A diverse range of organizations including Amnesty International USA, Uber and Lyft, as well as the Electronic Frontier Foundation and American Civil Liberties Union, published a letter this week urging the rejection of a plan to exempt the FBI’s biometrics database from provisions of the Privacy Act.
The “Next Generation Identification” (NGI) database, as it is known, contains DNA profiles, finger and palm prints, and face recognition and iris scans that the Federal Bureau of Investigation has been stockpiling since 2008. While the database includes records on convicted criminals, millions of law-abiding citizens’ records are also swept up for things like background checks and state licensing requirements.
“The NGI system uses some of the most advanced surveillance technologies known to humankind, including facial recognition, iris scans, and fingerprint recognition,” the letter states. “It runs on a database holding records on millions of Americans, including millions who have never been accused of a crime.”
According to the Washington Post, the NGI database contains over 100 million fingerprints and over 45 million face photos. Signatories of the letter opposing the rule change say it is being rushed through without sufficient time for the public to weigh in, and that the FBI is asking “to be exempt from Privacy Act rules that would let people find out whether they’re in the NGI database, whether their profile has been shared with other parts of the government, and whether their profile is accurate or full of errors.”
The letter also notes that “a body of research – including research authored by FBI personnel – suggests that some of the biometrics at the core of NGI, like facial recognition, may misidentify African Americans, young people, and women at higher rates than whites, older people, and men, respectively.”
Indeed, Electronic Frontier Foundation senior staff attorney Jennifer Lynch describes the face-recognition technology employed by the FBI as “notoriously inaccurate across the board” and notes that “NGI’s disparate impact is not limited to facial recognition inaccuracy because FBI records as a whole are also notoriously unreliable.”
“The big concern is that the FBI is proposing to exempt NGI from any requirement that they update or correct data about somebody in the future,” Lynch reportedly said.
In response to these criticisms, the FBI and Justice Department reportedly told the Post that both agencies “take very seriously their strict compliance with the Constitution, federal law particularly the Privacy Act, and their own policies regarding the free exercise of constitutional rights.”
After sending the letter questioning the rule change, representatives of several of its signing organizations weighed in on the issues involved. Jeramie Scott, national security counsel for the Electronic Privacy Information Center, reportedly said that the proposed exemption “makes it harder for people to understand what the FBI is using this data for, to access this data to make sure its correct, and to have some type of civil remedy if, because of the FBI’s NGI database, they are somehow harmed by the FBI’s use of that data.”
Alvaro Bedoya, executive director of the Center on Privacy and Technology at Georgetown Law, reportedly told the Christian Science Monitor that where the Privacy Act requires disputes over corrections to errors to be resolved within a set time frame of a few months, the “alternate system has no timeline for corrections.”
ACLU legislative counsel Neema Singh Guliani, meanwhile, reportedly said that “the FBI should abandon this misguided proposal, and instead focus on providing greater transparency and accountability into its current practices.”