FBI Doesn't Want Privacy Laws To Apply To Its Biometric Database
from the and-doesn't-want-to-let-citizens-know-how-THEIR-privacy-is-affected dept
The FBI has been building a massive biometric database for the last eight years. The Next Generation Identification System (NGIS) starts with millions of photos of criminals (and non-criminals) and builds from there. Palm prints, fingerprints, iris scans, tattoos and biographies are all part of the mix.
Despite having promised to deliver a Privacy Impact Assessment of the database back in 2012, the FBI's system went live towards the end of 2014 without one. That's a big problem, considering the database's blend of guilty/innocent Americans, along with its troublesome error rate. The FBI obviously hopes the false positive rate will continue to decline as tech capabilities improve, but any qualms about bogus hits have been placed on the back burner while the agency dumps every piece of data it can find into the database.
The FBI has shown little motivation to address Americans' privacy concerns by providing an updated Impact Assessment (the one it does have dates back to the program's inception in 2008), but has wasted no time in alerting legislators about its own privacy concerns.
On Thursday, the Justice Department agency plans to propose the database be exempt from several provisions of the Privacy Act -- legislation that requires federal agencies to share information about the records they collect with the individual subject of those records, allowing them to verify and correct them if needed.The DOJ's comments reflect the FBI's desire to keep its newest tracking toy as secret as possible. It asks for a number of exceptions and justifies those with the same excuses it uses to withhold information from both courts and FOIA requesters.
First, there's the always-popular "but the bad guys will win" excuse.
[M]aking available to a record subject the accounting of disclosures from records concerning him/her would specifically reveal investigative interest by the FBI or agencies that are recipients of the disclosures. Revealing this information could compromise ongoing, authorized law enforcement and national security efforts and may permit the record subject with the opportunity to evade or impede the investigation.This is the FBI's request for a legislator-approved, pre-emptive blanket Glomar, which will allow the FBI to continue to amass biometric records while drastically decreasing any citizen's attempt to see how much data the agency has amassed on them.
[...]
Providing access could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another’s personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.
Beyond that, the FBI wants to be allowed to keep or destroy records as it sees fit. Again, this will help limit successful database inclusion challenges from concerned citizens. But the DOJ portrays complying with Privacy Act provisions as completely unfeasible.
[Exempt] from subsection (e)(5) because in the collection of information for authorized law enforcement purposes it is impossible to determine in advance what information is accurate, relevant, timely and complete. With time, seemingly irrelevant or untimely information may acquire new significance when new details are brought to light. Additionally, the information may aid in establishing patterns of activity and providing criminal leads. Most records in this system are acquired from state and local law enforcement agencies and it would be impossible for the FBI to vouch for the compliance of these agencies with this provision.In sum, the FBI wants to amass a database of biometric information -- one that dumps non-criminals and criminals into the same pool of "possible suspects" -- that includes records from other agencies the FBI doesn't feel confident enough to vouch for, but has no problems using to perform investigations, deny positions to federal job applicants, etc. It would also like to ensure no one included in the database ever has access to the massive amount of information the agency has collected -- some of it unvetted -- that has the power to alter their futures drastically.
And it wants this all without living up to its own responsibilities -- like delivering its required Privacy Impact Assessment. Instead, it's arguing that the American public should be at the mercy of a database controlled by a secretive agency, one that appears to care far more for quantity than quality.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: biometric database, biometrics, fbi, fingerprints, ngis, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
Limits are for the little people
In other words neither guilt or innocence, an active investigation or no investigation at all should matter, they should be able to grab and store everything for as long as they want just in case something in the pile might become important down the road.
Using that logic absolutely nothing would be off-limits, as anything might be relevant at some point down the line, so best grab it all just in case.
While the best case scenario would be the database itself not existing, if the politicians are too spineless to tell them they can't have their collection I'd hope they at least have enough spine to insist that no, they absolutely do have to follow the rules, so that when the FBI ignores them and violates the law anyway they at least have to spend a bit more work trying to hide it.
[ link to this | view in chronology ]
Re: Limits are for the little people
They need even more unnacountable powers to ruin more lives out of spite.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
LOL @ Privacy Impact Assessment(s)
[ link to this | view in chronology ]
Re: LOL @ Privacy Impact Assessment(s)
Fuck back off to Facebook HQ.
[ link to this | view in chronology ]
Re: Re: LOL @ Privacy Impact Assessment(s)
You have no privacy. Please hear that... YOU HAVE NO PRIVACY ANYMORE, but I am not going to tell you to get over it, Im going to tell you to get mad and do something. Exactly what that something is is up to you. No violence please.
[ link to this | view in chronology ]
Re: Re: Re: LOL @ Privacy Impact Assessment(s)
Not true. While it's true that privacy has been severely curtailed, and it's also true that you have to be proactive about maintaining what privacy you have left, you do have privacy left.
"Im going to tell you to get mad and do something."
If that's your goal, you should rethink your tactic. Screaming that there is no privacy anymore doesn't encourage most people to do anything. Just the opposite -- it tells people "you are doomed", which makes them more likely to just give up.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
no person
[ link to this | view in chronology ]
Threatening to sue (aka blackmailing) people they deduce have provided 'inaccurate' information? "Hmm, we see here that in telecon 01/02/2017 11:26 pm you claimed to your spouse that you were at the office, whereas our LPR places you at a downtown hotel at the same time. Do you want to pay us to correct your database entries or should we sue you in open court for fraudulent misrepresentation to law enforcement and wasting LEO time? Hmm? Hmm? No worries, we'll give you 10 sec to think about it. I'm sorry what was that? Oh, we do take Amex, yes we do"
[ link to this | view in chronology ]
Re:
FBI - We need more funding to keep violating the rights of Americans, because you know... Terrorism.
Congress Critter - Can't, nothing left
FBI - You know it would be a shame if we press released your location when your wife was sick in the hospital
Congress Critter - Sigh ~ I guess we can cut something from NASA's budget.
[ link to this | view in chronology ]
The first question is...
The financial opportunities alone for this data are just enormous. Forget about any law enforcement usefulness, this information will be perfect to bribe or control all sorts of public officials including Senators, Presidents, NSA officials, etc.
[ link to this | view in chronology ]
We're having difficulty finding the terrorist needle in the haystack. Let us have a BIGGER haystack, 'cause that will make it easier to find the needle. Don't worry if a lot of it is really weeds and dirt; that just means there's less hay to sort through.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Law Enforcement. . .
Any Law Enforcement Agency that doesn't obey the law or the judicial branch, should be seen for what it really is... A Criminal Enterprise!
[ link to this | view in chronology ]
*rimshot*
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Why is everything new matter?
I mean, it's like whenever a new kind of car is produced, all car thieves start breaking them open and driving off on the theory that the new model causes a new situation not covered by existing laws and that they should be allowed to reap the benefits to their income and mobility afforded by the newly released models purportedly never encountered before and consequently magically out of existing jurisdiction.
This "how were we supposed to know we weren't supposed to stick our hands in this new cookie jar too" sob story gets old after a few centuries.
[ link to this | view in chronology ]
You on list... you drive car.
https://www.rt.com/usa/319523-identical-twins-drivers-license/
https://www.washingtonpost.com/bus iness/technology/state-photo-id-databases-become-troves-for-police/2013/06/16/6f014bd4-ced5-11e2-884 5-d970ccb04497_story.html
Just wait until the surveillance grid is linked with all those wonderful cameras. And just wait until it's mandated that all businesses with cameras feed to the system. Between license plate readers, facial recognition and public transportation cameras with audio. The noose is closing in on you Merika. How long until they mandate a DNA sample at birth?
[ link to this | view in chronology ]
FBI Doesn't Want Laws to Apply to Its Databases
[ link to this | view in chronology ]
[ link to this | view in chronology ]