Maryland is on the verge of losing access to technology Marylanders have been using to improve and help their lives for decades. Today, Marylanders can use Ring doorbells to know if their family has arrived, facial recognition technology to easily get their daughter’s graduation picture in Google Photos, and voice recognition on Alexa.
But all that goes away if the state enacts SB 335 and HB 259—two pieces of legislation that aim to protect personal biometric information (like fingerprints, face IDs, and eye scans) but will actually lead Maryland into a technological backslide as Marylanders would not be allowed to use common-sense tools available across most of the country. This has already happened after a similar law was passed in Illinois where residents have lost access to some cutting edge digital tools.
In 2008, well before Maryland ever considered passing a biometrics bill or before technology had advanced past the very first smartphones, Illinois passed the Illinois Biometrics Information Privacy Act. The bill contained a vague requirement for “express written consent” prior to collection of things like photos including faces and fingerprint scans. But this poor wording has been used for a decade to block technological advancements like the very ones smart homes now rely on. As a result, Illinois residents can’t use a video doorbell to auto-identify visitors and Illinois businesses are getting sued for fingerprint scanning locks. Marylanders will undoubtedly be angry when certain digital services they’ve come to rely on disappear overnight due to a poorly written data law.
Like their Illinois predecessor, both Maryland SB 335 and HB 259 fail to acknowledge the logistical nightmare they create for technologies that offer useful services to Marylanders. Both bills require “express written consent” from the individual before collecting biometric information–meaning the technology would need anyone who could possibly have their data collected to preemptively provide consent. Rather than protecting privacy, the requirement is nearly impossible to execute. Express written consent isn’t easy or even possible in many valuable use cases.
For example, consider your personal digital photo album. If these bills become law, before searching by face you would have needed the express written consent from every single person you would want to look for.
Another example would include fingerprint scanning for security. As a scanner would need to collect fingerprints anyone who places their finger on it, everyone including those trying to gain unauthorized access such as a criminal, would need to consent to their data being collected for the scanner to be legally compliant. Domestic violence shelters would need to get express written consent from abusers before they could use security technology like video doorbells and outdoor cameras that could identify threats.
This isn’t theoretical. Illinois’ law has forced Illinois residents to live without doorbells that help elderly identify friends from foe, apps to prevent driver drowsiness, and could force Google to render its Home devices unusable. And there are hundreds of other technological innovations Illinoisans may never see. Because the provisions that enabled the technological backslide in Illinois still exist in Maryland SB 335 and HB 259, it’s easy to assume and acknowledge a similar result should Annapolis pass these biometric laws.
When you can’t get blanket consent prior, Marylanders could lose technologies that rely on identification to function. They could lose fraud prevention tools, home security systems, and more. Businesses wouldn’t be able to use biometric scanners to secure their sites as anyone can walk up to the scanner including those who haven’t expressed written consent prior.
Illinois’ law showed that the wording of this legislation is too difficult for businesses to comply with – so they just stop offering services that might get them in trouble like those mentioned above. Maryland should not pass similar biometric legislation without at least addressing the known-to-exist fundamental pitfalls. Even the sponsors of the Illinois bill have admitted that their law has been weaponized to attack businesses and technology uses that it never intended to prevent, Maryland cannot let SB 335 and HB 259 be enacted.
Americans agree that much more needs to be done to protect our personal information. That includes our biometric information. But SB 335 and HB 259 will do nothing to keep Marylanders safe. Instead, the bills will double down on errors previously made in a different state that will surely throw Marylanders into the digital Dark Ages.