Organizations respond to FBI’s call to exempt biometric ID database from privacy laws
Forty-six privacy, civil liberties, and immigrants’ rights organizations sent a letter to a group of senators and congressmen, urging their committees to hold oversight hearings to assess the Federal Bureau of Investigation’s (FBI) Next Generation Identification program and their use of biometric data.
The letter also called on the committees to require the FBI’s compliance with the Privacy Act of 1974 and enforce ongoing public reports on the FBI’s use, collection, retention, and disclosure of biometric information.
Addressed to Senators Chuck Grassley and Patrick J. Leahy, as well as Congressmen Bob Goodlatte, Jason Chaffetz, John Conyers, and Elijah Cummings, the move comes nearly a month after the organizations sent a letter to the FBI asking for an extension to the comment period regarding the FBI’s request to modify the Privacy Act.
Earlier this year, the FBI requested for certain provisions of the act to be changed regarding the use of criminal history record information and biometric identifiers within the NGI program, which contains the biometric data (fingerprints, facial recognition, and iris recognition) on millions of US citizens and immigrants..
The organizations assert in the letter that there are several privacy, civil liberties, and human right issues raised by the biometric database and the FBI’s use of facial recognition technologies to search its own database, other federal agency databases, and databases of state driver’s license photos.
The FBI’s biometric database contains profiles on arrestees and people with records as well as individuals with no ties to the criminal justice system, and is used for both law enforcement and non-law enforcement purposes, the letter said.
It continues by stating that through NGI’s Interstate Photo System (NGI-IPS), the FBI operates a face recognition service with over 30 million photos from 16.9 million individuals that is accessed by several state and local law enforcement agencies.
The letter also points out the FBI’s existing agreements with 16 states to request facial recognition searches of state repositories of photos consisting mostly of driver license photos, and that it is currently negotiating with 18 other states to include their driver’s license photos in these searches.
All of these facial recognition searches have been done without any judicial oversight or internal audits, the letter said.
Another key issue highlighted in the letter is the retention duration of the biometric data, which is kept on file until the individual turns 110 years old or seven years after the FBI has been alerted of the individual’s death.
The organizations contend that the FBI is “unnecessarily retaining vast amounts of personal and biometric information and exposing millions of people to a potential data breach.”
The letter also states that the collection of biometric data on millions of people enables law enforcement to identify individuals without probable cause, reasonable suspicion, or any other legal standard that is usually necessary for law enforcement to obtain traditional identification.
Using biometric identifiers like facial recognition, law enforcement can covertly and remotely identify people on a greater level, according to the letter.
“The FBI’s use of facial recognition through NGI and its FACE Services Unit lacks proper public oversight. A recent GAO report determined that the ‘FBI has not completed audits to oversee the use of NGI-IPS or FACE services,’” the letter said.
“Furthermore, the FBI has failed to timely update the public through Privacy Impact Assessments required by law. These privacy assessments are essential to informing the public on how the FBI mitigates the privacy risks associated with its information systems. Congress often holds oversight hearings of the FBI, but more often than not the FBI’s NGI database and its use of biometrics receives too little scrutiny.”