A major privacy advocate is suing the FBI over its “Next Generation Identification,” a computer program that uses biometrics to identify people but still has been known to make a mistake one out of five times.
The case is being brought by the Electronic Privacy Information Center.
A statement released by Marc Rotenberg, the president, and Jeramie Scott, the organization’s domestic surveillance project director, said the database, assembled by FBI Director James Comey, already contains “detailed personal information on millions of Americans.”
The lawsuit, under the federal Freedom of Information Act, seeks information on the system, the privacy safeguards that the FBI reportedly had removed, and more.
“The FBI director has shown a ‘reckless disregard’ for the privacy rights of Americans,” Rotenberg said in a prepared statement. “Operating in secret, Director Comey has built a massive biometric database that places the privacy of all Americans at risk. And he as removed Privacy Act safeguards intended to ensure accuracy and accountability for the record system.”
A previous FOIA lawsuit against the FBI revealed that the FBI allows for an error rate of 20 percent in face-recognition matches.
“The FBI biometric database raises significant privacy risks for Americans,” said Scott. “Instead of fixing these problems and following the law, the bureau has chosen instead to expand the program and remove barriers to data collection.”
The conflict is partly over the fact, EPIC said, that the FBI has exempted itself from a variety of legal requirements concerning accuracy, relevancy and transparency.
“Increasingly, the FBI is collecting information, including biometric information, for non-criminal reasons and keeping that data well beyond the original need for collection,” the organization warned.
In June, EPIC and nearly four dozen others groups urged Congress to review the Next Generation Identification processes.
The dangers are real, it said.
That information could be exposed to dangerous players, as was the information regarding 22 million federal employees, friends and family members in a breach in 2015 of the record system of the Office of Personnel Management.
Since EPIC has been fighting such moves for years, it’s not the first time it’s ended up in court.
One earlier ruling found there “can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered.”
EPIC said its newest case is trying to jar loose information about a strategy involving the FBI and the Department of Defense regarding biometric data. The documents were sought first in April 2015, but the FBI has failed to release any responsive records.
“More than a year has passed since the last response to EPIC from the FBI,” the organization explained. “In the past year, the FBI has continued to expand the biometric database, obtain Privacy Act exemptions and make determinations with adverse consequences for Americans across the country.”
EPIC has noted the database can include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints and photographs.
“Millions of individuals who are neither criminals nor suspects will be included in the database,” it warned.
“Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Biometric records collected by various civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras.”
Even more troubling, it said, was the fact that are an estimated 30 million surveillance cameras now in the U.S., and if the NGI system was integrated, it “could use facial recognition on images of crowds to identify individuals in public settings, whether or not the police have made the necessary legal showing to compel the disclosure of identification documents.”
The NGI was conceived to replace fingerprint systems.
The Integrated Automated Fingerprint Identification System is one of the large biometric databases in the world, with more than 70 million subject files.
It is assumed at some point that about 18,000 law enforcement agencies would have access to the files.