Privacy concerns linger over FBI’s new facial recognition system
In July, Sen. Al Franken opened a Senate hearing on the privacy and civil liberties implications of facial recognition technology by affirming some incontrovertible facts. “You can change your password. You can get a new credit card. But you can’t change your fingerprint, and you can’t change your face,” Franken said. “Unless I guess you go to a great, you know, deal of trouble.”
Franken was expressing concerns about the Next Generation Identification system, a database the FBI has been steadily building over the past several years that harnesses the data-gathering power of an emerging slew of forensic technologies. When fully deployed, NGI will allow the bureau to integrate a vast array of forensic data culled from local and state law enforcement agencies, including fingerprints, palm prints, scar and tattoo records, and facial photos. Multiple reports peg the cost of the facial recognition software upgrade alone at $1 billion.
And even as law enforcement agencies from Ohio to Hawaii continue to adopt this advanced, still-evolving technology, civil liberties and privacy advocates on the Hill and around the country worry that the existing legal framework to protect innocent Americans from being swept up in the rising tide of information overload is worrisomely outmoded.
Privacy watchdogs fear that the FBI’s privacy guidelines for the photo-gathering system are insufficient and fail to prevent information on innocent civilians from being logged into the system. The storehouse, they say, could violate privacy protections, hold faulty data, and potentially retain information on non-criminals. And now, a series of just-enacted, though not unusual, privacy exemptions could continue to erode those protections.
The FBI began building the NGI over concerns that its existing fingerprint management system was growing obsolete. That system currently includes a host of identifying criteria, including names, addresses, and social security numbers, and allows criminal justice agencies to submit fingerprint records for arrestees along with up to ten mug shots.
NGI would ease the search process and enhance the types of collected information, helping local entities build permanent recognition files that include multiple pieces of unique identifying data for each specific arrestee. The system is being phased in over seven separate increments, the first of which began in March of 2010. Each step introduces a new element—fingerprints, palm prints, scars—into the forensics stew.
Currently, the FBI is conducting a state-by-state trial run of its facial recognition system, which will allow states to automatically cross-reference photographs against a national repository that will one day hold nearly 13 million photos. In the past, states were required to file specific requests with the FBI to use the national photo bank. When the NGI’s facial recognition system is in effect, that process will be largely automated. Synching up databases in this way is expected to expedite the facial recognition and matching process for agencies anxious to learn if, for instance, another state has a warrant out for an arrestee. The system could also help identify suspects caught on security cameras.
To participate, states must sign a memorandum of understanding spelling out how they intend to use the information and protect its security. Under the agreement, states forward the photos submitted from local agencies on to the FBI. The FBI, in turn, should furnish the states with at least two potential matches, which are then evaluated by an analyst. Information from the pilot should be used only to generate leads, the memorandum instructs, and results should not be taken as positive identifications.
Michigan ran its pilot of the facial recognition system earlier this year. Jeremy Slavish, acting division director of the biometrics and identification division of the Michigan state police, says that the state sent two types of photos to the FBI: mug shots of arrested offenders from the state’s local jurisdictions, as well as what are known as “probe” or latent photos. As Slavish explains, probe photos can include “anything where law enforcement only has a photo to identify someone. Typically a surveillance or security camera shot.” The FBI is then supposed to cross-reference the probe photos against its national repository of mug shots and search for any potential matches.
Slavish isn’t sure what the FBI will do with the photos his department submitted. “What the FBI does with those when they get those, I really don’t know what to tell you,” Slavish says.
Meanwhile, as the federal government continues to quietly expand NGI, lawmakers in Washington are seeking to clarify exactly what sorts of privacy requirements will govern the system. Their concerns are more than just the stuff of paranoid conspiracy: federal and state law enforcement agencies have a long, troubled history of keeping close watch on prominent civil rights leaders and activists, even leaking classified documents about the civil rights movement to members of Congress. There is also the government’s documented history of keeping close watch on Americans protesting the Iraq war and storing information on their activities in a Pentagon-run anti-terrorism database.
More recently, civil liberties proponents have raised concerns about whether the Obama administration has expanded its surveillance of normal Americans to vacuum up their cell phone records. And over the past year, the Associated Press has published a Pulitzer-prize winning series on the New York Police Department’s controversial surveillance of Muslim-American communities.
At the hearing in July of the Senate Subcommittee on Privacy, Technology and the Law, Sen. Franken spelled out his key concerns to Jerome Pender, the FBI official in charge of NGI at the time: has the FBI specifically prohibited or discouraged local jurisdictions from using facial recognition technology in a way that could stifle free speech? And, if not, would it consider enacting such policies?
Pender assured Franken that the FBI intends to limit the system to criminal information. As for whether a jurisdiction could use the database to investigate protestors, he said that an officer “would have to clearly articulate which . . . criminal justice functions that they are trying to perform” by targeting protestors.
Pender also testified that local agencies will be required to conduct annual audits of their systems to “detect any type of misuse,” which the FBI will backstop with its own series of audits. Misuse, Pender added, could result in loss of access to the system, and even criminal prosecution.
But he was unable to assuage Franken’s more urgent concerns. “I can’t think of something that says you should not use this at a political event,” Pender said, though he added that such uses may still be “be outside of what is permitted” explicitly under the FBI’s rules. “[T]he purpose of doing this slow deployment [of the system]—is to identify if there are particular gray areas that need to be trained.”
Pender assured the committee that the FBI would not add probe photos to the database and that the system would “absolutely . . . be limited to mug shot photos and the criminal history in the criminal history database.”
The FBI’s Domestic Investigations and Operations Guide, the bureau’s primary reference for what is permitted when conducting domestic criminal investigations, affirms that activities like physical and video surveillance in public areas are constitutional. But it also stresses that peaceful, public assembly for political or social causes “presents unique issues for law enforcement agencies,” and grants law enforcement a significant degree of latitude. “As a general matter,” it instructs, “there is no reasonable expectation of privacy in areas that are exposed to public view or that are otherwise available to the public.”
And Pender’s testimony did little to clear up key questions about the FBI’s 2008 privacy impact assessment for NGI’s photo system, which laid out a broad framework for how the program would be run. The assessment indicates that while many of the photos will be drawn from the submitting criminal justice entities themselves, “others may be obtained by the submitting agency from other sources (such as security cameras, friends, family). In some instances (such as those from crime scene security cameras), the subjects may not have been aware of being photographed., [sic] and their identities may not yet be known or established.”
The assessment also suggests says that the bureau may want to expand its facial recognition capability to the civil records it currently has on hand, including records from routine employment background checks. But according to a memo on NGI’s rollout released in the spring, the FBI “will implement logical dissemination rules to protect against the sharing of civil information when the use is not appropriate.”
All of that would appear to exceed the mandate that Pender described in his testimony. At the hearing, Pender did say that the 2008 assessment is currently under review in coordination with the FBI’s general counsel, and that a new version would take into account the “evolutionary changes” that have occurred since 2008. Now, some three months later, the bureau has no new information to share about the program. The FBI declined to comment on its status.
As former FBI agent and ACLU senior policy counsel Mike German explained on NPR’s Talk of the Nation in late September, the current privacy assessment fails to indicate where a law enforcement agency can obtain a photo. “I could download your Facebook page, give it to a police agency, and they could submit that to the FBI, and there’s nothing in the FBI’s rules that say that they wouldn’t accept that,” German said.
The assessment “suggests the FBI will be accepting photos or video of people not themselves suspected of any wrongdoing,” German told The American Independent. “In that sense the database will no longer be simply criminal identification information, but a general intelligence database.”
The privacy assessment’s squishy language on the inclusion of data that is not explicitly criminal-related has civil liberties advocates most anxious, according to one congressional aide with deep knowledge of the matter. “We’re not talking about just G-men here, FBI agents in the field using this. FBI agents are fairly sophisticated folks … we’re talking about every single state or local law enforcement officer” with access to the system, the aide said. “There is a real threat of mission creep, of this becoming not just a database of criminals that’s used on criminal suspects, but this being used to identify civilians, and non-criminals.”
In a statement provided by his office over email, Franken tells The American Independent that while NGI could be a powerful tool for apprehending criminals and keeping communities safe, it must be deployed carefully.
“I’m concerned that the FBI does not have sufficient safeguards in place to ensure that this initiative isn’t used on Americans who are participating in a peaceful protest or otherwise exercising their freedom of speech,” he says, adding that he is “eager to know about FBI¹s plans to expand the use of facial recognition technology on databases of non-criminal individuals, like license photos held at state DMVs.”
“I’m still waiting to hear from the FBI on this issue,” Franken says.
Meanwhile, on October 9, the Department of Justice freed the FBI’s “Data Warehouse System”—its growing stockpile of unique personally identifying information, including the information that will make up the NGI—from several key provisions of the Privacy Act of 1974. That law normally requires federal agencies to give individuals access to any records they might have about them. It includes several sections that allow federal agencies to exempt their records from parts of the law, if those records pertain to law enforcement matters.
Under the recent exemptions, the FBI will not be required to notify citizens whose information has been logged in the FBI’s Data Warehouse. The bureau will also not be required to grant them access to records being kept on them. Nor will the FBI have to allow people to challenge information they believe to be “not accurate, relevant, timely, or complete.” The exemptions also limit any legal action people can take.
The Electronic Privacy Information Center, a Washington-based consumer public interest group, first flagged the news about the exemptions.
Jim Harper, the director of information policy studies at the Cato Institute, says that it is not uncommon for agencies to invoke exemptions for law enforcement purposes. Harper adds, though, that they are often misused. Granting entire databases such exemptions, as the FBI has done with its data warehouse, is “just not the purpose,” he says.
Rick Nelson, the director of the homeland security and counterterrorism program at the Center for Strategic and International Studies, views NGI as essential. While he welcomes the technology, Nelson is skeptical of the legal framework surrounding it. “Ensuring that we have the oversight structures in place, policies and laws in place … so it’s done in a manner that’s acceptable to the American people—that’s where we’re lagging behind,” Nelson says.
“It’s difficult to take the position that we’re somehow going to stop … the proliferation of private and public entities, having access to our personal information, including things like facial recognition and fingerprints,” Nelson adds. “It’s changing society. That dynamic isn’t going to change.”