Jeramie D. Scott Archives

Recently in Jeramie D. Scott Category

September 9, 2015

Commercial Drones and Privacy

Jeramie Scott image

In 2012 Congress passed the FAA Modernization and Reform Act, which requires the FAA to integrate drones into the national airspace. Soon after this Act was passed, EPIC led a coalition of over 100 experts and organizations in petitioning the FAA to establish privacy protections prior to the deployment of commercial drones.

In November 2014, the FAA initially responded by denying to initiate a new rulemaking, but indicating it would consider privacy in the context of the agency's upcoming rulemaking on small commercial drones. The FAA ultimately backtracked on that statement in its notice of proposed rulemaking for small drones and decided not to consider privacy. EPIC subsequently filed suit in federal appeals court in Washington, DC for the agency's failure to protect the privacy of Americans.

It is important to address privacy as we integrate drones into the national airspace because one of the primary uses for drones will be the bulk collection of data in public spaces, often of the public. The public deserves to know upfront how drones are going to be used to collect data and not after the fact when reliance-based interests make it extremely hard to set rules protecting privacy even when supported by the majority of Americans. A PEW research poll earlier this year showed that an overwhelming majority of Americans thought that for both online and offline interactions being able to control who can get information about you and controlling what information is collected about you were important.

Drones are aerial surveillance platforms and they create the possibility of a surveillance infrastructure for the public space that rivals what the internet became for surveillance of our online activities.

Private industry has already begun collecting data in mass about the public through, for example, the use of license plate readers. Drones threaten to intensify this collection of data in public space. A marketing firm has already tested using drones to scan cellphone location data to use for targeted ads. It's not a far leap to think commercial industry might add facial and license plate recognition capabilities to drones to increase their ability to amass huge databases about the public to sell to local businesses, marketers, and law enforcement.

The result will be a constant tracking of our offline activities in the public space--where we go, who we are around, what activities we participate in. No longer will we be relatively anonymous in public. Our public activities will be collected, aggregated, and analyzed for opportunities to make money off the data of our lives and sold to law enforcement without the protections of judicial review.

It's clear some baseline privacy protections need to be implemented. In comments to the FAA, EPIC has recommended the following drone privacy rules for commercial operators:

  • Use and Data Retention Limitations: Data collected via drones should only be used for the specified purpose and only retained as long as necessary to fulfill this purpose.

  • Transparency and Public Accountability: There should be a publicly available repository of all commercial drone operators, drone operators should publicly list their collection, use, and retention policies, and independent audits should be conducted to ensure compliance.

  • Minimum Security Standards: Security standards should be established to prevent loss of positive control of drones and to prevent unauthorized access to the drone's surveillance capabilities and the data collected.

I've often heard opponents of commercial drone regulations suggest that any type of regulation will stifle innovation. To that I say that if you can't innovate around some basic privacy protections then you're not being very innovated.

February 12, 2015

DoD Claim that NSA in Compliance with Privacy Act Ring Hollow

Jeramie Scott image In August of 2013, the Department of Defense ("DoD") released a notice of proposed rulemaking ("NPRM"). The proposed rule "update[d] the established policies, guidance, and assigned responsibilities of the DoD Privacy Program pursuant to The Privacy Act . . . ." When an agency publishes a proposed rule, it has to take public comments on the rule and then consider those comments prior to releasing the final rule. EPIC, joined by a coalition of public interest organizations, filed comments for DoD's consideration.

At the time that the DoD's proposed rule was released, the Snowden revelations were just a few months old. Those revelations provided unparalleled insight into NSA's mass surveillance activity. The NSA is a DoD component subject to the proposed rule and, of course, to the Privacy Act of 1974. Through the review of the documents and news stories associated with the revelations, EPIC's coalition comments identified three NSA databases subject to the Privacy Act. And per the Privacy Act, these databases (known as "systems of records" in the Privacy Act) require a Systems of Record Notice (SORN) to the public. EPIC's coalition comments argued that there was no SORN for, at minimal, the following three databases:

  1. The US identifier database (see bottom of page 3) of "telephone numbers and electronic communications accounts/addresses/identifiers that NSA has reason to believe are being used by United States persons;"
  2. The database of contact lists the NSA retrieves from email address books and instant message "buddy lists;" and
  3. The NSA database containing information relating to social networks.

SORNs require an agency to publish a number of pieces of information related to the databases it maintains. This includes individuals covered by the database, the categories of records in the database, and the purpose of the database. Unfortunately, government agencies tend to use very broad language to describe these aspects of a database.

Just last month, the DoD published its final rule. The DoD's final rule responded to EPIC's coalition comments by claiming that the three databases described in our comments were already covered by an existing SORN, GNSA 18. Importantly, the DoD did not challenge the assertion that these NSA databases were systems of records subject to the Privacy Act.

As mentioned above, many parts of SORNs are often described in very broad terms thus allowing the DoD to claim everything under the sun is covered. There is one section though that requires a more specific description--the section on retrievability. Under this section, the agency must describe how information is retrieved from the database. GNSA 18 states, "Information is retrieved by individual's name, Social Security Number (SSN), and/or employee identification number." At minimal, this description fails to describe how information is retrieved from NSA's US identifier database.

Per a document signed off on by Attorney General Holder, titled, Procedures Used by NSA for Targeting Non-US Persons Reasonably Believed to Be Outside the US to Acquire Foreign Intelligence Pursuant to 702 FISC July 29, 2009, the "NSA maintains records of telephone numbers and electronic communications accounts/addresses/identifiers that NSA has reason to believe are being used by United States persons." Furthermore, "Prior to targeting, a particular telephone number or electronic communications account/address/identifier will be compared against those records in order to ascertain whether NSA has reason to believe that the telephone number or electronic communications account/address/identifier is being used by a United States person."

In contrast to what is stated in GNSA 18, the NSA compares telephone numbers and other identifiers (e.g. email) against the agency's database of U.S. person identifiers. This retrieval of information from the database via various identifiers is not covered by GNSA 18. Additionally, it is not covered by any other NSA SORN. This is a violation of the Privacy Act and DoD's privacy rules.

January 29, 2015

Police Body Cameras: Accountability or Public Surveillance?

Jeramie Scott image After the public protests following the decision in Ferguson not to indict Darren Wilson, President Obama announced a plan to spend $75 million dollars on police body cameras. If approved by Congress, the federal government will match state and local funding in an effort to add 50,000 cameras over the next three years. Many believe that the cameras will improve police accountability, but there are other issues to consider.

According to a Justice Department report, body cameras could improve officer professionalism, identify officers that abuse their authority, and help correct questionable police behavior. Recent studies of several police departments, including the Phoenix Police Department, suggest body cameras reduce complaints against the police and significantly lessen the use of force by officers. Body cameras can also help train and evaluate officer performance as well as ensure accurate evidence collection.

But, the cameras are not without their potential pitfalls. Police body cameras, like the cameras attached to many buildings, can be used for general surveillance of the public.

Cameras on police will routinely record all of the surroundings, not simply interactions with possible criminals. That means that police will routinely record the images of all people they pass on the sidewalk or street. It means also that the police will record all images of people in a crowd. Much of this information will then become available to supervisors, vendors and others for review and evaluation. A program to promote police accountability could easily become the basis for mass surveillance of the general public.

Mass surveillance undermines our expectation of privacy in public by permanently recording every detail of our actions. Individual public actions are barely noticed, but mass video surveillance creates a lasting record for infinite replay and scrutiny. The result is the chilling of our legal, constitutionally protected First Amendment activities.

There is also the possibility that body cameras could be coupled with facial recognition technology that will make it possible to identify people in public spaces even if they are not engaged in any suspicious activity. In Dubai, for example, the police will soon test Google Glass, connected to a database of facial images. The government says that it will help officers identify wanted criminals, but there is no reason the devices would not eventually be linked to general database of facial images. Similarly, the police in Britain are using facial recognition technology for both police body cameras and the six million CCTV cameras in the country. In both Dubai and the UK it seems likely that the absence of a match will increasingly provide the basis for suspicion.

The possibility that police body cameras in the United States will soon have similar cameras is not far fetched. In 2013, the Chicago Police Department deployed facial recognition technology to use on images from surveillance cameras and other sources. On a national level, the FBI already uses facial recognition to compare subjects in FBI investigations to millions of license and identification photos retained by state DMVs. The original purpose of ID and driver license photos was not for facial recognition. Over time, the use expanded. The FBI or other government agencies could just as easily try to tap into the wealth of images captured by body cameras worn by police.

The possibility that body cameras could expand government surveillance requires a number of questions to be answered before broad adoption: When will the recording occur? Who will have access to the recordings? What can the camera footage be used for? How long will the recordings be retained? The answers to these questions should be guided by the need for police accountability, not other law enforcement purposes.

When the Department of Homeland Security first proposed to provide grant money to state and local governments for fixed surveillance systems, the agency put forward clear privacy guidelines. Those guidelines included:

  1. Definition of appropriate use;
  2. Access rights for those whose images are identified;
  3. Security controls to protect against unauthorized access or use;
  4. Appropriate limits on the data collected;
  5. Monitoring of inappropriate uses;
  6. Retention policies that minimize the time data is retained;
  7. Adequate training of personnel with access to the systems; and
  8. Internal and external auditing.

The Obama administration should require a similar set of baseline policies and procedures for any law enforcement agency using federal funds for body cameras. These policies and procedures should clearly specify body cameras as a tool for police accountability only. The rest of the policies and procedures should be inline with this purpose.

Unfortunately, Eric Garner's untimely death showed us that video recordings alone will not improve police accountability. Police brutality and misconduct must be met with consequences for the officer(s) involved or body cameras will merely become a surveillance archive of our failure as a nation.

Police body cameras may help improve police relations with the public, but steps must also be taken to ensure that concerns about privacy are addressed. As body cameras increase, we must guard against expanding their use and remain focused on true police accountability.

May 20, 2014

FBI Oversight Hearing - Will we get some answers?

Jeramie Scott image The Senate Judiciary Committee is holding an oversight hearing of the FBI on Wednesday, May 21. There are plenty of things to oversee with respect to FBI's programs, but here are a couple questions that interest me.

What's the status of the various privacy assessments the FBI has committed to performing?

In a previous post, I detailed how documents obtained by EPIC through a Freedom of Information Act ("FOIA") request showed how the FBI was told in early 2012 that the agency needed to do a privacy assessment of its use of License Plate Readers ("LPRs"). The FOIA documents even showed that a rough draft of a privacy assessment had been created. There is no indication that the FBI ever finished its assessment of LPRs.

Similarly, the FBI doesn't seem intent on ever following through on its promise to renew its privacy assessment of facial recognition technology. Something the agency explicitly said it would do in a statement for the record for a hearing on facial recognition technology. I wrote about this issue in a previous blog post too. The short version is that the FBI is "working" on it. This privacy assessment must be the most thorough one ever because the FBI has been "working" on it since July 2012. The lack of an adequate privacy assessment of facial recognition hasn't stopped the FBI from using the technology for its Next Generation Identification program. Did I mention the FBI is willing to accept a 20% error rate for its facial recognition technology?

In the last oversight hearing back in July 2013, the then Director of the FBI, Robert Mueller, admitted that the FBI uses drones for domestic surveillance; furthermore, he indicated that the FBI did not do a privacy assessment prior to implementing the use of drones and did not establish procedures for the use of drones. Director Mueller stated that the FBI was in its initial stages of assessing the privacy implications and implementing some guidelines for the use of drones domestically. The FBI's track record suggests the agency is probably still at the initial stages of developing guidelines.

What is the Surveillance Program Integrated Reporting & Intelligence Tool ("SPIRIT")?

EPIC received a document as part of a larger request for information about the FBI's LPR program that described a central database of raw surveillance called SPIRIT. From the document, "The SPIRIT system will serve as the primary repository for raw investigative and intelligence data collected through surveillance methods across all operational programs, as well as provide for workflow automation relating to FBI surveillance information."

The SPIRIT database, as a repository of raw intelligence, probably requires a privacy assessment. There is none. Additionally, because of the nature of the information likely contained within the spirit database, it most likely also requires what is known as a Systems of Records Notice ("SORN"). There is not one of those either. A SORN is required by the Privacy Act of 1974 when a database has records in it that are retrievable by the name of an individual or some other unique identifier associated with a specific individual. Of course, the existence of an FBI database that contains all of its raw investigative and intelligence data raises a number of other questions too, not the least of which are:

  1. Who has access to the SPIRIT database?
  2. Does the database contain bulk surveillance?
  3. What are the privacy and civil liberty safeguards in place for this database?

There are numerous things for the Senate Judiciary Committee to oversee with respect to the FBI, but I hope some of the issues raised above get addressed.

April 7, 2014

The FBI is "Working" on an Updated Privacy Statement for Facial Recognition

Jeramie Scott imageFacial recognition technology presents a serious risk to privacy and civil liberties because it can so easily be deployed covertly, from a distance, and on a mass scale. There is little to no precautions that can be taken to prevent collection of one's image. Participation in society inevitably involves exposing one's face, whether it's on the public streets or through social media. Ubiquitous and near-effortless identification eliminates an individual's ability to control their identity and poses special risk to the First Amendment rights of free association and free expression, particularly for those who engage in lawful protests. The FBI's ever expanding use of facial recognition technology could render anonymous free speech virtually impossible.

For at least 10 years, the FBI has been testing and using facial recognition. This is evidenced by a February 19, 2004 Privacy Impact Assessment ("PIA") conducted by the FBI for the "Computer Aided Facial Recognition Project." The project sought to assist the University of Sheffield in its testing of a particular method of facial recognition. The PIA makes clear that the FBI wanted "to develop a semi-automated tool enabling FBI examiners to extract facial landmark measurements from question images (such as, bank Surveillance photos) and conduct one-on-one comparisons with known images of a suspect in custody."

More recently, the FBI has been working on incorporating facial recognition technology into its Next Generation Identification ("NGI") program. Through the NGI program, the FBI is developing a massive biometric identification database that, when completed, will be one of the world's largest. The vast majority of records contained in the NGI database will be of US citizens and millions of those records will be of individuals who are neither criminals nor suspects. The NGI database will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and facial images for the purpose of facial recognition.

The FBI deployed a facial recognition pilot as part of the NGI program in February 2012. The addition of facial recognition to NGI is set to be fully operational by the summer of 2014. The NGI program will allow image-based facial recognition searches of the FBI's national repository of criminal mugshots.

The use of facial recognition by the FBI does not stop with comparing suspects against criminal mugshots. The FBI has several Memorandums of Understanding (MOUs) with a number of state DMVs to allow facial recognition searches of the DMV's photo database. The DMV searches amount to a massive virtual line-up of millions of innocent Americans. This is particularly alarming given the FBI's willingness to accept a 20% error rate for facial recognition matches.

The FBI wants to keep pushing the number of use cases for facial recognition. In a 2010 slide deck by the FBI, it cites tracking subjects, identifying subjects in public datasets, and identifying subjects from images in seized systems as uses cases.

Despite the focus on facial recognition technology, the FBI has failed to fully address the privacy implications for the use of this technology. The FBI did conduct a "Privacy Impact Assessment (PIA) for the Next Generation identification (NGI) Interstate Photo System (IPS)" back in 2008, but the document is very limited in the issues raised by the use of facial recognition technology. The 2008 PIA is so lacking in its treatment of facial recognition technology that the FBI committed to updating it in its statement for the record at a Senate Subcommittee hearing in July 2012 on "What Facial Recognition Technology Means for Privacy and Civil Liberties."

Senator Franken, Chairman of the Subcommittee on Privacy, Technology and the Law, held the hearing to raise awareness about facial recognition, its current uses, and its potential to threaten our privacy and civil liberties. Senator Franken, in his opening statement, challenged the FBI to be a leader in addressing the privacy and civil liberty implications, stating, "I have called the FBI . . . here today to challenge them to use their position as leaders in their fields to set an example for others--before this technology is used pervasively." The FBI seemingly agreed to do just that.

In a statement for the record dated July 18, 2012, Jerome M. Pender, Deputy Assistant Director of the FBI's Criminal Justice Information Services Division, said that "the 2008 Interstate Photo System PIA is currently in the process of being renewed by way of a Privacy Threshold Analysis (PTA), with an emphasis on Facial Recognition." The purpose of the update was to "address all evolutionary changes since the preparation of the 2008 IPS PIA." Over a year and a half has passed, and no updated PTA or PIA has been completed yet.

EPIC filed a Freedom of Information Act (FOIA) request on February 28, 2014 for the updated facial recognition PTA and PIA. The FBI acknowledged EPIC's FOIA request on March 11, 2014. On March 19, 2014 the FBI informed EPIC that it could not fulfill the request for the updated PTA or PIA for facial recognition technology because "both documents are currently being drafted." As the FBI moves forward with facial recognition technology, it appears to be dragging its feet with respect to addressing the privacy implications of the technology.

The FBI has a habit of saying they will do a PIA or even starting a PIA but failing to actually follow through with it. I detailed in an earlier blog post how FOIA documents received by EPIC show that the FBI began drafting a PIA regarding its use of License Plate Readers back in early 2012, yet no PIA for LPRs is publicly available. Don't hold your breath for the FBI to finish a new PIA addressing facial recognition any time soon.

January 28, 2014

License Plate Readers - Will the FBI Ever Address Their Privacy Implications?

Jeramie Scott

The FBI has been testing and using automatic License Plate Readers (LPRs) for years, yet recently received Freedom of Information Act documents indicate that they still haven't fully addressed LPR's privacy implications.

As of March 2011, the Federal Bureau of Investigation has at least 1 federal agency, 10 state agencies, and 71 local agencies participating in License Plate Reader (LPR) projects that compare license plates against the National Crime Information Center (NCIC) database, a electronic clearinghouse of crime data run by the FBI. LPRs are often placed on top of law enforcement vehicles or at strategic locations like the entry points of bridges or tunnels.

In some cities, the placement of LPRs are so dense that they can effectively track a cars movement through the city. In DC, for example, there is roughly one LPR per square mile and roughly 1,800 images are captured every minute. The images captured by the LPRs are stored for various lengths of time depending on the agency that captures them. The DC police retain images for three years.

Earlier Freedom of Information Act documents obtained by EPIC show that Custom and Border Protection are using LPRs at the borders. More recent FOIA documents obtained by EPIC from the FBI indicate that despite years of use, the FBI still has not fully addressed the privacy implications.

On June 8, 2012 EPIC filed a FOIA request with the Department of Justice and its subagencies, including the FBI. EPIC's request asked for, among other things, any privacy impact assessments, privacy impact statements, and protocols performed, both past and present, for the LPR initiative.

EPIC did not receive any Privacy Threshold Analysis (PTA) or Privacy Impact Assessment (PIA)--two types of documents federal agencies use to assess the privacy impact of programs and technology used by the government. The PTA is specifically used to determine whether the privacy implications are great enough to warrant a more thorough assessment, which is done by performing a Privacy Impact Assessment.

The documents EPIC received show the Department of Justice's Privacy and Civil Liberties Unit considers license plates Personally Identifiable Information and that the FBI needed to do a PIA of the LPRs that would be made public.

Furthermore, the FOIA documents show that the FBI was actually working on a PIA for the LPRs in early 2012.

Nonetheless, EPIC did not receive a PIA regarding the FBI's LPR Program and none exists online as of this blog entry.

PIAs serve as a check against the encroachment on privacy by the government. They allows the public to see how new programs and technology the government implement affect their privacy and assess whether the government has done enough to mitigate the privacy risks. Despite years of use of LPRs by the FBI, they still have not informed the public how they will mitigate the privacy risks posed by license plate readers. Will they ever?

About this Archive

This page is an archive of recent entries written by Jeramie D. Scott.

Find recent content on the main index or look in the archives to find all content.