Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
ACRP LRD 42ââ 49 New Mexico and Rhode Island essentially follow the structure 1. Illinois of the CCPA model in their legislative proposals.461 In contrast, Illinois has one of the most comprehensive regulatory the legislative proposals in New York and North Dakota do not schemes in the country regarding biometrics. The Illinois Bio- follow the CCPA model, but do contain much of the same statu- metric Information Privacy Act (Illinois BIPA)464 is seen as tory language.462 In further contrast, the Washington state bill is Âoffering some of the most robust protections of biometric data modeled after the GDPR rather than the CCPA.463 in the United States One of the key express legislative findings is That the majority of the proposed state legislation adopts the recognition that the CCPA model reveals certain trends, such as a focus on con- [b]iometrics are unlike other unique identifiers that are used to ac- sumer rights, including a right to demand deletion of data and cess finances or other sensitive information. For example, social to opt-out of disclosures to third parties other than service pro- security numbers, when compromised can be changed. Biometrics, viders. Also, the definition of consumer information has greatly however, are biologically unique to the individual; therefore, once expanded in the proposed state legislation. Finally, under the compromised, the individual has no recourse, is at a heightened risk proposed state legislation, even businesses that collect informa- for identity theft, and is likely to withdraw from biometric-facilitated transactions.465 tion only on the internet must designate multiple methods for consumers to submit requests, including maintaining a toll-free The Illinois BIPA is notable in that it contains a statutory def- number. inition of a âBiometric Identifierâ as being âa retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.â466 H. Conclusions Likewise, it contains expressly defined exclusions for âwriting samples, written signatures, photographs, human biological The structure of data protection and privacy laws in the samples used for valid scientific testing or screening, demo- United States creates a patchwork of legal requirements that graphic data, tattoo descriptions, or physical descriptions such can vary by jurisdiction. This patchwork creates significant legal as height, weight, hair color, or eye color.â467 Significantly, given and logistical challenges in dealing with data collection and use the COVID-19 pandemic and the increased use of air passenger practices that cross state (and international borders). Airports temperature screenings, the Illinois BIPA does not state that a and airport stakeholders need to engage counsel to assist in nav- biometric identifier includes an individualâs temperature.468 igating the requirements of not only the laws in their state, but The four main Illinois BIPA compliance requirements in- also the laws in other states to ensure that their data protection clude retention, collection, disclosure, and destruction.469 The and privacy programs properly mitigate legal risk. collection component has the following three requirements: (1) the entity must inform the subject or the subjectâs legally IX. DEVELOPING STATE AND LOCAL LAWS, authorÂized representative in writing that a biometric identifier AND FEDERAL AGENCY ACTIONS AND or biometric information is being collected or stored; (2) the en- LEGISLATIVE PROPOSALS ON BIOMETRICS tity must inform the subject or the subjectâs legally authorized USAGE representative in writing of the specific purpose and length of With the growing use of facial recognition technology and term for which a biometric identifier or biometric information the development of governmental programs to introduce it into is being collected, stored, and used; and (3) the entity must re- the traveler screening process, there is increased airport focus ceive a written release executed by the subject of the bioÂmetric on biometrics, in general, and facial recognition, in particular. identifier or biometric information or the subjectâs legally Outside of the airport industry, there is also significant court and authorÂized representative.470 legislative activity addressing biometrics and facial r ecognition. The Illinois BIPA creates a civil right of action and pro- vides for statutory damages and attorneyâs fees for a prevailing A. State Law Developments Âparty.471 As a result, it has generated substantial litigation. The seminal decision by the Illinois Supreme Court regarding the State laws regarding biometric information are increasing. Illinois BIPA is Rosenbach v. Six Flags Entertainment Corp.,472 The following states have varying regulatory schemes. Some where the Court held that âan individual need not allege some have comprehensive regulatory schemes, while others regulate actual injury or adverse effect, beyond violation of his or her certain aspects of biometric information collection. rights under the Act, in order to qualify as an âaggrievedâ person 464 â 740 ILCS 14/1 et seq. 461 â S.B. 418, 2019 Leg., 30th Sess. (Haw. 2019); S.B. 613, 2019 Reg. 465 â 740 ILCS 14/5. Sess. (Md. 2019); S.D. 341, 191st Leg., Reg. Sess. (Mass. 2019); H.B. 466 â 740 ILCS 14/10. 1253, 2019 Leg., Reg. Sess. (Miss. 2019); S.B. 176, 54th Leg., 1st Sess. 467 â 740 ILCS 14/10. (N.M. 2019); S. 0234, 2019 Gen. Assemb., Reg. Sess. (R.I. 2019); Cal. Civ. Code §§ 1798.100â1798.199. 468 â 740 ILCS 14/10. 462 â S. 224, 2019-2020 Gen. Assemb., Reg. Sess. (N.Y. 2019); H.B. 469 â 740 ILCS 14/15. 1485 2019 Leg., 66th Sess. (N.D. 2019) (enacted); Cal. Civ. Code §§ 470 â 740 ILCS 14/15(1)-(3). 1798.100-1798.199. 471 â 740 ILCS 14/20. 463 â S.B. 6281, 66th Leg., 2020 Reg. Sess. (Wash. 2020). 472 â 2019 IL 123186.
50 ââ ACRP LRD 42 and be entitled to seek liquidated damages and injunctive relief keeping in the workplace had to present such contentions to an pursuant to the Act.â473 The notion of âdata insecurityâ as an in- adjustment board under the Railway Labor Act (RLA) rather jury in itself is also being explored in academic writing.474 than to a court.484 Miller specifically found that a union is a In May 2020, the American Civil Liberties Union filed a law- âlegally authorized representativeâ for purposes of the Illinois suit in an Illinois state court against Clearview AI, Inc. for an BIPA.485 Finally, Miller also limited the reach of the Illinois BIPA, Âalleged violation of the Illinois BIPA.475 The complaint claims noting that United wrongly supposed that the suit challenged its that Clearview has illegally scraped three billion face-prints employment practices nationwide, which the court noted was from images available online without the knowledge of any of not possible as the state statute is limited to Illinois.486 those individuals in violation of the Illinois BIPA.476 It further Following Miller, a U.S. District Court for the Northern Dis- asserts that Clearview has shared this database with its clients trict of Illinois ruled in Crooms v. Southwest Airlines Co.487 that including over 200 companies, law enforcement and other gov- airline workers who filed a putative class action under BIPA re- ernment entities in Illinois, and other federal, state and local garding their employerâs practice of collecting employeeâs finger- government agencies.477 This case could serve as a litmus test prints for timekeeping had to pursue their claims in arbitration regarding the feasibility of ubiquitous facial recognition usage. or before an adjustment board, not in federal court. Likewise, a Among the significant federal cases regarding the Illinois U.S. District Court for the Northern District of Illinois granted a BIPA is Bryant v. Compass Group USA, Inc.478 There, the U.S. defendantâs motion to compel arbitration of the Plaintiff âs claim Court of Appeals for the Seventh Circuit held that a defendant under the Illinois BIPA in Miracle-Pond v. Shutterfly, Inc.488 vending machine ownerâs failure to make the requisite dis ÂNotably, the Plaintiff in Miracle-Pond had accepted the defen- closures before it collected the Plaintiff âs fingerprints denied dantâs terms of use, which contained a provision that the terms the Plaintiff the ability to give informed written consent as re- could be revised simply by posting new terms, and the defen- quired under the Illinois BIPA.479 The Seventh Circuit found dant later added an arbitration provision, which the court en- that this failure was a concrete injury-in-fact particularized to forced.489 However, in Acaley v. Vimeo, Inc., a U.S. District Court the Plaintiff sufficient for Article III standing.480 For airports for the Northern District of Illinois ruled that a putative class that have vending machines for employees or other customers action under the Illinois BIPA was an invasion of privacy claim implementing this type of biometric technology, this case has outside of the scope of the partiesâ agreement to arbitrate claims, substantial implications. and therefore, could be litigated in federal court.490 In July 2020, a U.S. District Court for the Northern District of Illinois ruled in Figueroa v. Kronos, Inc.481 that a major pro- 2. Texas vider of biometric timekeeping systems to a defendant employer In 2009, Texas became the second state to enact a biometric should not be dismissed from a class action lawsuit under the information privacy act.491 While the Texas Act (which does not Illinois BIPA where allegations in the complaint contended that contain an official title) lacks many of the key components of the defendant provider did not comply with numerous aspects the Illinois BIPA, it is still comprehensive in that it applies to of the statute.482 all data collection statewide.492 Interestingly, unlike the Illinois Whether a plaintiff may litigate his or her Illinois BIPA claim BIPA, the Texas Act applies to a âperson,â493 and no âentityâ is in court has been the subject of a number of cases. In Miller referenced. Also, the Texas Act does not provide for a statutory v. Southwest Airlines Co.,483 a consolidated case involving both penalty, but instead contains a cap on damages.494 There is also Southwest Airlines and United Airlines, the Seventh Circuit no provision for attorneyâs fees for a prevailing party. ruled that employees who contended that the air carriers vio- lated the Illinois BIPA by using biometric information for time- 473 â 2019 IL 123186, ¶ 40. 474 â See Jay P. Kesan & Carol M. Hayes, Liability for Data Injuries, 2019 U. Ill. L Rev. 295 (2019). 484 â Id. at 905. 475 â ACLU, et al. v. Clearview AI, Inc., No. 20 CH 4353 (Ill. Cir. Ct. 485 â Id. at 903. May 28, 2020). 486 â Id. at 905. 476 â ACLU, et al. v. Clearview AI, Inc., No. 20 CH 4353, Compl. 3 (Ill. 487 â No. 19-cv-2149, 2020 U.S. Dist. LEXIS 84360 (N.D. Ill. May 12, Cir. Ct. May 28, 2020), https://aclu.org/legal-document/aclu-v-Âclearview- 2020). ai-complaint. 488 â No. 19-cv-4722, 2020 U.S. Dist. LEXIS 86083 (N.D. Ill. May 15, 477 â Id. at 4. 2020). 478 â 958 F.3d 617 (7th Cir. 2020). 489 â Id. 479 â Id. at 626. 490 â No. 19-cv-7164. 2020 U.S. Dist. LEXIS 95208, at *25 (N.D. Ill. 480 â Id. at 627. June 1, 2020). 481 â No. 19 C 1306, 2020 U.S. Dist. LEXIS 64131 (N.D. Ill. July 24, 491 â Tex. Bus. & Com. Code Ch. 503. 2020). 492 â Tex. Bus. & Com. Code Ch. 503. 482 â Id. 493 â Tex. Bus. & Com. Code Ch. 503. 483 â 926 F.3d 898 (7th Cir. 2019). 494 â Id. § 503.001(d).
ACRP LRD 42ââ 51 3. Washington surveillance technology.505 The San Francisco ordinance de- fines surveillance technology to include âbiometric software In 2017, Washington became the third state to enact a bio- or technology, including facial, voice, iris, and gait-recognition metric information privacy act.495 The Biometric Identifiers Act software[,] and databases . . . .â506 The San Francisco ordinance also lacks many of the key components of the Illinois BIPA. Like is broader in scope than the statewide CBCAA because San the Texas Act, it applies only to a âperson,â and no âentityâ is Francisco ordinance applies to all city departments and covers referenced.496 Unlike both the Illinois BIPA and the Texas Act, various biometric information, while the CBCAA only applies the Biometric Identifiers Act does not provide for any private to facial recognition technology used in law enforcement body civil action, but instead provides that it âmay be enforced solely cameras.507 by the attorney general under the consumer protection act.â497 On June 13, 2019, Oakland, California, enacted an ordi- On March 31, 2020, Washington enacted a separate act nance508 similar to the San Francisco ordinance in that it ap- regulating facial recognition usage by both state and local gov- plies to all City departments, but narrower in its technical reach ernment.498 Among other requirements, the Facial Recognition in that it applies only to facial recognition.509 Significantly, the Act requires that state and local government agencies submit ac- Oakland ordinance contains several findings as the bases for countability reports on facial recognition systems detailing the the Oakland City Councilâs action, one of which refers to a 2018 rate of false matches, data security measures, and procedures for Âreport by the Massachusetts Institute of Technology Media Lab testing and feedback.499 that concluded facial recognition systems produced error rates 4. California of up to 34.7% in persons other than white males.510 The CCPA500 expanded Californiaâs privacy and information On June 27, 2019, the City of Somerville, Massachusetts, regulatory scheme to include biometric data. enacted an ordinance banning the use of facial recognition Additionally, on October 8, 2019, California enacted the technology by any city official.511 The Somerville ordinance, un- Body Camera Accountability Act (CBCAA)501 which bans the like the San Francisco and Oakland ordinances, provides for a use of facial recognition technology with law enforcement body cause of action for injunctive or declaratory relief, or for a writ cameras. The CBCAA states that it will remain in effect until of Âmandate.512 January 1, 2023.502 On December 10, 2019, the Port of Seattle Commission ap- proved a moratorium on new biometric technology programs 5. Oregon at the portion of the Seattle-Tacoma International Airport over While Oregon does not have a comprehensive bioÂmetric which it has control.513 The Commissionâs action established a information privacy act, it does regulate law enforcement set of principles for guiding the development of biometric tech- agency policies and procedures regarding video and audio re- nology and established a working group to further examine the cordings and has an express âprohibition on the use of facial issue. The Motion specifically noted that its actions did not af- recognition or other biometric matching technology to analyze fect programs of the federal government. The moratorium will recordings obtained through the use of the camera.â503 not apply to the plan of the U.S. CBP Agency to install facial rec- ognition cameras at the airport in July 2020, because that part of 6. New Hampshire the airport is controlled by the federal government.514 Similarly, New Hampshire does not have a comprehensive biometric the moratorium will not affect the CLEAR program authorized information privacy act, but it has banned the use of facial rec- for use by the Transportation Security Administration, which ognition technology with police body cameras.504 B. Local Restrictions 505 â S.F. Admin. Code Ch. 19B. A growing number of cities have banned the use of facial 506 â Id. at 19B.1. recognition by city agencies, including the police. On May 507 â Compare Cal. Penal Code § 832.19, with S.F. Admin. Code Ch. 19B.2. 14, 2019, San Francisco became the first city to ban the use of 508 â Oakland Mun. Code 9.64. 509 â Id. at 9.64.045. 510 â Joy Buolamwini & Timnit Gebru, Gender Shades: Intersectional 495 â Wash. Rev. Code Ch. 19.375. Accuracy Disparities in Commercial Gender Classification, Proceedings 496 â Id. of Machine Learning Research 81:1-15, Conference on Fairness, 497 â Wash Rev. Code § 19.375.030. Accountability & Transparency (2018), http://proceedings.mlr.press/ v81/buolamwini18a/buolamwini18a.pdf. 498 â Wash. Rev. Code Ch. 257. (eff. July 1, 2021). 511 â Somerville Ord. No. 2019-16, § 9-25. 499 â Id. at § 3. 512 â Id. § 9-25(c). 500 â Cal. Civ. Code § 1798.100. 513 â Motion 2019-13, A Motion of the Port of Seattle Commission, 501 â Cal. Penal Code § 832.19. Port of Seattle Comân Meeting (Dec. 10, 2019), https://meetings. 502 â Cal. Penal Code § 832.19(e). portseattle.org/index.php?option=com_meetings&view=attachments 503 â Or. Rev. Stat. § 133.741(1)(D). &Itemid=235#key=39057rol. 504 â N.H. Rev. Stat. § 105-D:2. 514 â Id.
52 ââ ACRP LRD 42 uses biometric technology to allow passengers to go to the front traveler will proceed through the TSA security checkpoint and a screening line.515 to their departure gate as usual.â525 On June 30, 2020, the Mayor of Boston enacted an ordi- On June 21, 2018, the CBP announced that Orlando Inter nance that had been unanimously approved by the City Council national Airport became the first U.S. airport to commit to entitled âBanning Face Surveillance Technology in Boston.â516 processing all arriving and departing international travelers The ordinance also bans private sector use of this technology with facial recognition technology.526 The CBP also indicated when related to a City permit.517 The ordinance provides a pri- that it has facial recognition operations in Miami, Atlanta, New vate cause of action as a remedy.518 However, the ordinance is York JFK, San Diego, Houston (Intercontinental and Hobby), limited to âany department, agency, bureau, and/or subordinate ÂWashington Dulles, Las Vegas, Chicago OâHare, and in pre- division of the City of Boston.â519 clearance locations in Aruba, Abu Dhabi, and Ireland (Dublin A ban on the use of facial recognition technology was also and Shannon).527 adopted through two ordinances in the City of Portland, OR In the Fall of 2019, DHS proposed a rule to amend CBPâs on September 9, 2020.520 One ordinance that was effective im- regulations to begin a comprehensive biometric entry-exit sys- mediately prohibited the use of facial recognition technology by tem and to remove the references to pilot programs and port City of Portland governmental units.521 The second ordinance, limitations.528 At about the same time, DHS also proposed âto effective January 1, 2021, prohibits âprivate entitiesââ use of Âfacial amend the regulations to provide that all travelers, including recognition in any place of âpublic accommodation.â522 This U.S. citizens, may be required to be photographed upon entry legislation represents the broadest limitation on use of facial and/or departure.â529 Ârecognition to date. On December 4, 2019, the CBP posted on its website that after its third meeting with leading privacy experts, it deter- C. Federal Agency Actions and Legislative Proposals mined that âU.S. citizens may opt out of the biometric fÂacial In the Spring of 2017, the U.S. Department of Homeland comparison process by notifying a CBP officer or airline S ecurity (DHS) proposed a rule to amend regulations of the representative.â530 The CBP instructed that â[i]ndividuals who CBP to allow for a nationwide biometric exit program at all opt out simply present their passport for visual inspection, as is ports of entry and to collect biometrics from an expanded scope standard practice at ports of entry today.â531 of persons upon entry to and exit from the United States.523 Both technical and legal issues relating to facial recognition On October 11, 2017, the CBP announced the development systems (FRS) in the United States have received national atten- of facial recognition biometric technology at one terminal at tion regarding the dual concerns of accuracy and privacy. There John F. Kennedy International Airport for 30 days.524 The an- are currently no industry standards for the development of FRS. nouncement indicated that â[w]hen travelers on outbound The NIST of the U.S. Department of Commerce conducted a international flights reach the TSA ticket document checking detailed study through its Face Recognition Vendor Program podium, the TSA officer will review the travelerâs boarding pass and published a report in December, 2019, which evaluated the and identify documents in accordance with TSAâs standard op- effects of factors such as race and gender on facial recognition erating procedures and will then direct the traveler to a camera software.532 placed next to the podium. After capturing the facial image, the 525 â Id. 515 â Id. 526 â CBP Advances Biometric Exit Mission as Orlando International 516 â Bos. Ord. No. 16-62. Airport Becomes First U.S. Airport to Commit to Facial Recognition Tech- 517 â Id. nology, U.S. Customs & Border Prot. (June 21, 2018), https://www. 518 â Id. at 16-62(c). cbp.gov/newsroom/national-media-release/cbp-advances-Âbiometric- 519 â Id. at 16-62(a). exit-mission-orlando-international-airport. 520 â City Council Approves Ordinances Banning Use of Facial Recogni- 527 â Id. tion Technologies by City of Portland Bureaus and By Private Entities in 528 â Collection of Biometric Data from Aliens Upon Entry to and Exit Public Spaces, City of Portland, (Sept. 9, 2020), https://static1. from the United States, Depât of Homeland Sec., Reg. Id. No. 1651-AB12 squarespace.com/static/5967c18bff7c50a0244ff42c/t/ (Fall 2019). 5f3ad787ba3fd27776e444af/1597691785249/Ordinance+to+ban+use+ 529 â Collection of Biometric Data from U.S. Citizens Upon Entry to and of+FRT+in+Places+of+Public+Accommodation+plus+code+ Departure from the United States, Depât of Homeland Sec., Reg. Id. No. amendment+-Final.pdf. 1651-AB22 (Spring 2019). 521 â Id. 530 â CBP and Privacy Groups Discuss Biometric Entry-Exit Mandate, 522 â Id. U.S. Customs & Border Prot. Dec. 4 (2019), https://www.cbp.gov/ 523 â Collection of Biometric Data Upon Entry to and Exit from the newsroom/national-media-release/cbp-and-privacy-groups-discuss- United States, Deptâ Homeland Sec., Reg. No. 1651-AB12 (Spring 2017). biometric-entry-exit-mandate. 524 â CBP Deploys Facial Recognition Biometric Technology at 1 TSA 531 â Id. Checkpoint at JFK Airport, U.S. Customs & Border Prot. (Oct. 11, 2017), 532 59 Face Recognition Vendor Test (FRVT Part 3: Demographic https://www.cbp.gov/newsroom/national-media-release/cbp-deploys- Effects, Nat. Inst. Of Standards & Tech. (Dec. 2019), https://nvlpubs. facial-recognition-biometric-techno. nist.gov/nistpubs/ir/2019/NIST.IR.8280.pdf.
ACRP LRD 42ââ 53 The NIST study evaluated 189 software algorithms from of origin, and age.548 This increase is present for most algorithms 99 developers.533 It focused on how each algorithm performed and datasets.549 For race, false positive rates are highest in West on two different tasks.534 The first task was confirming that one and East African and East Asian people with some exceptions photo matches a different photo of the same person in a data- noted in the study.550 base.535 This task is commonly known as one-to-one matching In August 2020, as part of its effort to assist in the develop- and is used for verification, such as checking a passport. The ment of trustworthy AI, NIST published a draft of Four Prin- second task was determining whether a photo has any match ciples of Explainable Artificial Intelligence (NISTIR 8312).551 The in a database.536 This task is commonly known as one-to-many four principles are explanation, meaningfulness, accuracy, and matching and can be used to identify a person of interest. knowledge limits.552 NISTâs work to advance the development of The NIST study measured the two classes of error that soft- AI standards has been the focus of increasing attention in Con- ware can make: false positives and false negatives.537 A false gress to provide funding for a national program to advance AI positive occurs when software wrongly considered photos of research.553 two different individuals to show the same person, while a false Given the demographic differences in the rates of false posi- negative occurs when software failed to match two photos that tives and false negatives for facial recognition data, there may show the same person. be increased interest in biometric technologies that do not rely The NIST study was vast in scale and used four collections upon information ostensibly linked to demography. One such of photographs containing 18.27 million images of 8.49 million biometric is indicated to be an individualâs âcardiac signature.â554 people.538 The collections came from operational databases of A Massachusetts Institute of Technology (MIT) Review states the State Department, the DHS, and the FBI. The study did not that âan individualâs cardiac signature is unique.â555 After a re- use any images âscrapedâ539 from internet sources such as social quest by the U.S. Special Forces, a new device was developed for media or video surveillance.540 the Pentagonâs Combatting Terrorism Technical Support Office The study shows findings for both false negatives and false that detects an individualâs cardiac signature with an infrared positives and organizes its findings by demographic.541 Among laser.556 Contact infrared sensors are often used to automatically the broader findings, the study shows empirical evidence for the record an individualâs pulse, but the new device, called Jetson, existence of demographic differentials in the majority of con- uses a technique known as laser vibrometry to detect the sur- temporary face recognition algorithms that were evaluated.542 face movement caused by a heartbeat.557 The MIT Review re- The false positive differentials are much larger than those related ports that cardiac signatures are already used for security iden- to false negatives.543 False positive rates often vary by one or two tification in commercial applications using a wrist-worn pulse orders of magnitude (i.e., 10x, 100x).544 Yet false negative effects sensor, but notes that Jetson extends this technology to check vary by factors usually much less than three.545 The false positive vibration from a distance of up to 200 meters.558 Researchers differentials exist broadly, across many, but not all, algorithms.546 have noted that cardiac radar is a biometric modality of interest The false negatives tend to be more algorithm-specific.547 With because it is non-intrusive and requires no subject cooperation regard to false positive demographic differentials, the study or knowledge.559 These points raise significant privacy concerns. found false positives to be between two and five times higher in women than men, the multiple varying with algorithm, country 548 â Id. 533 â Id. at 1. 549 â Id. 534 â Id. 550 â Id. 535 â Id. 551 â Four Principles of Explainable Artificial Intelligence, Natâl Inst. 536 â Id. of Standards & Tech. (Aug. 2020), https://www.nist.gov/system/files/ documents/2020/08/17/NIST%20Explainable%20AI%20Draft%20 537 â Id. at 2. NISTIR8312%20%281%29.pdf. 538 â Id. at 1. 552 â Id. 539 â See Bradley Williams, Preventing Unintended Internet Discrimi- 553 â See, e.g., Advancing Artificial Intelligence Research Act of 2020, nation: An Analysis of the Computer Fraud and Abuse Act for AÂ lgorithmic S 3891, 116th Cong. (2020). Racial Steering, 2018 U. Ill. L. Rev. 847 (2018) (discussing the concept of scraping). 554 â David Hambling, The Pentagon has a Laser that can Identify People from a Distance by Their Heartbeat, MIT Tech. Rev. (June 27, 2019), 540 â Face Recognition Vendor Test (FRVT Part 3: Demographic Effects, https://www.technologyreview.com/2019/06/27/238884/the-pentagon- Nat. Inst. Of Standards & Tech., at 9 (Dec. 2019), https://nvlpubs. has-a-laser-that-can-identify-people-from-a-distanceby-their-heartbeat/. nist.gov/nistpubs/ir/2019/NIST.IR.8280.pdf. 555 â Id. 541 â Id. at 6-8. 556 â Id. 542 â Id. 557 â Id. 543 â Id. 558 â Id. 544 â Id. 559 â See Daniel Rissacher, et al., Cardiac Radar for Biometric Identifica- 545 â Id. tion using Nearest Neighbor of Continuous Wavelet Transform Peaksâ 546 â Id. Clarkson Univ., https://www.clarkson.edu/sites/default/files/2017-11/ 547 â Id. Cardiac%20Radar%20for%20Biometric%20Identification.pdf.
