June 20, 2016 -
According to a new report issued by the U.S. Government Accountability Office (GAO), the Federal Bureau of Investigation (FBI) has access to nearly 412 million photographs for the purpose of running facial recognition. The images include both passport and driver’s license photos, along with mug shots. The FBI plans to expand its vast database of photos with the addition of 20 additional states. Currently, the FBI has agreements with seven states to share images.
The images are shared under the FBI’s Facial Analysis, Comparison and Evaluation (FACE) Services, a unit within the FBI’s Criminal Justice Information Services Division (CJIS) that conducts searches on FBI’s internal photo database of 30 million images and that can access external partners’ face recognition systems, constituting an additional 380 million images to support FBI active investigations.
The GAO report criticizes the FBI for rolling out these massive face recognition capabilities without ever explaining the privacy implications of its actions to the public. Federal law and Department of Justice policies require the FBI to complete a Privacy Impact Assessment (PIA) of all programs that collect data on Americans, both at the beginning of development and any time there’s significant change to the program.
While the FBI produced a PIA in 2008, when it first started planning out the face recognition component of its Next Generation Identification (NGI) system, an advanced digital platform of biometric and other types of identity information, it did not update that PIA until late 2015, seven years later and well after it began making significant changes to the program.
The FBI also failed to produce a PIA for its FACE Services unit until May 2015, three years after FACE began supporting FBI with face recognition searches. As GAO notes, the whole point of PIAs is to give the public notice of the privacy implications of data collection programs and to ensure that privacy protections are built into the system from the start. According to GAO report, the FBI failed at this.
The GAO therefore recommended that the U.S. Department of Justice examine why the FBI was not producing regular privacy reports or running regular tests of the accuracy of its face recognition system. The GAO also recommended for the FBI to test the accuracy of the external state and federal databases upon which it relies.