FBI lax on facial recognition privacy, watchdog says
As law enforcement looks to tap advances in facial recognition, a government watchdog warns of the risks to privacy.
The FBI has been slow to issue privacy assessments of a facial-recognition system, and did not have a good grasp of how accurate it was before deploying it, according to a new Government Accountability Office report. The report raises fresh concerns about a technology that has been integral to law enforcement investigations.
"The timely publishing of [privacy impact assessments] would provide the public with greater assurance that the FBI is evaluating risks to privacy when implementing systems," the report states.
The report focuses on the Next Generation Identification-Interstate Photo System, a facial recognition service that provides access to a database containing over 30 million photos. The FBI and some state and local law enforcement authorities use NGI-IPS to identify unknown persons.
While the FBI issued a privacy impact assessment for NGI-IPS in 2008, before the system was operational, the bureau failed to update that assessment in a timely manner after the system underwent thorough changes, according to the watchdog.
Further, although NGI-IPS has been in place since 2011, the Justice Department did not publish a records notice detailing the FBI's facial recognition capabilities until last month, according to GAO. The dearth of information kept the public in the dark about the bureau's capabilities.
The report came at the request of Sen. Al Franken (D-Minn.), who expressed concerned at its findings.
The report "reveals that the FBI's use of facial recognition technology is far greater than had previously been understood," Franken said in a statement. "This is especially concerning because the report shows that the FBI hasn't done enough to audit its own use of facial recognition technology…nor has it taken adequate steps to ensure the technology's accuracy."
Though facial recognition technology has become more accurate in the last few years, GAO faults the FBI for doing limited testing before deploying NGI-IPS, and not determining how often the system committed errors.
"FBI officials stated that they do not know, and have not tested, the detection rate for candidate list sizes smaller than 50," the report says.