FBI Doesn't Want Privacy Laws To Apply To Its Biometric Database
from the and-doesn't-want-to-let-citizens-know-how-THEIR-privacy-is-affected dept
The FBI has been building a massive biometric database for the last eight years. The Next Generation Identification System (NGIS) starts with millions of photos of criminals (and non-criminals) and builds from there. Palm prints, fingerprints, iris scans, tattoos and biographies are all part of the mix.
Despite having promised to deliver a Privacy Impact Assessment of the database back in 2012, the FBI’s system went live towards the end of 2014 without one. That’s a big problem, considering the database’s blend of guilty/innocent Americans, along with its troublesome error rate. The FBI obviously hopes the false positive rate will continue to decline as tech capabilities improve, but any qualms about bogus hits have been placed on the back burner while the agency dumps every piece of data it can find into the database.
The FBI has shown little motivation to address Americans’ privacy concerns by providing an updated Impact Assessment (the one it does have dates back to the program’s inception in 2008), but has wasted no time in alerting legislators about its own privacy concerns.
On Thursday, the Justice Department agency plans to propose the database be exempt from several provisions of the Privacy Act — legislation that requires federal agencies to share information about the records they collect with the individual subject of those records, allowing them to verify and correct them if needed.
The DOJ’s comments reflect the FBI’s desire to keep its newest tracking toy as secret as possible. It asks for a number of exceptions and justifies those with the same excuses it uses to withhold information from both courts and FOIA requesters.
First, there’s the always-popular “but the bad guys will win” excuse.
[M]aking available to a record subject the accounting of disclosures from records concerning him/her would specifically reveal investigative interest by the FBI or agencies that are recipients of the disclosures. Revealing this information could compromise ongoing, authorized law enforcement and national security efforts and may permit the record subject with the opportunity to evade or impede the investigation.
Providing access could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another’s personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.
This is the FBI’s request for a legislator-approved, pre-emptive blanket Glomar, which will allow the FBI to continue to amass biometric records while drastically decreasing any citizen’s attempt to see how much data the agency has amassed on them.
Beyond that, the FBI wants to be allowed to keep or destroy records as it sees fit. Again, this will help limit successful database inclusion challenges from concerned citizens. But the DOJ portrays complying with Privacy Act provisions as completely unfeasible.
[Exempt] from subsection (e)(5) because in the collection of information for authorized law enforcement purposes it is impossible to determine in advance what information is accurate, relevant, timely and complete. With time, seemingly irrelevant or untimely information may acquire new significance when new details are brought to light. Additionally, the information may aid in establishing patterns of activity and providing criminal leads. Most records in this system are acquired from state and local law enforcement agencies and it would be impossible for the FBI to vouch for the compliance of these agencies with this provision.
In sum, the FBI wants to amass a database of biometric information — one that dumps non-criminals and criminals into the same pool of “possible suspects” — that includes records from other agencies the FBI doesn’t feel confident enough to vouch for, but has no problems using to perform investigations, deny positions to federal job applicants, etc. It would also like to ensure no one included in the database ever has access to the massive amount of information the agency has collected — some of it unvetted — that has the power to alter their futures drastically.
And it wants this all without living up to its own responsibilities — like delivering its required Privacy Impact Assessment. Instead, it’s arguing that the American public should be at the mercy of a database controlled by a secretive agency, one that appears to care far more for quantity than quality.