More than 30 privacy and civil-liberties groups are asking the Justice Department to complete a long-promised audit of the FBI’s facial-recognition database.
The groups argue the database, which the FBI says it uses to identify targets, could pose privacy risks to every American citizen because it has not been properly vetted, possesses dubious accuracy benchmarks, and may sweep up images of ordinary people not suspected of wrongdoing.
In a joint letter sent Tuesday to Attorney General Eric Holder, the American Civil Liberties Union, the Electronic Frontier Foundation, and others warn that an FBI facial-recognition program “has undergone a radical transformation” since its last privacy review six years ago. That lack of recent oversight “raises serious privacy and civil-liberty concerns,” the groups contend.
“The capacity of the FBI to collect and retain information, even on innocent Americans, has grown exponentially,” the letter reads. “It is essential for the American public to have a complete picture of all the programs and authorities the FBI uses to track our daily lives, and an understanding of how those programs affect our civil rights and civil liberties.”
The Next Generation Identification program — a biometric database that includes iris scans and palm prints along with facial recognition — is scheduled to become fully operational later this year and has not undergone a rigorous privacy litmus test — known as a Privacy Impact Assessment — since 2008, despite pledges from government officials.
“One of the risks here, without assessing the privacy considerations, is the prospect of mission creep with the use of biometric identifiers,” said Jeramie Scott, national security counsel with the Electronic Privacy Information Center, another of the letter’s signatories. “it’s been almost two years since the FBI said they were going to do an updated privacy assessment, and nothing has occurred.”
The facial-recognition component of the database, however, is what privacy advocates find most alarming. The FBI projects that by 2015 the facial-recognition database could catalog up to 52 million face photos. A substantial portion of those — about 4.3 million — are expected to be gleaned from noncriminal photography, such as employer background checks, according to privacy groups.
But earlier this month, FBI Director James Comey told Congress the database would not collect and store photos of average civilians and is intended to “find bad guys by matching pictures to mugshots.” But privacy hawks remain concerned that images may be shared among the FBI and other agencies, such as the Defense Department and National Security Agency, and even state motor-vehicle departments.