FBI lax on facial recognition privacy, watchdog says
- By Sean Lyngaas
- Jun 15, 2016
The FBI has been slow to issue privacy assessments of a facial-recognition system, and did not have a good grasp of how accurate it was before deploying it, according to a new Government Accountability Office report. The report raises fresh concerns about a technology that has been integral to law enforcement investigations.
"The timely publishing of [privacy impact assessments] would provide the public with greater assurance that the FBI is evaluating risks to privacy when implementing systems," the report states.
The report focuses on the Next Generation Identification-Interstate Photo System, a facial recognition service that provides access to a database containing over 30 million photos. The FBI and some state and local law enforcement authorities use NGI-IPS to identify unknown persons.
While the FBI issued a privacy impact assessment for NGI-IPS in 2008, before the system was operational, the bureau failed to update that assessment in a timely manner after the system underwent thorough changes, according to the watchdog.
Further, although NGI-IPS has been in place since 2011, the Justice Department did not publish a records notice detailing the FBI's facial recognition capabilities until last month, according to GAO. The dearth of information kept the public in the dark about the bureau's capabilities.
The report came at the request of Sen. Al Franken (D-Minn.), who expressed concerned at its findings.
The report "reveals that the FBI's use of facial recognition technology is far greater than had previously been understood," Franken said in a statement. "This is especially concerning because the report shows that the FBI hasn't done enough to audit its own use of facial recognition technology…nor has it taken adequate steps to ensure the technology's accuracy."
Though facial recognition technology has become more accurate in the last few years, GAO faults the FBI for doing limited testing before deploying NGI-IPS, and not determining how often the system committed errors.
"FBI officials stated that they do not know, and have not tested, the detection rate for candidate list sizes smaller than 50," the report says.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.