In the academic world it is perfectly acceptable to use carefully selected or crafted inputs (facial images in this case) to develop and evaluate your algorithms. You may have separate date sets for development and evaluation, however careful selection or crafting is OK to simplify the project and avoid issues/variables outside of the project's scope.
As a CompSci academic, I am consistently shocked by the fact that we don't really consider the ethics our research. Some of the research, like the folks that are still interested in Chess playing algorithms, is pretty benign. Other research, like facial recognition, data mining, etc.... not so much. Case and point, there's a great Ted Talk by a researcher from Carnegie Mellon in which he demos an iPhone app (paired with some server-side software) his team wrote for using facial recognition to predict social security numbers in seconds. For those with experience on the academic side, how often have you or your colleagues stopped to consider that your research may be used unethically? Unless you're working in security, I suspect that it's probably infrequently despite the fact that advances in just about every major CS research area could be misused.
To be fair, I don't really know what to do about this problem. Someone is going to do the research. If it isn't me, or you, it'll be someone working in a government research facility... perhaps working for a government that isn't so friendly. All I suppose I'm really saying is that we really need to start thinking about the fact that there's a digital arms race going on... and we're the ones making the weapons.
It'd be nice if we could have advice from some of the researchers from the dawn of the last arms race, like Oppenheimer. This time, the race isn't about becoming omnipotent, it's about becoming omniscient.
The moon is made of green cheese. -- John Heywood