US oversight body demands biometrics privacy, training upgrades at DHS, FBI

The U.S. Government Accountability Office wants federal agencies to work on protecting the privacy and civil liberties of Americans in their use of facial recognition for law enforcement, and biometrics in general.

The oversight body has issued two sets of recommendations in reports published this month.

On “Biometric Identity System(s),” GAO says “DHS Needs to Address Significant Shortcomings in Program Management and Privacy.” The report reviews the efforts by the Department of Homeland Security to transition to the Homeland Advanced Recognition Technology (HART) multi-biometric system from the Ident ABIS, and says DHS needs to dramatically improve the privacy protections for individuals in the new system.

GAO begins the report by raking DHS over the coals for its wildly inaccurate estimates of the time and money required to set up HART, noting that “these estimates are unreliable because DHS doesn’t follow our best practices for calculating them.” The schedule and cost estimates have been revised twice.  They are still wrong.

HART is scheduled to reach initial operational capacity by the end of this month, as of the 2022 update, but intended date for the completion of the program was pushed back at that time from June 30, 2024.

The report urges DHS to adopt best practices in its estimates, and notes that the agency fully implemented 5 of 12 privacy requirements set for it by the Office of Management and Budget. The other seven include privacy impact assessments, which still do not include all of the relevant information, such as whose data HART will store and who that information will be shared with.

The nine recommendations from the GAO consist of two on the estimates and seven on privacy. The privacy items include describing the categories of individuals included in the biometric database, setting out the methodologies for ensuring privacy controls are properly implemented, and fixing the seven previously-identified shortcomings.

Facial recognition training, civil rights protections needed

On “Facial Recognition Services,” GAO says that “Federal Law Enforcement Agencies Should Take Actions to Implement Training, and Policies for Civil Liberties.” Specifically, the seven agencies within the Departments of Homeland Security and Justice that use facial recognition should have policies that mandate training with the technology, along with protections for the public’s civil rights.

Only two of the seven currently require training on facial recognition, GAO says. A department-wide policy that specifically addresses civil rights and facial recognition is expected to be finalized this year by DHS, but the Justice Department, which includes the Federal Bureau of Investigations, is further behind.

The FBI has trained staff in the use of facial recognition, but only 10 of the 196 who have used the technology.

The GAO has 10 recommendations. Immigration and Customs Enforcement should set up periodic checks to make sure its staff is adequately trained in facial recognition use, while the FBI should clarify its requirements for staff using Clearview AI, and implement a training requirement for facial recognition in general. Customs and Border Protection should review the searches it carries out for other agencies, and whether there should be training requirements for doing so. DoJ and DHS should each make sure their privacy leads and agency heads work together to address outstanding issues.

Article Topics

biometrics  |  data privacy  |  DHS  |  facial recognition  |  FBI  |  GAO (Government Accountability Office)  |  Homeland Advanced Recognition Technology (HART)  |  law enforcement  |  U.S. Government