On Wednesday the House Committee on Oversight and Government Reform questioned Kimberly Del Greco, Deputy Assistant Director at the FBI’s Criminal Justice Information Services Division, about why the bureau broke the law by failing to file a privacy impact statement acknowledging the collection of millions of Americans’ faces for the agency’s new biometric identification system.
The FBI’s Next Generation Identification (NGI) system is made up of fingerprints, iris scans, faceprints, and other facial recognition data.
The NGI organizes Americans’ biometric data into a single file that includes personal and biographic data like name, home address, ID number, immigration status, age, race, etc.
The Committee reports that nearly half of all adult Americans’ photographs are in the database.
The 2013 U.S. Census Bureau estimated that there are over 242 million adults living in the U.S. If the Committee’s numbers are correct, over 121 million adults are in the FBI’s database.
Other revelations include that 18 states have a memorandum of understanding (MOU) with the FBI to share photos with the federal government, including from state departments of motor vehicles (DMV).
According to the Electronic Privacy Information Center:
With NGI, the FBI will expand the number of uploaded photographs and provide investigators with ‘automated facial recognition search capability.’
The FBI intends to do this by eliminating restrictions on the number of submitted photographs (including photographs that are not accompanied by tenprint fingerprints) and allowing the submission of non-facial photographs (e.g. scars or tattoos).
The FBI also widely disseminates this NGI data. According to the FBI’s latest NGI fact sheet, 24,510 local, state, tribal, federal and international partners submitted queries to NGI in September 2016.
Committee Chairman Congressman Jason Chaffetz (R- Utah) scolded Ms. Del Greco for the FBI’s failures. “The failure here is years after you were supposed to make it public,” Chaffetz stated.
“You were using it in real world circumstances, you were actually using it and didn’t issue the statement.” Chaffetz also asked Del Greco whether the FBI had plans to gather faceprints via social media.
“Are you collecting that information that is available on social media?,” the chairman demanded. “We do not have any other photos in our repository.”
Alvaro Bedoya, Executive Director, Center on Privacy and Technology Georgetown Law, questioned the FBI’s claim, stating that the bureau has access to driver’s license photos. “We have access to that data but we do not use it,” Del Greco answered.
Jennifer Lynch, Senior Staff attorney with the Electronic Frontier Foundation also stated that the FBI has access to “civil photos” in the NGI database.
Rep. Paul Mitchell (R-MI) also questioned Del Greco regarding the FBI’s activities. “I think the issue goes beyond the First Amendment concerns that were expressed. . .and is broader,” Mitchell stated during the panel.
“I don’t want to just protect someone if they’re in a political protest from being identified, the reality is we should protect everybody unless there is a valid documented criminal justice action.
Why should my photo. . .be subject because I get a driver’s license, to access?” Rep. John Duncan (R-TN) expressed similar fear regarding the possibility that the expectation of privacy is quickly fading.
Duncan worried that Americans looking at the information, “would wonder if were ending up in a federal police state that’s gotten totally out of control, and has far too much power.”
Duncan is not far off. The databases include photos those of people who aren’t suspected of any criminal activity that come from driver’s license and passport and visa photos. Other issues with the FBI database include misidentifying females and blacks at a higher rate. The FBI is currently facing a lawsuit from EPIC regarding the database.
EPIC is asking a judge to force the FBI to release records about its plan to share the biometric data with the U.S. Department of Defense. EPIC filed a Freedom of Information Act request in 2015, but the FBI has so far refused to release the 35 pages of responsive records.
EPIC and privacy advocates are concerned about the potential for cases of mistaken identity and abuse of the collected data. EPIC also argues “the FBI stated that ‘[i]ncreased collection and retention of personally identifiable information presents a correspondingly increased risk that the FBI will then be maintaining more information that might potentially be subject to loss or unauthorized use.”
In 2014, the EFF received documents from the FBI related to the NGI system. At the time the FBI estimated the facial recognition component of NGI would include as many as 52 million face images by 2015.
The Committee’s hearing on Wednesday indicated that number was more than double as of 2017. The danger of abuse from facial recognition programs is on the rise. The report, “The Perpetual Line-Up: Unregulated Police Face Recognition in America,” examines several cases of misuse or abuse of facial recognition technology.
How can we protect our privacy in a world that is quickly becoming a digitally interconnected panopticon of audio recording devices, faceprint collection machines, and cameras from every direction?
The answer is not simple. Most of us live our lives with these devices and use them for several hours each day. When we are staring into our phones to send text messages, the camera is potentially stealing our faceprint and sending it to your cell phone provider and/or law enforcement.
We are giving away our privacy for convenience, luxury, and entertainment. How can we stop the fast march to a total surveillance state? Perhaps abandoning all technology and living off the land. Short of that, we need to take measures to encrypt our communication and practice a culture of security.