About UsResearchOpportunities
PublicationsResourcesSite Map
The MIT Card pictures should only exist on the MIT Card itself, and nowhere else. What follows is my attempt to support this argument.

Why the MIT Card Pictures Should Not be Stored in a Central Database

Steve Mann, 1994

Traditionally, ID cards have been made using Polaroid instant film, and the card was immediately available to the applicant. When computer-based imaging was first introduced for ID cards at MIT (at MIT Graphic Arts), it seemed like a step backwards: the student had to wait for some period of time after the picture sitting, before receiving the ID card. Each student needed to make a trip to the cashier's office to pick up the card at a later date. But there was one other fundamental difference: an image database was formed. A picture of each student was kept on the computer at Graphic Arts.

Computer imaging (known as "image capture") brings forth some new concerns. Many people in our Lab were initially unaware that the MIT ID images were kept in a central database, and many were rather troubled when I told them that this was indeed the case.

The main difference between a computer face-database and the ID card itself, is that the card is in the posession of the holder: the holder is aware of its use (e.g. the holder is aware of who looks at it, since those who look at it must ask the holder to see it).

MIT encompasses a plurality of diverse cultural and ethnic backgrounds; it is not surprising that different people see "image capture" from a variety of different perspectives.

I think it is useful to distinguish between copyright and the right to self ownership. Copyright protects the copying of work that a person has intended to give to the world; it merely protects from loss of capital. The infringer is simply not paying for work that is for sale. But I would say that a photographer can steal in a more profound way. The photographer can capture a likeness or situation that was never put forth as a commodity. The photographer has stolen something that was not for sale. I draw upon an analogy here, between a shoplifter/softlifter (analogous to the copyright violator) and a thief who steals your family heirlooms (analogous to the photographer). The former has stolen from you something that you have willingly put up for sale, merely depriving you of some of your profits, while the latter has stolen from you something that you might not have been willing to sell at any price. While there are no doubt shopkeepers who value their store goods more than their family heirlooms, and similarly there are no doubt those who value their works of art, literature, etc, more than their own physical likeness, one must account for the possibility that there could be people who attach a high value to their likeness, and to the way that it is acquired, controlled, and distributed through what I would call `likeness piracy'.

One can argue that neither the copyright violator nor the photographer have stolen anything, for information may be replicated, adapted, appropriated, etc, without loss of the original, but I think it is useful to bear in mind that different people have different views on this issue. It would be good practice to respect the diversity of people's feelings, and to err on the side of caution. Caution entails respecting those who might feel that they have a certain right to own the works that they produce, and those who might feel they have a right to `self-ownership' -- the right to own their own likenesses. Similarly, I would rate `likeness piracy' to be a worse offense than software piracy.

By our very existance in a public space, we may alter light by the fact that it bounces off our bodies, the books we hold open in a public space, the copyrighted shirt we may be wearing, etc, and this light may be captured by others and used to affect various recording or transmitting media. We choose to travel these public spaces. There are some individuals who would argue that if you walk in a public space, show your face (or a creatively painted shirt, or a manuscript you are carrying) to the world, that it is public, and if you didn't intend it to be public, it is your tough luck. They would argue that it is your own fault for letting this information be public.

In the case of the MIT ID card, however, we are brought in against our will (e.g. given no choice in the matter), and placed in front of an image capture workstation.

The drive to digitize people is met with resistance by many individuals, possibly for good reason. Even if the reasons are not good, it is at least worthwhile to exercise some caution here, for with the acquisition of a database comes the assumption of all manner of responsibility for any use, whether intended by the creators of the database or not. Even if an employee in the MIT Card office were to use the data without permission of his or her supervisor, the administrators who acquired the data would be held accountable.

Do we own ourselves? If so, are we reasonable in denying others from "capturing" us for their own use (even if they CLAIM that they will not use the captured images for anything other than the production of an ID card)? A recent program to fingerprint Canadians and keep the prints in a central government repository was met with considerable resistance, and was abandoned, even though the Canadian government assured citizens that the data would be kept "safe" from abuse. The promise to keep the images safe from "hackers" is `pseudoprivacy' (Clipper is an example of pseudoprivacy). If the images must be captured they should be available to everyone, but it would be preferable not to capture them at all.

The desire to be free of "capture" is not particularly new. It has, for as long as photography has been in existance, been against certain religious backgrounds to be "captured" in soul. Should we respect these diverse backgrounds, or should we force everyone to assimulate what we deem to be our way of life?

"Image capture" raises certain other privacy and ethics issues. The face-database opens up additional possibilities for many uses and abuses that may be conducted without the knowledge of the students involved. For example, at other organizations there have been cases where a crime was committed by a suspect described as a "black male", and a "black list" was made from those people who fit the description of "black" (which is easy to find by adding up all of the pixel-values for each image, and comparing the total to a particular numerical value called a "threshold", and generating a list of those names that correspond to the faces that fall below this threshold). Other abuses might be involved in various mathematical formulations based on the likenesses, such as correlating grade-point-average (GPA) with facial features. Such formulations would make it possible (in fact easy) to judge other people strictly on the basis of their appearance. For example, one may average together all the faces of those with a GPA above 3.0, and find the "appearance of intelligence" and average together the remaining faces and find the "appearance of stupidity". In each of these two cases, one would end up with a recognizable face: a "intelligent face", and a "stupid face" that could be compared against a face for which the GPA was unknown. Again, I believe it goes against the current societal values that we embrace, to judge people based on appearance.

I think it is necessary to define a boundary between what is acceptable and what is not: I would say it is acceptable to capture (photograph, fingerprint, etc) people, and place that information on a card that they carry for identification purposes, provided that it is clear that they own this information personally and that it is not retained by another party. As you can well imagine, the other party (e.g. the MIT Card office) could stand to gain from this information. Afterall information is the new commodity of our era. Therefore one might anticipate some resistance, on the part of the MIT Card office, to the policy proposed here.

I think that the ID card is necessary in our society, given high crime rates, and the like. People can show their MIT ID to prove their identity, but I also believe that people belong to themselves, in the sense that any replication of their likeness, or other information derived from them, should be in their sole posession.

The various MIT committee members, and others in high places, might try to convince us a picture database is not a violation of our personal privacy, religion, personal freedom, or anything else. However, I suggest the following experiment, based on "reciprocity of trust". Pop into the office of one of these people (e.g. a representative of the MIT card office) and photograph the inhabitant unexpectedly. Or if you happen to meet such a person in the hallway or on the street, take out your camera and snap a picture without the permission of the subject. If the response is favorable, always (or at least on average) you might conclude that these people honestly believe that pictures are not an invasion of privacy. However, you will likely notice some resistance on the part of these individuals, and you will start to see that they are preaching one ideology and practicing another.

Even if the response were unanimously favorable in the above experiment you probably know of a variety of people who span the whole gamut from those who don't care what you do with their image, to those who are very concerned. I think it is better to err on the side of caution in this regard and therefore to prohibit the collection of a picture database. I would say that the default assumption should be that the picture be taken, printed, and then deleted, as a routine practice. It should not be necessary for individuals to make any special effort to have their pictures removed from the system.

The current implementation of the MIT Card consists of a camera, computer "capture" facility, and computer printer. The card is printed right away and given to the student on-the-spot. Therefore, there is no reason to retain the picture after the student leaves the MIT Card office on the second floor of E32. The cost of acquiring an image is lower than the cost of storing it, since no film is required. Therefore, should a student lose a card, then that student should simply report to E32 for a new sitting, and the card should be printed, and the image capture file should again be deleted, as with the first sitting.

There are many other uses of people's likenesses at MIT. For example, professors often snap a picture of each person in the class, and advisors and departments often set up a bulletin board with each student's picture on it. It used to be that MIT Graphic Arts would forward pictures, from their image-capture database, of students to departments, advisors, etc (generally without the knowledge or consent of the students involved). Nowadays camera equipment so cheap that these pictures are taken on an as-needed basis. Rather than go through the cumbersome process of obtaining pictures from the MIT database, advisors, professors, and department heads generally simply walk around with a Polaroid Spectra, or an Apple QuickTake 100, and grab a snapshot of each person, for the particular application. This system is much better from the point of view of the student's privacy. The pictures are acquired as needed, for only the use that is obvious to the student.

No offence to the ID photographers, but I am also happier with the outcome of our individual departmental pictures than with the central ID pictures. Furthermore, in our department, we have the option of submitting our own picture, or of having our picture re-done at any time if we are not happy with it.

Finally, there are some individuals (especially those who have been models) who have signed a contract with a particular photographer's collective, modeling agency, or the like, whereby they are not permitted to be photographed by non-agency approved photographers. There is a clause in these contracts that allows them to be photographed by anyone provided that the model retain the pictures (this is for portfolio purposes, as well as for ID cards), and there is also a provision for family snapshots, etc. Under the current system, these individuals are, whether they know it or not, violating the terms of their contract by being "captured" in the MIT Card database. This is because, technically, the MIT Card database is a form of publication. Whether or not the data is in fact published in the traditional sense is irrelevant. Just the fact that it is "online" (e.g. on a computer system which has the capability of being accessed by or dissemenated to more than one person) makes it a violation of the agency's contract.

Therefore, in summary, I would like to propose a policy that would prohibit the MIT Card office from keeping a copy of the student's likenesses. A possible wording to the MIT Card office might be: "You may image each student for the purposes of producing an identification card to be carried by said student. No additional copies of the student's likeness may be ratained in any form by any electronic or mechanical means (including any form of information storage and retrieval), after the student leaves the premises with said identification card, unless prior permission is obtained in writing from said student.".

Note that a similar argument is evident in the opposition to the National ID card in the US. Some countries have an even greater desire for liberty and freedom than the US: "In Australia, tens of thousands of citizens took to the streets to fight a proposal for the national ID card." (Quote from Simson Garfinkel's post to privacy@mit.edu). Likeness piracy is more widespread than you might imagine: another article, "Nobody Fucks with the DMV" makes reference to likeness databases obtained without the consent of the participants.
Wear a T-shirt with a "Softwear License Agreement" to protect your likeness from piracy. Don't these ideas seem novel when we first turn them inside-out (individuals and organizations trading places). The shirt will help make others aware of `likeness piracy' and the principle of self ownership.
Here is a parody of the MIT poster that originally said "Say No! to software piracy...":
(load a big version of this poster for printing)

Although the legal power of a shirt or sign of this sort is perhaps no greater than the software "shrink wrap" agreements, my aim is to initiate some thought and discussion in these areas.

Maybe what I've written above is total nonsense. Afterall, once the light has bounced off us and ventured off into free space, haven't we relinquished control of it? Perhaps "privacy is just a myth" [picard] (not to say that it is not worth fighting for -- "freedom, liberty, democracy, etc., are also myths but are certainly worth fighting for" [elwin]). Thus we have a choice to make, either protect our privacy, or, if we are not going to protect our privacy, perhaps we should assert our freedom to capture photons travelling through the air. If privacy is a lost cause, how about at least symmetry and freedom (to capture light that is travelling through free space). At least, let us consider the privacy issues of wearable cameras versus surveillance cameras.