In the last few years, FBI has been dramatically expanding its biometrics programs, whether by adding face recognition to its vast Next Generation Identification (NGI) database or pushing out mobile biometrics capabilities for “time-critical situations” through its Repository for Individuals of Special Concern (RISC). But two new developments—both introduced with next to no media attention—will impact far more every-day Americans than anything the FBI has done on biometrics in the past.
FBI Combines Civil and Criminal Fingerprints into One Fully Searchable Database
Being a job seeker isn’t a crime. But the FBI has made a big change in how it deals with fingerprints that might make it seem that way. For the first time, fingerprints and biographical information sent to the FBI for a background check will be stored and searched right along with fingerprints taken for criminal purposes.
The change, which the FBI revealed quietly in a February 2015 Privacy Impact Assessment (PIA), means that if you ever have your fingerprints taken for licensing or for a background check, they will most likely end up living indefinitely in the FBI’s NGI database. They’ll be searched thousands of times a day by law enforcement agencies across the country—even if your prints didn’t match any criminal records when they were first submitted to the system.
This is the first time the FBI has allowed routine criminal searches of its civil fingerprint data. Although employers and certifying agencies have submitted prints to the FBI for decades, the FBI says it rarely retained these non-criminal prints. And even when it did retain prints in the past, they “were not readily accessible or searchable.” Now, not only will these prints—and the biographical data included with them—be available to any law enforcement agent who wants to look for them, they will be searched as a matter of course along with all prints collected for a clearly criminal purpose (like upon arrest or at time of booking).
This seems part of an ever-growing movement toward cataloguing information on everyone in America—and a movement that won’t end with fingerprints. With the launch of the face recognition component of NGI, employers and agencies will be able to submit a photograph along with prints as part of the standard background check. As we’ve noted before, one of FBI’s stated goals for NGI is to be able to track people as they move from one location to another. Having a robust database of face photos, built out using non-criminal records, will only make that goal even easier to achieve.
This change will impact a broad swath of Americans. It’s not just prospective police officers or childcare workers who have to submit to fingerprint background checks. In Texas, for example, you’ll need to give the government your prints if you want to be an engineer, doctor, realtor, stockbroker, attorney, or even an architect. The California Department of Justice says it submits 1.2 million sets of civil prints to the FBI annually. And, since 1953, all jobs with the federal government have required a fingerprint check—not just for jobs requiring a security clearance, but even for part-time food service workers, student interns, designers, customer service representatives, and maintenance workers.
The FBI seems to think we should all be OK with this because it has (ostensibly) given people notice and because the program is limited to only those people who are required by federal or state rules to provide prints. But in many parts of the country, this could amount to a very large percentage of workers (including each and every attorney at EFF)—and for many people, especially the poor and underemployed, opting out of this program by choosing a different line of work is truly a not a choice at all.
This is not OK. The government should not collect information on Americans for a non-criminal purpose and then use that same information for criminal purposes—in effect submitting the data of Americans with no ties to the criminal justice system to thousands of criminal searches every day. This violates our democratic ideals and our societal belief that we should not treat people as criminals until they are proven guilty.
It also subjects innocent Americans to the very real risk that they will be falsely linked to a crime. In 2004, the FBI mistakenly linked American attorney Brandon Mayfield to a bombing in Madrid based solely on forensic fingerprint evidence. The FBI seized his property, and he was imprisoned for two weeks before agents finally recognized their error and apologized. Researchers have postulated large face recognition databases could also result in false matches. This means that many people will be presented as suspects for crimes they didn’t commit.
Unfortunately, individuals don’t have much recourse. The only way you can get your prints out of the FBI’s database and stop this repeated invasion of privacy is either with a court order or if the agency that requires your prints to be collected also requests for them to be removed. There appears to be no way for an individual to ask to have their prints removed on their own.
We are disappointed that the FBI chose to go down this path. It could just as easily have designed its database to keep non-criminal data separate from criminal data. Or even better, the FBI could go back to its old practices and not keep the data at all.
FBI Plans to Populate its Massive Face Recognition Database with Photographs Taken in the Field
As Privacy SOS reported earlier this month, the FBI is looking for new ways to collect biometrics out in the field—and not just fingerprints, but face recognition-ready photographs as well.
The FBI recently issued a request for quotations (RFQ) to build out its mobile biometrics capabilities. Specifically, it’s looking for software that can be used on small Android-based mobile devices like Samsung Galaxy phones and tablets to collect fingerprints and face images from anyone officers stop on the street.
If the plan goes through, it will be the first time the FBI will be able to collect fingerprints and face images out in the field and search them against its Next Generation Identification (NGI) database. According to the RFQ, FBI’s current mobile collection tools are “not optimized for mobile operations” because they are large and are limited in scope to determining if a person has “possible terrorist links (in the U.S. or abroad) or is likely to pose a threat to the U.S.”