US federal agencies use extensive facial recognition technology
A recently-released government report sheds light on the extensive use of biometric facial recognition technologies in the U.S. Among 42 federal agencies that were surveyed, 20 use facial recognition technologies for various purposes connected to law enforcement, according to a report that the Government Accountability Office, the counterpart of Israel's Office of the State Comptroller and Ombudsman, submitted to Congress. The survey, which was carried out at the request of a number of Democratic senators and congressmen who raised concerns over improper use, violation of privacy of citizens and misidentification, covered the period between August 2019 and April 2021.
Among the agencies that use biometric identification are the
FBI, the Secret Service, the Federal Bureau of Prisons, U.S. Customs and Border
Protection, the Pentagon Force Protection Agency, the U.S, Marshalls Service,
U.S. Immigration and Customs Enforcement (ICE, which was criticized for having
separated parents and their children who attempted to cross the border
illegally), the U.S. Capitol Police, the Drug Enforcement Administration, the
U.S. Fish and Wildlife Service, the U.S. Postal Inspection Service, the U.S.
Park Police and the Criminal Investigation Division of the Internal Revenue
Service.
System with three billion photos used for investigation of
race riots and the storming of the Capitol
The various agencies reported the use of many systems
including biometric technologies, some of which include stored photos. The
Bureau of Prisons, for example, as of March 2020, had about 8,000 photos of its
employees and contractors in its access control system. The Office of
Biometrics and Identity Management reported that its automated biometric
identification system included about 836 million facial images as of March
2020. They included passport, visa application and mug shot photos. The
controversial Clearview AI company, whose services are used by 10 of the
surveyed federal agencies, has about three billion publicly available photos
that were all collected from the internet.
Among the 20 agencies, 14 reported that they use these
technologies to help investigate crime. Thus, for example, the advanced system
used by the FBI includes more than 40 million photos, and helps investigations
of violent crime, credit card and identity fraud, missing persons and more. The
biometric system of the Department of Homeland Security enables the search of
the system for an unknown individual, and offers potential matches – in other
words, generation of investigative leads.
On May 25, 2020, a white policeman in Minneapolis murdered
African-American George Floyd, leading to civil unrest throughout the country
including demonstrations and rioting. Six federal agencies reported that during
the period between the murder and August 2020, they used images from those
incidents via facial recognition technologies as well as existing systems such
as that of Clearview to carry out investigations of criminal acts that were
committed (vandalism, looting and other violence). The agencies included the
FBI, the U.S. Marshalls Service, and the Bureau of Alcohol, Tobacco, Firearms
and Explosives.
Another major incident related to extensive use of these
technologies was the storming of Capitol Hill on January 6. The Capitol Police
used Clearview's system to try to identify some of the attackers, U.S. Customs
and Border Protection used its system to conduct searches while cooperating
with additional law enforcement agencies, while the Bureau of Diplomatic
Security conducted searches using the biometric system of the State Department
and shared the information with additional agencies (the published report
serves as the unclassified version of what was submitted to Congress two months
ago , and does not include all the information about cooperation).
But of course, these technologies were not intended only for
law enforcement purposes, but also for extensive surveillance and
identification. For example, the Secret Service piloted a system to check
whether it is possible to add identification technologies to its security
operations; U.S. Courts, Probation and Pretrial Services enabled remote
verification of identity during the COVID-19 pandemic for an online meeting
with the probation or pretrial officer; and U.S. Customs and Border Protection
is testing and deploying the technology in phases for everyone entering or
exiting the U.S. by air, sea or land (as anyone who has arrived in the U.S. for
a visit in recent years knows), and there are many more uses among the various
agencies.
Among the matters of concern arising from the report are
that 13 out of the 14 agencies are helped by external facial recognition
technologies (that is to say, not of the agency itself but rather of a
commercial entity such as Clearview or Israel's Vigilant Technologies), and
there is no data on the names of the software or the systems that the employees
are using, or they only have partial data and therefore are unable to properly
estimate the risks involved in terms of privacy and misidentification (for
example, racial bias).
In addition, the lack of supervision as well as the
possibility of surveillance of employees on this sensitive issue creates
concern over improper use. Those agencies include the FBI, the Secret Service,
the Capitol Police, the Postal Inspection Service and others. The writers of
the report strongly recommended to set up control mechanisms as soon as
possible.
"When agencies use facial recognition technology
without first assessing the privacy implications and applicability of privacy
requirements, there is a risk that they will not adhere to privacy-related
laws, regulations, and policies," the report said. "There is also a
risk that non-federal system owners will share sensitive information (e.g.
photo of a suspect) about an ongoing investigation with the public or
others." The report also notes concerns raised by various organizations
regarding breaches that could reveal sensitive data. "Because a person’s
face is distinctive, permanent, and therefore irrevocable, a breach involving
data derived from a face may have more serious consequences than the breach of
other information, such as passwords, which can be changed."
Comments
Post a Comment