EPIC v. FBI (Biometric Data Transfer Agreements)
- EPIC Urges House Oversight Committee to Investigate FBI's Use of Facial Recognition: EPIC has sent a statement to the House Committee on Oversight concerning Facial Recognition Technology. EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau also proposed to exempt the database from Privacy Act protections. EPIC has sued the FBI for information about the agency's plans to transfer biometric data to the Department of Defense. (May. 21, 2019)
- EPIC Urges FBI to Limit Fingerprint-Based Background Checks: In response to a request for comments, EPIC has urged the FBI to expand its use of name-based — rather than fingerprint-based — background checks for noncriminal purposes, such as employment. The FBI currently uses fingerprints, stored in the Next Generation Identification (NGI) database, to conduct non-criminal background checks. "Names checks" were only conducted for individuals whose fingerprints failed the NGI matching requirements. EPIC told the FBI that the "name-based background check accomplishes the same purpose as the fingerprint-based background check without requiring the collection of sensitive biometric information." EPIC has opposed the expansion of the NGI system for non-law enforcement purposes. EPIC has also pursued a series of Freedom of Information Act requests to assess the reliability of the NGI system. (Jan. 9, 2018) More top news »
The FBI developed and maintains a biometric identification program called “Next Generation Identification” (“NGI”). The Bureau describes NGI as “the world’s largest and most efficient electronic repository of biometric and criminal history information.” The FBI developed NGI as a successor to the Integrated Automated Fingerprint Identification System (“IAFIS”), a program started in July 1999 that provided to law enforcement “automated tenprint [fingerprint] and latent fingerprint searches, electronic image storage, electronic exchanges of fingerprints and responses, as well as text-based searches based on descriptive information.” In NGI, the FBI incorporated all of the capabilities and data of IAFIS, along with additional capabilities such as the ability to quickly and easily store and search for new forms of biometric data, including iris scans and face-prints.
Since 2014, the FBI has been using NGI at “full operational capability.”
With NGI, the FBI will expand the number of uploaded photographs and provide investigators with “automated facial recognition search capability.” The FBI intends to do this by eliminating restrictions on the number of submitted photographs (including photographs that are not accompanied by tenprint fingerprints) and allowing the submission of non-facial photographs (e.g. scars or tattoos). The FBI also widely disseminates this NGI data. According to the FBI’s latest NGI fact sheet, 24,510 local, state, tribal, federal and international partners submitted queries to NGI in September 2016.
Widespread deployment of facial recognition technology presents a number of significant privacy and security issues. Facial recognition data is personally identifiable information and improper collection, storage, and use of this information can result in identity theft or inaccurate identifications. Additionally, an individual's ability to control access to his or her identity, including determining when to reveal it, is an essential aspect of personal security that facial recognition technology erodes. Ubiquitous and near-effortless identification eliminates individuals’ ability to control their identities, posing special risk to protestors engaging in lawful, anonymous free speech. The U.S. Supreme Court has repeatedly upheld the right to engage in political speech anonymously. See, e.g., Buckley v. American Constitutional Law Foundation, 525 U.S. 182 (1999); Talley v. California, 362 U.S. 60 (1960); NAACP v. Alabama, 357 U.S. 449 (1958). For these reasons, it is vital that the deployment of facial recognition technology be done in a transparent way to ensure adequate public oversight.
One of the FBI’s stated initiatives is for the Bureau, through NGI, to exchange information with other data repositories in real or near-real time. NGI is currently capable of such information transfers with the Automated Biometric Identification System (“ABIS”), a biometric program run by the DOD.
The FBI has acknowledged the existence of a memorandum of understanding, dated September 10, 2009, between the FBI and the DOD pertaining to the transfer of biometric data and other identity management information.
As a centralized government database containing sensitive personal and biometric data on millions of individuals, NGI poses a major threat to privacy rights. Individuals anywhere, and especially those protected by the U.S. Constitution, have “the right to be left alone” (as Justice Brandeis declared over 120 years ago). This means that without individualized suspicion of wrongdoing, no one's personal information should be retained in a law enforcement database without that individual's consent. NGI goes beyond merely storing random pieces of data collected from various law enforcement agencies. Rather, the FBI will use the program to affirmatively seek out and aggregate as many photos, voice prints, and biometric data as possible to create the most comprehensive database in the world. Such data will be vulnerable to misuse by misguided officials, abuse by ill-intentioned government agents, and unauthorized disclosure through data breaches.
In the 2012 case, EPIC v. FBI, EPIC filed a FOIA lawsuit to obtain documents pertaining to NGI. EPIC successfully obtained NGI records from the agency, as well as attorney’s fees for work on the litigation. According to one of the FOIA documents, “NGI shall return an incorrect candidate a maximum of 20% of the time,” a number much greater than expected.
Recently on May 27, 2016, EPIC and a coalition of civil rights, privacy, and transparency groups urged the Department of Justice to extend the public comment period for the FBI’s Next Generation Identification database. The FBI database contains biometric data, such as fingerprint and retinal scans, on millions of Americans and raises significant privacy risks. The FBI is proposing to exempt the database from Privacy Act obligations, including legal requirements to maintain accurate records, permit individual access, and provide civil remedies.
- EPIC FOIA Request (April 2, 2015)
- FBI Acknowledgment (April 13, 2015)
- EPIC Administrative Appeal (Aug. 11, 2015)
- FBI Appeal Acknowledgment (Aug. 21, 2015)
- FBI Appeal Denial (Aug. 31, 2015)
- FBI Consultation Notice (Sept. 1, 2015)
- Released Documents
- Mark Reynolds, eWave: Hunt is on for Pixel-Perfect Criminal IDs, Providence Journal (Dec. 7, 2013)
- Jim Stenman, Embracing Big Brother: How Facial Recognition Could Help Fight Crime, CNN (Nov. 22, 2013)
- The Economist, The People's Panopticon (Nov. 16, 2013)
- Ali Winston, Facial Recognition, Once a Battlefield Tool, Lands in San Diego County, Center for Investigative Reporting (Nov. 7, 2013)
- J.D. Tuccille, Wrong Person May Be Identified 20 Percent of the Time With Facial Recognition Software, Reason (Oct. 8, 2013)
- Ginger McCall, The Face Scan Arrives, N.Y. Times Op-Ed (Aug. 29, 2013)
- Charlie Savage, Facial Scanning Is Making Gains in Surveillance, N.Y. Times (Aug. 21, 2013)
- Natasha Lennard, Government Developing Facial Recognition Surveillance Software, Salon (Aug. 21, 2013)
- Addy Dugdale, The FBI Banks $1 Billion For Facial Recognition Tech , Fast Company (Sept. 7, 2012)
- Michael Kelley, The FBI's Nationwide Facial Recognition System Ends Anonymity As We Know It, Business Insider (Sept. 10, 2012)
- Kevin Lee, The FBI's Next Generation Identification Program Could Spot Faces in a Crowded Street, PC World (Sept. 11, 2012)
- Charlie Osborne, FBI Launches $1B ID Search Program, ZDNet (Sept. 10, 2012)
- Aliya Sternstein, Eye on Crime: The FBI is Building a Database of Iris Scans, Nextgov (June 27, 2012)
- Andrew Rosenthal, Invading Your Privacy, NYT Editorial Page (Mar. 26, 2012)
- Erik Sofge, FBI's Next-Gen ID Databank to Store Face Scans--A Good Idea?, Popular Mechanics (June 30, 2008)
- Grant Gross, Lockheed Wins 10-year FBI Biometric Contract, Washington Post (Feb. 13, 2008)
- Ellen Nakashima, FBI Prepares Vast Database of Biometrics, Washington Post (Dec. 22, 2007)
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.