EPIC v. FBI - Privacy Assessments
- EPIC Urges House Oversight Committee to Explore FBI's Use of Biometric Data: EPIC has sent a letter to the House Committee on Oversight concerning "Law Enforcement's Use of Facial Recognition Technology." EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau proposed to exempt the database from Privacy Act protections. EPIC has filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense. (Mar. 21, 2017)
- FBI Responds to EPIC FOIA Suit for Details of Russian Interference with 2016 Election: The FBI has filed an answer to EPIC's Freedom of Information Act lawsuit for records pertaining to the Russian interference with the 2016 Presidential election. In the answer, the FBI acknowledged receipt of EPIC's FOIA request. EPIC filed suit against the FBI in federal district court after the agency failed to make a timely decision concerning EPIC's request for expedited processing of the FOIA request. The parties will next confer to set a schedule for production of documents and briefing, if necessary. EPIC has also filed suit against the ODNI for public release of the Complete ODNI Assessment of the Russian interference in the 2016 election. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (Feb. 23, 2017) More top news »
On June 4, 2014, EPIC filed a Freedom of Information Act (FOIA) request with the Federal Bureau of Investigation (FBI) for all its Privacy Impact Assessments (PIAs) that are not currently publicly available as well as all the Initial Privacy Assessment (IPA) and Privacy Threshold Analysis (PTA) documents since January 2007. The PTAs, and later the IPAs, are used to determine whether a more thorough PIA is required for the use of new information technology.
Over the past several years, the FBI has indicated it was going to do a number of PIAs that of the writing of this FOIA request are not publicly available. On July 18, 2012, the Senate Subcommittee on Privacy, Technology and the Law held a hearing on "What Facial Recognition Technology Means for Privacy and Civil Liberties". At that hearing, Jerome Pender, the Deputy Assistant Director of the Information Services Branch for Criminal Justice Information Services Division of the FBI, was one of the witnesses. In his statement for the record, Mr. Pender stated, "the 2008 Interstate Photo System PIA is currently in the process of being renewed by way of Privacy Threshold Analysis (PTA), with an emphasis on Facial Recognition. An updated PIA is planned and will address all evolutionary changes since the preparation of the 2008 IPS PIA." No updated PTA, IPA, or PIA is publicly available regarding the FBI's use of facial recognition technology.
On June 19, 2013, the Senate Judiciary Committee held a hearing on "Oversight of the Federal Bureau Investigation." During the hearing, FBI Director Robert Mueller had the following exchange with Senator Chuck Grassley:
Sen. Grassley: Does the FBI own or currently use drones and if so, for what purpose?
Director Mueller: Yes, and for surveillance.
Later during that same exchange, Senator Grassley asked whether the FBI uses drones for domestic surveillance and whether the FBI had considered the privacy impact of its use of drones.
Sen. Grassley: So instead of asking a question, I think I can assume since you do use drones, that the FBI has developed a set of policies, procedures, and operational limits on the use of drones. And whether or not any privacy impact on American citizens?
Director Mueller: We are in the initial stages of doing that. I will tell you that our footprint is very small, we have very few, and of limited use, and we are exploring not only the use but also the necessary guidelines for that use.
Sen. Grassley: Does the FBI use drones for surveillance on U.S. soil.
Director Mueller: Yes.
No PTA, IPA, or PIA is publicly available regarding the FBI's use of drones.
In FOIA documents received by EPIC last year, an email from early 2012 indicates that the FBI is required to do a PIA for its license plate reader ("LPR") program and make the document publicly available. A separate email indicated a draft PIA existed for the LPR program. Two years later, no PTA, IPA, or PIA for the FBI's LPR program is publicly available.
The E-Government Act of 2002 requires agencies to perform Privacy Impact Assessments for new information technology collects personally identifiable information. As the Department of Justice notes in its guidance to DOJ components, the PIA "helps promote trust between the public and the Department increasing transparency of the Department’s systems and missions."
EPIC has long worked to bring transparency and accountability to the efforts of law enforcement to use new surveillance and information technology that collects and stores personal information about citizens. EPIC previously requested FOIA documents regarding the FBI’s Facial Analysis Comparison and Evaluation (FACE) Services unit. In response to the FOIA request, EPIC received a PTA that indicated a PIA was required by the E-Government Act, but no PIA is publicly available for the FACE Services unit.
In June 2013 comments to the Department of Homeland Security, EPIC urged DHS to conduct a comprehensive privacy impact assessment on the Office of Biometric Identity Management’s plan to collect biometrics at ports of entry to the United States. More recently, EPIC organized a coalition letter to the Attorney General opposing the expansion of the FBI’s Next Generation Identification program and urging the Justice Department to conduct a Privacy Impact Assessment on the program before moving forward.
Privacy assessments are a critical part of assessing the level of intrusiveness new technologies could have on ordinary citizens. The assessments are required by law and provide transparency to the public. EPIC’s FOIA litigation is designed to reveal where this transparency is lacking and highlight those privacy-evasive programs that still lack proper assessments of their impact on privacy.
On June 4, 2014, EPIC submitted a FOIA request asking for:
(1) All Privacy Impact Assessments the FBI has conducted that are not publicly available at http://www.fbi.gov/foia/privacy-impact-assessments/department-of-justice-federal-bureau-of-investigation.
(2) All Privacy Threshold Analysis documents and Initial Privacy Assessments the FBI has conducted since 2007 to present.
- EPIC FOIA Request (June 4, 2014)
- FBI FOIA Production
- First Interim Production
- Second Interim Production
- PIA for Foreign Terrorist Tracking Force/National Security Analysis Center
- PIA for Innocence Lost Database
- Unknown PIA Withheld in Full (Deleted Page Information Sheet)
- PIA for Terrorist Screening Center - Terrorist Screening Database
- Third Interim Production
- Privacy Threshold Analysis Documents 1 0f 4
- Privacy Threshold Analysis Documents 2 0f 4
- Privacy Threshold Analysis Documents 3 0f 4
- Privacy Threshold Analysis Documents 4 0f 4
- Fourth Interim Production (Mar. 18, 2015)
- Part 1
- Part 2
- Part 3
- Part 4
- Part 5
- Part 6
- Part 7
- Part 8
- Part 9
- Part 10
- Part 11
- Part 12
- Part 13
- Part 14
- Fifth Interim Production (April 17, 2015)
- Sixth Interim Production (May 19, 2015)
- Seventh Interim Production (June 16, 2015)
- Eighth and Final Production (Jan. 11, 2016)
EPIC v. Federal Bureau Of Investigation, Case No. 14-cv-01311 (D.D.C. filed Aug., 1, 2014)
- Court Opinion and Order (Feb. 21, 2017)
- EPIC's Complaint (August 1, 2014)
- FBI's Stay Motion (October 8, 2014)
- Order Granting FBI Stay Motion (October 8, 2014)
- FBI's Document Production Status Report (December 15, 2014)
- FBI's Document Production Status Report (January 15, 2015)
- FBI's Document Production Status Report (February 12, 2015)
- FBI's Document Production Status Report (March 12, 2015)
- FBI's Document Production Status Report (April 13, 2015)
- FBI's Document Production Status Report (May 13, 2015)
- FBI's Document Production Status Report (June 15, 2015)
- FBI's Document Production Status Report (August 17, 2015)
- Joint Status Report (September 15, 2015)
- FBI's Answer (March 10, 2016)
- FBI's Motion for Summary Judgment (April 22, 2016)
- Statement of Material Facts
- Exhibit 1: Declaration of David M. Hardy
- Exhibit A-O
- Exhibit P
- Exhibit Q
- EPIC Cross Motion and Opposition (June 3, 2016)
- FBI Opposition and Reply (June 30, 2016)
- Department of Justice/FBI Privacy Impact Assessments
- OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002
- DOJ Privacy Impact Assessments: Official Guidance
- DOJ Initial Privacy Assessment (IPA) Instructions & Template
- Shawn Musgrave Do the FBI’s Drones Invade Your Privacy? Sorry, That’s Private Motherboard (July 24, 2014)
- Brianna Ehley FBI’s Billion Dollar Facial Recognition Falls Short of Facebook’s Fiscal Times (July 11, 2014)
- Tom Risen Could the FBI See Your Selfies? U.S. News (July 8, 2014)
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
by Ryan Calo, A. Michael Froomkin,