EPIC v. FBI (Biometric Data Transfer Agreements)
- FBI Issues Final Rule on Biometric Database, Exempts Itself From Privacy Act Protections: The FBI has released a final rule claiming several Privacy Act Exemptions for the Next Generation Identification System, a database that contains the biometric data of millions of Americans, much of which is unrelated to law enforcement. EPIC had criticized the FBI's proposal to remove Privacy Act safeguards and urged the FBI to limit the scope of data collection and reduce the retention of data. However, in issuing the final rule the FBI repeatedly stated that exemptions would be used responsibly and in accordance with FBI policies and procedures. Through a FOIA lawsuit, EPIC obtained documents that revealed the NGI database contained an error rate of up to 20% on facial recognition searches. EPIC has identified several problems with the NGI database in statements to Congress oversight Committees, which have indicated strong concern about the FBI's facial recognition program. (Aug. 1, 2017)
- EPIC Urges Congress to Examine FBI's Biometric Identification Program: EPIC has sent a statement to the House Appropriations Committee in advance of a hearing on the FBI's budget. EPIC urged the Committee to examine the FBI's Next Generation Identification program. EPIC explained that the program "raises far-reaching privacy issues that implicate the rights of Americans all across the country." The FBI biometric database is one of the largest in the world, but the Bureau proposed to exempt the database from Privacy Act protections. EPIC and others supported strong safeguards for the program. In an early FOIA case against the FBI, EPIC obtained documents which revealed high error levels in the biometric database. EPIC has recently filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense. (Jun. 20, 2017) More top news »
The FBI developed and maintains a biometric identification program called “Next Generation Identification” (“NGI”). The Bureau describes NGI as “the world’s largest and most efficient electronic repository of biometric and criminal history information.” The FBI developed NGI as a successor to the Integrated Automated Fingerprint Identification System (“IAFIS”), a program started in July 1999 that provided to law enforcement “automated tenprint [fingerprint] and latent fingerprint searches, electronic image storage, electronic exchanges of fingerprints and responses, as well as text-based searches based on descriptive information.” In NGI, the FBI incorporated all of the capabilities and data of IAFIS, along with additional capabilities such as the ability to quickly and easily store and search for new forms of biometric data, including iris scans and face-prints.
Since 2014, the FBI has been using NGI at “full operational capability.”
With NGI, the FBI will expand the number of uploaded photographs and provide investigators with “automated facial recognition search capability.” The FBI intends to do this by eliminating restrictions on the number of submitted photographs (including photographs that are not accompanied by tenprint fingerprints) and allowing the submission of non-facial photographs (e.g. scars or tattoos). The FBI also widely disseminates this NGI data. According to the FBI’s latest NGI fact sheet, 24,510 local, state, tribal, federal and international partners submitted queries to NGI in September 2016.
Widespread deployment of facial recognition technology presents a number of significant privacy and security issues. Facial recognition data is personally identifiable information and improper collection, storage, and use of this information can result in identity theft or inaccurate identifications. Additionally, an individual's ability to control access to his or her identity, including determining when to reveal it, is an essential aspect of personal security that facial recognition technology erodes. Ubiquitous and near-effortless identification eliminates individuals’ ability to control their identities, posing special risk to protestors engaging in lawful, anonymous free speech. The U.S. Supreme Court has repeatedly upheld the right to engage in political speech anonymously. See, e.g., Buckley v. American Constitutional Law Foundation, 525 U.S. 182 (1999); Talley v. California, 362 U.S. 60 (1960); NAACP v. Alabama, 357 U.S. 449 (1958). For these reasons, it is vital that the deployment of facial recognition technology be done in a transparent way to ensure adequate public oversight.
One of the FBI’s stated initiatives is for the Bureau, through NGI, to exchange information with other data repositories in real or near-real time. NGI is currently capable of such information transfers with the Automated Biometric Identification System (“ABIS”), a biometric program run by the DOD.
The FBI has acknowledged the existence of a memorandum of understanding, dated September 10, 2009, between the FBI and the DOD pertaining to the transfer of biometric data and other identity management information.
As a centralized government database containing sensitive personal and biometric data on millions of individuals, NGI poses a major threat to privacy rights. Individuals anywhere, and especially those protected by the U.S. Constitution, have “the right to be left alone” (as Justice Brandeis declared over 120 years ago). This means that without individualized suspicion of wrongdoing, no one's personal information should be retained in a law enforcement database without that individual's consent. NGI goes beyond merely storing random pieces of data collected from various law enforcement agencies. Rather, the FBI will use the program to affirmatively seek out and aggregate as many photos, voice prints, and biometric data as possible to create the most comprehensive database in the world. Such data will be vulnerable to misuse by misguided officials, abuse by ill-intentioned government agents, and unauthorized disclosure through data breaches.
In the 2012 case, EPIC v. FBI, EPIC filed a FOIA lawsuit to obtain documents pertaining to NGI. EPIC successfully obtained NGI records from the agency, as well as attorney’s fees for work on the litigation. According to one of the FOIA documents, “NGI shall return an incorrect candidate a maximum of 20% of the time,” a number much greater than expected.
Recently on May 27, 2016, EPIC and a coalition of civil rights, privacy, and transparency groups urged the Department of Justice to extend the public comment period for the FBI’s Next Generation Identification database. The FBI database contains biometric data, such as fingerprint and retinal scans, on millions of Americans and raises significant privacy risks. The FBI is proposing to exempt the database from Privacy Act obligations, including legal requirements to maintain accurate records, permit individual access, and provide civil remedies.
- EPIC FOIA Request (April 2, 2015)
- FBI Acknowledgment (April 13, 2015)
- EPIC Administrative Appeal (Aug. 11, 2015)
- FBI Appeal Acknowledgment (Aug. 21, 2015)
- FBI Appeal Denial (Aug. 31, 2015)
- FBI Consultation Notice (Sept. 1, 2015)
- Released Documents
- Mark Reynolds, eWave: Hunt is on for Pixel-Perfect Criminal IDs, Providence Journal (Dec. 7, 2013)
- Jim Stenman, Embracing Big Brother: How Facial Recognition Could Help Fight Crime, CNN (Nov. 22, 2013)
- The Economist, The People's Panopticon (Nov. 16, 2013)
- Ali Winston, Facial Recognition, Once a Battlefield Tool, Lands in San Diego County, Center for Investigative Reporting (Nov. 7, 2013)
- J.D. Tuccille, Wrong Person May Be Identified 20 Percent of the Time With Facial Recognition Software, Reason (Oct. 8, 2013)
- Ginger McCall, The Face Scan Arrives, N.Y. Times Op-Ed (Aug. 29, 2013)
- Charlie Savage, Facial Scanning Is Making Gains in Surveillance, N.Y. Times (Aug. 21, 2013)
- Natasha Lennard, Government Developing Facial Recognition Surveillance Software, Salon (Aug. 21, 2013)
- Addy Dugdale, The FBI Banks $1 Billion For Facial Recognition Tech , Fast Company (Sept. 7, 2012)
- Michael Kelley, The FBI's Nationwide Facial Recognition System Ends Anonymity As We Know It, Business Insider (Sept. 10, 2012)
- Kevin Lee, The FBI's Next Generation Identification Program Could Spot Faces in a Crowded Street, PC World (Sept. 11, 2012)
- Charlie Osborne, FBI Launches $1B ID Search Program, ZDNet (Sept. 10, 2012)
- Aliya Sternstein, Eye on Crime: The FBI is Building a Database of Iris Scans, Nextgov (June 27, 2012)
- Andrew Rosenthal, Invading Your Privacy, NYT Editorial Page (Mar. 26, 2012)
- Erik Sofge, FBI's Next-Gen ID Databank to Store Face Scans--A Good Idea?, Popular Mechanics (June 30, 2008)
- Grant Gross, Lockheed Wins 10-year FBI Biometric Contract, Washington Post (Feb. 13, 2008)
- Ellen Nakashima, FBI Prepares Vast Database of Biometrics, Washington Post (Dec. 22, 2007)
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
Privacy in the Modern Age