Next Generation Identification - FBI
- DHS Open Government Report Reveals Increased Backlog and Use of Law Enforcement Exemptions: The Department of Homeland Security has released the 2013 Freedom of Information Act Report detailing the agencies attempts to comply with the federal open government law. The FOIA requires each agency to provide the numbers of requests received and processed, the time taken to respond, the outcome of each request, and other statistics. In 2013, the DHS reported a significant increase in its FOIA backlog, which rose from 28,553 unanswered requests in 2012 to 53,598 unanswered requests in 2013. Of the nine exemptions that an agency can invoke to withhold documents, DHS relied most heavily on exemption 7(C) (law enforcement records that if released would constitute an invasion of personal privacy) and 7(E) (law enforcement records that if released would disclose law enforcement techniques or procedures, which is significant because the DHS is not a law enforcement agency. DHS reported granting about 7% of requests for expedited processing. EPIC has prevailed in several FOIA lawsuits against DHS, and has also worked to reform the agency's FOIA processing practices for other requesters. For more information, see EPIC v. DHS - Body Scanner FOIA Appeal, EPIC v. DHS - Social Media Monitoring, and EPIC v. DHS - SOP 303. (Feb. 21, 2014)
The Federal Bureau of Investigation is developing a biometric identification database program called "Next Generation Identification" (NGI). When completed, the NGI system will be the largest biometric database in the world. The vast majority of records contained in the NGI database will be of US citizens. The NGI biometric identifiers will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and photographs. The system will include facial recognition capabilities to analyze collected images. Millions of individuals who are neither criminals nor suspects will be included in the database. Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Drivers license photos and other biometric records collected by civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras. The Department of Homeland Security has expended hundreds of millions of dollars to establish state and local surveillance systems, including CCTV cameras that record the routine activities of millions of individuals. There are an estimated 30 million surveillance cameras in the United States. The NGI system will be integrated with CCTV cameras operated by public agencies and private entities.
The NGI database will be used for both law enforcement and non-law enforcement purposes. It will be available to law enforcement agencies at the local, state, and federal level. But it will also be available to private entities, unrelated to a law enforcement agency. Using facial recognition on images of crowds, NGI will enable the identification of individuals in public settings, whether or not the police have made the necessary legal showing to compel the disclosure of identification documents. The New York City Police Department began scanning irises of arrestees in 2010; these sorts of records will be entered into NGI. The Mobile Offender Recognition and Information System (“MORIS”), a handheld device, allows officers patrolling the streets to scan the irises and faces of individuals and match them against biometric databases. Similarly, children in some school districts are now required to provide biometric identifiers, such as palm prints, and are also subject to vein recognition scans. Clear, a private company offering identity services based on biometric identifiers, attempted to sell the biometric database of its users after its parent company, Verified Identity Pass, declared bankruptcy. The transfer of the biometric database was blocked by a federal district court judge.
There is a substantial risk that personally identifiable information could be lost or misused as a result of the creation of the NGI system. Among the private contractors involved in the deployment of NGI are Lockheed Martin, IBM, Accenture, BAE Systems Information Technology, Global Science & Technology ("GST"), Innovative Management & Technology Services ("IMTS"), and Platinum Solutions. Arizona, Hawaii, Kansas, Maryland, Michigan, Missouri, Nebraska, New Mexico, Ohio, South Carolina, and Tennessee are actively participating in the NGI program. The FBI is pursuing an aggressive deployment of the NGI program, scheduled for completion and full deployment by 2014.
As a centralized government database containing sensitive personal and biometric data on millions of individuals, NGI poses a major threat to privacy rights. Individuals anywhere, and especially those protected by the U.S. Constitution, have "the right to be left alone" (as Justice Brandeis declared over 120 years ago). This means that without individualized suspicion of wrongdoing, no one's personal information should be retained in a law enforcement database without that individual's consent. NGI goes beyond merely storing random pieces of data collected from various law enforcement agencies. Rather, the FBI will use the program to affirmatively seek out and aggregate as many photos, voice prints, and biometric data as possible to create the most comprehensive database in the world. Such data will be vulnerable to misuse by misguided officials, abuse by ill-intentioned government agents, and unauthorized disclosure through data breaches.
- FBI's First Release
- FBI's Second Release
- FBI's Third Release
- FBI's Fourth Release (Feb. 16, 2016)
- Fifth Release (May 10, 2016)
- EPIC v. FBI - NGI FOIA lawsuit
- EPIC: Biometric Identifiers
- EPIC: Open Government
- EPIC: Face Recognition
- EPIC: Secure Communities
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
Communications Law and Policy
Jerry Kang and Alan Butler