The FBI is readying its $1 billion Next Generation Identification program, a surveillance system that uses photographs and biometric data to help law enforcement entities nationwide identify possible "persons of interest." But the bureau has openly mulled cataloging photographs of innocent people taken from surveillance cameras and social networking sites, as well as biometric information gathered for non-criminal reasons, sending privacy advocates into a fury.
NGI, as reported by the New Scientist, would use facial recognition software along with biometric tools such as voice recognition, iris scans and fingerprints to identify and track down suspected criminals. The database will be shared with law enforcement entities at state and federal levels across the country.
Privacy advocates fear the FBI will indiscriminately mash together biometric and photographic records into a searchable database, not taking the time to separate the wholly innocent from former convicts, the arrested-and-acquitted, and persons of interest.
The controversy lies in the grey area surrounding information outside the bounds of arrest records or mug shots such as pictures from social networks, fingerprints from background checks for job applications, or even photographs taken of folks just walking down the street. All materials accumulated outside the bounds of regular police work could be bundled into a growing and pervasive information-collection operation on random civilians who are not suspected of committing any crimes, leaving the codified and catalogued personal information of millions open to a security breach.
The FBI has not publicly responded to the recent outcry. Its website does contain a boastful post laying out the potential benefits of NGI while also claiming to address privacy concerns.
"It doesn't threaten individual privacy. As required with any federal system, the FBI is doing Privacy Impact Assessments on what information will be collected, how it will be shared, how it will be accessed, and how the data will be securely stored ... all in an effort to protect privacy," the site states.
The FBI's Jerome Pender asserted in testimony before Congress in July 2011 that the database will include only mug shots from previous arrests provided by local, state and federal law enforcement around the country, and all matched photos will be considered only leads and not positive identifications leading to an arrest.
But NGI's privacy statement does not exclude civilian information from sources outside of law enforcement, attorney Jennifer Lynch of the Electronic Frontier Foundation told the New Scientist. The digital rights advocacy group has been among NGI's loudest and largest decriers.
The FBI has stated in the past it will keep civilian information and criminal records nominally separated. Yet the information will be searchable simultaneously, essentially merging into one large database, according to EFF.
"Once you start plugging this into the FBI database, it becomes tantamount to a national photographic database," the American Civil Liberties Union's Jay Stanley told the New Scientist.
Why would the agency go through all the trouble of gathering millions of photos, scanning them, indexing them and storing them for later use?
The ability to identify a suspect at lightning speed has been every lawman's dream, a pursuit that began when Allan Pinkerton accidentally birthed the mug shot with his 19th century Wild West "Wanted" posters. And with facial recognition software used by NGI achieving a 92 percent accuracy level in some cases, a larger gathering of photographs creates a greater chance of a successful match.
A 2010 presentation by the FBI's Richard Vorder Bruegge showed a law enforcement agency looking to catalogue and use any photos it can get its hands on, regardless of their origin, including "public datasets."
NGI's face-scanning technology would essentially match photos of a person of interest against a database the FBI estimates will grow to at least 12 million pictures. The facial recognition aspect works two ways: Agents can use face-matching software to pair surveillance camera stills taken from a crime scene against a growing database of mug shots. It can also scan against photos from other surveillance cameras and online in search of a suspect.
If NGI's early stages are any indication of where it's heading, privacy advocates and ordinary citizens are right to fear it.
The NGI began pilot programs in 2011 with four participating states -- Hawaii, Maryland, Michigan and Oregon -- according to documents posted by the EFF.
A memo from Hawaii states the FBI wants to "conduct automated surveillance at lookout locations," suggesting the bureau would take photos in public areas, shove them into the database and include members of the crowd in searches for suspected criminals. Another agreement with Maryland has the state promising to just hand over all photos on record to the FBI in what it calls a "photo data dump."
Other documents showcase the FBI's willingness to toss biometric records together into a giant pile -- regardless of their first intended use, according to documents obtained by EFF. For example, fingerprints taken at a precinct following an arrest would be thrown into a searchable database with prints taken for reasons outside of law enforcement, such as job applications.
The FBI is required to create a Privacy Impact Assessment for surveillance programs, though the one created for NGI predates the information-sharing schemes later established with participating pilot states.
"It is impossible to tell exactly how the FBI plans to acquire and use facial recognition data now and in the future," Lynch wrote. "However, given the information in these new documents and the FBI's broad goals for face recognition data, the time is right for laws that limit face recognition data collection."
The FBI and Department of Homeland Security already sit on what they claim are the "largest biometric database in the world," according to the agency's site. DHS's data spans more than 91 million fingerprint records, while the FBI's ASFIS database includes 66 million criminal records and 25 million civil records.
Some may deride the EFF and ACLU's concerns as conspiracy theorist nonsense. Don't break the law and you have nothing to worry about ... right?
While the EFF would argue that a fully monitored society is not truly free, it more practically points to a huge security flaw in the system. A uniformly codified database of biometric and photographic data makes the impact of a breach infinitely more devastating, EFF argues. Privacy advocates predicy that security technologies will evolve past the "combination/passcode/keycard" practices of old, headed toward biometric identification as the ultimate lock combination.
Should your thumbprint or iris scan become the universal key to your life, from your front door to the pharmacy checkout line to your ATM machine, one skilled hacker with a penchant for James Bond-esque antics can ruin countless lives, EFF argues. And NGI is the third in a fresh list of Big Brotherly activity on the part of the federal government.
Last month offered Wikileaks' revelation of TrapWire, a software that indiscriminately analyzes surveillance camera footage to try to identify terrorists planning attacks. The hacked and leaked corporate emails from intelligence company Stratfor went on to show more smoke than fire, as TrapWire constituted a failed DHS experiment run on 15 surveillance cameras in Washington, D.C., and Seattle that was ultimately scrapped.
Next came hacker collective AntiSec's dump of more than a million alleged Unique Device Identifier (UDID) numbers used in Apple devices, which the group claims it swiped from an FBI agent's laptop. It left many wondering why the federal agency wanted the information in the first place. (The FBI ever having it or being the source of the leak.)
Clearly the federal government, FBI and DHS et. al., have been doing their best to employ consumer technology and the private security measures for their own ends. But playing "Where's Waldo?" with the entire general populace strikes some as beyond justification.