FBI seeks to shield its massive biometric database from public scrutiny.

The proposed exemptions from the Privacy Act would make the FBI’s Next Generation Identification system even more opaque.

Logan Koepke
Equal Future
5 min readJun 3, 2016

--

Photo by Dave Newman

Imagine you’re applying for a new job. The employer asks you to undergo a background check and get your fingerprints taken.

Or, say you’re at a protest. You end up getting arrested, but it’s a mix-up and you aren’t charged with anything. Still, you’ve gone through the booking process, so now you have a non-criminal photograph on file.

In both of these instances, your fingerprints, photographs, and other forms of biometric data — as well as your personal information — all end up somewhere. One of the most important places that data ends up is in the FBI’s massive biometric database — the Next Generation Identification (NGI) system.

Massive isn’t an overstatement: since its inception in 2008, the database now contains well over 100 million individual records. One reason it’s so massive is that it is a repository for many records (nearly 50 million) that are completely unrelated to criminal activity. For example, states across the country require certain professions — like lawyers, dentists, or teachers — to be licensed in that state before they can practice their profession. For some states, part of getting a license means giving the government your fingerprints.

The database is also massive in terms of its reach: it’s searchable and shared with more than 20,000 law enforcement agencies. As the EFF’s Jennifer Lynch writes:

Just last year, the FBI announced that for the first time it would combine almost all of this non-criminal data with its criminal data in NGI. This means that now, if you submit fingerprints for licensing or for a background check, they’ll most likely end up living indefinitely in NGI — to be searched thousands of times a day for any crime, no matter how minor, by over 20,000 law enforcement agencies across the country and around the world.

Now, the FBI is proposing to exempt its entire NGI database from the basic regulations and requirements of the Privacy Act of 1974 — the very law designed to govern how the FBI handles this type of sensitive information.

Why is that important?

There are many reasons why the FBI’s move is troubling from a civil rights perspective — as a letter from dozens of civil rights and human rights details — and I’ll try and highlight a few of them. (Be sure and also look at the many, many, many pieces written by others on why the FBI’s proposed NGI exemptions are concerning.)

Procedurally speaking, the FBI’s request seemingly came out of nowhere.

The Privacy Act of 1974 does many things. As the Department of Justice explains, the Privacy Act governs “collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies.” Essentially, exactly what the FBI’s NGI database is.

One of the Privacy Act’s most basic requirements is simply for relevant government agencies to let the public know when a new system simply exists. It does this by publishing what’s called a Systems of Records Notice (SORN) in the Federal Register.

Even though the NGI has existed for nearly eight years, the FBI only just formally fulfilled this requirement as of April 21, 2016. On the same day it finally issued the SORN for NGI, the FBI also asked for several exemptions from the Privacy Act.

The The FBI is asking to immunize the NGI database from basic public scrutiny and legal intervention.

The FBI wants to be exempted from a number of Privacy Act requirements. For their part, as Ellen Nakashima reports in the Washington Post, “the FBI and Justice Department say the reason they are seeking the exemptions is to ensure that ongoing investigations are not compromised by people learning they are the subjects of probes.” That sounds reasonable enough, but some of the proposed exemptions go much further.

For example, the FBI wants NGI to be exempt from requests that simply allow people to find out whether or not they are enrolled or have biometric data in NGI. On top of that, the FBI wants to exempt itself from the responsibility to promptly fix incorrect information that individuals may find in their NGI files.

The most significant exemption, however, is that the FBI wants to exempt the NGI from a provision that lets people sue the FBI for any violation of the Privacy Act — even those provisions that the FBI isn’t asking exemptions from.

As the ACLU’s Jay Stanley writes:

Most Americans would obviously support reasonable exceptions to the access right for things like active criminal investigations. But remember that of the many millions of people whose information is in the NGI database, only a relative handful are under some form of investigation at a given time. Again, the NGI contains biometrics not only from those convicted long ago, and those who were arrested but not convicted or even charged — but also people not involved in crime at all.

It’s likely that NGI over-represents and disparately impacts minorities and immigrants. An even more opaque system could make things worse.

Part of this story is technological. The FBI, as well as state and local law enforcement, can search the NGI database with face recognition technologies. But, as several studies have shown — including a study by the FBI — facial recognition technology may actually misidentify African Americans, young people, and women at higher rates than whites, older people, and men.

Another part of this story institutional. Arrest records in the NGI system often fail to indicate the final disposition of an arrest. Was the person ever convicted? Were charges ever pressed? If they were, were the charges eventually dropped? As a 2013 report by the National Employment Law Project (NELP) notes, half of the FBI records are missing this type of critical information.

And that information — or lack thereof — has significant consequences: as the NELP report showed, given the number of FBI checks for employment conducted each year (14.4 million on average), and the average number of adults that have criminal records (one in four), that means about 3.6 million workers subject to an FBI background will have a criminal record. “If about half of those background checks are inaccurate or incomplete,” the report notes, “then roughly 1.8 million workers are potentially disadvantaged by the gaps in the FBI’s records.”

Given disproportionately high arrest rates for minorities, it’s likely that a large number of individuals adversely impacted by this are of color.

Importantly, we still don’t know a lot about NGI, or the FBI’s future plans for the database. That’s all the more reason to be alarmed by the FBI’s proposed exemptions. Civil rights and social justice groups should use the next month and the public comment period to ensure that their voices are heard.

--

--

Logan Koepke
Equal Future

policy analyst at Upturn. work on civil rights, tech, and policy.