppress and persecute minorities, for example, Uyghurs, to wit. We know they are doing that. So, might you have any concern about a company like IBM engaging in that kind of behavior, in transferring an entire dataset to Chinese universities with close ties, obviously, to the Chinese government? Mr. Parker. Yes, certainly. And I think we've seen this reflected in U.S. Government policy, too, which established a restriction on exports to a number of Chinese companies, particularly those that are developing this technology that we're talking about. Mr. Connolly. Ms. Whittaker, your views about that? Ms. Whittaker. Well, I think that highlights one of the issues that trying to implement consent raises, which is that those photos are already on Flickr. Those are photos that someone may have put on Flickr during a very different Internet, when facial recognition at scale was not a technical possibility the way it is today. And they are now being scraped by IBM. They are being scraped by many, many other researchers to comprise these datasets that are then being used to train these systems that may be erroneous, that may target our communities, and that may violate our civil liberties. So, where we ask for consent, how consent could work, given that we have a 20-year history where we've clicked through consent notifications without reading them as a matter of habit to get to the core technical infrastructures of our lives, remains a big, open question. And I think we would need to be able to answer that. Mr. Connolly. Certainly, I think we could agree, could we not, that whether I clicked consent for Flickr or any other entity to have access to and within reason use my photo, I never contemplated having that photo transferred to a foreign government or to a university with close ties to a foreign government? Ms. Whittaker. Yes, or to have a corporation use it to train a system that they might sell to law enforcement in ways that targets your community. Mr. Connolly. Right. Ms. Whittaker. There's a lot of things we did not consent to. Mr. Connolly. Well, it just seems to me, Madam Chairman, that this being the third hearing where we all have expressed concern about the zone of privacy and, frankly, informed consent about citizens or noncitizens whose data--in this case, their face--may be used and how it may be used and transferred to a third party, we have got some work to do in figuring out the rules of engagement here and how we protect fundamental privacy rights of citizens. Unless we want to go down the road of expanding and transferring--excuse me, transforming the whole definition of the zone of privacy. And that is a very different debate. But it seems to me that we can't only concede the technology will drive the terms of reference for privacy. Thank you, Madam Chairman. Chairwoman Maloney. Thank you. The gentleman from Wisconsin, Mr. Grothman, is now recognized for questions. Mr. Grothman. OK. Maybe I will start with Ms. Whittaker, but anybody else can jump in if they want, I guess. Could you go over a little bit the degree or how this technology is being used in China today? First of all, though, I would like to thank Mr. Connolly for his comments. I think the inference that the major problem here is getting false information is, I don't think, the biggest concern. I think the biggest concern is it becomes more and more--it is better and better as the evil uses that it is used for. And some of my colleagues seem to imply that as long as we are not getting any false information, apparently, the more information we have, the better. I think sometimes the less information the Government has, the better. But, OK, Ms. Whittaker, go ahead. Ms. Whittaker. Absolutely. Thank you for the question. I want to preface my answer by saying that I am an expert on artificial intelligence, and I understand the tech industry very well. I'm not a China expert. However, it is very clear that these technologies are being used in China to implement social control and the targeting of ethnic minorities. You have networks of facial recognition systems that are designed to recognize individuals as they go about their daily lives and issue things like tickets if they jaywalk, if they are recognized by a facial recognition system. Mr. Grothman. Could it be used--people attend religious ceremoneys in China, would it be used there? Ms. Whittaker. Absolutely. The same way that Baltimore police used it to look at people who attended a Freddie Gray protest. It's the same principle. You're just seeing it deployed in a different context. Mr. Grothman. I attended a rally last night for President Trump. I think about 12,000 people were there. Do you think it is possible that any facial recognition technology was being used there, so people would know who was showing up at the rally, who was hanging around outside before the rally? Ms. Whittaker. The capacities in technological affordances certainly exist. Again, the type of obscurity within which these technologies are deployed by both the Government and the private sector makes it very difficult to speculate beyond that because we are just not told when it's used and where. Mr. Grothman. Would it surprise you if it was being used there? Ms. Whittaker. No. Mr. Grothman. OK. There is the concern I have. And we have a Government that has weighed in against certain people. The ranking member pointed out the IRS in the past has shown strong bias against conservatives, okay, and we use the power of Government against conservatives. We had a major Presidential candidate a while ago saying he wants to take people's guns. And so you got to worry, you know? Would it surprise you if facial recognition technology was being used--I am going to attend a gun show this weekend in my district. Would it surprise you if facial recognition technology was being used to develop a data base of people going in that gun show? Ms. Whittaker. Facial recognition is being used to develop or against many different kinds of data bases. Mr. Grothman. OK. Kind of concerning there. To me, that is the major concern, that our country will work its way toward China, as we have--I think a while back we had a Presidential candidate, you know, hostilely question a prospective judge because they were a member of the Knights of Columbus, which is kind of scary. Could you see the day coming in which we are using facial technology to identify which people are, say, attending a Catholic Church? That apparently seems to bother some people. Ms. Whittaker. Again, that's the same principle as the Baltimore Police Department using it to see who attends a Freddie Gray rally and target them if they have a warrant. So, it is already being used in that capacity, irrespective of which group it's targeting or not. Mr. Grothman. If you set up a Catholic Church in China, do you think the Red Chinese government would probably be trying to use facial recognition technology to know in the future who is a member of that church? I don't know if they have any Knights of Columbus chapters in China, but you know, identifying in China if you would show up at a Knights of Columbus meeting? Ms. Whittaker. Again, the technological capabilities exist, but I am an artificial intelligence expert, not a Chinese geopolitical expert. Mr. Grothman. Anybody else want to comment on what is going on in China? Ms. Whittaker. I think it is a model for authoritarian social control that is backstopped by extraordinarily powerful technology. I think one of the differences between China and the U.S. is that their technology is announced as state policy. In the U.S., this is primarily corporate technology that is being secretly threaded through our core infrastructures without that kind of acknowledgment. Mr. Grothman. Right. Amazon a big player here? Ms. Whittaker. Absolutely. Amazon is one of the big---- Mr. Grothman. They are a very political group, aren't they? Or they have expressed strong political opinions? Ms. Whittaker. They certainly hire many lobbyists. Mr. Grothman. OK. I think they have--okay. Thank you for giving me an extra few seconds. Chairwoman Maloney. Thank you. The gentlelady from New York, Ms. Ocasio-Cortez? Ms. Ocasio-Cortez. Thank you, Chairwoman Maloney. And thank you again for holding a third hearing on something that is so important and is such an emerging technological issue that it is really important for the public to understand. We have heard a lot about the risk of harm to everyday people posed by facial recognition, but I think it is important for people to really understand how widespread this is. Ms. Whittaker, you made a very important point just now that this is a potential tool of authoritarian regimes, correct? Ms. Whittaker. Absolutely. Ms. Ocasio-Cortez. And that authoritarianism or that immense concentration of power could be done by the state, as we see in China, but it also could be executed by mass corporations, as we see in the United States, correct? Ms. Whittaker. Yes. Ms. Ocasio-Cortez. So, can you remind us, Ms. Whittaker or Ms. Leong, can you remind us of some of the most common ways that companies collect our facial recognition data? Ms. Whittaker. Absolutely. They scrape it from sites like Flickr. Some use Wikipedia. They collect it through massive networked market reach. So, Facebook is a great example of that. Ms. Ocasio-Cortez. So, if you have ever posted a photo of yourself to Facebook, that could be used in a facial recognition data base? Ms. Whittaker. Absolutely. By Facebook and potentially others. Ms. Ocasio-Cortez. If you have posted it to Wikipedia? Ms. Whittaker. Yes. Ms. Ocasio-Cortez. Could using a Snapchat or Instagram filter help hone an algorithm for facial recognition? Ms. Whittaker. Absolutely. Ms. Ocasio-Cortez. Can surveillance camera footage that you don't even know is being taken of you be used for facial recognition? Ms. Whittaker. Yes, and cameras are being designed for that purpose now. Ms. Ocasio-Cortez. And so, currently, cameras are being designed. People think, you know, I am going to put on a cute filter and have puppy dog ears and not realize that that data is being collected by a corporation or the state, depending on what country you are in, in order to track you or to surveil you, potentially for the rest of your life. Is that correct? Ms. Whittaker. Yes. Ms. Ocasio-Cortez. Do you think average consumers are aware of how companies are collecting or storing their facial recognition data? Ms. Whittaker. I do not. Ms. Ocasio-Cortez. And what can a consumer or a constituent like mine do if they have been harmed by companies' improper collection? In a previous hearing, we were talking about how facial recognition oftentimes has had the highest error rates for black and brown Americans, and the worst implications of this is that a computer algorithm will tell a black person that they have likely committed a crime when they are innocent. How can a consumer or a constituent really have any sort of recourse against a company or an agency if they have been misidentified? Ms. Whittaker. Right now, there are very few ways. There is the Illinois Biometric Information Privacy Law that allows private actors to bring litigation against companies for corporate misuse of biometric data. But, one, you have to know it's been collected. Two, you have to know it's been misused. And three, you have to have the resources to bring a suit, which is a barrier to entry that many of those most likely to be harmed by this technology cannot surpass. Ms. Ocasio-Cortez. So, let's say if you walk into a technology store, or as this technology spreads, you just walk into a store in the mall, and because the error rates for facial recognition are higher for black and brown folks, you get misidentified as a criminal. You walk out, and let's say an officer stops you and say someone has accused of a crime, or we think that you have been accused of a crime. You have no idea that facial recognition may have been responsible for you being mistakenly accused of a crime. Is that correct? Ms. Whittaker. That's correct. And we have evidence that it's often not disclosed. Ms. Ocasio-Cortez. And so that evidence is often not disclosed, which also compounds on our broken criminal justice system, where people very often don't get entitled to the evidence against them when they are accused of a crime. Is that correct? Ms. Whittaker. Yes, the Willie Lynch case in Florida is case in point. Ms. Ocasio-Cortez. So, what we are seeing is that these technologies are almost automating injustices, both in our criminal justice system, but also automating biases that compound on the lack of diversity in Silicon Valley as well? Ms. Whittaker. Absolutely. These companies do not reflect the general population, and the choices they make and the business decisions they make are in the interest of a small few. Ms. Ocasio-Cortez. So, you know, Madam Chairwoman, I would say this is some real-life Black Mirror stuff that we are seeing here. And I think it is really important that everyone really understand what is happening because this is--and as you pointed out, Ms. Whittaker, this is happening secretly as well, correct? Ms. Whittaker. Yes. Ms. Ocasio-Cortez. All right. Thank you. And that is my time. Chairwoman Maloney. Thank you. The gentleman from Pennsylvania, Mr. Keller, is now recognized for five minutes. Mr. Keller. Thank you, Madam Chair. And I just want to say that we all represent many people that are probably not familiar with the commercial and the Government's use of the facial recognition technology. I mean, there is a lot of technology out there. So, I am grateful for the witnesses being here to help shed a little bit of light on the topic of facial recognition technology. And when we look at the--if there is a proper approach toward regulating the use of facial recognition technology, you know, we need to balance personal privacy with whatever appropriate use there may be as a tool to make, you know, the Government or law enforcement capabilities more effective in what they do. And the reason I say this is several years ago something happened in the legal community called the ``CSI effect,'' where television shows exaggerated the prevalence of DNA and forensic evidence and the ease of its processing in criminal cases. You know, defense attorneys then used the public's new perception of this evidence to claim the lack of enough forensic evidence meant that the police didn't do their due diligence. You know, today many law enforcement television shows and movies utilize, you know, and they reference facial recognition technology as part of their storytelling. You know, so there are a lot of concerns here. And you know, I have concerns with, you know, the Fourth Amendment and all of our rights that we have. And I guess, Mr. Parker, if you could just maybe explain to what extent do you think the current pop culture is filled with an exaggerated or distorted view of how prevalent the use or if there is an appropriate use of facial recognition technology? Mr. Parker. Yes, I guess, first of all, I do think that it has--I mean, if you look at the portrayal of the technology in the media, it's far beyond what we can do right now. So, that's one thing to consider. I think the other thing is that, you know, we mentioned earlier about, you know, what's happening in China. Unfortunately, their government by policy is using technology, not just this one, many others to persecute certain groups. And obviously, that's a horrible example of how technology can be misused. So, I think also the capability is different there. I'm not an expert on China either, but you know, to use a facial recognition system, there has to be a data base with people enrolled in it, you know? And so, you know, I suspect there is a large data base like that over there. But I can speak on behalf of our members. You know, we have no interest in helping the Government at any level here do mass surveillance of citizens engaged in lawful activity. We have no interest in that. And that's not the case right now as a system, and I haven't seen evidence that that's what's intended, but certainly that's not a place we want to go. Mr. Keller. Yes. And you mentioned, you know, technology can be a great tool, and it can. And it goes with anything. Our phones can keep us very well-connected and do things. It can become a great hindrance and distraction, too, and be used for a lot of malicious and evil things. I mean, a lot of people now bully using, you know, social media and so on. So, that can happen with anything, and it is a matter of how we effectively regulate that and make sure it doesn't get used inappropriately. Also, Mr. Parker, do you think we could be looking at the possible new CSI effect in terms of facial recognition and the use of law enforcement? Do you think that---- Mr. Parker. Yes, so that is a risk. And I think you are right to identify that. I think the key here is to have really locked down and thorough use policies and constraints. I think there's many uses in both the private sector and the public sector where that is being done correctly. There are other cases we know less about because there is less transparency. But making--you know, part of that is some accountability measures that ensure use of those systems are auditable to make sure that they are only being used for the purposes specified by the people who have authorization to do it. Mr. Keller. OK. I appreciate that because this is a very sensitive issue, and I do appreciate the opportunity of having these hearings so that more people are aware of what is happening. Thank you, and I yield back. Chairwoman Maloney. Thank you. I recognize the gentlewoman from New Mexico, Ms. Haaland, for questions. Ms. Haaland. Thank you, Mr. Chair. Thank you all so much for being here today. We appreciate your time and effort in this hearing. I recently read that some employers have begun using facial recognition technology to help decide who to hire. At certain companies, such as Hilton and Unilever, job applicants can complete video interviews using their computer or cell phone cameras, which collect data on characteristics, like an applicant's facial movements, vocal tone, and word choice. One company offering this technology, HireVue, collects up to 500,000 data points in a 30-minute interview. The algorithm then ranks the applicant against other applicants based on the so-called ``employability score.'' Job applicants who look and sound like the current high performers at the company receive the highest scores. Ms. Whittaker, I have two questions for you. One, isn't it true that the use of facial recognition and characterization technology in job application processes may contribute to biases in hiring practices? And, if yes, can you please elaborate? Ms. Whittaker. It is absolutely true. And the scenario that you described so well is a scenario in which you create a biased feedback loop in which the people who are already rewarded and promoted and hired to a firm become the models for what a good employee looks like. So, if you look at the executive suite at Goldman Sachs, which also uses HireVue for this type of hiring, you see a lot of men, a lot of white men. And if that becomes the model for what a successful worker looks like and then that is used to judge whether my face looks successful enough to get a job interview at Goldman Sachs, we are going to see a kind of confirmation bias in which people are excluded from opportunity because they happen not to look like the people who had already been hired. Ms. Haaland. Thank you so much for that. So, Ms. Whittaker, would you agree that granting higher employability scores to candidates who look and sound like high-ranking employees may lead to less diversity in hiring then? Ms. Whittaker. I would agree, and I would also say that that methodology is not backed by scientific consensus. Ms. Haaland. Thank you. Ms. Leong, do you envision any privacy concerns that may arise when employers collect, store, and use the data generated from video job interviews? Ms. Leong. Yes. Thank you for the question. That is absolutely a concern since the individuals may not be aware of what data is being collected, especially if some of those systems are being used maybe even in an in-person interview, but there is a camera running that's collecting some sort of characterization profile and that the person may or may not be aware of that or whether that's part of the decisionmaking process for their application. Ms. Haaland. Thank you so much. So I, like many of my colleagues, have expressed, am concerned over the use of this technology. I am concerned that face recognition technology disenfranchises individuals who don't have access to Internet-or video-enabled devices, which is an awful lot of people in this country because broadband Internet is an issue in so many rural communities and other communities throughout this country. I am worried that relying on algorithms to predict high-ranking employees will only inhibit the hiring of a more diverse work force. Dr. Romine, your testimony today highlighted many of these risks. NIST showed that commercial face recognition algorithms misidentified racial minorities and women at substantially higher rates than white males. As Members of Congress, we must develop legislation to ensure we get the best of the benefits of this technology while minimizing the risks of bias in employment decisions. And Chairwoman, I yield back. Chairwoman Maloney. That concludes our hearing. We have no other witnesses. The ranking member, I am recognizing him and others on this side of the aisle for five minutes, and then we will close with five minutes. Mr. Jordan. I thank the chair, and I won't take all five. Just the broad outlines of what we are trying to do legislatively sort of as a start, and we are working with the chair and with members of the majority as well, really is first just an assessment. I am talking again largely what Government is doing, what the Federal Government is doing. So, the first thing we would like to ask for is we just want to know which agencies are using this? How they are using it? To what extent is it happening? And as I think several of you testified, but certainly Ms. Whittaker, we just don't know that. We don't know to what extent is the FBI using it. To what extent are other agencies using it, IRS, any other agency? We found out a few years ago the IRS was using stingray technology, which was like what does the IRS need that for? So, first part of what we hope will be legislation that we can have broad support on, that the chairman and both Republicans and Democrats can support, is tell us what is going on now. And then, second, while we are trying to figure that out, while the studying and we are getting an accountability and what is all happening, let's not expand it. Let's just start there. Tell us what you are doing and don't do anything while we are trying to figure out what you are doing. And then once we get that information, then we can move from there. That is what I hope we can start with, Madam Chair. And frankly, what we have been working with now for a year, staffs for both the majority and the minority. So, I hope--I mean, I see a number of you nodding your heads. I hope that is something, someplace that you all would be happy and would be supportive of us doing as a committee and as a Congress just to figure out what is going on. With that, I yield to my colleague from North Dakota, if that is okay, Madam Chair, for the remainder of our time? Chairwoman Maloney. Sure. Mr. Armstrong. Thank you. CSI was my favorite show when I practiced criminal defense, so---- [Laughter.] Mr. Armstrong. And if this body would pass a law into effect that shut off everybody's facial recognition on their iPhones tomorrow, I think we would have a whole different kind of perspective on this from our citizens. Identifying people quickly and easily has so many positive law enforcement and safety applications that I think it would be irresponsible to disregard this technology completely. More importantly, I think the private sector--and so my intent when I am asking these questions is not to demonize law enforcement. They will use whatever tools are available to them, and they should. And I think we should also recognize that there are very responsible large corporations that want to get this right. And they don't want to get it right just for the bottom line, although that is helpful. They have corporate cultures as well, and more importantly, there are those of them arguing for a Federal regulatory framework. Our job is to get it right. Our job is to ensure that we have responsible regulation that protects the privacy of all Americans. But part of doing that is recognizing that it is here, and in some way, shape, or form, it is going to continue to be here. And there are a tremendous amount of positive applications that can be used. But there are dangers, and there are significant dangers. Because for every reason why there is a positive application for identifying people quickly, that is an invasion on everybody's privacy who is in that particular space. So, we are going to work with it. We are going to continue to use it. It is causing tremendous consumer convenience. There are lots of different applications, but we have to be cognizant of the fact that this is a little different than a lot of other things because identity is something that can never go away once it has been identified. And right to free association and the right to do those things is fundamental in the American population. And anything that has a chilling effect on that has to be studied very, very closely. And I agree with Mr. Jordan, in when we know how this is being used. And I also agree with Mr. Connolly. Technology will advance. Human reviews will exist. Things will happen. This will get better and better all the time. I don't want any false positives. And I don't want any false positives based on race, age, or gender. But my number- one concern is not only those false positives, it is the actual positives--where they are doing it, how they are doing it, why they are doing it. And we have to understand that while this technology has a tremendous benefit to a lot of people, it poses real significant and unique dangers to fundamental, basic First Amendment rights, Fourth Amendment rights. And we have to continue to work forward. I should also say this isn't the first time the Government has been behind the eight ball on these issues. We are so far behind on online piracy. We are so far behind on data collection, data sharing, and those types of issues. And one of the dangers we run into with that is by the time we get around to dealing with some of these issues, society has come to accept them. And how the next generation views privacy in a public setting is completely different than how my generation and generations above us viewed privacy in a public setting. And the world is evolving with technology, and this is going to be a part of it going forward. So, I appreciate everybody on both sides of this issue, and I really appreciate the fact that we had this hearing today. With that, I yield back. Chairwoman Maloney. I thank all of the panelists and all of my colleagues today for participating in this very important hearing. We have another member, Mr. DeSaulnier is on his way, and he has been misidentified. He is a member of the committee but is at another committee. He is rushing back to share his experiences with us, and I want to allow him to give the information that he has on this issue personally. But I do want to say that one of the things that came out of the hearing is that it really is not ready for primetime, and it can be used in many positive ways. But it can also, as many witnesses pointed out, Ms. Whittaker even showed a case allegedly where a person was innocent yet put into jail based on false information of his identity, which certainly needs to be investigated. But it can be used for positive ways, but also severely impact the civil rights and liberties of individuals. At this point, I would like to recognize my colleague from the great state of California, that he finish his questions and his statement, because he was misidentified. He was one of the 28 that the American Civil Liberties Union showed was misidentified. So, I recognize my colleague now. Mr. DeSaulnier. Thank you, Madam Chair. I did have a constituent at a town hall say that in my case it was actually a step up from being a Member of Congress to being a criminal. You know, I was quite offended on behalf of all of us that somebody would---- [Laughter.] Mr. DeSaulnier. Well, I really want to thank the chair and the ranking member for having this meeting. It is really important, being from the Bay Area, having had a relationship with a lot of these tech companies, and having that relationship strained recently. And the benefit that this technology could give us, but the overmarketing of the benefit and the lack of social responsibility, as Mr. Gomez said. In the past, I had a privacy bill in the legislature that was killed, and it basically came from a district attorney in northern California, who told me about a serial rapist who was getting his victims' information from third-party data that he was paying for, and we provided an opt-out. It was killed fairly dramatically in the first committee in the Assembly after I was able to get it out of the Senate. I tried to get Mr. Gomez to help me in those days. So, in that context, if I had a dime for every time one of these companies told me when I asked a reasonable question that I was inhibiting innovation, I would be a wealthy person. And I appreciate the work you do, but in the context of facial recognition and what is a meaningful sort of reflection, I have said this to this committee before, that Justice Brandeis famously said, ``Americans have a right to be left alone.'' How are you left alone in this kind of surveillance economy? So, facial recognition, important to get it right in my personal experience, but also the overlay of all the other data accumulation. So, how do we get, Ms. Leong, first of all, what is the danger in allowing companies, when we have seen Facebook absorb a $5 billion penalty when they quite consciously--and I refer to some of my former friends in the tech company in the Bay Area as being led by a culture of self-righteous sociopaths. Where they think that it is all right to take advantage of people, and they get reinforced by the money they make, without thinking of the social consequences. So, given that they were willing to absorb a $5 billion hit by ignoring the settlement that they agreed to, in this kind of culture, what is the danger in allowing companies like Facebook to having access to not just facial templates, but the interaction with all the other data they are collecting? Ms. Leong. Thank you very much for the question. I think that demonstrates greatly the comment that was made earlier about the interrelationship between public and private uses of this technology and how those sometimes can feed off of each other in beneficial or not so beneficial ways. And your earlier comment was to the nature of our surveillance technology, I think is the underlying question, in terms of what is it that we want to accept and live with in our country based on our values, and then how does technology enable that? I was not asked to show my identification to come into this building today, even though most buildings in Washington I would have to show it. To show up and go to a meeting, I'd have to give my I.D., but because this is a Government building, I was checked for a physical security threat with a scanner, but I was not required to identify myself to come in. I would hope that that would not change just because now it could be collected passively or I could be identified off of a video feed, that I still have the right to come into this place of government without that. And I think that that demonstrates that we need to focus on what the things are that we are protected, which has been discussed so clearly here today in terms of our values and freedoms and liberties. And then how we don't let the technology, because it's here, because it can do certain things, or because it's even convenient that it does certain things, impinge on those in ways that we don't think through carefully and not ready to accept those compromises. Mr. DeSaulnier. So, how do Americans be allowed to be left alone in this environment? What does affirmative consent look like? Ms. Leong. Well, in a commercial setting or a commercial context, the companies should not be using facial recognition technology unless a person has said they want to use it for the benefit or convenience that it provides. So, if I want to use it as a member of a limited membership retail establishment or if I want to use it to get VIP privileges at a hotel or expedite my check-in at a conference, I can choose to do that, but I would know that I was doing it. I would have to enroll in that system consciously. It's not something that could happen to me without my awareness. Mr. DeSaulnier. OK. And who owns the data when you look at this? We have had hearings about car companies saying they own the diagnostics and the GPS. All these private sectors say they own it. Shouldn't we own that? Ms. Leong. Ownership of data is a very complicated topic and way to look at it because it isn't something that should be able to necessarily be sold, which is really the nature of property. But in terms of the rights to who has to use it, yes, that should be very clearly spelled out, in terms of if I've agreed to a certain amount of service in return for providing-- for enrolling in a facial recognition system, I have a reasonable expectation not to have that data scraped or used for some other undisclosed purposes that I'm not aware of. Mr. DeSaulnier. Thank you. Thank you, Madam Chair. Thank you for indulging my schedule. Chairwoman Maloney. Thank you so much. I am so glad you could get back. And just in closing very briefly, I think this hearing showed that this is a wide-scale use. We don't even have a sense of how widely it is being used, yet there is very little transparency of how or why it is being used and what security measures are put in place to protect the American people from that use and their own privacy concerns. And we also have the dual challenge not only of encouraging and promoting innovation, but also protecting the privacy and safety of the American consumer. I was very much interested in the passion on both sides of the aisle to work on this and get some accountability and reason to it. And I believe that legislation should be bipartisan. I firmly believe the best legislation is always bipartisan. And I hope to work in a very committed way with my colleagues on this side of the aisle and the other side of the aisle to coming up with common sense facial recognition legislation. I would now like to recognize for closing Mr. Gomez, who was also misidentified and has personal experience with this. So, thank you, and thank you very, very much to all of our panelists. Mr. Gomez. Thank you, Madam Chair. First, I just want to thank all the panelists for being here. All the questions we have had, you know, we have twice as many more that we didn't even have a chance to ask. I want people to walk away understanding that this is a technology that is not going away. It is just going to get further and further integrated into our lives through the private sector and through Government. Now we have to figure out what does that mean. At the same time, I don't want people to think that false positives are not a big deal because for the people who are falsely identified as a particular person and it changes their life, it is a big deal to them. So, when people like downplay it as like, oh, it is getting better, it is not that big of a deal, well, to that one person that goes to jail, the one person who gets pulled over, the one person that maybe doesn't make it to work on time, they lose their job, and has a ripple effect of devastation on their lives, it matters to them. And it should matter to all of us. So, it is not one or the other because I do believe that this will get better and better and better. And we have to put the parameters on it on that use of that technology, but there is still a lot of questions that we have to do. But Ms. Whittaker described it correctly because when I started looking into this issue, I did run into that brick wall of national security claims, plus the corporate sector saying that we have, you know, it is proprietary, this information, when it comes to our technology, and we are not going to tell you what it says, how accurate it is, who we are selling it to, who is using it. That wall must come down. And that is what I think that we share across the political spectrum. How do we make sure that that wall comes down in a responsible way that keeps innovation going, keeps people safe, but respects their liberties and their freedom? So, with that, I yield back. Madam Chair, thank you so much for this important hearing. Chairwoman Maloney. And I thank you. And I would like to thank all of our witnesses. Without objection, all members will have five legislative days within which to submit additional written questions for the witnesses to the chair, which will be forwarded to the witnesses for their response. I ask the witnesses to please respond as promptly as you can. This hearing is adjourned, and thank you. [Whereupon, at 12:55 p.m., the committee was adjourned.]