EPIC v. FBI (Biometric Data Transfer Agreements)
US District Court for the District of Columbia
The FBI developed and maintains a biometric identification program called “Next Generation Identification” (“NGI”). The Bureau describes NGI as “the world’s largest and most efficient electronic repository of biometric and criminal history information.” The FBI developed NGI as a successor to the Integrated Automated Fingerprint Identification System (“IAFIS”), a program started in July 1999 that provided to law enforcement “automated tenprint [fingerprint] and latent fingerprint searches, electronic image storage, electronic exchanges of fingerprints and responses, as well as text-based searches based on descriptive information.”In NGI, the FBI incorporated all of the capabilities and data of IAFIS, along with additional capabilities such as the ability to quickly and easily store and search for new forms of biometric data, including iris scans and face-prints.
Since 2014, the FBI has been using NGI at “full operational capability.”
With NGI, the FBI will expand the number of uploaded photographs and provide investigators with “automated facial recognition search capability.” The FBI intends to do this by eliminating restrictions on the number of submitted photographs (including photographs that are not accompanied by tenprint fingerprints) and allowing the submission of non-facial photographs (e.g. scars or tattoos).The FBI also widely disseminates this NGI data. According to the FBI’s latest NGI fact sheet, 24,510 local, state, tribal, federal and international partners submitted queries to NGI in September 2016.
Widespread deployment of facial recognition technology presents a number of significant privacy and security issues. Facial recognition data is personally identifiable information and improper collection, storage, and use of this information can result in identity theft or inaccurate identifications. Additionally, an individual’s ability to control access to his or her identity, including determining when to reveal it, is an essential aspect of personal security that facial recognition technology erodes. Ubiquitous and near-effortless identification eliminates individuals’ ability to control their identities, posing special risk to protestors engaging in lawful, anonymous free speech. The U.S. Supreme Court has repeatedly upheld the right to engage in political speech anonymously. See, e.g., Buckley v. American Constitutional Law Foundation, 525 U.S. 182 (1999); Talley v. California, 362 U.S. 60 (1960); NAACP v. Alabama, 357 U.S. 449 (1958). For these reasons, it is vital that the deployment of facial recognition technology be done in a transparent way to ensure adequate public oversight.
One of the FBI’s stated initiatives is for the Bureau, through NGI, to exchange information with other data repositories in real or near-real time. NGI is currently capable of such information transfers with the Automated Biometric Identification System (“ABIS”), a biometric program run by the DOD.
The FBI has acknowledged the existence of a memorandum of understanding, dated September 10, 2009, between the FBI and the DOD pertaining to the transfer of biometric data and other identity management information.
As a centralized government database containing sensitive personal and biometric data on millions of individuals, NGI poses a major threat to privacy rights. Individuals anywhere, and especially those protected by the U.S. Constitution, have “the right to be left alone” (as Justice Brandeis declared over 120 years ago). This means that without individualized suspicion of wrongdoing, no one’s personal information should be retained in a law enforcement database without that individual’s consent. NGI goes beyond merely storing random pieces of data collected from various law enforcement agencies. Rather, the FBI will use the program to affirmatively seek out and aggregate as many photos, voice prints, and biometric data as possible to create the most comprehensive database in the world. Such data will be vulnerable to misuse by misguided officials, abuse by ill-intentioned government agents, and unauthorized disclosure through data breaches.
In the 2012 case, EPIC v. FBI, EPIC filed a FOIA lawsuit to obtain documents pertaining to NGI. EPIC successfully obtained NGI records from the agency, as well as attorney’s fees for work on the litigation. According to one of the FOIA documents, “NGI shall return an incorrect candidate a maximum of 20% of the time,” a number much greater than expected.
Recently on May 27, 2016, EPIC and a coalition of civil rights, privacy, and transparency groups urged the Department of Justice to extend the public comment period for the FBI’s Next Generation Identification database. The FBI database contains biometric data, such as fingerprint and retinal scans, on millions of Americans and raises significant privacy risks. The FBI is proposing to exempt the database from Privacy Act obligations, including legal requirements to maintain accurate records, permit individual access, and provide civil remedies.
- EPIC FOIA Request (April 2, 2015)
- FBI Acknowledgment (April 13, 2015)
- EPIC Administrative Appeal (Aug. 11, 2015)
- FBI Appeal Acknowledgment (Aug. 21, 2015)
- FBI Appeal Denial (Aug. 31, 2015)
- FBI Consultation Notice (Sept. 1, 2015)
- Released Documents
- FBI Memorandums of Understanding
- Supplemental Release: FBI, DOD, DOS Memorandum of Understanding
Legal Documents, (D.D.C., Case No. 16-2237)
- Mark Reynolds, eWave: Hunt is on for Pixel-Perfect Criminal IDs, Providence Journal (Dec. 7, 2013)
- Jim Stenman, Embracing Big Brother: How Facial Recognition Could Help Fight Crime, CNN (Nov. 22, 2013)
- The Economist, The People’s Panopticon (Nov. 16, 2013)
- Ali Winston, Facial Recognition, Once a Battlefield Tool, Lands in San Diego County, Center for Investigative Reporting (Nov. 7, 2013)
- J.D. Tuccille, Wrong Person May Be Identified 20 Percent of the Time With Facial Recognition Software, Reason (Oct. 8, 2013)
- Ginger McCall, The Face Scan Arrives, N.Y. Times Op-Ed (Aug. 29, 2013)
- Charlie Savage, Facial Scanning Is Making Gains in Surveillance, N.Y. Times (Aug. 21, 2013)
- Natasha Lennard, Government Developing Facial Recognition Surveillance Software, Salon (Aug. 21, 2013)
- Addy Dugdale, The FBI Banks $1 Billion For Facial Recognition Tech , Fast Company (Sept. 7, 2012)
- Michael Kelley, The FBI’s Nationwide Facial Recognition System Ends Anonymity As We Know It, Business Insider (Sept. 10, 2012)
- Kevin Lee, The FBI’s Next Generation Identification Program Could Spot Faces in a Crowded Street, PC World (Sept. 11, 2012)
- Charlie Osborne, FBI Launches $1B ID Search Program, ZDNet (Sept. 10, 2012)
- Aliya Sternstein, Eye on Crime: The FBI is Building a Database of Iris Scans, Nextgov (June 27, 2012)
- Andrew Rosenthal, Invading Your Privacy, NYT Editorial Page (Mar. 26, 2012)
- Erik Sofge, FBI’s Next-Gen ID Databank to Store Face Scans–A Good Idea?, Popular Mechanics (June 30, 2008)
- Grant Gross, Lockheed Wins 10-year FBI Biometric Contract, Washington Post (Feb. 13, 2008)
- Ellen Nakashima, FBI Prepares Vast Database of Biometrics, Washington Post (Dec. 22, 2007)
Support Our Work
EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.Donate