The FBI's facial recognition database, into which it wants to put 52 million of our mugs by the end of 2015, is only part of its larger Next Generation Identification (NGI) program. The NGI program is intended to give the feds a full range of means to identify us according to biometric markers, including facial feature, digitized fingerprints, photographs of tattoos, scans of the irises of human eyes…
It's a lot of data for tagging people, all going into a centralized system. That has plenty of people worried about misuse, abuse, and the overall nudge this sort of capability gives us toward a total surveillance state.
Yesterday, 32 organizations from across the political spectrum, including the American Civil Liberties Union, the Electronic Frontier Foundation (EFF), and R Street Institute, asked Attorney General Eric Holder to explain just how the United States government plans to use the system it's building and the data contained therein. Specifically, they want the federal government to perform a formal Privacy Impact Assessment (PIA) to follow up on the last such report, done in 2008.
Among other concerns raised, that 2008 PIA conceded that "Electronic searching of criminal justice images also entails the risk that the electronic search process may not be sufficiently reliable to accurately locate other photos of the same identity, resulting in an unacceptable percentage of misidentifications." That concession is underlined by revelations by the Electronic Privacy Information Center that federal specifications on the Next Generation Identification system facial recognition software allow for tagging "an incorrect candidate a maximum of 20% of the time."
The Electronic Frontier Foundation's Jennifer Lynch has also raised concerns about the sources of some the photos in the database, which are only vaguely identified. "The FBI does not define either the 'Special Population Cognizant' database or the 'new repositories' category," Lynch warned in April.
Maybe Holder can tell us just where those photos are coming from.
Of course, Privacy Impact Assessments don't mean that government agencies won't proceed with the projects being assessed. They just give us a better idea of what we're being subjected to.
The text of the letter is embedded below.
Signatory organizations are: American Civil Liberties Union, Bill of Rights Defense Committee (BORDC), Brennan Center for Justice, Center for Digital Democracy, Center for Democracy & Technology, Center for Financial Privacy and Human Rights, Center for National Security Studies, The Constitution Project, Constitutional Alliance, Consumer Action, Consumer Federation of America, Consumer Watchdog, Council on American-Islamic Relations, Council for Responsible Genetics, Cyber Privacy Project, Defending Dissent Foundation, Demand Progress, DownsizeDC.org, Electronic Frontier Foundation, Electronic Privacy Information Center (EPIC), Friends of Privacy USA, Government Accountability Project, Liberty Coalition, NAACP, National Association of Criminal Defense Lawyers, National Urban League, OpenTheGovernment.org, Patient Privacy Rights, Privacy Rights Clearinghouse, PrivacyTimes, R Street Institute, and the World Privacy Forum.