FBI Doesn't Want Privacy Laws To Apply To Its Biometric Database

from the and-doesn't-want-to-let-citizens-know-how-THEIR-privacy-is-affected dept

The FBI has been building a massive biometric database for the last eight years. The Next Generation Identification System (NGIS) starts with millions of photos of criminals (and non-criminals) and builds from there. Palm prints, fingerprints, iris scans, tattoos and biographies are all part of the mix.

Despite having promised to deliver a Privacy Impact Assessment of the database back in 2012, the FBI’s system went live towards the end of 2014 without one. That’s a big problem, considering the database’s blend of guilty/innocent Americans, along with its troublesome error rate. The FBI obviously hopes the false positive rate will continue to decline as tech capabilities improve, but any qualms about bogus hits have been placed on the back burner while the agency dumps every piece of data it can find into the database.

The FBI has shown little motivation to address Americans’ privacy concerns by providing an updated Impact Assessment (the one it does have dates back to the program’s inception in 2008), but has wasted no time in alerting legislators about its own privacy concerns.

On Thursday, the Justice Department agency plans to propose the database be exempt from several provisions of the Privacy Act — legislation that requires federal agencies to share information about the records they collect with the individual subject of those records, allowing them to verify and correct them if needed.

The DOJ’s comments reflect the FBI’s desire to keep its newest tracking toy as secret as possible. It asks for a number of exceptions and justifies those with the same excuses it uses to withhold information from both courts and FOIA requesters.

First, there’s the always-popular “but the bad guys will win” excuse.

[M]aking available to a record subject the accounting of disclosures from records concerning him/her would specifically reveal investigative interest by the FBI or agencies that are recipients of the disclosures. Revealing this information could compromise ongoing, authorized law enforcement and national security efforts and may permit the record subject with the opportunity to evade or impede the investigation.

[…]

Providing access could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another’s personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.

This is the FBI’s request for a legislator-approved, pre-emptive blanket Glomar, which will allow the FBI to continue to amass biometric records while drastically decreasing any citizen’s attempt to see how much data the agency has amassed on them.

Beyond that, the FBI wants to be allowed to keep or destroy records as it sees fit. Again, this will help limit successful database inclusion challenges from concerned citizens. But the DOJ portrays complying with Privacy Act provisions as completely unfeasible.

[Exempt] from subsection (e)(5) because in the collection of information for authorized law enforcement purposes it is impossible to determine in advance what information is accurate, relevant, timely and complete. With time, seemingly irrelevant or untimely information may acquire new significance when new details are brought to light. Additionally, the information may aid in establishing patterns of activity and providing criminal leads. Most records in this system are acquired from state and local law enforcement agencies and it would be impossible for the FBI to vouch for the compliance of these agencies with this provision.

In sum, the FBI wants to amass a database of biometric information — one that dumps non-criminals and criminals into the same pool of “possible suspects” — that includes records from other agencies the FBI doesn’t feel confident enough to vouch for, but has no problems using to perform investigations, deny positions to federal job applicants, etc. It would also like to ensure no one included in the database ever has access to the massive amount of information the agency has collected — some of it unvetted — that has the power to alter their futures drastically.

And it wants this all without living up to its own responsibilities — like delivering its required Privacy Impact Assessment. Instead, it’s arguing that the American public should be at the mercy of a database controlled by a secretive agency, one that appears to care far more for quantity than quality.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI Doesn't Want Privacy Laws To Apply To Its Biometric Database”

Subscribe: RSS Leave a comment
21 Comments
That One Guy (profile) says:

Limits are for the little people

With time, seemingly irrelevant or untimely information may acquire new significance when new details are brought to light. Additionally, the information may aid in establishing patterns of activity and providing criminal leads.

In other words neither guilt or innocence, an active investigation or no investigation at all should matter, they should be able to grab and store everything for as long as they want just in case something in the pile might become important down the road.

Using that logic absolutely nothing would be off-limits, as anything might be relevant at some point down the line, so best grab it all just in case.

While the best case scenario would be the database itself not existing, if the politicians are too spineless to tell them they can’t have their collection I’d hope they at least have enough spine to insist that no, they absolutely do have to follow the rules, so that when the FBI ignores them and violates the law anyway they at least have to spend a bit more work trying to hide it.

I.T. Guy says:

Re: Re: LOL @ Privacy Impact Assessment(s)

Sorry AC you only have a facade of privacy. All your calls, emails, financial records and soon to be medical records… all spied on. About the only privacy you have left is when you take a dump. All your devices silently listen in on you. Just about every app spies on you. Your OS’s spy on you.

You have no privacy. Please hear that… YOU HAVE NO PRIVACY ANYMORE, but I am not going to tell you to get over it, Im going to tell you to get mad and do something. Exactly what that something is is up to you. No violence please.

John Fenderson (profile) says:

Re: Re: Re: LOL @ Privacy Impact Assessment(s)

“YOU HAVE NO PRIVACY ANYMORE”

Not true. While it’s true that privacy has been severely curtailed, and it’s also true that you have to be proactive about maintaining what privacy you have left, you do have privacy left.

“Im going to tell you to get mad and do something.”

If that’s your goal, you should rethink your tactic. Screaming that there is no privacy anymore doesn’t encourage most people to do anything. Just the opposite — it tells people “you are doomed”, which makes them more likely to just give up.

a state is a state and that's that. says:

no person

in the in club of the murdurous jr. high school of the statem no one wants to ever be accountable, does anyone remember grade 7? , look at the NSAs recurutment page and you will understand everything about what is happening with these still children who never had to deal with real life.

Anonymous Coward says:

How long before they use these haystacks as a source of funding?

Threatening to sue (aka blackmailing) people they deduce have provided ‘inaccurate’ information? “Hmm, we see here that in telecon 01/02/2017 11:26 pm you claimed to your spouse that you were at the office, whereas our LPR places you at a downtown hotel at the same time. Do you want to pay us to correct your database entries or should we sue you in open court for fraudulent misrepresentation to law enforcement and wasting LEO time? Hmm? Hmm? No worries, we’ll give you 10 sec to think about it. I’m sorry what was that? Oh, we do take Amex, yes we do”

Anonymous Coward says:

Re: Re:

You’re pretty much on the money there but you’re forgetting about the congress critters.

FBI – We need more funding to keep violating the rights of Americans, because you know… Terrorism.

Congress Critter – Can’t, nothing left

FBI – You know it would be a shame if we press released your location when your wife was sick in the hospital

Congress Critter – Sigh ~ I guess we can cut something from NASA’s budget.

Anonymous Coward says:

The first question is...

Has it already been hacked and dumped? If it hasn’t yet, it soon will be. Such a source of information is too good to be left to the LEO’s. Every bad boy and his boss will want this information as it opens up more opportunities to gain more power and money.

The financial opportunities alone for this data are just enormous. Forget about any law enforcement usefulness, this information will be perfect to bribe or control all sorts of public officials including Senators, Presidents, NSA officials, etc.

Justme says:

Law Enforcement. . .

It amazing how law enforcement seems to view any law or court order that applies to them as something that they can simply side-step, redefined, or completely ignored.

Any Law Enforcement Agency that doesn’t obey the law or the judicial branch, should be seen for what it really is… A Criminal Enterprise!

David says:

Why is everything new matter?

Why don’t the existing laws cover the ground regarding privacy and data collection? Why is it “this is a new situation” every time round?

I mean, it’s like whenever a new kind of car is produced, all car thieves start breaking them open and driving off on the theory that the new model causes a new situation not covered by existing laws and that they should be allowed to reap the benefits to their income and mobility afforded by the newly released models purportedly never encountered before and consequently magically out of existing jurisdiction.

This “how were we supposed to know we weren’t supposed to stick our hands in this new cookie jar too” sob story gets old after a few centuries.

I.T. Guy says:

If you have a drivers license… you’re in the database.
You on list… you drive car.

https://www.rt.com/usa/319523-identical-twins-drivers-license/

https://www.washingtonpost.com/business/technology/state-photo-id-databases-become-troves-for-police/2013/06/16/6f014bd4-ced5-11e2-8845-d970ccb04497_story.html

Just wait until the surveillance grid is linked with all those wonderful cameras. And just wait until it’s mandated that all businesses with cameras feed to the system. Between license plate readers, facial recognition and public transportation cameras with audio. The noose is closing in on you Merika. How long until they mandate a DNA sample at birth?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...