Privacy Advocates: Who's Watching the FBI Watchers?
As part of an ongoing program to expand the FBI's identification capabilities, the bureau soon will offer software to local law enforcement to search its database of facial recognition images. Privacy advocates question the program's scope and wonder who will ensure the system is being used within limits.
Sep 11, 2012 7:00 AM PT
The FBI soon will begin offering client software for its nationwide facial recognition database at no charge to law enforcement agencies in the United States.
This is the fourth element in its seven-increment Next Generation Identification Program.
The facial recognition system was deployed as a pilot in February, the FBI's Jerome Pender testified before the US Senate in July.
It's scheduled for full operational capability later this summer, Pender said.
The FBI's repository contains about 12.8 million searchable frontal photos of criminal mug shots.
Queries submitted for searching the repository must be authorized criminal justice agencies for criminal justice purposes, Pender said.
Information derived from pilot search requests, and the resulting responses, is to be used only as investigative leads, and is not to be considered as positive identification, Pender told the Senate.
Photos from social networking sites, surveillance cameras and similar sources are not used to populate the national repository, Pender stated.
"It's very clear as to what the facial recognition portion of the next generation identification system is," FBI spokesperson Bill Carter told TechNewsWorld.
Who's a Bad Guy?
Here's the first problem with the repository -- the mug shots in the repository were taken at the time of a criminal booking. In other words, the people photographed had not been convicted of a crime.
"[The FBI] could say it's only for people who are convicted and are serving time, or only for people who are arrested regardless of whether they're convicted, or for people they're interested in," Gregory Nojeim, director of the project on freedom, security and technology at the Center for Democracy and Technology (CDT), pointed out.
"They're going through their own database of mug shots and are turning those into datapoints for facial recognition, reducing faces to a numerical value, then they'll look for that value somewhere else," Nojeim told TechNewsWorld. "Where is that somewhere else, is the key question."
While such fears have been expressed, "a lot of what's written about it and such is not necessarily what it's going to turn into," Carter said.
The next question is, where the database will be used. "Do they use it to scan the crowd at a Super Bowl looking at anyone who might be in their database?" Nojeim asked. "That's where we don't have enough information."
You're OK Going Public, Maybe
"Within five to 10 years, it's going to be the rare individual, especially under the age of 30, who doesn't have some form of photograph of themselves online, so I'm not so sure the FBI needs its own unique database, they can access publicly available information," Pam Dixon, executive director of the World Privacy Forum, told TechNewsWorld.
"If you've got your photo publicly available online in some way and the FBI uses it, it's very challenging to argue that it violates privacy in some way," Dixon continued.
However, the collection of biometric data under the Next Generation Identification Program raises some questions. "Is it the database of individuals who have simply been arrested, or of people who have been under suspicion?" Dixon asked.
Trust, But Verify
"We need very clear parameters of who's in and who's out [of the database]," Dixon stated. "And we absolutely need strong oversight. One of the questions that we have is, where are the checks and balances?"
There ought to be some kind of reporting to Congress about what the FBI is doing with its database, the CDT's Nojeim suggested. "[Pender's] testimony in July was pretty vague."