FBI Doesn't Want Privacy Laws To Apply To Its Biometric Database

from the and-doesn't-want-to-let-citizens-know-how-THEIR-privacy-is-affected dept

The FBI has been building a massive biometric database for the last eight years. The Next Generation Identification System (NGIS) starts with millions of photos of criminals (and non-criminals) and builds from there. Palm prints, fingerprints, iris scans, tattoos and biographies are all part of the mix.

Despite having promised to deliver a Privacy Impact Assessment of the database back in 2012, the FBI's system went live towards the end of 2014 without one. That's a big problem, considering the database's blend of guilty/innocent Americans, along with its troublesome error rate. The FBI obviously hopes the false positive rate will continue to decline as tech capabilities improve, but any qualms about bogus hits have been placed on the back burner while the agency dumps every piece of data it can find into the database.

The FBI has shown little motivation to address Americans' privacy concerns by providing an updated Impact Assessment (the one it does have dates back to the program's inception in 2008), but has wasted no time in alerting legislators about its own privacy concerns.

On Thursday, the Justice Department agency plans to propose the database be exempt from several provisions of the Privacy Act -- legislation that requires federal agencies to share information about the records they collect with the individual subject of those records, allowing them to verify and correct them if needed.
The DOJ's comments reflect the FBI's desire to keep its newest tracking toy as secret as possible. It asks for a number of exceptions and justifies those with the same excuses it uses to withhold information from both courts and FOIA requesters.

First, there's the always-popular "but the bad guys will win" excuse.
[M]aking available to a record subject the accounting of disclosures from records concerning him/her would specifically reveal investigative interest by the FBI or agencies that are recipients of the disclosures. Revealing this information could compromise ongoing, authorized law enforcement and national security efforts and may permit the record subject with the opportunity to evade or impede the investigation.

[...]

Providing access could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another’s personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.
This is the FBI's request for a legislator-approved, pre-emptive blanket Glomar, which will allow the FBI to continue to amass biometric records while drastically decreasing any citizen's attempt to see how much data the agency has amassed on them.

Beyond that, the FBI wants to be allowed to keep or destroy records as it sees fit. Again, this will help limit successful database inclusion challenges from concerned citizens. But the DOJ portrays complying with Privacy Act provisions as completely unfeasible.
[Exempt] from subsection (e)(5) because in the collection of information for authorized law enforcement purposes it is impossible to determine in advance what information is accurate, relevant, timely and complete. With time, seemingly irrelevant or untimely information may acquire new significance when new details are brought to light. Additionally, the information may aid in establishing patterns of activity and providing criminal leads. Most records in this system are acquired from state and local law enforcement agencies and it would be impossible for the FBI to vouch for the compliance of these agencies with this provision.
In sum, the FBI wants to amass a database of biometric information -- one that dumps non-criminals and criminals into the same pool of "possible suspects" -- that includes records from other agencies the FBI doesn't feel confident enough to vouch for, but has no problems using to perform investigations, deny positions to federal job applicants, etc. It would also like to ensure no one included in the database ever has access to the massive amount of information the agency has collected -- some of it unvetted -- that has the power to alter their futures drastically.

And it wants this all without living up to its own responsibilities -- like delivering its required Privacy Impact Assessment. Instead, it's arguing that the American public should be at the mercy of a database controlled by a secretive agency, one that appears to care far more for quantity than quality.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: biometric database, biometrics, fbi, fingerprints, ngis, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 12 May 2016 @ 2:45pm

    Limits are for the little people

    With time, seemingly irrelevant or untimely information may acquire new significance when new details are brought to light. Additionally, the information may aid in establishing patterns of activity and providing criminal leads.

    In other words neither guilt or innocence, an active investigation or no investigation at all should matter, they should be able to grab and store everything for as long as they want just in case something in the pile might become important down the road.

    Using that logic absolutely nothing would be off-limits, as anything might be relevant at some point down the line, so best grab it all just in case.

    While the best case scenario would be the database itself not existing, if the politicians are too spineless to tell them they can't have their collection I'd hope they at least have enough spine to insist that no, they absolutely do have to follow the rules, so that when the FBI ignores them and violates the law anyway they at least have to spend a bit more work trying to hide it.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 May 2016 @ 9:09pm

      Re: Limits are for the little people

      More so when the FBI go out of their way to ruin the lives of people that refuse to play ball with their illegal requests.

      They need even more unnacountable powers to ruin more lives out of spite.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 May 2016 @ 3:59pm

    The worse discriminatory practices are those that grant unto the government and its agencies exceptions to the laws that apply to everybody else.

    link to this | view in chronology ]

  • icon
    afn29129 (profile), 12 May 2016 @ 4:17pm

    LOL @ Privacy Impact Assessment(s)

    You don't have any privacy so get over it already.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 May 2016 @ 4:22pm

      Re: LOL @ Privacy Impact Assessment(s)

      We most definitely have privacy despite what parasites like you say in comment sections.

      Fuck back off to Facebook HQ.

      link to this | view in chronology ]

      • identicon
        I.T. Guy, 13 May 2016 @ 8:08am

        Re: Re: LOL @ Privacy Impact Assessment(s)

        Sorry AC you only have a facade of privacy. All your calls, emails, financial records and soon to be medical records... all spied on. About the only privacy you have left is when you take a dump. All your devices silently listen in on you. Just about every app spies on you. Your OS's spy on you.

        You have no privacy. Please hear that... YOU HAVE NO PRIVACY ANYMORE, but I am not going to tell you to get over it, Im going to tell you to get mad and do something. Exactly what that something is is up to you. No violence please.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 14 May 2016 @ 6:39am

          Re: Re: Re: LOL @ Privacy Impact Assessment(s)

          "YOU HAVE NO PRIVACY ANYMORE"

          Not true. While it's true that privacy has been severely curtailed, and it's also true that you have to be proactive about maintaining what privacy you have left, you do have privacy left.

          "Im going to tell you to get mad and do something."

          If that's your goal, you should rethink your tactic. Screaming that there is no privacy anymore doesn't encourage most people to do anything. Just the opposite -- it tells people "you are doomed", which makes them more likely to just give up.

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 May 2016 @ 4:54pm

    Like the NSA, the FBI is out of control.

    link to this | view in chronology ]

  • identicon
    a state is a state and that's that., 12 May 2016 @ 5:06pm

    no person

    in the in club of the murdurous jr. high school of the statem no one wants to ever be accountable, does anyone remember grade 7? , look at the NSAs recurutment page and you will understand everything about what is happening with these still children who never had to deal with real life.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 May 2016 @ 5:25pm

    How long before they use these haystacks as a source of funding?

    Threatening to sue (aka blackmailing) people they deduce have provided 'inaccurate' information? "Hmm, we see here that in telecon 01/02/2017 11:26 pm you claimed to your spouse that you were at the office, whereas our LPR places you at a downtown hotel at the same time. Do you want to pay us to correct your database entries or should we sue you in open court for fraudulent misrepresentation to law enforcement and wasting LEO time? Hmm? Hmm? No worries, we'll give you 10 sec to think about it. I'm sorry what was that? Oh, we do take Amex, yes we do"

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 May 2016 @ 6:03pm

      Re:

      You're pretty much on the money there but you're forgetting about the congress critters.

      FBI - We need more funding to keep violating the rights of Americans, because you know... Terrorism.

      Congress Critter - Can't, nothing left

      FBI - You know it would be a shame if we press released your location when your wife was sick in the hospital

      Congress Critter - Sigh ~ I guess we can cut something from NASA's budget.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 May 2016 @ 5:35pm

    The first question is...

    Has it already been hacked and dumped? If it hasn't yet, it soon will be. Such a source of information is too good to be left to the LEO's. Every bad boy and his boss will want this information as it opens up more opportunities to gain more power and money.

    The financial opportunities alone for this data are just enormous. Forget about any law enforcement usefulness, this information will be perfect to bribe or control all sorts of public officials including Senators, Presidents, NSA officials, etc.

    link to this | view in chronology ]

  • icon
    Gorshkov (profile), 12 May 2016 @ 6:35pm

    What they're saying is basically this:

    We're having difficulty finding the terrorist needle in the haystack. Let us have a BIGGER haystack, 'cause that will make it easier to find the needle. Don't worry if a lot of it is really weeds and dirt; that just means there's less hay to sort through.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 May 2016 @ 9:10pm

      Re:

      I believe they want to make everyone a criminal, that way they can just pick a random person and say mission accomplished.

      link to this | view in chronology ]

  • identicon
    Justme, 12 May 2016 @ 7:28pm

    Law Enforcement. . .

    It amazing how law enforcement seems to view any law or court order that applies to them as something that they can simply side-step, redefined, or completely ignored.

    Any Law Enforcement Agency that doesn't obey the law or the judicial branch, should be seen for what it really is... A Criminal Enterprise!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 May 2016 @ 7:30pm

    $10 For a 20-minute phone call? That's criminal!

    *rimshot*

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 May 2016 @ 9:06pm

    The FBI wants to rule in a police state that's fairly clear to me and I am not even American.

    link to this | view in chronology ]

  • identicon
    David, 13 May 2016 @ 5:53am

    Why is everything new matter?

    Why don't the existing laws cover the ground regarding privacy and data collection? Why is it "this is a new situation" every time round?

    I mean, it's like whenever a new kind of car is produced, all car thieves start breaking them open and driving off on the theory that the new model causes a new situation not covered by existing laws and that they should be allowed to reap the benefits to their income and mobility afforded by the newly released models purportedly never encountered before and consequently magically out of existing jurisdiction.

    This "how were we supposed to know we weren't supposed to stick our hands in this new cookie jar too" sob story gets old after a few centuries.

    link to this | view in chronology ]

  • identicon
    I.T. Guy, 13 May 2016 @ 7:57am

    If you have a drivers license... you're in the database.
    You on list... you drive car.

    https://www.rt.com/usa/319523-identical-twins-drivers-license/

    https://www.washingtonpost.com/bus iness/technology/state-photo-id-databases-become-troves-for-police/2013/06/16/6f014bd4-ced5-11e2-884 5-d970ccb04497_story.html

    Just wait until the surveillance grid is linked with all those wonderful cameras. And just wait until it's mandated that all businesses with cameras feed to the system. Between license plate readers, facial recognition and public transportation cameras with audio. The noose is closing in on you Merika. How long until they mandate a DNA sample at birth?

    link to this | view in chronology ]

  • identicon
    Yes, I know I'm commenting anonymously, 13 May 2016 @ 11:09am

    FBI Doesn't Want Laws to Apply to Its Databases

    There, I think you accidentally includes some limiting and/or overly specific adjectives in the title. It's fixed now.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 May 2016 @ 3:29pm

    If FBI stood for Facebook-Instagram, the title of this post would still be accurate.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.