The FBI is trying to avoid accountability for its massive biometric database which will store vast amounts of our most personal data: our faces, fingerprints, iris scans, even our tattoos in one place.
The database itself a very dangerous thing, made worse by the fact that the FBI wants to exempt it from provisions of the Privacy Act that will allow us to ensure that the FBI is not misusing the data.
The following was originally published on July 5, 2016 by Sue Udry:
The Bill of Rights Defense Committee/Defending Dissent Foundation (BORDC/DDF) is a national organization that protects the right of political expression to strengthen participatory democracy, and works to fulfill the promise of the Bill of Rights for everyone. We are not just a group that defends political expression, we are an organization that has in the past been deprived of its civil liberties by the Federal Bureau of Investigation (FBI). In 1986, it was revealed that the FBI had accumulated 132,000 pages of surveillance files on our founder, Frank Wilkinson, because of his political activities. A federal judge ordered the FBI to cease its spying on Wilkinson.
It is because of our mission and own experiences, that we are deeply concerned with the FBI’s request that its Next Generation Information (NGI) database be exempt from key provisions of the Privacy Act. The Privacy Act prohibits the government from tracking individuals’ First Amendment activity, the way the FBI tracked Frank Wilkinson. While the FBI is not asking to be exempt from this provision of the Privacy Act, they are asking to be exempt from the enforcement provision. The enforcement provision is what would allow an individual who was improperly monitored to bring suit against the FBI, forcing the FBI cease such spying. Individuals who are tracked for their First Amendment activity are left with no remedy.
It is never acceptable, baring a bona fide criminal investigation, to track First Amendment activity. The entire purpose of the First Amendment is to prevent the government from interfering with free speech and religion. Allowing the government to track such activity runs contrary to this purpose. While this may not be an exemption from the Privacy Act’s First Amendment protections, by making them unenforceable there is little to stop the FBI from violating them. This is not a remote possibility, such provision are in the Privacy Act because of the FBI’s past record of politically motivated monitoring.
The Privacy Act exists both to protect the personal privacy of individuals, as well as to give them the right to know what records the government keeps on them. However, if the FBI is granted the exemptions it wants for the NGI database, individuals will be essentially in the dark. They will not know what information about them is in the database or even if the records kept about them are correct. This complete lack of transparency will not only make it impossible for individuals to correct erroneous records, but this total lack of transparency makes the potential for the database to be abused much greater.
The potential for abuse is particularly unsettling given the sensitive information the database will hold. The NGI database will hold people’s biometric data, which can include fingerprints, faces, iris scans and pictures of tattoos. If the FBI is to create a massive database containing sensitive, personal information about Americans there must be proper safeguards in place to make sure personal privacy is protected.
The FBI, however, has given us significant cause for concern that it does not adequately understand the important privacy interests at stake. Even though the NGI was launched in 2008, it was not until 2016 The FBI issued a basic privacy notice. Starting in 2011, the FBI began allowing state and local police to run facial recognition searches of NGI in 2011. They did not issue a Privacy Impact Assessment on its updated facial recognition system until September 2015 and this came only after repeated pressure from civil society groups. The last thing we need is for the NGI database to be clouded in any more secrecy. Exempting the NGI from key provisions in the Privacy Act will do just that.
The NGI database also raises serious concerns about its disparate impact on certain groups. For example, given the disproportionate rate at which African-Americans and Latinos are arrested, we know they are over enrolled in the NGI database. This would be disconcerting in and of itself, but becomes even more so when one takes into account that facial recognition technology misidentifies African-Americans at a higher rate than other people and that African-Americans are more likely to miss time for work due to incomplete FBI records. The inability to determine if you are in the NGI database and correct mistaken information will particularly affect minorities.
The NGI database will also have a disparate impact on immigrants. While some documented immigrants qualify for an exception, the overwhelming majority of them have their fingerprints searched against the NGI database and then added to it–even though they have never committed a crime. Every time law enforcement searches the NGI database, they are searching through the fingerprints of these documented immigrants.
Over forty years ago, Senator Sam Ervin warned us about what the government’s “technical capacity to store and distribute information” meant for our Bill of Rights:
Each time we give up a bit of information about ourselves to the Government, we give up some of our freedom: the more the Government or any institution knows about us, the more power it has over us. When the Government knows all of our secrets, we stand naked before official power. Stripped of our privacy, we lose our rights and privileges. The Bill of Rights then becomes just so many words.
We remain opposed to the FBI maintaining a massive database filled with sensitive information about large numbers of people, as the agency has consistently abused its authorities in ways that are not consistent with the Constitution or a free society. At the very least, the FBI must adopt transparency and implement clear checks on potential abuses of the NGI database. The Privacy Act, by allowing people to know what records are kept on them and prohibiting the tracking of data based on First Amendment protected activities, helps to achieve these aims. The FBI cannot be allowed to make the NGI database exempt from any of the provisions of the Privacy Act.
In addition to filing these comments, the Bill of Rights Defense Committee/Defending Dissent Foundation endorses the comments filed by the The Center on Privacy and Technology at Georgetown Law, the Electronic Frontier Foundation, The Brennan Center for Justice, and the Oakland Privacy Working Group.