The FBI Has a Mammoth Facial-Recognition Database

In a report published last month, the Government Accountability Office (GAO) admonished the FBI over its management of two interrelated facial-recognition programs: the Next Generation Identification (NGI) system and the Facial Analysis, Comparison and Evaluation (FACE) services unit.

Prior to the report’s publication, little was known about FACE, which is a much larger version of the NGI.

411 million photos

According to the GAO report, FACE has more than 411 million photos in its database, and includes images from the NGI, the State Department, the Defense Department and 16 states that operate their own facial-recognition systems.

The GAO probe was prompted by Sen. Al Franken (D–Minnesota), who requested an assessment of whether the FBI has complied with oversight laws and adequately evaluated the precision of these systems. The GAO’s response was negative on both counts, finding that the FBI hasn’t followed proper disclosure protocol or tested these programs to determine whether their search functions are accurate. 

On top of that the FBI has requested exemptions from many of its reporting requirements for these programs.

Coalition fights for reform

A number of advocacy groups have pushed back, expressing concerns about what such exemptions would mean for people’s privacy rights.

On May 27, EFF and 44 other organizations, including the ACLU, Color Of Change and Free Press, urged the Justice Department, which oversees the FBI, to allow the public more time to comment on the bureau’s request.

The letter cites the FBI’s neglect of its reporting requirements as reason enough for pause:

“In 2011 …The FBI began to allow state law enforcement to run facial-recognition searches against photos in the NGI database. Despite pressure from Congress and civil society, the FBI didn’t release a Privacy Impact Assessment about this program until September 2015. In fact, even though NGI itself was launched in 2008, the FBI didn’t publish a System of Records Notice about [it] until May 5, 2016 — the same day it proposed to exempt the system from other, even more basic transparency requirements.”

The coalition’s request for an extension was granted, and the public comment period closed on July 6.

EFF, Free Press and other groups have criticized the FBI for including both civil and criminal entries in its database, failing to test its programs adequately and failing to consider the racial and ethnic biases in these programs.

Given longstanding concerns about how intelligence agencies have violated civil liberties — and in light of the racial injustices endemic to U.S. policing — it’s critical that the FBI subject itself to proper public scrutiny in rolling out these new capabilities.

Database contains non-criminal photos

Civil-liberties advocates have also raised alarms about the FBI’s practice of combining civil and criminal entries into the same database.

According to the GAO report, while 80 percent of the photos contained within the NGI database are mug shots, the rest come primarily from employment background checks and security-clearance records. The FBI contends that it keeps the criminal and civil photographs separate except in instances where individuals have arrest records, in which case their files are merged.

“If you’re ever arrested for any crime,” EFF notes, “even for blocking a street as part of a First Amendment-protected protest — your non-criminal photographs will be combined with your criminal record and will become fair game for the same criminal database searches as any mug shot photo.”

The coalition behind the May 27 letter to the DoJ has noted that racial biases are likely embedded in these databases:

“While the database is partially built using mug shots and arrest records submitted by state and local law enforcement agencies, it also includes the fingerprints and photos of people getting background checks — and people applying to become permanent residents or naturalized citizens. As a result, the NGI system may not affect everyone equally. Instead, it likely includes a disproportionate number of African Americans, Latinos and immigrants.”

Research shows that these kinds of biases get programmed into biometric search systems.

A 2011 National Institute of Standards and Technologies study found that facial-recognition systems throughout the world perform better when they scan for people of ethnic backgrounds that are similar to those of the people who coded the search algorithm.

A 2012 study coauthored by a senior FBI technologist found biases in facial-recognition systems from three U.S. vendors: These programs “consistently performed 5­–10 percent worse on African Americans than on Caucasians.” These intrinsic prejudices are compounded by the fact that minority communities are incarcerated and surveilled at higher rates than their White counterparts.

The GAO report also found that the FBI failed to meet its reporting obligations under the Privacy Act of 1974 and the E-Government Act of 2002.

Specifically, it failed to detail the nature of the personal data being compiled until this May, after completion of the GAO review, arguing instead that a preexisting statement on its fingerprint program was sufficient. Moreover, the FBI failed to develop a Privacy Impact Assessment to describe how it would use personal information and what steps it would take to adhere to privacy-protection laws.

In short, the FBI has rushed to expand its investigative capacities, leaving little time for proper public scrutiny. As the ACLU’s Jay Stanley notes, “We have a mismatch here between the power and speed with which these technologies are being developed, and the oversight that they’re being subject to.”

Indeed, to safeguard people’s civil liberties, the FBI needs more oversight — not less.