Bush leads biometric push
A new presidential directive requiring agencies to share biometric information underscores the government’s increasing reliance on fingerprints, iris scans and facial-recognition software for identifying perceived national security threats. The directive also reveals how biometrics policy has not kept pace with the technology.
The National Security Presidential Directive 59/Homeland Security Presidential Directive 24 creates a framework of mutually compatible and legal methods for collecting, storing and sharing biometric information, Bush administration officials said.
The directive requires the State, Defense, Homeland Security and Justice departments and Office of the Director of National Intelligence to use common information technology and data standards, protocols and interfaces to ensure interoperability.
Recommended executive branch biometric standards are in the Registry of United States Government Recommended Biometric Standards and will be updated by the President’s National Science and Technology Council.
The directive also sets a 90-day deadline for the attorney general to devise an implementation plan in coordination with White House officials, the DNI, and secretaries of State, Defense, and Homeland Security.
Despite efforts in recent years to improve interoperability in the federal government, some agency processes, systems and databases remain incompatible. Some observers also say a lack of clear guidelines for using biometric data has hindered sharing among agencies.
“Federal departments and agencies collect biometrics in different ways,” said Scott Stanzel, a White House spokesman. “By encouraging agencies to adopt similar and consistent practices in collecting and sharing biometric data, we will be able to close a national security gap.”
Stanzel said the Government Accountability Office had identified that gap as a potential national security vulnerability.
Officials often testify before Congress about the improved accuracy that biometrics could offer in identifying people who might threaten national security. They frequently cite the Transportation Security Administration’s No Fly List, which is a version of the National Counter Terrorism Center’s terrorist watch list, as an example of the pitfalls of relying on names to identify potential threats.
Thousands of Americans, including members of Congress, have faced increased security screening and travel delays because they share a name with someone on TSA’s No Fly List. Often, their names are similar or identical to the names of suspected terrorists. Proponents of biometrics argue that the technologies could eliminate or greatly reduce the chances of innocent people being put under suspicion.
However, others have privacy concerns about the increased use of biomterics for identifying people. They worry about the potential for misuse of the information by business and government.
The presidential directive issued June 5 does not give authorities any increased legal powers, but it highlights the importance that the administration places on using biometric information for national security.
“While existing name-based screening procedures are beneficial, application of biometric technologies, where appropriate, improve the executive branch’s ability to identify and screen for persons who may pose a national security threat,” the directive states.
Rep. Mark Souder (R-Ind.), ranking member on the House Homeland Security Committee’s Border, Maritime and Global Counterterrorism Subcommittee and a proponent of the technology, said biometrics represents an important tool in the country’s counterterrorism efforts.
Souder said he was surprised that a presidential directive was necessary to get agencies to share biometric data.
“The general public is fed up,” Souder said. “They want us to run integrated systems that share information, and they don’t want us to have turf wars.”
Meanwhile, Thomas Bush, assistant director of the FBI’s Criminal Justice Information Services Division, said the government has made significant strides in interoperability and sharing biometric information.
The new directive reinforces what the FBI and some other agencies are already doing to increase interoperability, the FBI’s Bush said. For example, the bureau has been working with state, local and federal law enforcement agencies to cull and store biometric information, he said. Agency officials use biometric data daily when they perform inquiries on criminal suspects and background checks.
In February, the FBI awarded Lockheed Martin a contract potentially worth as much as $1 billion to update the agency’s Integrated Automated Fingerprint Identification System, a repository of fingerprints related to law enforcement investigations. The new identification system will enhance IAFIS by adding photographs and palm prints. The new system will make it easier for the FBI to share data, agency officials say.
Since 2005, the FBI has been working with DHS and State on integrated project teams to establish principles for making data interoperable, Bush said.
“The technical aspect may — and I’m not downplaying it — not be as difficult as some of the policy and business [issues] because our business needs and requirements are different,” the FBI’s Bush said. “You have to understand what’s important to each player.”
Meanwhile, DHS has been collecting biometric data from travelers when they arrive in the United States as part of the department’s U.S. Visitor and Immigrant Status Indicator Technology program. Since late 2007, DHS has been deploying a program at airports to collect 10 fingerprints from entering travelers.
DHS recently announced its plan to create a system that uses biometrics to track visitors as they exit the country, as required by a law Congress passed in 2007. DHS has encountered logistical, technical and business challenges that have delayed the deployment of an exit system for US-VISIT.
John Siedlarz, co-founder, chairman and chief executive officer of the National Biometric Security Project, said he was pleased that the directive recognizes the different ways in which agencies use biometrics. NBSP is an independent, nonprofit organization supported by Congress to help government and industry deter terrorist attacks through the use of biometric technologies.
“The only trick — if you’d like to call it that — is to make sure that they are integrated properly and put into the right application because this is not a case where one size fits all,” Siedlarz said. The gaps between agencies’ technologies can be significant, he added.
“You can’t take a fingerprint and match it against an iris” scan, Siedlarz said. If you have many proprietary differences in the way databases are constructed, they can’t speak to one another, he said. “There is no commonality, and the ability to do any kind of universal search is pretty much eliminated.”
Peter Carr, a Justice spokesman, said the attorney general’s plan would include details on how biometrics on national security threats are collected, shared and standardized across the federal government. However, he declined to offer any specifics on what that plan might entail.
Siedlarz said that a provision of the directive that is likely to get much attention instructs the attorney general and the national security agencies’ leaders to come up with recommendations for categories of individuals in addition to known and suspected terrorists who could pose a threat to national security.
The directive calls for a plan for expanding the collection and use of biometrics to identify and screen those people, Siedlarz said.
Thomas Bush said those additional categories could include sexual predators and those associated with organized crime or transnational gangs.
Agencies can ensure data privacy by separating biometric from biographic data, a practice NBSP advocates, Siedlarz said.
“Most [biometrics] have virtually no surveillance capability,” he said. “You can’t pick up an iris effectively at 20 feet.”
The 1974 Privacy Act, which is frequently cited in discussions about biometrics, was crafted at a time when biometric technology was much less sophisticated and used much less often than it is now, Siedlarz said.
As a result, more newer legislation aligned with the presidential directive is needed to ensure that biometric technology is being used and protected, he added.