Focusing public attention on emerging privacy and civil liberties issues

Spotlight on Surveillance - December 2013

The FBI’s Next Generation Identification Program:

Big Brother’s ID System?

The Federal Bureau of Investigation (FBI) is developing a biometric identification database program called "Next Generation Identification" (NGI). When completed, the NGI system will be one of the largest biometric databases in the world. The program is of particular interest to EPIC because of the far-reaching implications for personal privacy and the risks of mass surveillance.[1]

The vast majority of records contained in the NGI database will be of US citizens. The NGI biometric identifiers will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and photographs. The system will include facial recognition capabilities to analyze collected images. Millions of individuals who are neither criminals nor suspects will be included in the database.

Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Biometric records collected by various civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras. [2] The Department of Homeland Security has expended hundreds of millions of dollars to establish state and local surveillance systems, including CCTV cameras that record the routine activities of millions of individuals. [3] There are an estimated 30 million surveillance cameras in the United States. If NGI system was integrated with CCTV cameras operated by public agencies and private entities, NGI could use facial recognition on images of crowds to identify individuals in public settings, whether or not the police have made the necessary legal showing to compel the disclosure of identification documents.

The NGI database will be used for both law enforcement and non-law enforcement purposes. It will be available to law enforcement agencies at the local, state, and federal level. But it will also be available to private entities, unrelated to a law enforcement agency.

EPIC’s “Spotlight on Surveillance” project takes a deeper look at this massive surveillance initiative.

Background

The Next Generation Identification (NGI) program, once completed, will replace the technical capabilities of the Integrated Automated Fingerprint Identification System (IAFIS).[4] The IAFIS is a national fingerprint and criminal history system that went operational in 1999.[5] The IAFIS is currently one, if not the, largest biometric databases in the world containing more than 70 million subject files with fingerprints and another 34 million plus civil prints.[6] The NGI initiative will greatly increase the size of the FBI’s biometric database by adding multiple biometrics retrieved from state and local law enforcement databases as well as from other sources like department of motor vehicle databases of driver license and photo ID pictures. Over 18,000 local, state, tribal, federal, and international partners currently use IAFIS and will thus have access to NGI.

The NGI program’s addition of more biometrics (e.g. palmprints and iris scans)[7] will be shared farther and wider as the FBI looks to increase interoperability between the FBI’s biometric database and other government biometric databases including ones operated by the Department of Homeland Security (DHS) and the Department of Defense (DOD).[8] The increased sharing will open up greater possibility of the FBI’s NGI database being compromised—a database that will include everything from the IAFIS system, which already contains a great deal of information on lots of individuals. In addition to the fingerprints, IAFIS system keeps the “corresponding criminal histories; mug shots, scars and tattoo photos; physical characteristics like height, weight, and hair and eye color; and aliases.”[9]

The NGI program is being implemented in seven stages. Increments 0 through 3 have already been put into effect and include updated workstations, improvements to fingerprint processing, the creation of the Repository for Individuals of Special Concern (RISC),[10] and the addition of palm print and latent print searching.[11] Increments 4 through 6 are in the process of being implemented. Increment 4 includes the addition of a rap back program, facial recognition technology, and the ability to search scars, tattoos and other unique markings. Much of Increment 4 has already been implemented. The FBI has been working on the facial recognition component for over three years with full implementation due by the Summer of 2014. Increment 5 is the implementation of an iris recognition capability and Increment 6 is a general update to the technology. The full implementation of NGI is due to be complete by the end of 2014.

The FBI will continue to look to additional biometric identifiers through the Biometric Center of Excellence (BCOE). The BCOE is an FBI program that researches new and advancing biometric technologies and capabilities.[12] The BCOE is researching automated facial recognition technology for videos, ear recognition, and voice recognition among other capabilities. The expansion of the possible biometric identifiers the NGI database can accommodate will only increase the chances of civilians that are not suspects or convicts ending up in the FBI’s database. In the near future, the NGI database will be able to identify someone from a voice recording or picture of one’s profile.

The Rise in the Collection of Biometric Data

The FBI is constantly looking to expand the collection of biometric identifiers through various means including a background check service called “Rap Back” and offering facial recognition services among other things. Similarly, state and local law enforcement are increasing their collection of biometric identifiers, and the use of biometrics is becoming more commonplace in the private sector.

The “Rap Back” program is a monitoring program that equates to an ongoing, continual background check. It is not only used to monitor whether people under correctional supervision are arrested again, but to constantly monitor civilians in various trusted positions (e.g. teachers or banker tellers). Civilians under Rap Back monitoring must submit their fingerprints and potentially photos too as NGI now allow photo submissions for civilian entries.[13] The biometric data ends up in the FBI’s NGI database and are not deleted until the individual is 75 years old for civilian records.[14] Criminal records are kept until the individual is 99 years old.[15]

Source: FBI Presentation: Facial Recognition and Identification Initiatives

The FBI continues to push forward with biometric capabilities while falling short on addressing the privacy implications.

The FBI has shown a particular interest in expanding its facial recognition capabilities to its repertoire including into the NGI database.[16] According to the FBI, it is motivated to increase the use of facial recognition because images are easy to capture, store, copy, and share; there is increasing number of images from surveillance cameras, global media enterprises, and mobile phones; and an enormous amount of images are shared online through social networks and other communication methods.[17] The FBI envisions using facial recognition to identify unknown persons of interest from images, track subjects to and from critical events, conduct automated surveillance, and identify subjects in public datasets or seized computers or other electronic equipment.[18]

Documents obtained by EPIC through a FOIA lawsuit show that facial recognition capabilities were part of the 2010 NGI System Requirements.[19] The same document showed that the FBI is willing to accept the identification of the wrong person 20% of the time (i.e. a false positive) and the failure to identify the correct existing record 15% of the time (i.e. a false negative) for facial recognition searches.[20] This is a much higher error rate then is accepted for fingerprint identification. The FBI accepts a false positive only 0.3% and a false negative 1% of the time for fingerprint identification.[21]

The accuracy or the lack there of is disturbing compared to the results of the National Institute of Standards and Technology’s (NIST) 2006 large-scale Face Recognition Vendor Test (FRVT).[22] The NIST’s FRVT evaluated a number of facial recognition algorithms using high-resolution as well as low-resolution images. The best performing algorithms when set to return a false positive of 0.1% returned a false negative between 2.4% and 2.7% of the time on the low resolution images.[23] The face recognition algorithms performed even better with the high-resolution images.

Despite the high accepted-error-rate for facial recognition technology for the NGI program, the FBI has aggressively moved forward with facial recognition initiatives. NGI’s Interstate Photo System Facial Recognition Pilot (IPSFRP) utilizes a repository of criminal facial images compiled from existing Criminal Justice Information Services (CJIS) biometric repositories according to the technical specifications obtained by EPIC through a FOIA lawsuit.[24] Law enforcement at the local, state, and federal level can participate in the pilot. The IPSFRP allows law enforcement to submit photos not connected to arrests including purely civilian (i.e. non-criminal) photos and permits bulk submission of photos from other state and federal repositories in order to increase the repository of photos in the NGI database.[25]

In 2007, the FBI ran a pilot called Project Facemask. The pilot was a collaborative effort between the FBI and the North Carolina (NC) Department of Motor Vehicles (DMV) to use the NC DMV’s facial recognition program as a means of locating fugitives and missing persons.[26] Project Facemask lead the FBI to create the Facial Analysis Comparison and Evaluation (FACE) Services Unit.[27] The FACE Services Unit compares facial images of subjects of FBI investigations to images in FBI databases (e.g. NGI database) and other databases the FBI has access to (e.g. state DMV databases).[28] The FBI’s FACE Services Unit plans to enlarge its service to a greater customer base[29] thus expanding the use of facial recognition technology and increasing the likelihood of errors.

Source: FBI Presentation: Facial Recognition and Identification Initiatives

A number of state DMVs already have facial recognition technology and some of those state DMVs allow law enforcement access to their photo databases. FBI is seeking to expand its access to as many DMV databases as possible.

The unusually high error rate the FBI accepts for facial recognition searches exacerbates its failure fully address the privacy and civil liberty implications of facial recognition technology. A 2011 Privacy Threshold Analysis (PTA) for the FACE Services obtained by EPIC indicated a Privacy Impact Assessment was necessary for the program. FBI Deputy Director, Jerome Pender, testified in front of Congress in July 2012 that the FBI was in the process of renewing the 2008 Interstate Photo System Privacy Impact Assessment (PIA) to focus on facial recognition and address all the changes in the use of the technology since 2008.[30] As of the writing of this Spotlight on Surveillance, no PIA has been made publicly available that addresses the FBI’s growing use of facial recognition technology since the 2008 Interstate Photo System PIA.

Privacy, Civil Liberties, and Security

Biometric data is personally identifiable information that cannot be changed if it is compromised. Improper collection, storage, and use of this information can result in identity theft, inaccurate identifications, and infringement on constitutional rights. An individual’s ability to control access to his or her identity, including determining when to reveal it, is an essential aspect of personal security and privacy that biometric identifiers erode. The collection of biometric data into the FBI’s NGI database raises privacy issues because of its surveillance potential, the collection of vast amounts of personally identifiable information into a centralized database, and the prospects of secondary uses of the data.[31]

The increasing expansion of the use and storage of biometric data by the FBI via its NGI database carries with it a number of privacy and security concerns. Fundamentally, it will give the police the ability to identify people without probable cause, reasonable suspicion, or any other legal standard that might otherwise be required for the police to obtain traditional identification. Moreover, individuals will not know when their identity has been obtained or how it might be used.

For example, using a CCTV system linked to facial recognition, the police will be able to routinely identify individuals walking down a city street. If a particular individual is proximate to another person who is an actual suspect in an investigation, then that individual may also be added to the investigative database. This could be done routinely and automatically across a wide range of public activity all across the country. Traditionally, the police would likely need some basis to stop a person and ask them to present an identification, and even in those circumstances, the Supreme Court has expressed concern about the police obtaining more than a simple name.[32]

Source: Wall Street Journal

The FBI will use the database of iris scans maintained by the creator of the MORIS device shown above, BI2 Technologies, for its Iris Recognition Pilot.

The FBI will increasingly have access to more and more biometric data as state and local entities continue to increase their collection of biometric data. The New York City Police Department began scanning irises of arrestees in 2010; these sorts of records will be entered into NGI. The iris recognition pilot the FBI will conduct as part of the NGI program will incorporate the massive iris database already collected by the private company BI2 Technologies.[33] Other police departments are specifically using biometric collection gear that is compatible with NGI in anticipation to gaining access to its vast trove of biometric data.[34]

The potential sources of biometric data for the NGI database does not end with state and local law enforcement. As mentioned above, the FBI already leverages the photos collected by state DMVs. Specifically, the FBI has a Memorandum of Understanding (MOU) with a number of states that grant access to the state’s database of identification and driver license photos for facial recognition purposes.[35] Biometric collection is on the rise at public schools where some school districts require children to provide biometric identifiers, such as palm prints.[36] The use of biometric data is also edging its way into the workplace to track workers via facial recognition or digital fingerprinting.[37] The collection of biometrics at the state and local level as well as by the private sector become potential targets for integration into the NGI database.

The trend towards the collection of more and more biometric data by local and state agents that finds it way into a central location is leading to greater standardization of biometric collection. The increased centralization of biometric data through NGI and the increased standardization of biometric data collection increases the risk of security breaches and mission creep. The central location of vast amounts of biometric data in the NGI database is an enticing target for criminals who can use the data for the purpose of identity theft. The target becomes more enticing as biometric identifiers become more commonly used and standardized.

The centralized location of so much biometric data also becomes a temptation to the government to find additional uses for the data. Just as DMV databases of identification and driver license photos are now starting to be run through facial recognition technology for purposes wholly disparate from its initial purpose,[38] so to will the FBI’s NGI database creep towards new functions not yet envisioned. New technology could constantly run facial recognition checks of faces captured in public on CCTVs or photos posted on social media sites. The Department of Homeland Security (DHS) is actively working technology that will “scan crowds and automatically identify peoples by their faces.”[39] The project is called the Biometric Optical Surveillance System (BOSS). Everyone participating in political rallies could be identified through images of their face or recordings on their voice. Ultimately, the NGI database could become the basis for an involuntary national ID system.

A large database of biometrics destroys the ability of an individual to be anonymous. Publicly participating in society as a relatively anonymous individual becomes impossible because every fingerprint left behind, image from CCTV or someone’s mobile phone, or recording of your voice becomes an identifier. An identifier that can reveal the protests you participated in, the groups you associate with, or the things you spoke about. A large biometric database like NGI will increase the government’s ability to do surveillance on individuals, including individuals who are not suspected of any wrongdoing.

Facial recognition technology in particular threatens privacy and civil liberty because it can so easily be done covertly, even remotely, and on a mass scale. There is little to no precautions that can be taken to prevent collection of one’s image. Participation in society involves exposing one’s face and similarly, participation in social media often involves photos of faces. Ubiquitous and near-effortless identification eliminates individual’s ability to control their identities and poses a special risk to the First Amendment rights of free association and free expression, particularly for those who engage in lawful protests. NGI’s ability to collect bulk photos from other databases makes ubiquitous identification a near reality instead of a far-fetched dream. With its increasing database of biometrics on civilians, the NGI program could render anonymous free speech virtually impossible.

Recommendations

EPIC recommends that Congress begin a careful assessment of the long-term implications of the FBI’s Next Generation Identification System. In the past, similar proposals have routinely been the focus of extensive oversight hearings. There are far-reaching implications in the development of the NGI that must be fully assessed by Congress.

EPIC further recommends that a Privacy Impact Assessment (PIA) be performed immediately with respect to the NGI program. The PIA should specifically focus on the privacy implications of the collection, use, and retention of the various biometric identifiers that the NGI program will use (e.g. iris scans and facial recognition). The PIA should also examine the likelihood of “mission creep” with respect to the use of these biometric identifiers. The FBI should provide clear and publicly available documentation specifying the purpose of collection, the use of the biometric data collected, and the retention policy. Any changes to these policies should require the FBI to perform a notice-and-comment rulemaking in order to inform the public and consider public input. Additionally, any biometric data of civilians collected and stored in the NGI database (e.g. for background checks) should immediately be deleted after it has served its purpose.

Finally, EPIC recommends comprehensive legal guidelines, based on the federal Privacy Act, for the use of biometric identifiers. The FBI should undertake a formal rulemaking to establish clear practices for the system.

Without adequate safeguards, Next Generation Identification could easily become Big Brother’s ID system.



[1] See EPIC, EPIC v. FBI - Next Generation Identification, http://epic.org/foia/fbi/ngi/; EPIC, Biometric Identifiers, http://epic.org/privacy/biometrics/; EPIC, Face Recognition, http://epic.org/privacy/facerecognition/.

[2] See Charles Arthur, Trapwire Surveillance System Exposed in Document Leak, The Guardian (Aug. 13, 2012), http://www.theguardian.com/world/2012/aug/13/trapwire-surveillance-system-exposed-leak.

[3] Charlie Savage, US Doles Out Millions for Street Cameras, Boston (Aug. 12, 2007), http://www.boston.com/news/nation/washington/articles/2007/08/12/us_doles_out_millions_for_street_cameras/.

[4] DOJ, Capital Asset Summary: FBI Next Generation Identification NGII, 1 (2013), available at https://it-2013.itdashboard.gov/investment/exhibit300/pdf/011-000003457.

[5] FBI; Integrated Automated Fingerprint Identification System, http://www.fbi.gov/about-us/cjis/fingerprints_biometrics/iafis.

[6] Id.

[7] See Id.

[8] Capital Asset Summary, supra note 4.

[9] Id.

[10] RISC will allow law enforcement to quickly run the fingerprint of an individual encountered in the field to determine the level of threat the individual presents based on whether he/she is included in the RISC database.

[11] Latent print searching generally involves searching prints found at crime scenes.

[12] Richard W. Vorder Bruegge, FBI, PowerPoint: Facial Recognition and Identification Initiatives, slide 7, available at http://biometrics.org/bc2010/presentations/DOJ/vorder_bruegge-Facial-Recognition-and-Identification-Initiatives.pdf.

[13] http://www.fbi.gov/about-us/cjis/fingerprints_biometrics/ngi.

[14] FBI, Privacy Impact Assessment (PIA) for the Next Generation Identification (NGI) Interstate Photo System (IPS), ยง 3.4 (June 9, 2008), http://www.fbi.gov/foia/privacy-impact-assessments/interstate-photo-system.

[15] Id.

[16] See Richard W. Vorder Bruegge, FBI, Facial Recognition and Identification powerpoint slide (2010) (Biometric Consortium Conference & Technology Expo), available at http://biometrics.org/bc2010/presentations/DOJ/vorder_bruegge-Facial-Recognition-and-Identification-Initiatives.pdf.

[17] See Id at 2.

[18] See Id at 5.

[19] NGI System Requirements, 22 (Oct. 1, 2010), available at http://epic.org/foia/fbi/ngi/NGI-System-Requiremets.pdf.

[20] Id at 244.

[21] Id at 243.

[22] NIST, FRVT 2006 and ICE 2006 Large-Scale Results (Mar. 2007), available at http://www.nist.gov/customcf/get_pdf.cfm?pub_id=51131.

[23] See Id at 13.

[24] FBI, Technical Specifications Document for the Interstate Photo System Facial Recognition Pilot (IPSFRP) Project, 4 (May 4, 2012), available at http://epic.org/foia/fbi/ngi/IPSFRP-Technical-Specs.pdf.

[25] Memorandum of Understanding between the FBI and Maryland Department of Public Safety and Correctional Services Information Technology and Communication Division (Unexecuted), https://www.eff.org/files/filenode/Maryland_NGI_MOU_Face-recognition-BulkSubmission.pdf; Memorandum of Understanding between FBI and State of Hawaii Department of the Attorney General, https://www.eff.org/files/filenode/Hawaii_MOU_NGI_face-recognition.pdf.

[26] What Facial Recognition Technology Means for Privacy and Civil Liberties: Hearing Before the Subcomm. On Privacy, Technology and the Law of the S. Comm. on the Judiciary, 112th Cong. 1 (2012) (question for the record of Jerome Pender, Deputy Assistant Director, FBI), available at http://www.judiciary.senate.gov/resources/transcripts/upload/071812QFRs-Pender.pdf.

[27] Id.

[28] See FBI, Facial Analysis, Comparison, and Evaluation (FACE) Services Unit Standard Operating Procedures, 1 (Apr. 9, 2013), available at http://epic.org/foia/fbi/faces/FBI-SOP-FACES-Unit.pdf.

[29] See Id.

[30] See What Facial Recognition Technology Means for Privacy and Civil Liberties: Hearing Before the Subcomm. On Privacy, Technology and the Law of the S. Comm. on the Judiciary, 112th Cong., 3 (2012) (statement for the record of Jerome Pender, Deputy Assistant Director, FBI), available at http://www.judiciary.senate.gov/pdf/12-7-18PenderTestimony.pdf.

[31] See National Academy of Sciences, Biometric Recognition: Challenges and Opportunities, 90 (2010), available at http://www.nap.edu/download.php?record_id=12720.

[32] Hiibel v. Sixth Judicial Dist. Court of Nevada, Humboldt County, 542 U.S. 177, 185 (2004) (“As we understand it, the statute does not require a suspect to give the officer a driver’s license or any other document. Provided that the suspect either states his name or communicates it to the officer by other means.”); See also, Brief of Amici Curiae Electronic Privacy Information Center, available at http://epic.org/privacy/hiibel/epic_amicus.pdf.

[33] Aliya Sternstein, Eye on Crime: The FBI is Building a Database of Iris Scans, NextGov (June 27, 2012), http://www.nextgov.com/emerging-tech/2012/06/eye-crime-fbi-building-database-iris-scans/56481/.

[34] Erik Sofge, FBI’s Next Gen ID Databank to Store Face Scans—A Good Idea?, Popular Mechanics (June 30, 2008), http://www.popularmechanics.com/science/health/forensics/4270770.

[35] See, e.g., Memorandum of Understanding between the Federal Bureau of Investigation and the Illinois Office of the Secretary of State, available at http://epic.org/foia/fbi/faces/FBI-MOUs-FACES-Unit.pdf.

[36] Anita Ramasastry, Biometrics in the School Lunch Line: Why Parents Should Be Concerned About the Privacy Implications of This Trend, Justia (Oct. 9, 2012), http://verdict.justia.com/2012/10/09/biometrics-in-the-school-lunch-line.

[37] Tana Ganeva, Biometrics at Pizza Hut and KFC? How Face Recognition and Digital Fingerprinting Are Creeping into the U.S. Workplace, AlterNet (Sept. 26, 2011), http://www.alternet.org/story/152539/.

[38] EPIC: FBI Performs Massive Virtual Line-up by Searching DMV Photos (June 17, 2013), http://epic.org/2013/06/fbi-performs-massive-virtual-l.html.

[39] Charlie Savage, Facial Scanning Is Making Gains in Surveillance, NYT (Aug. 21, 2013), http://www.nytimes.com/2013/08/21/us/facial-scanning-is-making-gains-in-surveillance.html.