New Rule Exempts FBI From Disclosing Its Biometric Database To Americans

A new rule will exempt the Next Generation Identification (NGI) system, the FBI’s database of biometric information of millions of Americans, from the Privacy Act safeguards.

The database includes iris scans, photos, fingerprints and other information of individuals, and much of it is unrelated to law enforcement. Those who were never arrested or had problems with the law could have their biometric data in the NGI system. The biometric records stored in the database can even be from background checks when people seek employment.

Read: Walmart Developing Facial Recognition System That Identifies Unhappy Customers

The final rule, effective August 31, exempts the FBI from following the Privacy Act safeguards that require the disclosure. This means the agency does not have to notify persons that the agency holds biometric information of them.

The FBI previously requested its NGI to be exempt from the Privacy Act. The agency argued that acknowledging that they have biometric records of individuals could affect an investigation.

“It is necessary for the FBI to claim these exemptions because the NGI System also contains latent fingerprints, as well as other biometrics, and associated personal information that may be law enforcement or national security sensitive,” the agency said Tuesday. “Compliance with these provisions could alert the subject of an authorized law enforcement activity about that particular activity and the interest of the FBI and/or other law enforcement agencies.”

Read: iPhone 8's Facial Recognition Feature To Be Used For Apple Pay Payments

However, advocacy groups have argued against the rule.

“As the FBI increasingly uses biometrics, the Bureau should not be removing privacy safeguards but strengthening them,” Jeramie D. Scott, director of the Electronic Privacy Information Center, told International Business Times. “Biometric technologies, particularly facial recognition, pose serious risks to privacy and civil liberties and require public transparency and oversight. This is particularly important at a time like now where the laws have not caught up to the technology to provide the necessary privacy protections.”

In 2014, EPIC filed a FOIA lawsuit and obtained records that revealed the FBI’s database had an error rate of up to 20 percent on facial recognition searches. In a previous FOIA request, the organization found multiple agreements between the FBI and states’ Department of Motor Vehicles that allowed the agency to use facial recognition to compare individuals under FBI investigation with license and ID photos of millions of Americans.

The Electronic Frontier Foundation also expressed its concern over the database. The nonprofit filed a FOIA lawsuit in 2013 to obtain documents regarding the database. The documents obtained by the EFF suggested the NGI could have as many as 52 million face images by 2015, the organization said in 2014. The NGI already stored 13.6 million images representing between seven to eight million Americans in 2012, and by the middle of 2013 the database grew to 16 million images. The NGI cis capable of conducting tens of thousands of searches a day, the EFF said.

The EFF pointed out that the FBI refuses to accept that there are accuracy problems with facial recognition searches. There have been concerns over facial recogntion technology misidentifying African-Americans, ethnic minorities, women and the youth, far more than it does with whites and men. The EFF argues that those errors could affect non-whites more frequently, since FBI databases include a disproportionate number of records on African Americans, Latinos and immigrants.

“This is why it’s particularly important that people be able to use the Privacy Act to learn about NGI—it ensures that people can access records the FBI has on them and allows them to take the FBI to court, if needed, to correct any inaccurate information,” the EFF said last year.