The FBI seems to think we should all be OK with this
By Jennifer Lynch, Electronic Frontier Foundation:
In the last few years, FBI has been dramatically expanding its biometrics programs, whether by adding face recognition to its vast Next Generation Identification (NGI) database or pushing out mobile biometrics capabilities for “time-critical situations” through its Repository for Individuals of Special Concern (RISC). But two new developments—both introduced with next to no media attention—will impact far more every-day Americans than anything the FBI has done on biometrics in the past.
FBI Combines Civil and Criminal Fingerprints into One Fully Searchable Database
Being a job seeker isn’t a crime. But the FBI has made a big change in how it deals with fingerprints that might make it seem that way. For the first time, fingerprints and biographical information sent to the FBI for a background check will be stored and searched right along with fingerprints taken for criminal purposes.
The change, which the FBI revealed quietly in a February 2015 Privacy Impact Assessment (PIA), means that if you ever have your fingerprints taken for licensing or for a background check, they will most likely end up living indefinitely in the FBI’s NGI database. They’ll be searched thousands of times a day by law enforcement agencies across the country—even if your prints didn’t match any criminal records when they were first submitted to the system.
This is the first time the FBI has allowed routine criminal searches of its civil fingerprint data. Although employers and certifying agencies have submitted prints to the FBI for decades, the FBI says it rarely retained these non-criminal prints. And even when it did retain prints in the past, they “were not readily accessible or searchable.” Now, not only will these prints—and the biographical data included with them—be available to any law enforcement agent who wants to look for them, they will be searched as a matter of course along with all prints collected for a clearly criminal purpose (like upon arrest or at time of booking).
This seems part of an ever-growing movement toward cataloguing information on everyone in America—and a movement that won’t end with fingerprints. With the launch of the face recognition component of NGI, employers and agencies will be able to submit a photograph along with prints as part of the standard background check. As we’ve noted before, one of FBI’s stated goals for NGI is to be able to track people as they move from one location to another. Having a robust database of face photos, built out using non-criminal records, will only make that goal even easier to achieve.
This change will impact a broad swath of Americans. It’s not just prospective police officers or childcare workers who have to submit to fingerprint background checks. In Texas, for example, you’ll need to give the government your prints if you want to be an engineer, doctor, realtor, stockbroker, attorney, or even an architect. The California Department of Justice says it submits 1.2 million sets of civil prints to the FBI annually. And, since 1953, all jobs with the federal government have required a fingerprint check—not just for jobs requiring a security clearance, but even for part-time food service workers, student interns, designers, customer service representatives, and maintenance workers.
The FBI seems to think we should all be OK with this because it has (ostensibly) given people notice and because the program is limited to only those people who are required by federal or state rules to provide prints. But in many parts of the country, this could amount to a very large percentage of workers (including each and every attorney at EFF)—and for many people, especially the poor and underemployed, opting out of this program by choosing a different line of work is truly a not a choice at all.
This is not OK. The government should not collect information on Americans for a non-criminal purpose and then use that same information for criminal purposes—in effect submitting the data of Americans with no ties to the criminal justice system to thousands of criminal searches every day. This violates our democratic ideals and our societal belief that we should not treat people as criminals until they are proven guilty.
It also subjects innocent Americans to the very real risk that they will be falsely linked to a crime. In 2004, the FBI mistakenly linked American attorney Brandon Mayfield to a bombing in Madrid based solely on forensic fingerprint evidence. The FBI seized his property, and he was imprisoned for two weeks before agents finally recognized their error and apologized. Researchers have postulated large face recognition databases could also result in false matches. This means that many people will be presented as suspects for crimes they didn’t commit.
Unfortunately, individuals don’t have much recourse. The only way you can get your prints out of the FBI’s database and stop this repeated invasion of privacy is either with a court order or if the agency that requires your prints to be collected also requests for them to be removed. There appears to be no way for an individual to ask to have their prints removed on their own.
We are disappointed that the FBI chose to go down this path. It could just as easily have designed its database to keep non-criminal data separate from criminal data. Or even better, the FBI could go back to its old practices and not keep the data at all.
FBI Plans to Populate its Massive Face Recognition Database with Photographs Taken in the Field
As Privacy SOS reported earlier this month, the FBI is looking for new ways to collect biometrics out in the field—and not just fingerprints, but face recognition-ready photographs as well.
The FBI recently issued a request for quotations (RFQ) to build out its mobile biometrics capabilities. Specifically, it’s looking for software that can be used on small Android-based mobile devices like Samsung Galaxy phones and tablets to collect fingerprints and face images from anyone officers stop on the street.
If the plan goes through, it will be the first time the FBI will be able to collect fingerprints and face images out in the field and search them against its Next Generation Identification (NGI) database. According to the RFQ, FBI’s current mobile collection tools are “not optimized for mobile operations” because they are large and are limited in scope to determining if a person has “possible terrorist links (in the U.S. or abroad) or is likely to pose a threat to the U.S.”
This plan appears to be a broad expansion of the FBI’s “RISC” program. RISC provides mobile fingerprinting tools to determine whether someone is an “Individual of Special Concern” by allowing access in the field to a database of “wanted persons, known or appropriately suspected terrorists, sex offenders, and persons of special interest.” The FBI says RISC is intended for “time-critical situations” and to identify a limited subset of people within its criminal fingerprint database. But now it appears FBI intends to use its mobile biometrics collection tools much more broadly.
The biggest concern with this new mobile program is that it appears it will allow (and in fact, encourage) agents to collect face recognition images out in the field and use these images to populate NGI—something the FBI stated in Congressional testimony it would not do.
Specifically, in 2012, Deputy Assistant Director Jerome Pender stated:
Only criminal mug shot photos are used to populate the national repository. Query photos and photos obtained from social networking sites, surveillance cameras, and similar sources are not used to populate the national repository.
But the new RFQ contradicts this because it appears the desired software would allow officers to submit non-mug shot photos to NGI. The RFQ says the FBI is looking for a mobile biometrics tool that would, “at a minimum . . . include fingerprints and facial photographs for submission and receipt of a response.” Photographs taken in the field are clearly not “mug shot photos” because they’re taken before booking and possibly even before arrest. And it’s hard to see how a mobile tool that allows officers to collect these non-mug shot photos and “submit” them to a database is not also “populating the national repository.”
Unfortunately, as we have noted many times before, we don’t know exactly how the FBI plans to populate NGI with face images because it hasn’t updated the Privacy Impact Assessment (PIA) for its photo database since 2008—well before the development and deployment of NGI’s facial recognition capabilities. Mr. Pender testified to Congress in 2012 that FBI was in the process of updating this PIA to “address all evolutionary changes” since 2008. But despite a 2014 letter to then-Attorney General Eric Holder signed by EFF and 31 other organizations calling for FBI to update the PIA, the Bureau still fails to explain to Americans exactly how it plans to collect, use and protect face recognition data. Our calls for an updated PIA are clearly falling on deaf ears. But without one, it is impossible to tell exactly how the FBI is limiting its acquisition and use of facial recognition data now and in the future.
As EFF testified during a Senate Subcommittee hearing on facial recognition, Americans should be very concerned about the government’s plans to build up its facial recognition capabilities:
Facial recognition takes the risks inherent in other biometrics to a new level…[it] allows for covert, remote, and mass capture and identification of images, and the photos that may end up in a database include not just a person’s face but also what she is wearing, what she might be carrying, and who she is associated with.
Given the FBI’s broad goals for face recognition data, the time is right for laws that limit face recognition data collection. By Jennifer Lynch, Electronic Frontier Foundation
Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.
This is certainly alarmist but with advancing computer power it may become practical. There are positive aspects as well. Would it not be nice to be able to simply have ones face and fingerprints scanned in order to transact things at the store, or get on a plane, or get a soda out of a vending machine, or show a police officer our driver’s license? We could dispense with wallets and credit cards. When we go to the emergency room they could pull up our medical records even if we are unconscious. In my line of work people constantly falsify their ID to the detriment of society, the taxpayer, and their families.
We could also dispense with being free human beings. It would be very practical. Would save us a lot of hassles.
You are willing to trade your freedom and liberty and our’s too so You can have easier access to a can of soda from a vending machine? Is that right? How did our once great nation become so lost?
Are you aware of how easily digital data can be changed? The federal govt just got hacked and the identity of 20M federal employees were stolen. Those identities could just as easily have been changed. Your prints can be swapped with the prints of a real criminal as well as your photo and DNA profile. I am not being sarcastic. Do you trust them with your freedom, I don’t.
“There are positive aspects as well. Would it not be nice to be able to simply have ones face and fingerprints scanned in order to transact things at the store, or get on a plane, or get a soda out of a vending machine, or show a police officer our driver’s license? We could dispense with wallets and credit cards.”
If that is voluntary and you want that convenience when it eventually becomes available, got for it. However, if it is mandated as the fingerprinting mentioned in this article is, no way, nor, as this article points out, should that information be allowed to be used within a criminal database.
Baaaa Baaaa
Why doesn’t this surprise me?
Just another example of the US government trying to control its citizens. Totally disgusting.
I wonder if the photos and fingerprints taken of people entering the USA are also going to be added to the database?
Here in OZ IIRC the police are not able to retain fingerprints for more than two years unless you are convicted of a crime. So for example, if you apply for a position with the police and are not successful, then in two years the prints are removed from the system.
I am pretty sure the FBI and the rest of the alphabet soup government has reached peak data. I like how they want to microchip the sheep while they let the foxes cross the border unchecked.
I like the peak data idea….let them keep piling it up and overload on meaningless data.
One day they will realize that they don’t need to watch the sheep and start looking for wolves. BUT I may be giving them too much credit…
Think of it as a denial of service attack they impose on themselves. If every search contains the data for people who have no probability of being a match, they are wasting an incredible amount of resources and slowing themselves to a digital crawl. They already collect more data than they can manage and the problem will only get worse.
In the 80’s and 90’s I worked for several New York financial institutions, and was finger printed in each with prints sent to the FBI for checking. Some years later, I had a workers comp case and the insurance company involved accused me of being a criminal because the FBI had my prints. I had to explain to the judge that I moved $5B a day in the bank where I worked and that’s why the bank took my prints. Every bank fingerprints. Even back then they were keeping the prints on file.
Certain country’s they can’t take, fingerprints, photos, or DNA, until after they arrest.
What they do, is sit people down in nice soft interview rooms, and give them, water to drink in a solid plastic beaker, and biscuits, on a tray, then they take the beaker and tray away, lift the prints and DNA.
Evidence collected, in the public domain, in plain sight.
Also oddly enough, although they can not use inadmissible, and illegally obtained evidence in court, they can keep it (for ever) and use it in their investigations.
1984 came a little late.
All we need now is a ‘great leader’, who says things like, “we are doing to do really great things”, “and “he is a terrific individual, a really great person”. Then, we have arrived.
While looking for work for a year, I was going to do some substitute teaching and biometric ID was required! Ridiculous!
Sorry, Cheduba, I think it was more important for them to get your biometric ID for substitute teaching than when I had my fingerprints done 3x to get a securities license. You were responsible for my children, whereas I was only responsible for your money.
How the Overton window has moved. Suggestions like this 30 years ago would’ve caused street demonstrations. Now it doesn’t even rate an upward glance from the mobile phone. 20 years from now humans will be chipped at birth. They won.
Bill Gates predicted that every second of our lives will be recorded from birth in the not too distant future. Sound like the old Soviet Union to me. Just another way of isolating the individual from everyone else. Star Chamber Justice perfected.
There are two types of people: those who will fall into line when told to; and criminals. It is just a matter of when the crime will be committed and how to do the sorting.
Yeah. We gotta fingerprint those engineers. Why, just the other day, one of them tried to pull a calculator on me.
as a former fed employee, rest assured that full biometrics is coming. i saw numerous and frequent govt emails about biometric seminars and the coming full implementation of biometrics. Iraq, the playground for weapons/surveillance testing, and the Iraqis, guinea pigs for these odious practices honed the skills for US “full spectrum dominance”. And now? Fallujah come home to roost. Barring revolution, expect the worst vis a vis, biometrics, continued mass surveillance, militarized police state, artificial intelligence/robotics, etc. See you all in the AI/robotics people zoo.