Facial Recognition

Latest News/Events

  • Google Seeks to Establish Facial Recognition in Homes: With opposition growing to facial recognition, Google has decided instead to build facial recognition into Nest Hub Max, an "always on" device intended for use in the home. Google's "face match" constantly targets the facial images of each person in the household. Any interaction with the Google device is added to the secret user profile Google maintains for ad targeting. In 2014, EPIC filed a complaint with the FTC and said the "Commission clearly failed to address the significant privacy concerns presented in the Google acquisition of Nest," a related device that enabled surveillance in the home. EPIC later asked the Federal Trade Commission to require Google to spin-off Nest and to disgorge the data obtained from Nest users. A 2017 complaint to the Consumer Product Safety Commission from EPIC and consumer organizations pointed out that the "touchpad on the Google device is permanently set to 'on' so that it records all conversations without a consumer's knowledge or consent." (Sep. 16, 2019)
  • California to Ban Police Body Cameras with Facial Recognition: California Governor Gavin Newsom is expected to sign legislation —The Body Camera Accountability Act- to ban the use of facial-recognition technology in law enforcement body cameras. Assembly Member Phil Ting (D), who wrote the bill, told the Washington Post "Body cameras have been used as a tool to build trust between communities and law enforcement and to provide more transparency. Putting facial recognition software into those body cameras helps destroy that trust. It turns a tool of transparency and openness into a tool of 24-hour surveillance." EPIC had long warned lawmakers about police-worn body cameras and facial recognition. In a 2015 statement for the Senate, EPIC explained that "the use of facial recognition technology by law enforcement agencies is expanding within the United States without proper oversight or input from the public." In a related commentary, EPIC Domestic Surveillance Counsel Jeramie Scott wrote, "Police body cameras may help improve police relations with the public, but steps must also be taken to ensure that concerns about privacy are addressed. As body cameras increase, we must guard against expanding their use and remain focused on true police accountability." EPIC's State Policy Project tracks privacy developments in the states. (Sep. 13, 2019)
  • More top news

  • Senator Markey Presses Amazon on Ring Police Surveillance Deal + (Sep. 5, 2019)
    In a letter to Amazon CEO Jeff Bezos, Senator Ed Markey pressed the company to provide details about Amazon's deal with police departments for police access to the video footage from the company's Ring doorbells. Senator Markey wrote "the integration of Ring's network of cameras with law enforcement offices could easily create a surveillance network that places dangerous burdens on people of color and feeds racial anxieties in local communities." Senator Markey sought information about Amazon's plan to add facial recognition to the doorbell cameras, noting that "facial recognition technology disproportionately misidentifies African Americans and Latinos." In comments to federal law enforcement agencies and statements to Congress, EPIC has repeatedly warned of the dangers posed by facial recognition technology. Several years ago, EPIC urged the FTC to establish a moratorium on the commercial use of facial recognition technology until adequate privacy safeguards were established.
  • EPIC Joins BanFacialRecognition Campaign + (Sep. 5, 2019)
    EPIC joined over 30 organizations calling for lawmakers to ban the government use of facial recognition technology. EPIC has long urged greater scrutiny of facial recognition. In 2016, EPIC led a coalition of 45 organizations calling for Congress to investigate the FBI's facial recognition program. Documents obtained by EPIC in 2017 showed that the Customs and Border Protection system failed to perform at a "satisfactory" level. In comments to CBP and statements to Congress, EPIC has recommended the suspension of facial recognition for identification at the border. Earlier this year, EPIC and others urged lawmakers to halt the use of face recognition technology on the general public. The coalition letter stated, "the use of face recognition technology...poses serious risks to privacy and civil liberties, threatens immigrants, broadly impacts American citizens, and has been implemented without proper safeguards in place or explicit Congressional approval."
  • Facebook Changes Default Setting on Facial Recognition, Following EPIC's 2011 Recommendation + (Sep. 4, 2019)
    Following a decision by a federal appeals court which found that Facebook had violated a state law limiting the collection of biometric identifiers including facial images, Facebook has changed the default setting for facial recognition. Beginning this week, facial recognition will be set to off by default for both new users and current users. EPIC filed an amicus brief in the biometric privacy case, Patel v. Facebook arguing that "the unlawful collection of an individual's biometric information in violation of the [state law] is an invasion of a legal right..." EPIC had repeatedly warned the Federal Trade Commission that Facebook's use of facial recognition threatened privacy. In comments on the original 2011 consent order, EPIC wrote the "Commission should require that Facebook cease creating facial recognition profiles without users' affirmative, opt-In consent." EPIC had filed a complaint with the FTC early in 2011 charging that the "secretive collection compilation and subsequent use of facial images for automated online identification adversely impacts consumers in the United States and around the world." EPIC filed similar complaints with the FTC about Facebook's use of facial recognition in 2016 and 2018 and provided detailed comments to the Commission in 2012, but the FTC simply failed to act on one of the most controversial business practices of the social media company.
  • Congress to Consider Moratorium on Facial Recognition + (Aug. 22, 2019)
    POLITICO reports that House leaders will consider a moratorium on funding facial recognition following a House Oversight Committee hearing on DHS facial recognition programs. Prior to the hearing, EPIC briefed members of the House committee about the entry-exit program at US airports. Air travelers have reported that it is difficult to opt-out and the agency has still not conducted a required rulemaking. Last month, EPIC led a coalition of over 35 organizations urging Congress to halt the use of face recognition on the general public. In a statement in April to the House Appropriations Committee, EPIC recommended that Congress halt the funding for the facial recognition program at TSA, also within the DHS. After a Buzzfeed story featured documents obtained by EPIC about plans to expand facial recognition at airports, Senators Ed Markey (D-MA) and Mike Lee (R-UT) called for the suspension of the program.
  • Federal Appeals Court Says Consumers Can Sue Facebook for Facial Recognition + (Aug. 8, 2019)
    A federal appeals court has ruled that users can sue Facebook for collecting and using their facial images. In Patel v. Facebook, users contend that Facebook violated an Illinois biometric privacy law by creating biometric templates of their faces without their consent. The court found that the Illinois law "protects the plaintiffs' concrete privacy interests" and violations of the law "pose a material risk of harm to those privacy interests." The court cited the common law roots of the right to privacy and also noted that "the Supreme Court has recognized that advances in technology can increase the potential for unreasonable intrusions into personal privacy." EPIC filed an amicus brief in the case, arguing that the violation of the privacy law was sufficient for Facebook users to sue the company. EPIC wrote the "Illinois Biometric Information Privacy Act imposes, by statute, legal obligations on companies that choose to collect and store individuals' biometric data." EPIC said that plaintiffs must only "demonstrate that a defendant has invaded a concrete interest protected by the law—nothing more." Last year, EPIC filed an amicus brief in Rosenbach v. Six Flags, where the Illinois Supreme Court unanimously decided that consumers can sue companies that violate the state's biometric privacy law. EPIC routinely submits briefs in support of consumers' right to sue in privacy case. EPIC has also long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software.
  • EPIC, Coalition Call for Suspension of Face Recognition by DHS + (Jul. 9, 2019)
    EPIC and over 35 organizations have urged Congress to halt the use of face recognition technology on the general public. The letter states that face recognition technology poses serious risks to privacy and civil liberties, threatens immigrants, broadly impacts American citizens, and has been implemented without proper safeguards or explicit Congressional approval. At a hearing this week, the House Homeland Security Committee will examinee face recognition technology. Documents previously obtained by EPIC under the FOIA, and featured at Buzzfeed, revealed flaws in facial recognition at airports. Bias is also a significant problem with the identification technique. EPIC highlighted these problems in comments to the agency and previously recommended a suspension of facial recognition at US airports.
  • Privacy Board to Review Use of Biometrics at Airports, Privacy of Passenger Data, and FBI Surveillance + (Jun. 26, 2019)
    The Privacy and Civil Liberties Oversight Board has announced three new oversight projects. The PCLOB reviews federal agency programs to ensure they do not diminish privacy and civil liberties. The Board said it will review: (1) the use of biometrics, such as facial recognition, in airports; (2) how the FBI queries data collected under the Foreign Intelligence Surveillance Act's Section 702, including searches for US person information called "backdoor searches"; and (3) oversight of passenger identity databases used by airlines. Earlier this year, EPIC sent a statement to the Board urging limits on the government use of facial recognition and and end to backdoor searches. In 2012, EPIC sent a detailed statement to PCLOB outlining priorities for the agency. In 2016, EPIC awarded former PCLOB Board Member Judge Patricia Wald with the EPIC Champion of Freedom Award.
  • EPIC to Congress: Suspend Facial Recognition at Airports + (Jun. 13, 2019)
    Earlier this week, the House Homeland Security Committee held a closed-door roundtable briefing on the use of facial recognition technology by the Department of Homeland Security. The Committee met with privacy and civil liberties advocates, including EPIC Senior Counsel, Jeramie Scott. Mr. Scott highlighted EPIC's Freedom of Information Act work related to the use of face recognition at airports. Documents obtained by EPIC, and featured at Buzzfeed, revealed significant flaws in the technology. EPIC highlighted these problems in comments to the agency and an op-ed. Speaking to Members of Congress, Mr. Scott recommended that the facial recognition program to be suspended, and pointed to the recent breach of photos and other sensitive information collected by the agency.
  • EPIC Urges House Oversight Committee to Investigate FBI's Use of Facial Recognition + (May. 21, 2019)
    EPIC has sent a statement to the House Committee on Oversight concerning Facial Recognition Technology. EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau also proposed to exempt the database from Privacy Act protections. EPIC has sued the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.
  • EPIC Sues State Department About Secret Facial Recognition Database + (May. 20, 2019)
    EPIC filed a lawsuit today to compel the State Department to release information about the transfer of facial images, gathered from visa and passport applicants, to other federal agencies. EPIC explained to the federal court in Washington, DC that the Customs and Border agency is now using those images in an unlawful border system. EPIC has called for the suspension of the CBP program. Senators Markey and Lee have also opposed expansion of the CBP program to U.S. citizens. In a related FOIA lawsuit, EPIC obtained documents concerning CBP's facial recognition program. A summary report revealed that the system did not perform operational matching at a "satisfactory" level.
  • San Francisco Bans Facial Recognition + (May. 15, 2019)
    The San Francisco Board of Supervisors have passed a resolution to limit the use of surveillance technology by city departments. San Francisco will now require surveillance impact reports, annual audits, and review by the city controller. EPIC led an effort - "Observing Surveillance" - in Washington, DC after 9-11 to document the growing use of surveillance cameras in the nation's capital that led to limitations on video surveillance by the City Council. EPIC is currently seeking to limit the use of facial recognition technology at the border. The Madrid Privacy Declaration called for a "moratorium on the development or implementation of new systems of mass surveillance, including facial recognition, whole body imaging, biometric identifiers, and embedded RFID tags, subject to a full and transparent evaluation by independent authorities and democratic debate."
  • EPIC Settles FOIA Case About Government Use of Facial Recognition + (May. 7, 2019)
    EPIC today settled a Freedom of Information Act lawsuit against Customs and Border Protection. EPIC sought records about the agency's Biometric Entry-Exit program for use at US borders. As a result of the lawsuit, EPIC obtained the "Southwest Border Pedestrian Field Test" concerning the use of iris imaging and facial recognition. The report revealed that the technology did not perform operational matching at a "satisfactory" level. Relying on the documents obtained in the case, EPC has told Congress that facial recognition should be suspended until privacy safeguards are established. Senators Ed Markey (D-MA) and Mike Lee (R-UT) have also called for the suspension of the CBP program.
  • EPIC FOIA: Massive DHS Biometric Database Still Lacks a Privacy Impact Assessment + (May. 3, 2019)
    In response to EPIC's Freedom of Information Act request, the Department of Homeland Security confirmed that no privacy impact assessment has been completed for a vast DHS biometric database known as the "Homeland Advanced Recognition Technology." The HART database will include fingerprints, iris scans, and facial images on millions of individuals. The documents EPIC did obtain from DHS consist of privacy threshold reviews that indicate a privacy impact assessment is required and was expected by January 2019. A previous document obtained by EPIC show that the Homeland Advanced Recognition Technology database is part of the facial recognition Biometric Entry/Exit program at US airports.
  • EPIC to TSA: Conduct Rulemaking on Facial Recognition + (Apr. 26, 2019)
    In comments to inform the Transportation Security Administration's 2020 National Strategy, EPIC recommended that TSA to suspend the facial recognition program at US airports. EPIC wrote, "The TSA's use of facial recognition lacks the safeguards necessary for implementation." EPIC has also warned lawmakers and the DHS about the biometric border program that incorporates deploy facial recognition. EPIC has urged the agency to undertake a notice and comment rule making that would provide the public with the opportunity to comment on the controversial program. EPIC successfully required TSA to conduct a rulemaking on its deployment of airport body scanners in EPIC v. DHS. EPIC also recommended that TSA incorporate the Universal Guidelines for Artificial Intelligence, endorsed by over 300 organizations and experts, for AI-based systems.
  • EPIC to Congress: Funding for TSA Facial Recognition Program Must Be Halted + (Apr. 3, 2019)
    EPIC has sent a statement to the House Appropriations Committee regarding the TSA's FY2020 budget request, urging Congress to suspend the "Biometric Entry-Exit" program until privacy safeguards are established. EPIC said Congress should halt funding for TSA's facial recognition program "until CBP establishes proper privacy assessments, policies and procedures, and oversight mechanisms." EPIC recently filed a Freedom of Information Act lawsuit to determine whether travelers are able to to opt-out of facial recognition at airports. According to the CBP, the "alternative screening procedures" allow travelers to provide identification documents, such as a passport, and avoid facial recognition, which "is not mandatory for U.S. citizens." But research by EPIC indicates that CBP has made it increasingly difficult for travelers to opt-out.
  • Senators Introduce Facial Recognition Privacy Act + (Mar. 21, 2019)
    U.S. Senators Roy Blunt [R-MO] and Brian Schatz [D-HI] introduced a bill to protect consumers from companies collecting facial images. Senator Schatz said: "Our faces are our identities. They're personal. So the responsibility is on companies to ask people for their permission before they track and analyze their faces." EPIC previously urged the FTC to stop Facebook's use of facial recognition to capture personal identity. In 2018, EPIC charged that Facebook's facial recognition practices lacks privacy safeguards and violate the 2011 Consent Order with the FTC. EPIC has urged the FTC to #EnforceTheOrder as a one-year deadline approaches.
  • Following EPIC FOIA, Senators Tell DHS to Suspend Facial Recognition + (Mar. 12, 2019)
    After a Buzzfeed story featured documents obtained by EPIC about plans to expand facial recognition at airports, Senators Ed Markey (D-MA) and Mike Lee (R-UT) called for the suspension of the program. The Senators stated that "DHS should pause their efforts until American travelers fully understand exactly who has access to their facial recognition data, how long their data will be held, how their information will be safeguarded, and how they can opt out of the program altogether." Today EPIC filed a Freedom of Information lawsuit, EPIC v. CBP, to determine whether the agency is allowing travelers to opt-out of facial recognition. EPIC's earlier lawsuit against the DHS led to the removal of backscatter x-ray devices at US airports.
  • EPIC Challenges Facial Recognition at Airport, Files FOIA Lawsuit for Agency Procedures + (Mar. 12, 2019)
    EPIC has filed a Freedom of Information Act lawsuit to determine whether the U.S. government is allowing travelers to opt-out of facial recognition at airports. The "alternative screening procedures" should allow travelers to provide identification documents, such as a passport, and avoid facial recognition, which "is not mandatory for U.S. citizens" according to the CBP. But research by EPIC indicates that Custom and Border Protection has modified the program, making it increasingly difficult for travelers to opt-out. This week, Buzzfeed featured documents EPIC obtained about this flawed facial recognition program, which the Administration is seeking to establish at all U.S. airports. EPIC has urged Congress to suspend the CBP Biometric Entry-Exit program until privacy safeguards and meaningful opt-out procedures are established. The case is EPIC v. CBP, No. 19-cv-689 (D.D.C. March 12, 2019).
  • Buzzfeed: EPIC Docs Reveal Flawed Facial Recognition Program + (Mar. 11, 2019)
    At the start of Sunshine Week, Buzzfeed featured documents obtained by EPIC about a deeply flawed facial recognition program that could impact all U.S. travelers returning to the United States. The documents, released following an EPIC FOIA request, describe the Administration's plan to extend a faulty CBP pilot program to TSA, ICE, and the Coast Guard. Documents previously obtained by EPIC, following a lawsuit against DHS, found similar problems with a facial recognition program at the southern border.
  • DHS Privacy Advisory Committee Finalizes Facial Recognition Report + (Mar. 6, 2019)
    The DHS Privacy Advisory Committee issued final recommendations on facial recognition use at the border. The report examined transparency, data minimization, data quality and integrity, and accountability and auditing. The report said entrants to the U.S. need notice of their rights and how to exercise those rights. The final recommendations differed only slightly from the draft recommendations. In response to EPIC's comments, the final report included recommendations for increased reporting and research of facial recognition accuracy. However, the DHS report failed to address the lack of legal authorization for the facial recognition program or establish that the program is necessary for national security.
  • EPIC To PCLOB: Review 12333, Facial Recognition, AI, Smart Borders, and 702 Authority + (Feb. 7, 2019)
    In advance of a Privacy and Civil Liberties Oversight Board forum on "Countering Terrorism while Protecting Privacy and Civil Liberties: Where do We Stand in 2019," EPIC sent a statement to the Board outlining priorities. EPIC said the Civil Liberties Board should (1) release the report on Executive Order 12333; (2) limit government use of facial recognition; (3) establish safeguard for government AI use; (4) monitor proposals for "smart" borders and assess privacy impacts on US residents; and (5) reform Section 702 surveillance authority. The independent agency reviews federal agency programs to ensure protections for privacy and civil liberties. EPIC helped establish the PCLOB. In 2003 EPIC testified before the 9-11 Commission and urged the creation of an independent privacy agency to oversee the surveillance powers established after 9/11. EPIC also set out initial priorities for the PCLOB and spoke at the first meeting of the Oversight Board in 2013. In 2016, EPIC awarded former PCLOB Board Member Judge Patricia Wald with the EPIC Champion of Freedom Award.
  • EPIC to Senate: Oversight Board Must Review Government Use of Facial Recognition, AI + (Feb. 5, 2019)
    In advance of a hearing about the Privacy and Civil Liberties Oversight Board, EPIC sent a statement to the Senate Judiciary Committee outlining priorities. EPIC said the Civil Liberties Board should (1) release the report on Executive Order 12333; (2) review the use of facial recognition technology and propose safeguards; (3) review the use of artificial intelligence and propose safeguards; and (4) monitor proposals for "smart" borders and assess privacy impacts on US residents. The independent agency reviews federal agency programs to ensure adequate safeguards for privacy and civil liberties. EPIC helped establish the PCLOB. In 2003 EPIC testified before the 9-11 Commission and urged the creation of an independent privacy agency to oversee the surveillance powers established after 9/11. EPIC also set out initial priorities for the PCLOB and spoke at the first meeting of the Oversight Board in 2013. In 2016, EPIC awarded former PCLOB Board Member Judge Patricia Wald with the EPIC Champion of Freedom Award.
  • Unanimous Decision in Illinois Supreme Court Ensures Strict Limits on Biometric Data Collection + (Jan. 25, 2019)
    The Illinois Supreme Court ruled today in Rosenbach v. Six Flags, a case about a state privacy law that protects biometric data. Parents sued the theme park after it collected a child's fingerprints, charging a violation of the Illinois biometric privacy law. The theme park claimed that it was necessary to show some additional harm, but the Illinois Court held that when companies violate the law, "the injury is real and significant." EPIC filed a "friend of the court" brief in the case, arguing that the biometric privacy law "imposes clear responsibilities on companies that collect biometric identifiers" and that if these provisions are "not enforced, the statute's subsequent provisions are of little consequence." EPIC has long advocated for strict limits on use of biometric data. EPIC also filed an amicus brief the OPM data breach, a case that concerned the breach of 5.1 million fingerprints, precisely the same biometric data at issue in this case.
  • EPIC Amicus: Unlawful Collection of Biometric Data Establishes Standing + (Dec. 18, 2018)
    EPIC has filed an amicus brief in a case concerning Facebook's collection of facial images in violation of the Illinois Biometric Information Privacy Act. In Patel v. Facebook, EPIC argued that the violation of the privacy law was sufficient for Facebook users to sue the company. EPIC said that that the legal doctrine of standing "simply requires plaintiffs to demonstrate that a defendant has invaded a concrete interest protected by the law—nothing more." Earlier in 2018, EPIC filed an amicus brief in Rosenbach v. Six Flags, another case about the Illinois biometric privacy law. EPIC routinely submits briefs in support of standing in privacy case. EPIC has also long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software.
  • EPIC Investigates Airport Facial Recognition Opt-Out Procedures + (Dec. 12, 2018)
    In an urgent FOIA request, EPICis seeking documents from CBP about the procedures for travelers to opt-out of biometric entry/exit program. EPIC found that CBP frequently changes the program without any formal procedures. One consequence is that it is now more difficult for travelers to opt-out of the screening procedure EPIC wrote that "CBP is modifying rules as it is implementing the program," contrary to federal law. Earlier this week, EPIC urged Congress to suspend the program until privacy safeguards and meaningful opt-out procedures are established. In comments to the DHS Data Privacy and Integrity Advisory Committee, EPIC explained the substantial privacy risks of CBP's use of facial recognition technology.
  • EPIC to Congress: Federal Agency Making Up the Rules for Facial Recognition Screening + (Dec. 11, 2018)
    EPIC has sent a statement to the Senate Judiciary Committee for an oversight hearing of Customs and Border Protection. EPIC cited frequent changes CBP has made to the opt-out procedures for the biometric entry/exit program. "Without legal authority or the opportunity for public comment, CBP is making up the rules as it rolls out the program," EPIC said. EPIC urged the Committee to suspend the screening program until privacy safeguards and meaningful opt-out procedures are established. Last week, EPIC warned Customs and Border Protection about facial recognition technology and urged the DHS Privacy committee to end the program.
  • Inspector General Report: Airport Facial Recognition Faces Technical Problems + (Oct. 4, 2018)
    A Department of Homeland Security Inspector General report highlighted many challenges to facial recognition at airports. The problems of accurate biometric matches apply to all travelers, and particularly U.S. citizens. According to the Inspector General's report, "U.S. citizens accounted for the lowest biometric confirmation rate." A report obtained by EPIC last year through a Freedom of Information Act lawsuit revealed that iris imaging and facial recognition for border control did not perform at a "satisfactory" level. In a statement to Congress earlier this year, EPIC warned that biometric identification techniques are unreliable and lack proper privacy safeguards.
  • Indian Supreme Court Imposes New Limits on National Identity System + (Sep. 26, 2018)
    In a ruling today, the Indian Supreme Court imposed new limits on Aadhar, India's national biometric identification system. The Court found the system did not violate the Indian constitution, but struck down a section of the law permitting private entities to demand Aadhar to verify identity. Aadhar can no longer be mandatory to register for education, open a bank account, or obtain a cell phone connection. However, the state-issued number may still be required for purposes related to government funds, including filing an income tax. The Court also struck down an exception authorizing disclosure of Aadhar data for national security purposes. The Court encouraged the state to establish a "a robust statutory regime" for data protection "in near future." The dissent would have held Aadhar unconstitutional. The biometric system "violates essential norms pertaining to informational privacy, self-determination and data protection," the dissent states, and "dignity of individuals cannot be made to depend on algorithms or probabilities." Last year, India's Supreme Court ruled that privacy is a fundamental right under the Indian Constitution. EPIC has also backed comprehensive privacy legislation in comments to the Indian government, and urged creation of a private right of action and breach notification requirement.
  • EPIC Urges DHS To Abandon Privacy Act Exemptions for New Biometric Database + (Aug. 31, 2018)
    In comments to the Department of Homeland Security, EPIC urged the agency to withdraw proposed Privacy Act exemptions that would reduce privacy safeguards in the federal government. The Immigration Biometric and Background Check database will contain personal data on U.S. and non-U.S. citizens. DHS has proposed to exempt the database from several Privacy Act protections, including ensuring that records are accurate, timely, and complete. DHS also claims numerous “routine uses” that allow the agency to disseminate the data to law enforcement and intelligence agencies. EPIC has urged strict compliance with Privacy Act obligations and warned that inaccurate, insecure, and overbroad government databases threaten both privacy and national security.
  • EPIC Urges Suspension of Biometric Entry/Exit Program + (Jul. 25, 2018)
    In comments to Customs and Border Protection, EPIC urged the agency to suspend the Biometric Entry/Exit Program. EPIC argued that less privacy-invasive alternatives should be considered and that the program should not move forward until Congress has passed regulations implementing safeguards for the use of biometrics. CBP solicited comments about the collection of biometrics, based on facial recognition, from people in vehicles crossing the border. EPIC said that such an expansion could quickly lead to a program of mass surveillance. In EPIC v. CBP, EPIC has sued the agency for details about the program. A report EPIC obtained in the lawsuit showed that facial recognition at a pedestrian border failed to perform at a "satisfactory" level.
  • EPIC Urges Illinois Supreme Court to Uphold Strict Limits on Biometric Data Collection + (Jul. 5, 2018)
    EPIC has filed an amicus brief with the Illinois Supreme Court in Rosenbach v. Six Flags Entertainment Corp, about the collection of a child's biometric data in violation of the Illinois Biometric Information Privacy Act. EPIC explained that the Illinois biometric law "imposes clear responsibilities on companies that collect biometric identifiers" and said the company had failed to comply with the state law. EPIC made clear that "collection is the threshold safeguard in privacy law" and if corresponding provisions are "not enforced, the statute’s subsequent provisions are of little consequence." EPIC first identified the risk of collecting biometric data from children entering amusement parks in a 2005 report "Theme Parks and Your Privacy." The state of Illinois adopted the nation's first biometric privacy law in 2008. EPIC has long advocated for strict limits on use of biometric data. EPIC also routinely submits amicus briefs, including in the recent OPM data breach case that concerned the breach of 5.1 million fingerprints, precisely the same biometric data at issue in this case.
  • EPIC Pursues Privacy Impact Assessments for Proposed DHS Biometric Database + (Jun. 18, 2018)
    EPIC has submitted an urgent Freedom of Information Act request to the Department of Homeland Security seeking the Privacy Impact Assessment for the "Homeland Advanced Recognition Technology," a proposed system that will integrate biometric identifiers across the federal government. HART would replace IDENT, which now contains biometric records on over 220 million unique individuals. In 2015 a breach at the Office of Personnel Management compromised 22 m records, including 5 m digitized fingerprints. It appears that Homeland Security failed to complete the Privacy Assessment prior to launching HART. By law, a federal agency is required to conduct a Privacy Impact Assessment before procuring information technology that stores personally identifiable information. In EPIC v. Presidential Election Commission, EPIC challenged the failure of the Commission to undertake a Privacy Impact Assessment prior to the collection of state voter data. The Commission was shuttered earlier this year.
  • Senators Urge DHS to Address Concerns Over Facial Recognition at Airports; Conduct Public Rule-Making + (May. 11, 2018)
    In a letter to DHS Secretary Kirstjen Nielson, Senators Edward Markey (D-MA) and Mike Lee (R-UT) urged the agency to promptly conduct a public rulemaking on the agency's biometric exit program prior to any expansion of the program. The program, currently implemented in nine U.S. airports, requires travelers on departing international flights to submit to facial recognition identification. The Senators requested that DHS determine the accuracy of the technique and the procedures for collecting passenger data. EPIC is currently pursuing documents about the biometric exit program, but documents EPIC obtained about a related program that tested iris and facial recognition scanning at the border revealed that the technology did not perform operational matching at a "satisfactory" level. An earlier EPIC lawsuit against the DHS led to the removal of backscatter x-ray devices — "body scanners" — at US airports.
  • EPIC, Coalition Urge Ethics Board to Prevent the Use of Facial Recognition on Body Cameras + (Apr. 26, 2018)
    In a letter to Axon's Artificial Intelligence Ethics Board, EPIC and a coalition of civil rights and civil liberties groups called upon the Board to prevent Axon, the largest provider of police body cameras, from implementing real-time facial recognition. The letter states that "real-time facial recognition would chill the constitutional freedoms of speech and association." In 2015, EPIC forewarned that body cameras implemented for police accountability "could easily become a system of mass surveillance." EPIC also highlighted at the time that "the benefits of body cameras as a tool of police accountability have not been established." Last year, the largest study to date of police body cameras concluded that the cameras had no impact on police use of force and civilian complaints.
  • EPIC to Congress: Enhanced Surveillance at Border Will Impact Rights of U.S. Citizens + (Apr. 24, 2018)
    EPIC has sent a statement to the House Homeland Security Committee in advance of a hearing with the Commissioner of Customs and Border Protection. EPIC urged the Committee to ask the CBP Commissioner about the collection of biometric data at US airports. EPIC described the growing use of facial recognition that capture the images of US travelers. EPIC also pointed to a recent study that found racial disparities with the technique. EPIC is currently seeking records from the federal agency concerning the accuracy of facial recognition. EPIC also recommended the Committee examine how CBP will comply with state laws prohibiting warrantless aerial surveillance when deploying drones at the border. As a result of an earlier FOIA lawsuit, EPIC found that the CBP is deploying drones with facial recognition technology without warrant authority.
  • UPDATE - EPIC, Consumer Groups Urge FTC to Investigate Facebook's Use of Facial Recognition + (Apr. 6, 2018)
    EPIC and a coalition of consumer groups have filed a complaint with the FTC, charging that Facebook's use of facial recognition techniques threaten user privacy and "in multiple ways" violate the 2011 Consent Order with the Commission. "The scanning of facial images without express, affirmative consent is unlawful and must be enjoined," the groups wrote. Last week the organizations urged the Federal Trade Commission to reopen the 2009 investigation of Facebook, arguing that the disclosure of user data to Cambridge Analytica violated the consent order, and noting that the order also prohibited Facebook from "making misrepresentations about the privacy or security of consumers' personal information." In 2011 EPIC and consumer groups urged the FTC to investigate Facebook’s facial recognition practices. In 2012 EPIC advised the FTC "Commercial actors should not deploy facial techniques until adequate safeguards are established. As such safeguards have not yet been established, EPIC would recommend a moratorium on the commercial deployment of these techniques." EPIC President Marc Rotenberg said today, "Facebook should suspend further deployment of facial recognition pending the outcome of the FTC investigation."
  • EPIC, Consumer Groups to Urge Federal Trade Commission to Investigate Facebook's Use of Facial Recognition + (Apr. 5, 2018)
    EPIC and a coalition of consumer groups will file a complaint with the FTC on Friday charging that Facebook's use of facial recognition techniques threaten user privacy and violate the 2011 Consent Order with the Commission. "The scanning of facial images without express, affirmative consent is unlawful and must be enjoined," the groups wrote. Last week the organizations urged the Federal Trade Commission to reopen the 2009 investigation of Facebook, arguing that the disclosure of user data to Cambridge Analytica violated the consent order, and noting that the order also prohibited Facebook from "making misrepresentations about the privacy or security of consumers' personal information." The FTC has confirmed that an investigation is now underway. The FTC said, "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements." Facebook CEO Mark Zuckerberg will testify next week before the Senate Judiciary Committee and the House Commerce Committee. In 2011 EPIC urged the FTC to investigate Facebook's facial recognition practices. In 2012 EPIC advised the FTC "Commercial actors should not deploy facial techniques until adequate safeguards are established. As such safeguards have not yet been established, EPIC would recommend a moratorium on the commercial deployment of these techniques."
  • EPIC FOIA: EPIC Obtains FBI Policy for Disseminating Biometric Info + (Mar. 22, 2018)
    Through a Freedom of Information Act request, EPIC has obtained the FBI’s “Policy for Biometric Information Sharing with Domestic and International Agencies.” The documents EPIC obtained also contain details of the United States’ agreement with Iraq to exchange biometric data, including to not subject the information to any dissemination restrictions of the US or Iraq. The FBI maintains one of the world's largest biometric databases, known as the "Next Generation Identification” system, which includes facial IDs gathered from international conflicts. In 2007, EPIC, Privacy International, and Human Rights Watch warned the Secretary of Defense that the “system of biometric identification contravene international privacy standards and could lead to further reprisals and killings.” EPIC noted in 2010 "President Obama’s address on the end of the combat mission in Iraq has left open the question of what will happen to the massive biometric databases on Iraqis, assembled by the United States, during the course of the conflict."
  • Court Rules that Users have Standing to Sue Facebook about Facial Recognition + (Feb. 27, 2018)
    The Northern District of California has ruled that Facebook users have standing to pursue a class action challenging Facebook's use of facial recognition software. The court said that the Illinois Biometric Information Privacy Act requires plaintiffs only to show that Facebook has unlawfully collected their biometric data without their consent. Facebook sought to dismiss the suit by arguing that the Supreme Court's decision in Spokeo v. Robins required the plaintiffs to show additional harm. EPIC submitted a friend-of-the-court brief in Spokeo, arguing that courts should not second-guess privacy laws. The Ninth Circuit Court of Appeals recently agreed with EPIC that internet users have standing when a company has disclosed their personal information in violation of the Video Privacy Protection Act.
  • EPIC Urges Congress to Suspend Facial Recognition At US Airports + (Feb. 26, 2018)
    EPIC has sent a statement to the House Homeland Security Committee in advance of a hearing on the Transportation Security Administration. EPIC urged the Committee to limit the collection of biometric data at US airports. EPIC described the growing use of facial recognition that capture the images of US travelers. EPIC also pointed to a recent study that found racial disparities with the technique. EPIC previously pursued a significant lawsuit against the TSA that led to the removal of x-ray body scanners from US airports. EPIC is currently seeking records from Customs and Border Protection concerning the accuracy of facial recognition.
  • Republican DACA Bill Would Expand Use of Drones, Biometrics + (Feb. 21, 2018)
    The Secure and Succeed Act (S. Amdt. 1959 to H.R. 2579), sponsored by several Republican Senators, would link DACA with hi-tech border surveillance. Customs and Border Protection would use facial recognition and other biometric technologies to inspect travelers, both US citizens and non-citizens, at airports. The bill also establishes "Operation Phalanx" that instructs the Department of Defense—a military agency—to use drones for domestic surveillance. EPIC has pursued many FOIA cases on border surveillance involving biometrics, drones, and airport body scanners, In a statement to Congress, EPIC warned that "many of the techniques that are proposed to enhance border surveillance have direct implications for the privacy of American citizens."
  • EPIC Urges FBI to Limit Fingerprint-Based Background Checks + (Jan. 9, 2018)
    In response to a request for comments, EPIC has urged the FBI to expand its use of name-based — rather than fingerprint-based — background checks for noncriminal purposes, such as employment. The FBI currently uses fingerprints, stored in the Next Generation Identification (NGI) database, to conduct non-criminal background checks. "Names checks" were only conducted for individuals whose fingerprints failed the NGI matching requirements. EPIC told the FBI that the "name-based background check accomplishes the same purpose as the fingerprint-based background check without requiring the collection of sensitive biometric information." EPIC has opposed the expansion of the NGI system for non-law enforcement purposes. EPIC has also pursued a series of Freedom of Information Act requests to assess the reliability of the NGI system.
  • EPIC FOIA: Report Reveals Failure of Border Biometric Matching Program + (Dec. 18, 2017)
    Through a Freedom of Information Act lawsuit, EPIC has obtained a report from Custom and Border Protection, which evaluated iris imaging and facial recognition scans for border control. The "Southwest Border Pedestrian Field Test" reveals that the agency program does not perform operational matching at a "satisfactory" level. In a statement to Congress earlier this year, EPIC warned that biometric identification techniques are unreliable and lack proper privacy safeguards. EPIC is pursuing related documents for the use of biometrics at airports. EPIC has extensively litigated airport screening techniques, including EPIC v. TSA (concerning body scanner modifications) and EPIC v. DHS (concerning full body scanner radiation risks).
  • EPIC Urges Senate to Block Biometric Collection At US Airports + (Sep. 28, 2017)
    EPIC has sent a statement to the Senate Commerce Committee following a hearing on the Transportation Security Administration. EPIC urged the Committee to limit the collection of biometric data at US airports. EPIC described the growing and regulated use of biometrics in US airports, often targeting US citizens. EPIC previous pursued a significant lawsuit against the TSA to limit the use of body scanners. EPIC is currently seeking records from Customs and Border Protection concerning the agency's use of facial recognition for a biometric entry/exit program at airports. EPIC has also objected to a proposal to increase the collection of biometric data for the TSA Pre-Check program.
  • NGOs to Meet with Privacy Commissioners at Public Voice Event in Hong Kong + (Sep. 19, 2017)
    The Public Voice will host an event with NGOs and Privacy Commissioners at the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong. "Emerging Privacy Issues: A Dialogue Between NGOs & DPAs" will address emerging privacy issues, including biometric identification, Algorithmic transparency, border surveillance, the India privacy decision, and implementation of the GDPR. Speakers include Chairman Isabelle Falque-Pterrotin of the CNIL and Article 29 Working Party, Commissioner John Edwards of New Zealand, and Director Eduardo Bertoni of Argentina. Also participating will be representatives of Access Now, EPIC, GP Digital, Privacy International, and the World Privacy Forum. The Public Voice, established in 1996, facilitates public participation in decisions concerning the future of the Internet.
  • EPIC Obtains Final Report on "Face ePassport Air Entry Experiment" + (Sep. 8, 2017)
    As the result of a Freedom of Information Act request, EPIC has obtained a report on the use of face recognition on travelers entering the United States at Dulles Airport. The report was obtained after EPIC filed a lawsuit against Customs and Border Protection for documents about the agency's biometric entry/exit program, expedited by Executive Order 13769. As the report was heavily redacted, EPIC's FOIA lawsuit is ongoing. In a statement to the House Homeland Security Committee earlier this year, EPIC warned that biometric identification techniques, such as facial recognition, lack proper privacy safeguards. EPIC has extensively litigated airport screening techniques, including EPIC v. TSA, concerning airport body screening.
  • Supreme Court of India Rules Privacy is a Fundamental Right + (Aug. 24, 2017)
    India's Supreme Court has ruled that privacy is a fundamental right under the Indian Constitution. In a unanimous ruling, the Court explained the "right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution." The Court also recognized that "Informational privacy is a facet of the right to privacy" and modern privacy risks are caused by both the public and private sector. The ruling may impact significant cases pending in India, including a challenge to Aadhaar, India's massive biometric identification system, and WhatsApp's privacy policy change. In 2009 NGOs and privacy experts set out the Madrid Privacy Declaration, which affirmed privacy as a fundamental human right. In 2010, EPIC urged the US Supreme Court to recognize the right of "informational privacy." EPIC explained that the Whalen decision and a famous German census case, "influenced international privacy jurisprudence, resulting in the widespread recognition of the right to informational privacy." EPIC's report Privacy and Human Rights provides an overview of privacy frameworks around the world.
  • EPIC to Congress: Examine Facial Recognition Surveillance at the Border + (Jul. 24, 2017)
    EPIC has sent a statement to the House Homeland Security Committee in advance of a hearing on "Technology's Role on Securing the Border." EPIC alerted the Committee to EPIC's recent FOIA lawsuit about the federal government's deployment of a biometric "entry/exit tracking system," including at US airports. A recent Executive Order on immigration will push forward the biometric identification system, and will include citizens returning to the U.S. EPIC has warned that biometric identification techniques, such as facial recognition, lack proper privacy safeguards. EPIC noted that the federal agency pursuing the border identification program is also deploying drones, and should comply with state laws and a 2015 Presidential Memorandum that limit drone surveillance.
  • EPIC Files FOIA Lawsuit Over Border Biometrics, Expanded Tracking + (Jul. 20, 2017)
    EPIC has filed a FOIA lawsuit against Customs and Border Protection for information about the agency’s deployment of a biometric entry/exit tracking system, including at US airports. Trump's recent Executive Order regarding immigration ordered the expedited implementation of a biometric entry/exit tracking system, which will include U.S. citizens. Biometric techniques, including facial recognition, lack proper privacy safeguards. EPIC previously sued the FBI over the Bureau’s Next Generation Identification database, which contains face prints, fingerprints, and other biometrics of millions of Americans. EPIC's lawsuit against the FBI revealed that biometric identification is often inaccurate.
  • EPIC Urges TSA to Consider Alternative to Biometric Collection + (Jul. 5, 2017)
    In comments to the Transportation Security Administration, EPIC urged the agency to consider alternatives to expanding the collection of biometric identifiers for the TSA Pre-Check application. EPIC explained the potential for biometric identifiers to be used for purposes other than determining eligibility for Pre-Check and the substantial personal privacy risks for applicants if the databases associated with Pre-Check were compromised. EPIC also proposed privacy enhancing alternatives, such as limiting the storage of biometric identifiers or providing information on how to have information removed from databases associated with Pre-Check. EPIC routinely highlights the risks of large, overbroad government databases and the privacy risks inherent in the collection of biometric information.
  • EPIC Urges Senate Committee to Investigate FBI's Massive Biometric Database + (May. 1, 2017)
    EPIC has sent a statement to the Senate Judiciary Committee for an upcoming FBI oversight hearing. EPIC urged the Committee to investigate the FBI's Next Generation Identification system, a massive biometric database. EPIC has sought to ensure that the FBI database complies fully with the federal Privacy Act which the Bureau has opposed. EPIC explained to the Senate Committee that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." In a leading FOIA lawsuit, EPIC v. FBI, EPIC also uncovered documents which revealed high error rates in the biometric system. EPIC has filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.
  • EPIC Joins Coalition to Urge FOIA Compliance on Immigration Enforcement + (Apr. 25, 2017)
    EPIC joined a coalition of civil society organizations to urge the Immigration and Customs Enforcement to comply with the Freedom of Information Act. The letter to DHS Secretary Kelly calls upon the federal agency to "fully disclose information on immigration enforcement cooperation between federal and non-federal law enforcement agencies." EPIC previously received documents through a Freedom of Information Act Request about DHS's immigration enforcement practices. The documents obtained by EPIC detail the "Priorities Enforcement Program," a controversial program that relied on biometric data collection for immigration enforcement.
  • EPIC Urges House Oversight Committee to Explore FBI's Use of Biometric Data + (Mar. 21, 2017)
    EPIC has sent a letter to the House Committee on Oversight concerning "Law Enforcement's Use of Facial Recognition Technology." EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau proposed to exempt the database from Privacy Act protections. EPIC has filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.
  • Data Protection Experts Recommend New protections for Biometric Identification Online + (Mar. 17, 2017)
    The International Working Group on Data Protection in Telecommunications adopted new recommendations to improve the privacy and security of biometric identification online. The Berlin-based Working Group includes Data Protection Authorities and experts who work together to address emerging privacy challenges. The "Working Paper on Biometrics in Online Authentication )" explains that “biometrics in online authentication offers one possibility to address some of the shortcomings” of conventional online passwords, but the “data protection and privacy risks” must be considered. Among their recommendations, the experts urge policymakers to support for “[p]roactive privacy tools,” and contend biometric authentication should “remai[n] an active choice by the user and not a condition of use.” EPIC will host the 61st meeting of the International Working Group in Washington DC in April 2017.
  • EPIC FOIA: EPIC Seeks Information about Airport Eye Scans of U.S. Travelers + (Mar. 2, 2017)
    EPIC has filed an urgent FOIA request with U.S. Customs and Border Protection for details of eye scans conducted on U.S. citizens traveling internationally. The CBP has long been testing biometric identification of travelers, including U.S. citizens, and a recent report indicates U.S. citizens were subject to eye scans before traveling abroad. EPIC seeks public disclosure of the details of CBP policies for scanning U.S. citizen irises and retinas upon entry or exit to the U.S. EPIC makes frequent use of the Freedom of Information Act. As the result of a FOIA lawsuit, EPIC recently obtained several memorandum of understanding regarding the transfer of biometric identifiers between the FBI and DOD. Last month, EPIC also prevailed in EPIC v. FBI, a FOIA lawsuit public release of the FBI's privacy assessments.
  • EPIC FOIA: EPIC Obtains FBI-DoD Biometric Data Plans + (Jan. 30, 2017)
    Through a Freedom of Information Act lawsuit, EPIC has obtained several memorandum of understanding regarding the transfer of biometric identifiers between the Federal Bureau of Investigation and the Department of Defense. One of the agreements, which includes the State Department, calls for "a direct conduit for the parties to access databases storing biometric information." Last year, EPIC filed extensive comments scrutinizing the FBI's proposal to remove Privacy Act safeguards from the Bureau's massive biometric database known as "Next Generation Identification." EPIC also lead a coalition effort urging Congress to hold an oversight hearing on the FBI database. The case is EPIC v. FBI, No. 16-2237 (D.D.C. filed Nov. 10, 2016) (Biometric Data Transfer Agreements).
  • Open Government Lawsuits at Near-Record Highs in 2016 + (Dec. 9, 2016)
    Advocates, journalists, and businesses have brought a near-record 512 lawsuits under the Freedom of Information Act in 2016. The findings, complied by for FOIAproject.org by the Transactional Records Access Clearinghouse, show a 35 percent increase in FOIA litigation over the past five years. According to the new report, the lawsuits have covered diverse issues including "private email accounts, national security, immigration, the environment and even Donald Trump." In 2016, EPIC brought FOIA suits for the DOJ's secret inspector general reports, the DOT's drone task force records, and the FBI's biometric data transfer memos.
  • EPIC FOIA: EPIC Obtains Secret Inspector General Reports + (Nov. 21, 2016)
    Through a Freedom of Information Act lawsuit EPIC has obtained nonpublic reports from the Department of Justice's Inspector General. The documents include audits of drug control funds. Another set of documents include audits of other grant programs, as well as a list of information security audits conducted since 2005. EPIC also obtained a previously unpublished audit of a state lab's DNA database. The mission of the DOJ Inspector General is "to detect and deter waste, fraud, abuse, and misconduct in DOJ programs and personnel." EPIC also recently sued the Federal Bureau of Investigation to obtain information on the massive biometric database "Next Generation Identification."
  • EPIC Sues FBI Over Biometric Data Program + (Nov. 14, 2016)
    EPIC has filed a FOIA lawsuit against the Federal Bureau of Investigation for information about the agency's plans to transfer biometric data to the Department of Defense. The FBI maintains one of the world's largest biometric databases, known as the "Next Generation Identification" system, but the FBI has resisted maintaining privacy safeguards. The Bureau previously proposed to exempt the database from many of the safeguards in the federal Privacy Act, which EPIC opposed. Then EPIC, following a FOIA lawsuit, obtained documents that revealed an error rate up to 20% for facial recognition searches in the FBI database. Now EPIC has filed an open government lawsuit to obtain a secret document that details the transfer of personal data in the FBI system to the Department of Defense. [Press Release]
  • Report: Facial Recognition is Expansive, Unregulated; Coalition Calls for DOJ Review + (Oct. 18, 2016)
    EPIC and a coalition of civil liberties organizations urged the Justice Department to review the disparate impact of facial recognition. The letter follows a report on law enforcement use of the technology. The report builds on work pursued by EPIC and others. Freedom of Information Act documents obtained by EPIC showed that the DHS system lacked privacy safeguards, the FBI accepts a 20% error rate for its Next Generation Identification system and has agreements to run facial recognition searches on DMV databases. In 2012, EPIC urged the Federal Trade Commission to suspend the use of facial recognition techniques pending the establishment of legal safeguards. And the 2009 Madrid Privacy Declaration, authored by NGOs and privacy experts, calls for a moratorium on the face scanning technology.
  • High Court Extends Fourth Amendment Protections to DUI Blood Tests + (Jun. 23, 2016)
    In Birchfield v. North Dakota, the U.S. Supreme Court today held that states cannot criminalize an individual’s refusal to submit to a warrantless blood test. The Court also found that the Fourth Amendment does not allow warrantless blood tests incident to arrest, but does permit warrantless breath tests. In the 2013 case Maryland v. King, EPIC urged the Supreme Court to protect genetic privacy by extending Fourth Amendment protections the collection of DNA from arrestees. In that case, the Supreme Court held that a cheek swab incident to an arrest was permissible.
  • EPIC, Coalition Demand Congressional Oversight of FBI's Vast Biometric Database + (Jun. 23, 2016)
    Today EPIC and a coalition of 45 organizations urged Congress to hold a hearing on the FBI’s massive biometric database and the risks of facial recognition technology. The letter follows the FBI’s recent proposal to exempt the "Next Generation Identification” database from Privacy Act safeguards—including requirements for accuracy, relevancy, and transparency. The civil liberties organizations said that “the FBI is retaining vast amounts of personal information and exposing millions of people to a potential data breach.” In the EPIC v. FBI FOIA case, EPIC obtained documents which revealed high error levels in the biometric database.
  • GAO Report: FBI’s Use of Face Recognition Fails on Privacy and Accuracy + (Jun. 15, 2016)
    The Government Accountability Office released a report today detailing the FBI’s failure to conduct a privacy audit of the agency’s use of facial recognition or adequately test the accuracy of the technology. EPIC and a coalition of public interest groups recently urged the Justice Department to extend the public comment period for the FBI’s Next Generation Identification database, which includes facial recognition capabilities. Previous Freedom of Information Act requests by EPIC showed that the agency had numerous agreements with states to access driver license photos for facial recognition searches and that technical specifications allowed for a 20% search error rate.
  • EPIC, Coalition Seeks Time to Review FBI Biometric Database + (Jun. 1, 2016)
    EPIC and a coalition of civil rights, privacy, and transparency groups urged the Department of Justice to extend the public comment period for the FBI’s Next Generation Identification database. The FBI database contains biometric data, such as fingerprint and retinal scans, on millions of Americans and raises significant privacy risks. The FBI is proposing to exempt the database from Privacy Act obligations, including legal requirements to maintain accurate records, permit individual access, and provide civil remedies. Errors plague the NGI database. In a FOIA caseEPIC v. FBI, EPIC obtained documents, which showed that the FBI accepted a 20% error rate for facial recognition matches.
  • Amendment Would Overturn Model Facial Recognition Privacy Law + (May. 27, 2016)
    The Illinois Biometric Information Privacy Act is one of the strongest facial recognition laws in the country. Enacted in 2008, the law prohibits the use of biometric recognition technologies without consent and provides for meaningful enforcement. But a proposed amendment would undercut legal protections, exempting facial recognition software from the law. A pending lawsuit against Facebook alleges that the company violates the law by amassing a database of users’ faceprints “without even informing its users — let alone obtaining their informed written consent.” EPIC has urged a moratorium for such surveillance techniques, pending the enactment of strong privacy laws such as those in Illinois. In much of the world, facial recognition software is illegal.
  • Federal Court Upholds Photo Tagging Suit Against Facebook + (May. 8, 2016)
    A federal judge has rejected Facebook's argument that the company did not violate an Illinois law that requires companies to obtain consent from consumers before collecting biometric data such as a "faceprint." Describing the biometric privacy law, the court said that Facebook's position was "antithetical to its broad purpose of protecting privacy in the face of emerging biometric technology." In 2011, EPIC filed a complaint with the Federal Trade Commission, arguing that the facial identification of users was an unfair and deceptive trade practice. In 2012, EPIC urged the FTC to suspend facial recognition "until adequate safeguards and privacy standards are established." Canada and Europe have since required Facebook to suspend the use of photo tagging.
  • Federal Agencies Seek Comment on Protections for Human Research Subjects + (Sep. 8, 2015)
    The Department of Health and Human Services is seeking public comment on proposed revisions to the "Common Rule," ethical rules regarding biomedical and behavioral research involving human subjects in the United States. The proposal seeks to strengthen requirements for informed consent but would also exempt certain categories of research from administrative review. The Department will accept public comments on the proposed revisions until December 6, 2015. EPIC previously submitted comments to the Department of Health and Human Services, warning that medical privacy standards for deidentification were "gravely inadequate" and urged support for stronger techniques of deidentification. EPIC routinely comments on privacy issues involved in health data.
  • GAO Report: Facial Recognition Technology Implicates Consumer Privacy, But Remains Unregulated + (Aug. 3, 2015)
    The Government Accountability Office has published a report on commercial use of facial recognition technology. The GAO compiled the report at the request of Senator Al Franken, who objected to use of the technology by Facebook and Google. The GAO surveyed companies, federal agencies, and NGOS, including EPIC. The report explains the technology's privacy risks, but also reports that no laws or guidelines currently regulate facial recognition technology. The GAO also reports that the "extent of [the technology's] current use in commercial settings is not fully known." EPIC has frequently advocated for face recognition privacy laws.
  • EPIC Files FTC Comments on Revenge Porn, Facial Recognition Privacy Risks + (Mar. 2, 2015)
    EPIC has filed formal comments with the Federal Trade Commission regarding a proposed consent order with Craig Brittain, a ”revenge porn” website operator. Revenge porn refers to the online distribution of sexual images without the consent of the image subject. Under the proposed order, Brittain "will have to destroy the intimate images and personal contact information he collected while operating the site.” EPIC supported the consent order, but urged the Commission to "further investigate the growing trend of companies recontextualizing images, for profit, without the knowledge or consent of the image subject.” EPIC also explained the correlation between “revenge porn” and other image privacy issues, such as facial recognition and image-based advertising.
  • California Court Strikes Down DNA Collection Law + (Dec. 4, 2014)
    A state appeals court in California has struck down a state law that requires collection of DNA from people arrested on felony charges. The California court ruled that DNA collection by a cheek swab is an unreasonable search and seizure prohibited by the state's constitution. "The California DNA Act intrudes too quickly and too deeply into the privacy interests of arrestees," wrote the court. The appeals court also said that the U.S. Supreme Court's ruling in Maryland v. King, which upheld a similar law in Maryland, did not apply in this case because of significant differences between each state's DNA collection laws. EPIC has participated as amicus in several cases concerning the collection of DNA. In Maryland v. King, EPIC argued that the government collection of DNA opens the door to misuse and threatens personal privacy. For more information, see EPIC: Maryland v. King, EPIC: Maryland v. Raines, EPIC: Kohler v Englade, EPIC: US v. Kincade, EPIC: Herring v. US, EPIC: Comments on TSA Biometric Systems, and EPIC: Genetic Privacy.
  • Senate to Hold Homeland Security Oversight Hearing + (Jun. 10, 2014)
    The Senate Judiciary Committee will hold an oversight hearing for the Department of Homeland Security. Secretary Jeh Johnson will testify. EPIC has objected to many of the agency's mass surveillance practices, including the secret profiling of American air travelers, the use of drones for aerial surveillance, the amassing of information on Americans into "fusion centers", and the collection of biometric identifiers. EPIC has also warned that the DHS Chief Privacy Officer has failed to safeguard privacy, a legal obligation for that office. According to the DHS, the number of privacy complaints increased in 2013. EPIC has several Freedom of Information Act case pending against the DHS. In an earlier case, EPIC determined the DHS was monitoring social media and news organizations for criticisms of the agency. Another EPIC case led to the removal of the x-ray backscatter devices from US airports. For more information, see EPIC v. DHS - Social Media Monitoring and EPIC v. DHS (Suspension of Body Scanner Program).
  • Patent to Block Facial Recognition Follows Sale of Google Glass + (Apr. 25, 2014)
    A patent for a technology that shields users from nearby video cameras has emerged. The patent describes a detector that would blur the images of people on portable camera displays, preventing video surveillance. The patent surfaced following Google's release of Google Glass for sale by the general public. Google is seeking a patent for a contact lens style for Glass that would escape public detection. Google is also seeking to trademark the word "glass," which the US Patent and Trademark Office opposes. EPIC previously submitted comments to the Federal Trade Commission recommending the suspension of facial recognition techniques pending the establishment of privacy safeguards. For more information, see EPIC: Google Glass and Privacy, EPIC: Facial Recognition and EPIC: Federal Trade Commission.
  • EPIC Recommends Safeguards For Facial Recognition Technology + (Feb. 5, 2014)
    In a letter to the Department of Commerce, EPIC called on the agency to develop a facial recognition framework based on the Fair Information Practices ("FIPs"). The National Telecommunications and Information Administration is meeting to address the commercial use of facial recognition, which has seen a backlash. Google banned facial recognition apps and services and Europe required Facebook to discontinue the use of facial recognition for photo tagging. Today Senator Al Franken raised concerns about NameTag. Senator Franken, in a letter to the app developer, called for the delay of the apps release until best practices are established. In comments to the Federal Trade Commission, EPIC previously recommended the suspension of facial recognition technology until adequate safeguards are established. For more information, see EPIC: Face Recognition.
  • EPIC FOIA - FBI Says 20% Error Rate Okay for Facial Recognition + (Oct. 4, 2013)
    EPIC's Freedom of Information Act lawsuit has produced new documents about "Next Generation Identification" and the FBI's plans for facial recognition. According to the document obtained by EPIC, "NGI shall return an incorrect candidate a maximum of 20% of the time." That number is much greater than expected. Earlier this year, EPIC received documents from the FBI regarding the use of facial recognition and state DMV photos. The FBI has still not updated a 2008 Privacy Impact Assessment on facial recognition technology despite telling Congress last year that a new assessment was planned. For more information, see EPIC: EPIC v. FBI - Next Generation Identification and EPIC: Face Recognition.
  • Sen. Franken Questions Apple on iPhone Fingerprint Scanning + (Sep. 21, 2013)
    Senator Al Franken has raised questions about the privacy and security implications of the fingerprint reader on Apple's new iPhone 5S. "If someone hacks your password, you can change it—as many times as you want. You can't change your fingerprints," Senator Franken wrote. He also pressed Apple for additional details on the protection available to users against law enforcement access to biometric data. In Congressional testimony, EPIC has previously warned that biometric identifiers will "allow for greater data collection and tracking of individuals." For more information, see EPIC: Biometric Identifiers.
  • EPIC FOIA - DHS Facial Recognition System Lacks Privacy Safeguards + (Aug. 22, 2013)
    In response to an EPIC FOIA request, the Department of Homeland Security has produced documents revealing that the agency has failed to establish privacy safeguards for "BOSS" (the Biometric Optical Surveillance System), an elaborate system for facial recognition and individual identification. The documents obtained by EPIC indicate that none of the agency's contracts or statements of work require any data privacy or security protections for BOSS' design, production, or test implementations. The New York Times reported on EPIC's acquisition of these documents, noting also high failure rates for these systems. EPIC is also pursuing a FOIA lawsuit with the FBI over the agency's development of "Next Generation ID," which, when complete, will be the largest biometric identification database program in the world. For more information, see EPIC: Face Recognition, EPIC: EPIC Opposes DHS Biometric Collection, and EPIC - Biometric Identifiers.
  • EPIC Opposes DHS Biometric Collection + (Jun. 21, 2013)
    EPIC has submitted comments to the Department of Homeland Security, staunchly opposing the agency's border biometric collection, facilitated through the Office of Biometric Identity Management program. Since at least 2004, DHS has collected fingerprint and facial photos from individuals entering the United States. DHS then disseminates this information to DHS agency components, other federal agencies, and "federal, state, and local law enforcement agencies," and the "federal intelligence community." Currently, at least 30,000 individuals from federal, state, and local governments access the data contained obtained by DHS's biometric collection program. DHS shares this biometric data with foreign governments, including Canada, Australia, and the United Kingdom. In its comments, EPIC urged the agency to cease collecting biometric information without proper privacy safeguards in place. Should the agency continue to collect this sensitive information, EPIC recommends that DHS: (1) impose strict information security safeguards on its biometric information collection and limit its dissemination of biometric information; (2) conduct a comprehensive privacy impact assessment on the biometric collection program; (3) grant individuals Privacy Act rights before collecting additional biometric information; and (4) adhere to international privacy standards. For more information, see EPIC: US-VISIT and EPIC: Biometric Identifiers.
  • FBI Performs Massive Virtual Line-up by Searching DMV Photos + (Jun. 17, 2013)
    Through a Freedom of Information Act request, EPIC obtained a number of agreements between the FBI and state DMVs. The agreements allow the FBI to use facial recognition to compare subjects of FBI investigations with the millions of license and identification photos retained by participating state DMVs. EPIC also obtained the Standard Operating Procedure for the program and a Privacy Threshold Analysis that indicated that a Privacy Impact Assessment must be performed, but it is not clear whether one has been completed. EPIC is currently suing the FBI to learn more about its development of a vast biometric identification database. For more information, see EPIC: Face Recognition and EPIC: Biometric Identifiers.
  • Google Bans Facial Recognition Glass Apps + (Jun. 3, 2013)
    Google announced that it will not approve any facial recognition apps for Google Glass, pending the development of privacy safeguards. "[W]e won't add facial recognition features to our products without having strong privacy protections in place," the company said in a blog post. In comments on facial recognition to the Federal Trade Commission last year, EPIC recommended that the Federal Trade Commission enforce Fair Information Practices against commercial actors when collecting, using, or storing facial recognition data. "In the absence of guidelines and legal standards, EPIC recommends a moratorium on the commercial deployment of facial recognition techniques," EPIC wrote to the FTC in early 2012. For more information, see EPIC: Facial Recognition and EPIC: Federal Trade Commission.
  • EPIC Sues FBI to Obtain Details of Massive Biometric ID Database + (Apr. 8, 2013)
    EPIC has filed a Freedom of Information Act lawsuit against the FBI to obtain documents about "Next Generation Identification", a massive database with biometric identifiers on millions of Americans. The EPIC lawsuit follows the FBI's failure to respond to EPIC's earlier FOIA requests for technical specifications and contracts. According to EPIC's complaint, "When completed, the NGI system will be the largest biometric database in the world." NGI aggregates fingerprints, DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other identifying information. The FBI will use facial recognition to match images in the database against facial images obtained from CCTV and elsewhere. For more information, see EPIC v. FBI - Next Generation Identification, EPIC: Biometric Identifiers and EPIC: Face Recognition.
  • Federal Trade Commission Proposes "Best Practices" for Facial Recognition Technology + (Oct. 22, 2012)
    The Federal Trade Commission has released a report recommending practices that businesses using facial recognition technology should follow in order to protect the privacy and security of consumers. The report noted that facial recognition techniques range from simple face detection to the identification of previously anonymous individuals. The FTC recommended several practices for all businesses, such as privacy by design, data deletion, and security standards. In services involving facial recognition to identify individuals, the FTC recommended that companies obtain the affirmative express consent of consumers, and in certain sensitive locations, such as health care facilities, the FTC said that the technology should not be used at all. In earlier comments to the Commission, EPIC recommended a moratorium on the use of facial recognition until adequate privacy safeguards are developed. A similar recommendation is found in the Madrid Privacy Declaration, which is endorsed by more than 100 civil society organizations worldwide. Facebook has ended the use of facial recognition in the European Union and suspended use in the United States. For more information, see EPIC: Face Recognition and EPIC: Federal Trade Commission.
  • Facebook Ceases Facial Recognition in European Union + (Sep. 21, 2012)
    The Irish Data Protection Commissioner issued a report finding that Facebook has implemented many of the Commissioner’s recommendations, such as halting the automatic use of facial recognition through "tag suggestions." Facebook has agreed to give users the choice over the use of facial recognition, to grant users access to their facial recognition template, and to delete the facial recognition data of EU citizens by October 15. The report also found that Facebook had implemented recommendations for improving transparency, enhancing the ability for users to delete data, and allowing users to access their data. On recommendations concerning user education, data deletion, and as targeting based on sensitive terms, the report found that "full implementation has not yet been achieved but is planned to be achieved by a specific deadline." The Federal Trade Commission recently adopted a proposed settlement with Facebook that prohibits Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. In November 2011, EPIC recommended that the FTC prevent Facebook from creating facial recognition profiles without users' consent. In February 2012. EPIC recommended "the suspension of facial recognition technology deployment until adequate safeguards and privacy standards are established." For more information, see EPIC: Federal Trade Commission and EPIC: Facebook and Facial Recognition.
  • EPIC Recommends Protections for Use of Commercial Facial Recognition Technology + (Jul. 18, 2012)
    In a statement for the record, EPIC called on the Senate Subcommittee on Privacy, Technology, and the Law to protect the ability of individuals to control the disclosure of their identity. The hearing on "What Facial Recognition Technology Means for Privacy and Civil Liberties" will feature witnesses from the government, private companies, and academia. EPIC recommended that Fair Information Practices ("FIP") be enforced against companies that collect facial recognition data. These legal obligations would include limitations on collection, use, and retention of the data, informed consent, security, accessibility, and accountability. "In the absence of guidelines and legal standards, EPIC recommends a moratorium on the commercial deployment of facial recognition techniques." For more information, see EPIC: Facial Recognition.
  • Facebook Acquires Facial Recognition Company Face.com + (Jun. 20, 2012)
    Facebook announced the acquisition of Face.com, a facial recognition technology company and long-time business partner of Facebook. Facebook uses an automatic facial recognition system, called "tag suggestions," to create a database of users' biometric information. Last year, EPIC filed a complaint with the Federal Trade Commission, stating that Facebook created biometric profiles of users without their explicit consent, failed to provide a clear mechanism for the deletion of these profiles, and failed to take adequate safeguards to ensure that users' biometric information would not be accessible to government agents and other third parties. In recent comments to the FTC, EPIC recommended the suspension of facial recognition technology deployment until adequate safeguards and privacy standards are established. For more information, see EPIC: Facial Recognition and EPIC: Facebook and Facial Recognition.
  • EPIC Calls for Moratorium on Facial Recognition Technology + (Feb. 1, 2012)
    In detailed comments to the Federal Trade Commission, EPIC today recommended the suspension of facial recognition technology deployment until adequate safeguards and privacy standards are established. EPIC said that facial recognition is often used by strangers to determine a person's actual identity and that this poses a risk to privacy and personal security. EPIC also noted that some companies have adopted techniques that are more favorable to privacy as they allow users to control the image database while others undermine privacy, as the image database is centrally maintained. EPIC previously submitted a complaint to the FTC about Facebook's use of facial recognition technology to build a secret database of users' biometric data and allowing the company to automatically tag users in photos. The comments follow an FTC workshop exploring the privacy and security issues raised of facial recognition technology. For more information, see EPIC: Federal Trade Commission, EPIC: Face Recognition, and EPIC: Facebook and Face Recognition.
  • US to Retain Biometric Database on Iraqis + (Dec. 21, 2011)
    According to Wired, although the war in Iraq is officially over US Central Command will retain a massive database with retinal scans, thumb prints, religious affiliation, as well as other personal data on millions of Iraqis. In 2007, EPIC, Privacy International, and Human Rights Watch sent a letter to then Secretary of Defense Robert Gates to warn that the collection of biometric data in the region poses a direct risk to human rights and could result in genocidal violence. The Defense Science Board also warned that the database could "become a hit list if it gets in the wrong hands." For more information, see EPIC - "Iraqi Biometric Identification System."
  • FTC Publishes Performance Report + (Nov. 22, 2011)
    The Federal Trade Commission has issued the 2011 Performance and Accountability Report. The report summarizes the agency’s accomplishments, shows how the agency has managed its resources, and explains how it plans to address future changes. According to the FTC, during 2011 the agency exceeded its privacy goals by providing 52 comments to foreign consumer protection and privacy agencies, conducting 14 technical assistance missions, and hosting one international consumer protection fellow. The agency’s privacy goals for the coming year include "issu[ing] a final report on protecting consumer privacy," and "examin[ing] malware and spyware threats to mobile devices . . . and malware distributed through social networks." The FTC report made no mention of several pending complaints, including EPIC's 2009 complaint regarding the changes by Facebook to its users' privacy settings. For more information, see EPIC: Federal Trade Commission and EPIC: Facebook and Facial Recognition.
  • Sen. Rockefeller Requests FTC Report on Facial Recognition Technology + (Oct. 20, 2011)
    Senator John D. Rockefeller (D-WV) sent a letter requesting that the Federal Trade Commission assess the use of facial recognition technology and recommend legislation to protect privacy. Facial recognition technology is being used by technology firms and also police agencies, which has raised civil liberties concerns. The letter cited mobile applications such as SceneTap, which "tracks the male/female ratio and age mix of the crowd [in bars]" and digital advertising at the Venetian Resort in Las Vegas that tailors ads to the person standing in front of the display based on recognition of that person’s age and gender. The FTC will hold a workshop on facial recognition technology on December 8, 2011. EPIC's complaint regarding Facebook's facial recognition is still pending before the FTC. For more information, see EPIC: In re Facebook, and EPIC: Facial Recognition.
  • EPIC, Coalition Seeks Investigation of New FBI ID Program and "Secure Communities" + (Sep. 26, 2011)
    A coalition of civil liberties and civil rights organizations have asked the Inspector General of the Department of Justice to investigate the FBI's Next Generation Identification program, a "billion-dollar initiative to create the world's largest biometric database." The 70 organizations, including EPIC, have also urged an assessment of "Secure Communities," the mismanaged federal deportation effort. Several states, including Illinois, Massachusetts, and New York, have already withdrawn from the DHS program. For more information, see EPIC - "Secure Communitities."
  • FTC Announces Workshop on Facial Recognition Technology + (Sep. 20, 2011)
    The Federal Trade Commission announced that it will host a workshop on December 8, 2011, on the privacy and security issues raised by the increasing use of facial recognition technology. Facial recognition technology has been used by Facebook to build a secret data base of users’ biometric data and to enable Facebook to automatically tag users in photos. The Army has also used facial recognition technology to collect biometric data from Iraqi and Afghan civilians at checkpoints, workplaces, the sites of attacks, and door-to-door canvasses. EPIC, Privacy International, and Human Rights Watch wrote to the US Secretary Defense in 2007 to warn that the system could lead to reprisals and further killings. Police agencies are also using facial recognition to identity political protesters. EPIC’s complaint regarding Facebook’s facial recognition is still pending before the FTC. For more information, see EPIC: In re Facebook, EPIC: Face Recognition, and EPIC: Iraqi Biometric Identification System.

History

Facial recognition systems are computer-based security systems that are able to automatically detect and identify human faces. These systems depend on a recognition algorithm, such as eigenface or the hidden Markov model. The first step for a facial recognition system is to recognize a human face and extract it fro the rest of the scene. Next, the system measures nodal points on the face, such as the distance between the eyes, the shape of the cheekbones and other distinguishable features. These nodal points are then compared to the nodal points computed from a database of pictures in order to find a match. Obviously, such a system is limited based on the angle of the face captured and the lighting conditions present. New technologies are currently in development to create three-dimensional models of a person's face based on a digital photograph in order to create more nodal points for comparison. However, such technology is inherently susceptible to error given that the computer is extrapolating a three-dimensional model from a two-dimensional photograph.

Throughout the nation and the world, the debate on the privacy implications of face recognition and other surveillance technologies is heating up. In January 2001, the city of Tampa, Florida used the technology to scan the faces of people in crowds at the Super Bowl, comparing them with images in a database of digital mug shots. Privacy International subsequently gave the 2001 Big Brother Award for "Worst Public Official" to the City of Tampa for spying on Super Bowl attendees. Tampa then installed cameras equipped with face recognition technology in their Ybor City nightlife district, where they have encountered opposition from people wearing masks and making obscene gestures at the cameras. In late August 2001, a member of the Jacksonville, Florida City Council proposed legislation to keep the technology out of Jacksonville.

The Virginia Department of Criminal Justice Services gave a $150,000 grant to the city of Virginia Beach in July 2001, to help the city obtain face recognition cameras to look for criminal suspects and missing children. Although officials had initially expressed mixed feelings about the technology, the city council voted on November 13 to install the software at the oceanfront. To fully fund the system, the city must pay an additional $50,000.

In the wake of the September 2001 terrorist attacks on the U.S., privacy advocates, citizen groups, political leaders, and the manufacturers of the technology itself are debating whether these technologies should be more widely used, and if so, how they should be regulated to protect the privacy of the public. Some airports are considering installing face recognition cameras as a security measure. However, T.F. Green International Airport in Providence, Rhode Island, one of the first airports to consider it, decided in January 2002 that they would not install it after all, citing the possibility of false matches and other technological shortcomings of facial recognition systems.

Subsequently, in August of 2003, the Tampa Police Department scrapped Ybor City's facial-recognition system, citing the system's ineffectiveness as bearing heavily on their decision. Virginia Beach's system is still in place, however, it has never produced a match or arrest since its installation in 2002. Boston's Logan Airport ran two separate facial recognition system tests at its security checkpoints using volunteers posing as terrorists over a three-month period and posted disappointing results. Throughout the testing period, the systems correctly identified the volunteers 153 times and failed to identify the volunteers 96 times. As a result of the lackluster success rate of only 61.4 percent, the airport decided to explore other technologies for securing its checkpoints

Recently, the focus on facial recognition systems has shifted to its use as a way to secure borders. The United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program requires visitors of the United States to provide fingerprints and a digital photograph at their port of entry. US-VISIT then interfaces with the Automated Biometric Identification System (IDENT) database to check and see if the visitor is a "person of interest." Similarly, the Real ID Act of 2005 would include an integrated computer chip in every driver's license issued after May 2008 that contains a digital photograph, which could be used for facial recognition purposes.

News Items

Resources

Reports on Facial Recognition

Previous Top News

  • International Police Organization Proposes Worldwide Facial Recognition System. Interpol, the Europe-based international law enforcement group, has proposed an automated face-recognition system for international borders. Such a system could require travelers to undergo face scans, and make the information available to numerous countries. An Interpol face-recognition database would permit Interpol member nations to search records containing travelers' personal biometric information, and could be used in conjunction with travel watch lists. The inaccuracy of facial recognition technology has repeatedly been criticized. Privacy watchdogs have questioned the efficacy and wisdom of government programs that collect ever-more personal information at border crossings. "We need to get our data to the border entry points. There will be such a large role in the future for fingerprints and facial recognition," said Mark Branchflower, head of Interpol's fingerprint unit. (Oct. 20, 2008)
  • Companies Use Surveillance Cameras for Advertising Studies. Surveillance cameras have long been used as anti-crime devices. However, companies are now seeking to use surveillance cameras to watch people for advertising research. In Germany, developers are placing video cameras into street advertisements and attempting to discern people's emotional reactions to the ads. Dutch researchers are using experimental emotion-recognition software to test individuals' reactions to advertisements and marketing. (July 10, 2007)
  • Federal Air Marshals to Surreptitiously Photograph Travelers. The US Department of Homeland Security is investing in face recognition technology so that federal marshals can surreptitiously photograph people in airports, bus and train stations, and elsewhere to check whether they are in terrorist databases. The Los Angeles police department already is using handheld facial recognition devices. See EPIC's Video Surveillance page. (May 10, 2007)
  • British Police Look to Build National Mugshot Database. The Police Information Technology Organisation aims to create a national database of still and video facial images, tattoos, and other imagery linked to criminal biographical information. They are also looking into how they can incorporate facial recognition software into the mugshot database for the police forces of England, Scotland, and Wales. (Jan. 16, 2006)
  • New German E-Passports Thwarted by People Smiling. Germany started issuing biometric passports a week ago but problems have been caused by people smiling and visible teeth. Germany has had to issue guidelines warning that people "must have a neutral facial expression and look straight at the camera." Germany, Belgium and Sweden are the three EU countries offering biometric passports. (Nov. 10, 2005)
  • Spotlight: Facial Recognition Systems Don't Picture Privacy. This month, Spotlight focuses on facial recognition systems. The Department of Homeland Security has spent millions of dollars on these "smart" cameras that attempt to identify people based on their facial images. However, several tests show the systems are not reliable. Facial recognition systems also create significant privacy risks: the cameras are often hidden and there are no laws to prevent abuse. (Nov. 4, 2005)
  • UK Will Have E-passports With Facial Recognition in 2006. The United Kingdom plans to have e-passports equipped with facial biometrics and ID cards early next year. The UK government also plans to include fingerprints in both by 2009. The passports include a microchip that holds a digitised facial image, and has space to hold another biometric if needed. Bernard Herdan, chief executive of the UK Passport Service, said the passports would be phased in by February 2006 and completed by July 2006. (Oct. 25, 2005)
  • Pakistan to Use Facial Recognition with Passports. The National Database and Registration Authority of Pakistan is using Viisage Technology's face recognition systems to identify passport holders. NADRA announced this week that it has scanned 34 million images for duplicates in three months. The database was expected to grow to 50 million records once enrollment is complete. (Aug. 31, 2005)
  • NY Train System to Adopt New Electronic Security System. The New York Metropolitan Transportation Authority has announced that it is working with Lockheed Martin to develop a state-of-the-art electronic security system to enhance security on its trains by using "intelligent video" to monitor suspicious individuals and packages. The system will be adaptable to new technology, such as devices that detect explosives, measure signs of nervousness and recognize faces. The $212 million dollar system has recently come under criticism for its inability to determine whether an object has been left in a garbage can. (Aug. 23, 2005)
  • State Department Requires Digital Photographs. The State Department has decided to implement an identification system for individuals in the Visa Waiver Program that requires those individuals to produce a passport with a digital photograph stored in an integrated circuit chip by October 26, 2006. It is still unknown whether the digital photograph will be used to as a biometric identifier, but many experts have debated the safety of including sensitive information in e-passports that include RFID chips. EPIC has previously issued comments on the related issue of RFID use in US-VISIT. (June 15, 2005)
  • British National ID Plan's Biometrics Use Called Flawed. Under the UK's national ID proposal, face, iris and fingerprint scans will be used to identify people. However, studies have found that biometrics being scanned in the wrong type of light or in shadow could lead to a false identification. One problem, a Home Office minister admitted, is that people with brown eyes could experience difficulties using the national ID cards. The cost of a combined passport and ID card, is estimated at £93 each. The UK House of Commons last week passed the national ID bill; it now moves to the House of Lords. (Oct. 24)
  • Report: Costly National ID Scheme An Unfunded Mandate. The National Conference of State Legislatures, a bipartisan group, today released a report documenting pending legislation that pre-empts state authority, including the national ID card created by the recently passed REAL ID Act. NCSL officials estimate the national ID scheme could cost states $13 billion as they try to restructure motor vehicle offices. "The REAL ID Act handcuffs state officials with unworkable, unproven, costly mandates that compel states to enforce federal immigration policy rather than advance the paramount objective of making state-issued identity documents more secure and verifiable, " Sen. Michael Balboni said, in announcing the report. The new ID cards will include biometrics, including digital photographs that can be linked up to facial recognition systems. (Aug. 16)
  • UK Identity Card Bill Introduced in Parliament. The Labour Party introduced its Identity Cards bill in the House of Commons on Monday. The bill, which may cost £18B ($32.6B) over the next 10 years, provides for ID cards that will be tied to the National Identity Register, also established by the bill. As the bill's Explanatory Note states, in the first stage only individuals who apply for "Designated Documents" will be required to register, though the bill provides authority for the government to make registration compulsory for all UK residents. The National Identity Register may eventually include name, date of birth, residence, and immigration status, as well as biometric information and personal history of every individual in the UK. The bill was initially introduced in the House of Parliament last November, but was withdrawn in April pending the outcome of the May 6 general election. (June 2)
  • Congress Passes Controversial ID Bill Without Debate. The Senate yesterday approved the supplemental military spending bill to which the REAL ID Act had been attached. The legislation mandates federal identification standards and requires states DMVs, which have become the targets of identity thieves, to collect sensitive personal information. The new ID cards will include digital photographs that can be linked up to facial recognition systems. Legislators in both parties urged debate and more than 600 organizations opposed the legislation. (May 11)
  • Spotlight: Federal Grants Fund Surveillance Cameras in Nation's Cities. This month, Spotlight on Surveillance turns to the $2 billion that the Department of Homeland Security will provide to state and local governments. Some of this money will be for surveillance cameras that watch people in shopping centers and on public streets, and may even look into homes. Such cameras can be linked to facial recognition systems. Studies have found that such surveillance systems have little impact on crime, and that it is more effective to place officers on the streets and improve lighting in high-crime areas. (May 2)
  • Sweeping ID Bill Faces Opposition in the Senate. A bipartisan coalition of senators is urging debate on a bill that would establish a federal mandate for identification standards across the United States. The REAL ID Act would impose technological standards and verification procedures on the states, many of which are beyond the current capacity of the federal government. The bill is opposed by the National Governors Association, the National Conference of State Legislatures, the Council of State Governments, and the American Association of Motor Vehicle Administrators. Sen. Richard Durbin also expressed concern this week that REAL ID would repeal earlier legislation that contained "carefully crafted language -- bipartisan language -- to establish standards for States issuing driver's licenses." (Apr. 22)
  • Facial Recognition Linked to Mobile Phones. New software allows personal digital assistants, mobile phones or other handheld devices to use a built-in camera to recognize the face of their owner. The Okao Vision Face Recognition Sensor software by Omron is compatible with the Symbian, Binary Runtime Environment for Wireless, Linux and Itron operating systems. (Mar. 1, 2005)
  • Homeland Security Adopts New Facial Recognition Standard. The Department of Homeland Security has adopted a standard developed by the International Committee for Information Technology Standards (INCITS). The standard (INCITS 385) will be used to as the technical criteria for designing equipment such as cameras and software for facial recognition. (Oct. 28, 2004)
  • CATO Institute Holds Biometrics Event. The Cato Institute will be holding an event called "Eye in the Sky and Everywhere Else: Do Biometric Technologies Violate Our Rights?" Speakers included Frances Zelazny, Visionics; Dorothy Denning, Georgetown University; Marc Rotenberg, EPIC; and John D. Woodward, Jr., RAND. (Jan. 24, 2002)
  • Watch the Watchers. An international coalition composed of artists, scientists, engineers, scholars, and others declared December 24 to be "World Subjectrights Day", or "World Sousveillance Day", a day to watch the watchers. Passengers are encouraged to photograph cab drivers, customers to photograph shopkeepers, citizens to photograph the police, etc. There is also a photo competition encouraging participants to send in pictures for inclusion in a national face recognition database. (Dec. 2001)
  • EPIC Event to Explore Privacy Implications of New ID Systems. EPIC holds National Press Club event where experts Whitfield Diffie, Jeffrey Rosen, Richard Smith, Robert Ellis Smith, John Woodward, and Marc Rotenberg discuss privacy issues relating to security and surveillance technologies. (Oct. 22, 2001)

Share this page:

Defend Privacy. Support EPIC.
EPIC Mueller Report book
US Needs a Data Protection Agency