As the GAO reports, the FBI has taken no steps to make sure that the people listed in it’s facial recognition database actually committed or are suspected of committing a crime. Similarly, no effort has been made to determine whether the mug shots provided by other agencies are deserving of the bureau’s attention:
“As the Report points out, many of the 411.9 million face images to which FBI has access—like driver’s license and passport and visa photos—were never collected for criminal or national security purposes. And yet, under agreements we’ve never seen between the FBI and its state and federal partners, the FBI may search these civil photos whenever it’s trying to find a suspect in a crime. As the map above shows, 18 more states are in negotiations with the FBI to provide similar access to their driver’s license databases.
The states have been very involved in the development of the FBI’s own NGI database, which includes nearly 30 million of the 411.9 million face images accessible to the Bureau (we’ve written extensively about NGI in the past). NGI includes more than 20 million civil and criminal images received directly from at least six states, including California, Louisiana, Michigan, New York, Texas, and Virginia. And it appears five additional states—Florida, Maryland, Maine, New Mexico, and Arkansas—can send search requests directly to the NGI database. As of December 2015, FBI is working with eight more states to grant them access to NGI, and an additional 24 states are also interested.
The GAO Report spends a significant number of pages criticizing FBI for rolling out these massive face recognition capabilities without ever explaining the privacy implications of its actions to the public. Federal law and Department of Justice policies require the FBI to complete a Privacy Impact Assessment (PIA) of all programs that collect data on Americans, both at the beginning of development and any time there’s significant change to the program. While the FBI produced a PIA in 2008, when it first started planning out the face recognition component of NGI, it didn’t update that PIA until late 2015—seven years later and well after it began making significant changes to the program. It also failed to produce a PIA for the FACE Services unit until May 2015—three years after FACE began supporting FBI with face recognition searches. As GAO notes, the whole point of PIAs is to give the public notice of the privacy implications of data collection programs and to ensure that privacy protections are built into the system from the start. The FBI failed at this.”
Source: Personal Liberty
He’s my selfie