Tag Archives: biometric

Preparing for biometrics and drones in the ‘post-privacy’ era

Privacy is generally understood as a freedom from unauthorized intrusions. The development of the legal protection of our privacy rights was historically tied to traditional concepts of home, curtilage or property. As frequently articulated, our privacy rights were connected to a “thing” or a “place” where we had a reasonable expectation of privacy. This concept transitioned over time from a physical place to include information space. Now the astonishing developments resulting from modern technologies is further challenging our historic conceptions of privacy and will require the formulation of new standards and practices and perhaps even a redefinition of privacy itself.

Gone are the days when the government only kept records of events such as birth, marriage, property ownership or death. Governments are now using surveillance technologies from drones to automated license plate readers to collect and store data on citizens and non-citizens alike. The commercial collection of personal data is also widespread. Mall owners use technology to track shoppers by signals from their cell phones. Online advertisers and data brokers watch as you browse the web and collect your browsing history. Retailers use digital signs, which are disguised facial recognition scanners, to track your passage through the store for later marketing use. Technologies, like facial recognition software, are even being made available for personal use. For example, Facebook’s tagging feature uses this technology.

One type of data being widely collected is biometric information. Biometrics are unique data markers that identify using intrinsic physical or behavioral characteristics. Physical characteristics can include fingerprints, face prints (facial recognition-ready photographs), iris scans, palm prints, voice prints, wrist veins, hand geometry, a person’s gait, and DNA. Behavioral biometrics include non-biological or non -physiological features such as distinctive and unique mannerisms (signature or keystroke patterns, habitual behaviors.) While fingerprints have been collected for generations, technology now allows the real-time capture of many more forms of biometric information, and advances in digital storage technology enables the permanent storage of massive amounts of extraordinarily detailed data.

Data collection is now easily accomplished and does not necessarily require your cooperation or awareness. Governmental agencies, particularly those involved with public safety, are major collectors of data. The United States government operates some of the largest biometric identification systems in the world. The Department of Homeland Security (DHS) maintains an automated biometric identification system (IDENT) that has a database of more than 126 million records and conducts about 250,000 biometric transactions per day averaging 10 seconds or less per transaction. The DHS Biometric Optical Surveillance System (BOSS) can perform real-time facial recognition and also capture your iris data from 10 meters away… while you are in motion. It was reported in 2011 that the measured error rate in face recognition has dropped by half every two years.

As biometric technology has expanded, so has the ability to store and communicate such data. Stored data may be shared by local, regional, statewide or federal databases or by private companies under contract with a local law enforcement agency. Most local and national law enforcement agencies are working to make the communication between their various databases seamless and responses to queries rapid and accurate. The ability to integrate and store information from many different databases has dramatically increased the value of biometric data and the risks associated with collecting and maintaining it.

The aggregation of data from multiple sources can pose a privacy threat. There is the risk of theft of biometric information, which could facilitate criminal access to bank accounts and credit cards, allowing the possibility of other criminal activities. There is a risk of data creep, where information voluntarily provided to one recipient may be transferred without permission to another recipient, then linked with other data or applied to a new and unauthorized purpose. At the same time, the unregulated scope of data collection, sharing, linking and storing could invite misuse.

Another medium for data collection that could have far reaching privacy implications is the use of “unmanned air vehicles” or “drones.” Previously used extensively only in military applications, the Federal Aviation Administration (FAA) predicts there will be 10,000 commercial drones by 2017. The FAA has until September 2015 to create rules about how drones can operate in U.S. airspace and is currently working with several industries to expedite some limited commercial operations. Google has applied to the Department of Transportation to test its planned U.S. delivery service Prime Air.

There are many legitimate and exciting uses for commercial drones, like emergency response and recovery efforts; mapping and survey applications; television and motion picture industry uses, such as sporting events (i.e., birds’ eye view of football game) or special effect shots; agricultural applications; journalistic uses [“journo-drones”]; and “ambulance” drones.

But in the area of privacy related to searches or surveillance, drones are a part of a technology system that acquires evidence that formerly required a trespass. Drones may be equipped with the following types of technologies: high-resolution digital camera, optically or acoustical enhanced imaging; imaging radar [i.e., see thru smoke, haze and other opaque media] or sensors [data re: weather, temperature, radiation or other environmental information). A “perch-and-stare” drone can conduct long-term covert, warrantless surveillance of a suspect.

The use of drones raises myriad ethical and legal issues and presents a situation where the analysis and resolution of those issues lags far behind the technology. The military usage of drones is already well established, and the expansion into the civil society is ready to explode. Private parties and corporations are seeking permission to utilize drones before the FAA has even finished developing the regulations that will control their use. Sophisticated drones have the capacity for machine recognition of faces, behaviors, and the monitoring of individual conversations. The images and data collected by drones raise serious questions regarding privacy, data storage and personal liberty.

Both penal and civil laws need to keep pace with these advances. The FAA is creating the administrative regulations and guidelines that will theoretically control the introduction of drones into civil society. Legislation designed to regulate the use of drones has been introduced in the U.S. Congress and in several states. Federal and state law enforcement agencies will have the dual, and potentially conflicting, desire to utilize drones and simultaneously recognize and protect the privacy rights of citizens.

Privacy advocates have raised the alert and the legal community needs to anticipate and prepare for how to protect against the excesses and abuses that could arise from the widespread use of drones. Although the specifics of the incidents cannot be predicted, it is certain that the surveillance abilities of drones will be utilized for industrial espionage and the theft of corporate secrets. Smart counsel should be preparing to advise their clients how to protect and defend against the “coming of the drones.”

Candace Cooper, Inside Counsel

FBI seeks to add Rapid DNA to biometric database

This week, the U.S. Federal Bureau of Investigation announced a plan to accelerate the collection of DNA profiles for the government’s massive new biometric identification database.

The FBI Laboratory, along with the Bureau’s Criminal Justice Information Services Division, have said that they are actively collaborating to develop a streamlined approach towards automating DNA collection processes from qualifying “arrestees” and offenders that are in custody during arrest, booking or conviction.

The goal of the FBI plan is to integrate “Rapid DNA” technology into the the agency’s biometrics-driven Next Generation Identification (NGI) system. Rapid DNA is defined as the use of portable cheek swab DNA machines in the field that can be used by law enforcement officers to initiate expedited DNA analysis. Portable DNA machines are designed to make suspect matches within 90 minutes by police officers in the field, rather than requiring days of processing by technicians in specialized laboratories.

The benefit of Rapid DNA for law enforcement is that an officer can run a test while an “arrestee” is in temporary custody. If there is a database match, then the law enforcement agency can move to place the suspect in immediate custody.

In a 2013 decision, the U.S. Supreme Court ruled that when police officers make an arrest for a serious offense, supported by probable cause, the capture and analysis of a cheek swab of an arrestee’s DNA is akin to capturing fingerprints or taking photographs. It therefore constitutes a legitimate and reasonable police booking procedure according to the high court. Due to confirmed judicial support for the practice, the FBI has moved to investigate how its can facilitate the integration of Rapid DNA analysis into the FBI’s Combined DNA Index (CODIS) database and NGI systems.

NGI, which debuted recently, aims to expand the federal government’s identification databases beyond its 110 million fingerprint records. As BiometricUpdate.com reported previously, NGI is designed to advance the Bureau’s biometrics identification services, providing an incremental replacement of its current integrated automated fingerprint identification system with a multi-modal biometric database, which includes voice, iris and facial recognition.

The Next Generation Identification program is therefore designed to advance the integration strategies and indexing of additional biometric data that will provide the framework for a future multi-modal system that will facilitate biometric fusion identification techniques. Part of the FBI’s vision will be to extend DNA into the criminal booking environment. As a consequence, the agency will hold a presentation with potential vendors in November that will elaborate its goals and objectives concerning the addition of Rapid DNA capacity to the database.

In statements to Nextgov, FBI spokeswoman Ann Todd said that Rapid DNA “will simply expedite the analysis and submission of lawfully obtained samples to the state and national DNA databases.”

She noted “the FBI will continue to apply cutting-edge technology to combat crime and protect the United States,” but “at the same time, the FBI [will remain] vigilant in upholding the Constitution, the rule of law and protecting privacy rights and civil liberties.”

Though the FBI and Justice Department have constitutional clarity surrounding the use and addition of rapid DNA during the booking procedure, the FBI will still require legislation from Congress to permit Rapid DNA results to added to the FBI’s databases. Current legislation states that CODIS database entries must be processed by an accredited laboratory.

Law enforcement agencies such as the FBI and the Justice Department can also expect heavy criticism from civil liberty groups. Jennifer Lynch, a senior staff attorney at the Electronic Frontier Foundation (EFF), told Nextgov that: “If the cops are stopping more African Americans or Latinos and they have the ability to collect their DNA just at a stop, then it means that the DNA database is going to be even more heavily weighted with DNA from immigrant communities and different ethnic minorities.” The EFF also is critical of the fact that DNA might be able to be tested without a warrant or without a person’s permission.

Rawlson King , Biometric Update

FBI Adds Facial Recognition To Biometric ID Toolkit

Dimples, creases and hair patterns could soon supplement the art of fingerprinting now that the FBI’s Next Generation Identification System is fully operational. The facial recognition system has yet to be proven effective but has police agencies as excited as it has privacy groups nervous. The ambitious technology, dubbed the NGI System by the bureau, has been in development for years in an attempt to expand the FBI’s biometric abilities.

Used as a form of identification, examples of biometric characteristics include an individual’s DNA, palm veins, retina, gait and voice characteristics, among other traits. Indeed, facial recognition is only one component of the FBI’s system.

“This effort is a significant step forward for the criminal justice community in utilizing biometrics as an investigative enabler,” the FBI said in a statement Monday.

“Rap Black” is one of the first FBI services to use the technology. It allows agents to receive “ongoing status notifications” on any criminal activity reported “on individuals holding positions of trust, such as schoolteachers,” the statement said.

Another is the Interstate Photo System, which deploys facial-recognition technology to help law enforcement, including probation officers, parole officers and more than 18,000 police agencies, compare images captured with cameras on the interstate system with those in criminal databases. The IPS has drawn the attention of privacy watchdogs, though, for its reported plan to mix mug shots with non-criminal images, including pictures from employment records and background-check databases.

“Currently, if you apply for any type of job that requires fingerprinting or a background check, your prints are sent to and stored by the FBI in its civil print database,” the Electronic Frontier Foundation said in August.

“However, the FBI has never before collected a photograph along with those prints. This is changing with NGI. Now an employer could require you to provide a ‘mug shot’ photo along with your fingerprints. If that’s the case, then the FBI will store your face print and your fingerprints along with your biographic data,” EFF said.

The IPS, which is expected to collect 52 million facial images, is only one phase of the NGI system, the FBI said. It also includes enhanced fingerprint capabilities and could focus on beards and social media tendencies. Documents obtained by the EFF indicate the database will include 4.3 million civilian images that will be stored in two categories “Special Population Cognizant” and “New Repositories,” neither of which were defined. Bureau officials have argued the pictures will appear on a “candidate list” meant to produce an “investigative lead,” not an effective identification.

The FBI has almost completely eliminated the need for a manual fingerprint review and has reduced the fingerprint processing time to approximately 0.7 seconds, according to bureau figures. The next step is to improve on that, biometrically.

“The National Palm Print System will provide a centralized repository for palm print data that can be accessed nationwide,” the FBI said in an explanatory blog post. The new method aims to increase accuracy while improving search capabilities for an agent trying to identify a murder suspect, for example, who left only an imprint of his palm veins, not a traditional fingerprint.

While such police tactics have made privacy advocates nervous, a recent investigation by Boston police made it clear facial recognition technology remains far short of the capabilities found in science-fiction.

Police officials conducted a pilot facial recognition program at the Boston Calling music festival in 2013, working to match attendees’ faces with their social media profiles. They used software that identified people based on physical characteristics including skin tone, eyeglasses, torso dimensions and hair volume. The technology would have had Philip K. Dick — whose works inspired cautionary tales like “Minority Report” — rolling in his grave, only it proved largely unreliable and still years off the mark.

Jeramie Scott, national security counsel with the Electronic Privacy Information Center, previously told the National Journal the new investigative techniques could come with strings attached. “One of the risks here, without assessing the privacy considerations, is the prospect of mission creep with the use of biometric identifiers,” he said.

Jeff Stone, International Business Times

About That Creepy Biometric Database, FBI, We’d Like to Know a Bit More

The FBI’s facial recognition database, into which it wants to put 52 million of our mugs by the end of 2015, is only part of its larger Next Generation Identification (NGI) program. The NGI program is intended to give the feds a full range of means to identify us according to biometric markers, including facial feature, digitized fingerprints, photographs of tattoos, scans of the irises of human eyes…

It’s a lot of data for tagging people, all going into a centralized system. That has plenty of people worried about misuse, abuse, and the overall nudge this sort of capability gives us toward a total surveillance state.

Yesterday, 32 organizations from across the political spectrum, including the American Civil Liberties Union, the Electronic Frontier Foundation (EFF), and R Street Institute, asked Attorney General Eric Holder to explain just how the United States government plans to use the system it’s building and the data contained therein. Specifically, they want the federal government to perform a formal Privacy Impact Assessment (PIA) to follow up on the last such report, done in 2008.

Among other concerns raised, that 2008 PIA conceded that “Electronic searching of criminal justice images also entails the risk that the electronic search process may not be sufficiently reliable to accurately locate other photos of the same identity, resulting in an unacceptable percentage of misidentifications.” That concession is underlined by revelations by the Electronic Privacy Information Center that federal specifications on the Next Generation Identification system facial recognition software allow for tagging “an incorrect candidate a maximum of 20% of the time.”

The Electronic Frontier Foundation’s Jennifer Lynch has also raised concerns about the sources of some the photos in the database, which are only vaguely identified. “The FBI does not define either the ‘Special Population Cognizant’ database or the ‘new repositories’ category,” Lynch warned in April.

Maybe Holder can tell us just where those photos are coming from.

Of course, Privacy Impact Assessments don’t mean that government agencies won’t proceed with the projects being assessed. They just give us a better idea of what we’re being subjected to.

Signatory organizations are: American Civil Liberties Union, Bill of Rights Defense Committee (BORDC), Brennan Center for Justice, Center for Digital Democracy, Center for Democracy & Technology, Center for Financial Privacy and Human Rights, Center for National Security Studies, The Constitution Project, Constitutional Alliance, Consumer Action, Consumer Federation of America, Consumer Watchdog, Council on American-Islamic Relations, Council for Responsible Genetics, Cyber Privacy Project, Defending Dissent Foundation, Demand Progress, DownsizeDC.org, Electronic Frontier Foundation, Electronic Privacy Information Center (EPIC), Friends of Privacy USA, Government Accountability Project, Liberty Coalition, NAACP, National Association of Criminal Defense Lawyers, National Urban League, OpenTheGovernment.org, Patient Privacy Rights, Privacy Rights Clearinghouse, PrivacyTimes, R Street Institute, and the World Privacy Forum.

J.D. Tuccille is managing editor of Reason.com.

Read the Letter:

CRG Coalition to Attorney General: Review FBI’s Massive Biometric Database

CRG Coalition to Attorney General: Review FBI’s Massive Biometric Database

Council for Responsible Genetics, EPIC, EFF, ACLU, Defending Dissent, and a coalition of over 30 organizations have urged Attorney General Holder to immediately conduct a privacy assessment of the FBI’s proposed “Next Generation Identification” system. The system is set to go fully operational despite a required privacy assessment.

When completed, the NGI system will be the largest biometric database in the world. The vast majority of records contained in the NGI database will be of US citizens. The NGI biometric identifiers will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and photographs. The system will include facial recognition capabilities to analyze collected images. Millions of individuals who are neither criminals nor suspects will be included in the database. Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Drivers license photos and other biometric records collected by civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras. The Department of Homeland Security has expended hundreds of millions of dollars to establish state and local surveillance systems, including CCTV cameras that record the routine activities of millions of individuals. There are an estimated 30 million surveillance cameras in the United States. The NGI system will be integrated with CCTV cameras operated by public agencies and private entities.

There is a substantial risk that personally identifiable information could be lost or misused as a result of the creation of the NGI system. Among the private contractors involved in the deployment of NGI are Lockheed Martin, IBM, Accenture, BAE Systems Information Technology, Global Science & Technology (“GST”), Innovative Management & Technology Services (“IMTS”), and Platinum Solutions. Arizona, Hawaii, Kansas, Maryland, Michigan, Missouri, Nebraska, New Mexico, Ohio, South Carolina, and Tennessee are actively participating in the NGI program. The FBI is pursuing an aggressive deployment of the NGI program, scheduled for completion and full deployment by 2014.

Read the Letter:

CRG Coalition to Attorney General: Review FBI’s Massive Biometric Database