You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

EPIC v. FBI - Next Generation Identification

Seeking documents about the FBI's expansive biometric identification database

Top News

  • House Oversight Committee Holds Hearing on Facial Recognition: The House Oversight Committee held a hearing on Facial Recognition Technology (Part II): Ensuring Transparency in Government Use. EPIC submitted a statement for the Committee's earlier hearing concerning the impact of facial recognition on civil rights. EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau also proposed to exempt the database from Privacy Act protections. EPIC has sued the FBI for information about the agency's plans to transfer biometric data to the Department of Defense. (Jun. 7, 2019)
  • EPIC Urges House Oversight Committee to Investigate FBI's Use of Facial Recognition: EPIC has sent a statement to the House Committee on Oversight concerning Facial Recognition Technology. EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau also proposed to exempt the database from Privacy Act protections. EPIC has sued the FBI for information about the agency's plans to transfer biometric data to the Department of Defense. (May. 21, 2019)
  • EPIC Urges FBI to Limit Fingerprint-Based Background Checks: In response to a request for comments, EPIC has urged the FBI to expand its use of name-based — rather than fingerprint-based — background checks for noncriminal purposes, such as employment. The FBI currently uses fingerprints, stored in the Next Generation Identification (NGI) database, to conduct non-criminal background checks. "Names checks" were only conducted for individuals whose fingerprints failed the NGI matching requirements. EPIC told the FBI that the "name-based background check accomplishes the same purpose as the fingerprint-based background check without requiring the collection of sensitive biometric information." EPIC has opposed the expansion of the NGI system for non-law enforcement purposes. EPIC has also pursued a series of Freedom of Information Act requests to assess the reliability of the NGI system. (Jan. 9, 2018)
  • FBI Issues Final Rule on Biometric Database, Exempts Itself From Privacy Act Protections: The FBI has released a final rule claiming several Privacy Act Exemptions for the Next Generation Identification System, a database that contains the biometric data of millions of Americans, much of which is unrelated to law enforcement. EPIC had criticized the FBI's proposal to remove Privacy Act safeguards and urged the FBI to limit the scope of data collection and reduce the retention of data. However, in issuing the final rule the FBI repeatedly stated that exemptions would be used responsibly and in accordance with FBI policies and procedures. Through a FOIA lawsuit, EPIC obtained documents that revealed the NGI database contained an error rate of up to 20% on facial recognition searches. EPIC has identified several problems with the NGI database in statements to Congress oversight Committees, which have indicated strong concern about the FBI's facial recognition program. (Aug. 1, 2017)
  • EPIC Urges Congress to Examine FBI's Biometric Identification Program: EPIC has sent a statement to the House Appropriations Committee in advance of a hearing on the FBI's budget. EPIC urged the Committee to examine the FBI's Next Generation Identification program. EPIC explained that the program "raises far-reaching privacy issues that implicate the rights of Americans all across the country." The FBI biometric database is one of the largest in the world, but the Bureau proposed to exempt the database from Privacy Act protections. EPIC and others supported strong safeguards for the program. In an early FOIA case against the FBI, EPIC obtained documents which revealed high error levels in the biometric database. EPIC has recently filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense. (Jun. 20, 2017)
  • EPIC FOIA: EPIC Obtains Secret Inspector General Reports: Through a Freedom of Information Act lawsuit EPIC has obtained nonpublic reports from the Department of Justice's Inspector General. The documents include audits of drug control funds. Another set of documents include audits of other grant programs, as well as a list of information security audits conducted since 2005. EPIC also obtained a previously unpublished audit of a state lab's DNA database. The mission of the DOJ Inspector General is "to detect and deter waste, fraud, abuse, and misconduct in DOJ programs and personnel." EPIC also recently sued the Federal Bureau of Investigation to obtain information on the massive biometric database "Next Generation Identification." (Nov. 21, 2016)
  • EPIC, Coalition Demand Congressional Oversight of FBI's Vast Biometric Database: Today EPIC and a coalition of 45 organizations urged Congress to hold a hearing on the FBI’s massive biometric database and the risks of facial recognition technology. The letter follows the FBI’s recent proposal to exempt the "Next Generation Identification” database from Privacy Act safeguards—including requirements for accuracy, relevancy, and transparency. The civil liberties organizations said that “the FBI is retaining vast amounts of personal information and exposing millions of people to a potential data breach.” In the EPIC v. FBI FOIA case, EPIC obtained documents which revealed high error levels in the biometric database. (Jun. 23, 2016)
  • GAO Report: FBI’s Use of Face Recognition Fails on Privacy and Accuracy: The Government Accountability Office released a report today detailing the FBI’s failure to conduct a privacy audit of the agency’s use of facial recognition or adequately test the accuracy of the technology. EPIC and a coalition of public interest groups recently urged the Justice Department to extend the public comment period for the FBI’s Next Generation Identification database, which includes facial recognition capabilities. Previous Freedom of Information Act requests by EPIC showed that the agency had numerous agreements with states to access driver license photos for facial recognition searches and that technical specifications allowed for a 20% search error rate. (Jun. 15, 2016)
  • EPIC, Coalition Seeks Time to Review FBI Biometric Database: EPIC and a coalition of civil rights, privacy, and transparency groups urged the Department of Justice to extend the public comment period for the FBI’s Next Generation Identification database. The FBI database contains biometric data, such as fingerprint and retinal scans, on millions of Americans and raises significant privacy risks. The FBI is proposing to exempt the database from Privacy Act obligations, including legal requirements to maintain accurate records, permit individual access, and provide civil remedies. Errors plague the NGI database. In a FOIA caseEPIC v. FBI, EPIC obtained documents, which showed that the FBI accepted a 20% error rate for facial recognition matches. (Jun. 1, 2016)
  • Senate Judiciary Committee Hearing on FBI to Consider Drones, Facial Recognition: The Senate Judiciary Committee's oversight hearing of the FBI will take place of Wednesday, May 21. This is the first FBI oversight hearing since James Comey took over as Director. At the last oversight hearing, Director Mueller admitted that the FBI uses drones for domestic surveillance. The FBI promised to establish privacy guidelines but has failed to do so. The FBI has also failed to address the privacy implications of license plate readers and facial recognition technology. The FBI's Next Generation Identification program, a massive biometric system, is set to go fully operational this year; yet the agency has not established civil liberties safeguards. The database will employ facial recognition, iris recognition, and voice recognition. Documents obtained by EPIC under the FOIA indicate the agency is prepared to accept a 20% error rate for recognition techniques. For more information, see EPIC v. FBI - Next Generation Identification. (May. 20, 2014)

Background

The Federal Bureau of Investigation is developing a biometric identification database program called "Next Generation Identification" (NGI). When completed, the NGI system will be the largest biometric database in the world. The vast majority of records contained in the NGI database will be of US citizens. The NGI biometric identifiers will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and photographs. The system will include facial recognition capabilities to analyze collected images. Millions of individuals who are neither criminals nor suspects will be included in the database. Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Drivers license photos and other biometric records collected by civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras. The Department of Homeland Security has expended hundreds of millions of dollars to establish state and local surveillance systems, including CCTV cameras that record the routine activities of millions of individuals. There are an estimated 30 million surveillance cameras in the United States. The NGI system will be integrated with CCTV cameras operated by public agencies and private entities.

The NGI database will be used for both law enforcement and non-law enforcement purposes. It will be available to law enforcement agencies at the local, state, and federal level. But it will also be available to private entities, unrelated to a law enforcement agency. Using facial recognition on images of crowds, NGI will enable the identification of individuals in public settings, whether or not the police have made the necessary legal showing to compel the disclosure of identification documents. The New York City Police Department began scanning irises of arrestees in 2010; these sorts of records will be entered into NGI. The Mobile Offender Recognition and Information System (“MORIS”), a handheld device, allows officers patrolling the streets to scan the irises and faces of individuals and match them against biometric databases. Similarly, children in some school districts are now required to provide biometric identifiers, such as palm prints, and are also subject to vein recognition scans. Clear, a private company offering identity services based on biometric identifiers, attempted to sell the biometric database of its users after its parent company, Verified Identity Pass, declared bankruptcy. The transfer of the biometric database was blocked by a federal district court judge.

There is a substantial risk that personally identifiable information could be lost or misused as a result of the creation of the NGI system. Among the private contractors involved in the deployment of NGI are Lockheed Martin, IBM, Accenture, BAE Systems Information Technology, Global Science & Technology ("GST"), Innovative Management & Technology Services ("IMTS"), and Platinum Solutions. Arizona, Hawaii, Kansas, Maryland, Michigan, Missouri, Nebraska, New Mexico, Ohio, South Carolina, and Tennessee are actively participating in the NGI program. The FBI is pursuing an aggressive deployment of the NGI program, scheduled for completion and full deployment by 2014.

EPIC's Freedom of Information Act requests

In 2012, EPIC filed two Freedom of Information Act (FOIA) requests for documents related to the FBI's NGI system. One request sought technical specifications related to the roll out of the NGI system. The other sought contracts between the FBI and the private entities developing the system. The FBI did not promptly comply with the law's requirements and has so far failed to give EPIC any responsive documents. After the agency failed to comply with the Freedom of Information Act, EPIC filed a lawsuit in federal district court.

FOIA Documents

Legal Documents

Resources

Pages

FBI Websites

News Reports

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security