The FBI's Facial Recognition Database Combines Lo-Res Photos With Zero Civil Liberties Considerations

from the non-criminal-photos-mixed-in-just-for-fun! dept

Another FOIA lawsuit brought against the government by the EFF has resulted in the release of previously withheld documents. The papers cut loose this time detail the FBI's facial recognition database and other parts of its "Next Generation Identification" (NGI) program, one that aims to compile a collection of biometric data.

EPIC's FOIA lawsuit over similar information revealed last year that the FBI's facial recognition software (as of 2010) had an acceptable margin of error of 20%. With a 1-in-5 chance of "recognizing" the wrong person, the accuracy of the database had nowhere to go but up. But it appears the FBI prioritizes quantity over quality, as the first number to hit you from the "released" documents is a big one.

The records we received show that the face recognition component of NGI may include as many as 52 million face images by 2015. By 2012, NGI already contained 13.6 million images representing between 7 and 8 million individuals, and by the middle of 2013, the size of the database increased to 16 million images. The new records reveal that the database will be capable of processing 55,000 direct photo enrollments daily and of conducting tens of thousands of searches every day.
The millions of images come from a handful of sources. Only 46 million of those images, however, will be from criminal databases. The other 6 million will come from other sources, not all of those necessarily related to criminal or terrorist activity.
[T]he FBI does not define either the “Special Population Cognizant” database or the "new repositories" category [which account for nearly a million images]...

A 2007 FBI document available on the web describes SPC as “a service provided to Other Federal Organizations (OFOs), or other agencies with special needs by agreement with the FBI” and notes that “[t]hese SPC Files can be specific to a particular case or subject set (e.g., gang or terrorist related), or can be generic agency files consisting of employee records.”
These employee records may be tossed into the database along with the criminal records if the FBI chooses to assign these a Universal Control Number (UCN). And these records may become more common. As the EFF points out, if you submit your fingerprints as part of a pre-employment background check, these are added to the FBI's database. If employers decide they also want a pre-employment mug shot, that will head the FBI's way as well.

The database will be populated with non-criminal photos and overseen by an agency that hasn't provided an updated Privacy Impact Assessment for its facial recognition program since 2008. The low resolution (often at 0.75 megapixels or less) makes this blending of hit/non-hit photos even more problematic, as it means the FBI's actual accuracy rate still hovers between 80-85%. But the agency has weasel-worded its way out of having to defend such a lousy accuracy rating.
[T]he FBI has disclaimed responsibility for accuracy, stating that “[t]he candidate list is an investigative lead not an identification."

Because the system is designed to provide a ranked list of candidates, the FBI states NGI never actually makes a “positive identification,” and “therefore, there is no false positive rate.”
The FBI generates a "top 50 candidates" report from searches, which it claims is only an "investigative tool," not a starting point for any investigation. That's some remarkably devious dissembling. The agency won't ever be wrong because it's not even trying to be right!

So, how exactly is this supposed to aid in investigations, if the best results are a grab bag of low-res photos dredged from a variety of sources, some of them non-criminal? The FBI doesn't say. All it says is that the "true candidate" will show up on the "top 50 list" 85% of the time -- and then only if the "true candidate" is already present in the database. The EFF asks the question the FBI hasn't asked itself, or at least hasn't shown any interest in answering honestly.
It is unclear what happens when the “true candidate” does not exist in the gallery—does NGI still return possible matches? Could those people then be subject to criminal investigation for no other reason than that a computer thought their face was mathematically similar to a suspect’s?
The FBI's "answer" shifts all the accountability to other law enforcement agencies.
[T]he Bureau notes that because “this is an investigative search and caveats will be prevalent on the return detailing that the [non-FBI] agency is responsible for determining the identity of the subject, there should be NO legal issues.”
The FBI, which hasn't updated its privacy protections in a half-decade, which knows that a majority of the photos in its database have a resolution only slightly above "useless" and which sees no problem with throwing photos of criminals and non-criminals into the same database, still has yet to see any significant pushback on its NGI expansion from anyone tasked with overseeing the agency. The fact that these documents were forced free via a FOIA lawsuit shows the FBI has no interest in sharing this info with the public. As for our representatives -- they either don't know or don't care, neither of which should make the represented happy.

This program has some very serious issues, and it's only going to get worse unless someone outside the FBI intervenes. It's obvious from its caveat emptor-esque "policy" ("not our fault if you arrest the wrong pixelated suspect") governing law enforcement's use of the intermingled good guy/bad guy database that it has no interest in policing itself.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Anonymous Coward, Apr 15th, 2014 @ 1:14pm

    Too many TV cop shows

    But...But...it always works on TV..........

    Our three letter agencies need a lesson in reality that is NOT based on reality TV.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Mason Wheeler (profile), Apr 15th, 2014 @ 1:28pm

    EPIC's FOIA lawsuit over similar information revealed last year that the FBI's facial recognition software (as of 2010) had an acceptable margin of error of 20%. With a 1-in-5 chance of "recognizing" the wrong person, the accuracy of the database had nowhere to go but up.


    That's actually really good. Do you ever randomly see somebody (who you don't interact with on a daily basis) and think "that looks just like so-and-so that I used to know." And how often does it turn out to actually be that person, after your brain "identified" them?

    80% is a very, very good "hit" rate.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    DogBreath, Apr 15th, 2014 @ 1:31pm

    A Complicated and Simple Answer

    So, how exactly is this supposed to aid in investigations, if the best results are a grab bag of low-res photos dredged from a variety of sources, some of them non-criminal? The FBI doesn't say. All it says is that the "true candidate" will show up on the "top 50 list" 85% of the time -- and then only if the "true candidate" is already present in the database. The EFF asks the question the FBI hasn't asked itself, or at least hasn't shown any interest in answering honestly.

    The FBI "Top 50" get crosschecked against the NSA metadata collection programs to generate a "Persons of Interest" list. Further investigation will lead to suspects that will be tried in the court of private opinion (secret government star chamber) and public opinion (moron controlled press), and said persons will have their lives turned upside down (no, not in a "Fresh Prince of Bel Air" way), and receive a "too little, too late" apology when proven to be innocent of any wrongdoing.

    See Richard_Jewell for a good example.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Trevor, Apr 15th, 2014 @ 1:36pm

    Wait

    "the database will be capable of processing 55,000 direct photo enrollments daily and of conducting tens of thousands of searches every day"

    TENS OF THOUSANDS OF SEARCHES EVERY DAY?

    Wow. I didn't realize how many active investigations the FBI had going at any given time...

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Trevor, Apr 15th, 2014 @ 1:45pm

    *type type type type type*

    Enhance.

    *type type type type type*

    Enhance.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Trevor, Apr 15th, 2014 @ 1:50pm

    Re: A Complicated and Simple Answer

    85 percent of the time, it works 1 out of 50 times.

    RAWR

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Anonymous Coward, Apr 15th, 2014 @ 1:51pm

    Re: Wait

    Well, since we are all terrorists, they have a lot on their plate. After all, they have nothing else to do!

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Apr 15th, 2014 @ 1:58pm

    With a 1-in-5 chance of "recognizing" the wrong person,

    As the result is a list of 50 candidate names, that is it names the right person 4 times in 200 candidate matches.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Apr 15th, 2014 @ 2:02pm

    Re: Wait

    "how many active investigations"

    Some (most) might easily be LOVEINT^2 consider:

    SELECT * FROM blondes WHERE
    FACEMATCH = choose-favorite-pron-actress
    FACEMATCH STRENGTH = MORE THAN 75%
    EYES = BLUE OR GREEN
    GENDER = F
    WEIGHT = 110 OR UNDER
    HEIGHT = 5'8' - 5'10"
    AGE = 24 OR UNDER
    CHILDREN = NO
    MARRIED = NO
    CELLPHONE = YES it's in my zip code right now !!YAY!!
    LICENSE PLATE = YES it's in my zip code right now !!YAY!!

    Creepy.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Apr 15th, 2014 @ 2:31pm

    Re:

    Sorry, late at night, that should be 4 time in 250.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Jernau (profile), Apr 15th, 2014 @ 3:48pm

    Re:

    It may well be a comparatively good hit rate compared to other facial recognition systems, that's not the problem. The problem is that a system with an error rate of 20% is/will be viewed as as good as a fingerprint match because computers. Combine that with stuff like Gorgon Stare -

    (https://en.wikipedia.org/wiki/Gorgon_stare)

    (www.sncorp.com/pdfs/isr/gorgon_stare.pdf) 6.9MB PDF

    and you end up with Guantanamo Bay full of US citizens detained without trial for undisclosed reasons.

    The USAF seems to have pulled funds from the program for FY-13, but given the metadata requirement for Gorgon Stare I'm sure you can think of another agency that would be willing to take it up. It's cheap, too.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Apr 15th, 2014 @ 4:11pm

    They're trying to build a Pre-Crime system, step by step. Still a ways to go technology wise, but they're getting there. I doubt it will take more than 20 years (unless the people and the judiciary stop them from doing that, of course).

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Apr 15th, 2014 @ 5:26pm

    Re:

    I think thats actually that 1 out of the "top fifty" will be the subject 1 in five times. Which is much worse

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Apr 17th, 2014 @ 5:59pm

    I was excited to see a job-opening last night and this morning as I was about to work on my cvr letter/resume / I read that they require LiveScan. I couldn't find any reliable info on how long any prints or records are stored, where it's sent, etc. Does anyone know?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.