By Jennifer Lynch, Electronic Frontier Foundation:
In the last few years, FBI has been dramatically expanding its biometrics programs, whether by adding face recognition to its vast Next Generation Identification (NGI) database or pushing out mobile biometrics capabilities for “time-critical situations” through its Repository for Individuals of Special Concern (RISC). But two new developments—both introduced with next to no media attention—will impact far more every-day Americans than anything the FBI has done on biometrics in the past.
FBI Combines Civil and Criminal Fingerprints into One Fully Searchable Database
Being a job seeker isn’t a crime. But the FBI has made a big change in how it deals with fingerprints that might make it seem that way. For the first time, fingerprints and biographical information sent to the FBI for a background check will be stored and searched right along with fingerprints taken for criminal purposes.
The change, which the FBI revealed quietly in a February 2015 Privacy Impact Assessment (PIA), means that if you ever have your fingerprints taken for licensing or for a background check, they will most likely end up living indefinitely in the FBI’s NGI database. They’ll be searched thousands of times a day by law enforcement agencies across the country—even if your prints didn’t match any criminal records when they were first submitted to the system.
This is the first time the FBI has allowed routine criminal searches of its civil fingerprint data. Although employers and certifying agencies have submitted prints to the FBI for decades, the FBI says it rarely retained these non-criminal prints. And even when it did retain prints in the past, they “were not readily accessible or searchable.” Now, not only will these prints—and the biographical data included with them—be available to any law enforcement agent who wants to look for them, they will be searched as a matter of course along with all prints collected for a clearly criminal purpose (like upon arrest or at time of booking).
This seems part of an ever-growing movement toward cataloguing information on everyone in America—and a movement that won’t end with fingerprints. With the launch of the face recognition component of NGI, employers and agencies will be able to submit a photograph along with prints as part of the standard background check. As we’ve noted before, one of FBI’s stated goals for NGI is to be able to track people as they move from one location to another. Having a robust database of face photos, built out using non-criminal records, will only make that goal even easier to achieve.
This change will impact a broad swath of Americans. It’s not just prospective police officers or childcare workers who have to submit to fingerprint background checks. In Texas, for example, you’ll need to give the government your prints if you want to be an engineer, doctor, realtor, stockbroker, attorney, or even an architect. The California Department of Justice says it submits 1.2 million sets of civil prints to the FBI annually. And, since 1953, all jobs with the federal government have required a fingerprint check—not just for jobs requiring a security clearance, but even for part-time food service workers, student interns, designers, customer service representatives, and maintenance workers.
The FBI seems to think we should all be OK with this because it has (ostensibly) given people notice and because the program is limited to only those people who are required by federal or state rules to provide prints. But in many parts of the country, this could amount to a very large percentage of workers (including each and every attorney at EFF)—and for many people, especially the poor and underemployed, opting out of this program by choosing a different line of work is truly a not a choice at all.
This is not OK. The government should not collect information on Americans for a non-criminal purpose and then use that same information for criminal purposes—in effect submitting the data of Americans with no ties to the criminal justice system to thousands of criminal searches every day. This violates our democratic ideals and our societal belief that we should not treat people as criminals until they are proven guilty.
It also subjects innocent Americans to the very real risk that they will be falsely linked to a crime. In 2004, the FBI mistakenly linked American attorney Brandon Mayfield to a bombing in Madrid based solely on forensic fingerprint evidence. The FBI seized his property, and he was imprisoned for two weeks before agents finally recognized their error and apologized. Researchers have postulated large face recognition databases could also result in false matches. This means that many people will be presented as suspects for crimes they didn’t commit.
Unfortunately, individuals don’t have much recourse. The only way you can get your prints out of the FBI’s database and stop this repeated invasion of privacy is either with a court order or if the agency that requires your prints to be collected also requests for them to be removed. There appears to be no way for an individual to ask to have their prints removed on their own.
We are disappointed that the FBI chose to go down this path. It could just as easily have designed its database to keep non-criminal data separate from criminal data. Or even better, the FBI could go back to its old practices and not keep the data at all.
FBI Plans to Populate its Massive Face Recognition Database with Photographs Taken in the Field
As Privacy SOS reported earlier this month, the FBI is looking for new ways to collect biometrics out in the field—and not just fingerprints, but face recognition-ready photographs as well.
The FBI recently issued a request for quotations (RFQ) to build out its mobile biometrics capabilities. Specifically, it’s looking for software that can be used on small Android-based mobile devices like Samsung Galaxy phones and tablets to collect fingerprints and face images from anyone officers stop on the street.
If the plan goes through, it will be the first time the FBI will be able to collect fingerprints and face images out in the field and search them against its Next Generation Identification (NGI) database. According to the RFQ, FBI’s current mobile collection tools are “not optimized for mobile operations” because they are large and are limited in scope to determining if a person has “possible terrorist links (in the U.S. or abroad) or is likely to pose a threat to the U.S.”
This plan appears to be a broad expansion of the FBI’s “RISC” program. RISC provides mobile fingerprinting tools to determine whether someone is an “Individual of Special Concern” by allowing access in the field to a database of “wanted persons, known or appropriately suspected terrorists, sex offenders, and persons of special interest.” The FBI says RISC is intended for “time-critical situations” and to identify a limited subset of people within its criminal fingerprint database. But now it appears FBI intends to use its mobile biometrics collection tools much more broadly.
The biggest concern with this new mobile program is that it appears it will allow (and in fact, encourage) agents to collect face recognition images out in the field and use these images to populate NGI—something the FBI stated in Congressional testimony it would not do.
Specifically, in 2012, Deputy Assistant Director Jerome Pender stated:
Only criminal mug shot photos are used to populate the national repository. Query photos and photos obtained from social networking sites, surveillance cameras, and similar sources are not used to populate the national repository.
But the new RFQ contradicts this because it appears the desired software would allow officers to submit non-mug shot photos to NGI. The RFQ says the FBI is looking for a mobile biometrics tool that would, “at a minimum . . . include fingerprints and facial photographs for submission and receipt of a response.” Photographs taken in the field are clearly not “mug shot photos” because they’re taken before booking and possibly even before arrest. And it’s hard to see how a mobile tool that allows officers to collect these non-mug shot photos and “submit” them to a database is not also “populating the national repository.”
Unfortunately, as we have noted many times before, we don’t know exactly how the FBI plans to populate NGI with face images because it hasn’t updated the Privacy Impact Assessment (PIA) for its photo database since 2008—well before the development and deployment of NGI’s facial recognition capabilities. Mr. Pender testified to Congress in 2012 that FBI was in the process of updating this PIA to “address all evolutionary changes” since 2008. But despite a 2014 letter to then-Attorney General Eric Holder signed by EFF and 31 other organizations calling for FBI to update the PIA, the Bureau still fails to explain to Americans exactly how it plans to collect, use and protect face recognition data. Our calls for an updated PIA are clearly falling on deaf ears. But without one, it is impossible to tell exactly how the FBI is limiting its acquisition and use of facial recognition data now and in the future.
As EFF testified during a Senate Subcommittee hearing on facial recognition, Americans should be very concerned about the government’s plans to build up its facial recognition capabilities:
Facial recognition takes the risks inherent in other biometrics to a new level…[it] allows for covert, remote, and mass capture and identification of images, and the photos that may end up in a database include not just a person’s face but also what she is wearing, what she might be carrying, and who she is associated with.
Given the FBI’s broad goals for face recognition data, the time is right for laws that limit face recognition data collection. By Jennifer Lynch, Electronic Frontier Foundation