facial recognition database

Has facial recognition outpaced existing law?

The use of facial-recognition technology by law enforcement agencies may have outpaced the regulations that govern it, members of Congress suggested at a June 4 hearing.  Lawmakers repeatedly questioned where government agencies are deriving the legal authority to operate facial recognition programs and to what extent they notify or ask for consent beforehand.

The FBI's Next Generation Identification-Interstate Photo System, for example, houses 36 million photos collected from criminal justice sources.  Bureau and state and local law enforcement officials can submit a photo of a suspect, and the system will return up to 50 possible matches.  Additionally, the FBI's Facial Analysis, Comparison and Evaluation Services (FACE) unit can search or request searches across the Departments of State and Defense as well as 21 state governments, reaching 641 million photos.

Kimberly Del Greco, deputy assistant director of the FBI's Criminal Justice Information Services, told lawmakers  that both the 1994 federal Driver's Privacy and Protection Act, which allows states to disclose personal information including driver's license photos, as well as unspecified state laws that were established prior to the advent of facial recognition technology support the work done by the FACE unit.

"We're just leveraging that state law … that's already in place,"  Del Greco said.

Rep. Elijah Cummings (D-Md.), chairman of the House Oversight and Reform Committee, said the American people were being placed in jeopardy by "systems that are not ready for prime time."

Austin Gould, assistant administrator of the Transportation Security Agency, cited the 2001 Aviation and Transportation Security Act for the authority behind a Customs and Border Protection pilot program in Atlanta that conducts facial recognition of international travelers at airports during boarding and bag drop off.

Rep. Mark Meadows (R-N.C.) disagreed. "I'm actually on the Transportation Committee, and I can tell you we never envisioned any of this," he said.

While Gould said only the Atlanta pilot program captures images during a traveler's bag drop, BuzzFeed News has reported that the agency is using facial recognition technology at 17 international airports. Later in the hearing, Meadows called for TSA to halt its work.

"There are inefficiencies in TSA … that have nothing to do with facial recognition, and until you get that right I would suggest that you put this pilot program on hold," Meadows said. "Because I don't know of any appropriations that specifically allow you to have this."

Lawmakers also expressed frustration at the FBI's inability to close five outstanding Government Accountability Office recommendations made in a 2016 report regarding its operation of facial recognition systems, as well as the failure of other witnesses to provide metrics around how many American citizens have had their images captured and whether the programs are effective or having a positive impact.

Gretta Goodwin, director for the Homeland Security and Justice Division at the Government Accountability Office, told the panel that Justice Department and FBI were still not publishing systems of records notices about their facial recognition programs in a timely manner despite a 2016 recommendation from GAO. Such notices would provide transparency about the existence of individual software systems related to the program as well as the types of data being collected.

This article was first posted to GCN, a sibling site to GCN.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected