Flying under the radar are two class action lawsuits that allege Microsoft and Amazon have violated Illinois Biometric Information Privacy Act (BIPA).
According to the suits, Microsoft and Amazon have both failed to get informed consent from residents before initiating its facial recognition to collect, store and analyze their biometric data.
Breaking down the suits per their respective defendants, Amazon allegedly scans the faces in photos uploaded to its Prime Photo storage service, while Microsoft violated Illinois resident's privacy rights in similar fashion as it partnered with Uber for bio authentication.
The suit alleges, however, that Uber’s “Real Time ID Check,” unbeknownst to drivers, works by providing a picture of the individual to Microsoft’s API, which then extracts the driver’s facial biometrics to build a geometric template that is then compared against the template from their original picture. Per the suit, Microsoft has failed to obtain proper consent and provide required disclosures to Illinois Uber drivers before collecting and storing their biometric data.
Beyond, the consent issue, Uber driver Mario Pena who launched the BIPA-related suit questions the security implications of Microsoft's involvement as it relates to fraud and ID theft perpetuated by his own biometrics stored on Microsoft's servers.
Microsoft has attempted to dance a fine line on communicating its intents and actions behind its facial recognition tech. Despite publicly touting its decision to shelf its efforts to partner with local law enforcement on facial recognition software last year over similar concerns presented in the new class action lawsuits, Microsoft was found to have ultimately been turned away by law enforcement prior to its announcement.
Since last summer, Microsoft has publicly maintained its position in championing federal legislation that would regulate government surveillance and the use of facial recognition technology.