B.C.’s privacy commissioner says the Insurance Corporation of B.C. (ICBC) should not have offered up its facial recognition technology last year to help police identify participants in the June 2011 Stanley Cup riots.

“With respect to ICBC’s offer to assist police in their investigation of the Vancouver riot, I determined that the change in use of ICBC’s facial recognition database was not authorized under FIPPA [Freedom of Information and Protection of Privacy Act],” B.C. privacy commissioner Elizabeth Denham concluded in her report on the matter. “ICBC must receive a warrant, subpoena or court order before it uses its facial recognition software to assist police with their investigations.”

Ultimately, Vancouver police did not take up the ICBC’s offer, opting to use its own form of facial recognition technology instead. But the privacy commissioner said that in making its offer, ICBC was using the information for a different purpose than for which the facial recognition data was collected.

“Earlier I discussed the privacy concern known as ‘function creep’ where a system that holds data collected for one specific purpose is subsequently used for another unintended or unauthorized purpose,” Denham wrote. “It is of particular concern because the change in use usually happens without the knowledge or consent of the individual involved.

“Further, biometrics has the potential to become the technology of surveillance because, through the use of a biometric identifier, the ease with which surveillance through the use of data can be undertaken increases significantly.”