In May, San Francisco became the first city in the United States to ban facial recognition tech by city agencies. Being on the cutting edge has its drawbacks, as the city has now found out several months later. Tom Simonite and Gregory Barber of Wired report the city’s legislation inadvertently nuked many of its employees’ devices.

After San Francisco in May placed new controls, including a ban on facial recognition, on municipal surveillance, city employees began taking stock of what technology agencies already owned. They quickly learned that the city owned a lot of facial recognition technology—much of it in workers’ pockets.

City-issued iPhones equipped with Apple’s signature unlock feature, Face ID, were now illegal—even if the feature was turned off, says Lee Hepner, an aide to supervisor Aaron Peskin, the member of the local Board of Supervisors who spearheaded the ban

The law forbids the use of facial recognition tech, even if all it’s doing is allowing employees to use their own faces to unlock their phones. An untold number of devices were rendered useless by the ban, but it’s probably safe to assume the law was broken repeatedly until its very quiet amendment last week. Municipal agencies are once again allowed to procure devices that utilize facial recognition tech as long as they’re "critically necessary" and there are no other alternatives.

This does not mean agencies can continue to purchase facial recognition tech that does anything more than secure employees’ devices. And it also means the San Francisco Police Department had to give up one of its toys -- one city leadership apparently knew nothing about.

Around the same time, police department staffers scurried to disable a facial recognition system for searching mug shots that was unknown to the public or Peskin’s office. The department called South Carolina’s DataWorks Plus and asked it to disable facial recognition software the city had acquired from the company, according to company vice president Todd Pastorini.

This surveillance tool went unacknowledged during the city’s institution of a facial recognition ban. As Wired reports, San Francisco claimed it had stopped testing facial recognition software in 2017. This denial sidestepped the untested (I guess) acquisition of DataWorks facial recognition tech with a contract that was originally due to run through 2020. According to documents obtained by Wired, the SFPD "dismantled" its DataWorks servers and allowed the contract to lapse after its 90-day trial period. That apparently ended in January before the law took effect.

Even so, it’s not exactly comforting that the SFPD was able to secure and test drive facial recognition tech with zero public notice. City legislators made no mention of this tech or the SFPD’s prior exploration of facial recognition when they began moving forward with the legislation earlier this year.

The other concern is a new one: the SF legislature has already amended its ban to allow city use of smartphones with biometric security features. While this may have been necessary to ensure employees could use city-issued devices, it also shows the city can be talked into punching holes in its brand new legislation. The city may hold firm in the future, but there’s a good chance it will create other loopholes if the arguments are persuasive enough. It all depends on the definition of "critically necessary" -- terms that can become especially malleable following a mass tragedy or an uptick in violent crime, for example.

But for now, the ban holds, minus the inadvertent collateral damage. The city’s government should still be applauded for its willingness to put its citizens above its own interests with this legislation, but any further requests for exceptions should be greeted with an overabundance of caution.