FBI Wants to Exempt Its Massive Biometric Database from Some Federal Privacy Rules

The FBI wants to block individuals from knowing if their information is in a massive repository of biometric records, which includes fingerprints and facial scans, if the release of information would "compromise" a law enforcement investigation.

The FBI’s biometric database, known as the “Next Generation Identification System,” gathers a wide scope of information, including palm prints, fingerprints, iris scans, facial and tattoo photographs, and biographies for millions of people.  

On Thursday, the Justice Department agency plans to propose the database be exempt from several provisions of the Privacy Act -- legislation that requires federal agencies to share information about the records they collect with the individual subject of those records, allowing them to verify and correct them if needed.

Aside from criminals, suspects and detainees, the system includes data from people fingerprinted for jobs, licenses, military or volunteer service, background checks, security clearances, and naturalization, among other government processes.

Letting individuals view their own records, or even the accounting of those records, could compromise criminal investigations or "national security efforts," potentially revealing a “sensitive investigative technique” or information that could help a subject “avoid detection or apprehension,” the draft posting said.

Another clause requires agencies to keep the records they collect to assure individuals any determination made about them was made fairly. Arguing for an exemption, the FBI posting claimed it is “impossible to know in advance what information is accurate, relevant, timely and complete” for “authorized law enforcement purposes.”

“With time, seemingly irrelevant or untimely information may acquire new significance when new details are brought to light," the posting said. Information contained in the database could help with “establishing patterns of activity and providing criminal lead.”

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The proposal, open for public comment for a month after it’s officially posted, would set a worrying precedent in which law enforcement has significant leeway to decide what information to collect without informing the subject, according to Jeramie Scott, a national security counsel at the Electronic Privacy Information Center, a research group advocating for digital civil liberties.

In 2014, EPIC won a lawsuit against the FBI, arguing the contracts and technical requirements supporting the Next Generation Identification database be published.

The proposal’s suggestion that data could be used to establish “patterns of activity” was particularly troubling, Scott said.

“We don’t know exactly what that means,” Scott told Nextgov in an interview. “If you have no ability to access the record the FBI has on you, even when you’re not part of an investigation or under investigation, and lo and behold inaccurate information forms a ‘pattern of activity’ that then subjects you to [be] the focus of the FBI, then that’s a problem.”

It’s unclear how many individuals are covered in the database. FBI documents obtained by privacy rights group the Electronic Frontier Foundation in 2014 suggested the FBI’s facial recognition component was on track to contain 52 million images by 2015.

FBI did not respond to Nextgov’s request for comment.