OVER THE past few years, facial-recognition technology has rapidly become a feature of everyday life. It is used to tag people in Facebook pictures, unlock smartphones and even pay for purchases . But as this technology becomes more ubiquitous, so, too, have concerns that it could be misused.

Last week, Microsoft added its voice to a growing movement calling for regulation of facial-recognition software. In a blog post, company president Brad Smith wrote that the technology has “broad societal ramifications and potential for abuse.” He proposed Congress create a bipartisan expert commission to identify the best way to regulate this software, adding that technology companies stand to benefit from guidance and clarity. In doing so, he drew attention to the fact there are few, if any, regulations in the United States governing the use of facial recognition.

There is no question that facial-recognition technology can be a powerful tool. It has been used by airports to conduct efficient security checks, by health-care researchers to make diagnoses, and by police departments to track down suspects and missing people. Last month, it helped identify the suspect in the shooting deaths of five Capital Gazette employees in Annapolis.

But widespread government use of this software, particularly by law enforcement, has raised questions about privacy rights and information security. Civil liberties advocates fear the unregulated use of facial-recognition technology could lead to the creation of a surveillance state akin to that in China . Because the technology is less effective at identifying people of color and women, watchdogs also worry it could disproportionately implicate members of these demographics in crimes they did not commit.

In May, a coalition of civil rights organizations published an open letter criticizing Amazon’s decision to sell its Rekognition software to law-enforcement agencies in Florida and Oregon. (Amazon’s founder and chief executive, Jeffrey P. Bezos, owns The Post.) Last month, Microsoft’s own facial-recognition software came under fire amid suspicion — later rejected by the company — that it was being used by Immigration and Customs Enforcement.

When technology companies such as Microsoft acknowledge that their software comes with serious risks, it is time to sit up and take notice. Congress should step in and find ways to balance the public benefits of facial recognition with the obvious privacy concerns. To start, lawmakers should set standards for when and how government agencies can deploy these tools; create oversight mechanisms to ensure they are not misused; and push for transparency so people know when they are adding biometric information to searchable databases — such as driver’s license photo databases. Given that FBI face-recognition searches now cover more than 117 million Americans and are more common than court-ordered wiretaps, Congress should intervene soon.

Read more: