Facial recognition use increasing at US federal agencies faster than oversight, GAO reports

The use of facial recognition has become increasingly common across the government, a new report from the U.S. Government Accountability Office suggests, but systems for tracking exactly what is being used and by whom are lagging behind.

This observation was presented as part of written testimony to a U.S. House Subcommittee on Investigations and Oversight hearing on ‘Privacy in the Age of Biometrics.’

GAO says that out of 13 agencies it recommended should implement mechanisms to track non-federal facial recognition systems used by employees and assess their associated risks, only three have implemented systems, and even they have not performed risk assessments.

Of the 24 agencies that the GAO surveyed in 2020, 18 reported that they owned or accessed 27 federal facial recognition systems.

Moreover, 14 of those agencies owned smartphones that can be unlocked with facial recognition. Nine reported owning face biometrics systems, other than software on smartphones, for roles including physical security and domestic law enforcement.

Three state and local agencies reported accessing one or more systems owned by 29 states and seven localities for law enforcement purposes.

This expanded throughout 2021, with 14 of the 42 federal agencies GAO surveyed having used non-federal systems to support criminal investigations, according to a separate survey.

Most federal agencies were “relying on systems owned by other entities, including non-federal entities, to support their operations,” the report reads.

However, the GAO, says that as of June 2021, 13 federal agencies could not assess the risks of using non-federal systems because they did not have complete, current information on what systems were being used.

“By implementing a mechanism to track what non-federal systems are used by employees, agencies will have better visibility into the technologies they rely upon to conduct criminal investigations,” the GAO wrote.

“In addition, by assessing the risks of these systems, including privacy and accuracy-related risks, agencies will be better positioned to mitigate any risks to themselves and the public.”

The Department of Homeland Security concurred with at least some of the recommendations.

As of February 2022, the department’s Customs and Border Protection, or CBP, agency has acted on a recommendation that it ensure that its Biometric Entry-Exit Program’s privacy notices contain complete and current information anywhere the agency uses facial recognition, according to the report. CBP has “taken steps to address the remaining two recommendations but has not fully implemented them.

The GAO called for a concerted effort from both the public and private sectors to further regulate the adoption of facial recognition technologies.

It is time that members of Congress, academics and advocacy organizations create a comprehensive understanding of how facial recognition is used by federal agencies.

Article Topics

biometrics  |  face biometrics  |  facial recognition  |  GAO (Government Accountability Office)  |  law enforcement  |  regulation  |  U.S. Government