FBI Rolls Out Biometric Database On Schedule, Accompanying Privacy Impact Assessment Still Nowhere To Be Found

from the move-along,-nothing-to-see-but-millions-of-faces dept

The FBI has just announced that all systems are go for its biometric database.

The Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division announced today the achievement of full operational capability of the Next Generation Identification (NGI) System. The FBI’s NGI System was developed to expand the Bureau’s biometric identification capabilities, ultimately replacing the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) in addition to adding new services and capabilities.

This puts the agency pretty much right on schedule for its stated goal of “full operational capacity in fiscal year 2014.” As was to be expected from its earlier foot-dragging, the press release makes no note of the Privacy Impact Assessment that was supposed to precede the roll out.

The system itself has been in the works since 2008. Coincidentally, this is also the last time anyone at the FBI delivered a Privacy Impact Assessment. Since then, the database’s sweep and power has increased immensely. The PIA promised in 2012 still hasn’t been delivered and there’s no indication at the FBI’s website that one is right around the corner.

The release notes two other tools that will be folded into NGI.

As part of NGI’s full operational capability, the NGI team is introducing two new services: Rap Back and the Interstate Photo System (IPS). Rap Back is a functionality that enables authorized entities the ability to receive ongoing status notifications of any criminal history reported on individuals holding positions of trust, such as school teachers. Law enforcement agencies, probation and parole offices, and other criminal justice entities will also greatly improve their effectiveness by being advised of subsequent criminal activity of persons under investigation or supervision.

Rap Back sounds useful but its tracking of people in “trusted positions” does not include some very specific “trusted positions.” This 2012 presentation on Rap Back [pdf] clearly delineates between “trusted” civilians and those exempt from ongoing criminal background monitoring.

Here’s the relevant info in case you can’t read/see the pic, Rap Back ongoing monitoring and notification service only targets these individuals.

Non-criminal justice applicants, employees, volunteers, and licensees;

Individuals under the supervision or investigation of criminal justice agencies.

Note that “supervision” doesn’t mean employees of criminal justice agencies, but rather parolees and those on probation. Presumably, the criminal justice system will police itself, relying only on pre-employment screenings (if that). The problem is that employees with criminal history have been known to jump from agency to agency without their new employers knowing (or caring) about the incidents that forced the job change. Apparently, this is an acceptable situation despite the fact that the DOJ tends to ignore much of the misconduct that occurs in agencies under its command.

The Interstate Photo System sounds like license plates but is actually the FBI’s facial recognition database. A high error rate and a flood of too-lo-res-to-be-useful photos hasn’t stopped the FBI from pushing this system — basically a searchable mug shot repository that includes millions of non-criminals just for the hell of it. To reach its lofty goals (52 million pics by 2015), the FBI is including generic federal employee records. The potential for the system to return non-criminals in searches for “candidates” remains high, but the FBI has reassuringly stated that it bears no legal responsibility if any of the 18,000 law enforcement agencies that have access arrest the wrong person.

An unvetted system that can be accessed by thousands is a huge problem. The FBI will join the NSA in hoarding massive amounts of irrelevant data with very little oversight. The hoarding mentality has taken over and everyone involved is hesitant to implement stringent minimization and disposal policies because of the irrational fear that something discarded might be needed later.

If and when the privacy assessment arises, I expect it will be filled with paragraphs that underplay the potential civil liberties violations, lots of explanations as to why there’s no expectation of privacy in anything the government collects and some mumbling around the edges about minimization and access control.

While I realize that it’s inevitable that the march of technology would lead to this sort of thing — and while it does have several legitimate uses — my biggest problem with these advances is that the FBI and others continually stress that it’s the only way to keep up with evolving criminal behavior. The justifications deployed point to a constantly-rising criminal threat that has no basis in reality. I cannot buy into the narrative that the best way to combat crime (or terrorism, for that matter) is vast, untargeted databases.

The FBI focuses most of its assets on two opponents: drugs and terrorism. The first is exacerbated by years of bad legislation and policies, and for all the time and money spent, the war doesn’t seem to be on the way to being won. The latter has devolved into the FBI’s proprietary con game, wherein it sets up a mark or two and takes them down. Now, it’s inviting the nation’s law enforcement agencies to run searches on a database populated with non-hit data and leave them holding the bag when the inevitable occurs.

An updated privacy assessment isn’t going to make this a better idea, especially when the FBI (and the law enforcement agencies that feed info to it) are blithely unconcerned that current background check databases are filled with people who were never criminally charged. An internal change is needed — one that makes these agencies more accountable to the public for screwing up their lives. But no one up top is interested in fixing what’s already broken. They just want to roll out new databases that grab more info. If the FBI insists this is the only way to fight crime effectively, then it needs to exercise the sort of vigilance and internal accountability it’s never shown in the past. That starts with a detailed privacy assessment, delivered in a timely fashion. And it’s already failed this small step.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI Rolls Out Biometric Database On Schedule, Accompanying Privacy Impact Assessment Still Nowhere To Be Found”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Inmates running the asylum

It must be nice to be able to roll out a system you could reasonably foresee will ruin innocent people’s lives and escape all responsibility for it on the basis that you included some fine print saying that it should not be used that way. When can I use the disclaimer that I’m not legally responsible for any of the bad things I cause, because I warned people I might cause them and they didn’t try hard enough to stop me?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...