EPIC files FOIA lawsuit against FBI over biometric database system
Privacy group Electronic Privacy Information Center (EPIC) filed a lawsuit against the FBI, earlier this month, to force the agency to release all documents related to its plan to provide the Department of Defense with access to biometric information, according to a report by On the Wire.
The biometric data — which includes fingerprints, iris images, and facial photos — is stored on the FBI’s Next Generation Identification system, which the agency has been using for a few years.
“With NGI, the FBI will expand the number of uploaded photographs and provide investigators with ‘automated facial recognition search capability.’ The FBI intends to do this by eliminating restrictions on the number of submitted photographs (including photographs that are not accompanied by tenprint fingerprints) and allowing the submission of non-facial photographs (e.g. scars or tattoos),” according to the EPIC lawsuit.
“The FBI also widely disseminates this NGI data. According to the FBI’s latest NGI fact sheet, 24,510 local, state, tribal, federal and international partners submitted queries to NGI in September 2016.”
EPIC and other privacy advocacy organizations have raised concerns about the new database regarding facial recognition systems’ high error rates, as well as the collection and storage of facial recognition data being a huge risk for those individuals whose information is stored on the database.
“The FBI recognized several risks associated with increased use of facial recognition technology in a Privacy Impact Assessment. The FBI stated that ‘[i]ncreased collection and retention of personally identifiable information (PII) presents a correspondingly increased risk that the FBI will then be maintaining more information that might potentially be subject to loss or unauthorized use’ and that, because ‘photographs may now be submitted without accompanying ten-print fingerprints,’ the accompanying photo ‘may be associated with the wrong identity.'”
The lawsuit demands that the FBI release records about the plan to share NGI data with the Department of Defense under the Freedom of Information Act.
Last year, EPIC filed a FOIA request regarding the plan, to which the FBI responded by stating that it had found 35 pages of records relevant to the request. However, the agency has yet to release any of those records.
Earlier this year, the FBI requested that the Department of Justice to omit NGI data from the Privacy Act in an effort to prevent the general public from accessing the information.
“It provides fingerprint identification and criminal history services, as well as biometric services such as latent fingerprint, palm print, and face recognition. In this rulemaking, the FBI proposes to exempt this Privacy Act system of records from certain provisions of the Privacy Act in order to prevent interference with the responsibilities of the FBI to detect, deter, and prosecute crimes and to protect the national security,” the FBI said in the request.
EPIC says in its lawsuit that the Department of Justice has failed to adhere to the FOIA regulations and should be ordered to release any documents regarding the NGI data sharing.