The FBI can scan more than 400 million photos — much more than previously thought — using its facial recognition program, but the agency has not fully tested the accuracy of its software, according to a government watchdog.
In a report publicly released Wednesday, Government Accountability Office auditors found that the intelligence bureau’s recognition program, the Next Generation Identification – Interstate Photo System, could access images from the departments of State and Defense as well as criminal mug shots, biometric data, and the driver’s license data from 16 states. Yet, even though the FBI began piloting the program in 2011, it has yet to conduct key tests to see whether the matches NGI-IPS produces are correct.
“Because the FBI does not conduct operational reviews that would assess the accuracy of face recognition searches on NGI-IPS, it risks spending resources on a system that is not operating as intended and also may miss opportunities for improving the system,” the report said.
NGI-IPS, which only the FBI can access for criminal investigations, uses photo submissions from law enforcement entities across the country to create a list of candidates who resemble a photo in an investigation. Before the FBI deployed the software, officials tested the program’s accuracy. However, auditors found, the bureau did not conduct tests on searches that produced fewer than 50 candidates.
“[A] smaller candidate list would likely lower the detection rate because a smaller candidate list may not contain a likely match that would be present in a larger candidate list,” according to some officials, the report said.
Auditors also found that the FBI also did not fully disclose the amount of information it had, the report said.
Sen. Al Franken, D-Minn., who requested the report, said it raised “serious concerns” about how the size and oversight of the FBI’s program could impact safety and privacy.
“Facial recognition technology is a new and powerful tool that holds great promise for law enforcement,” he said in a statement. “But if we don’t ensure its accuracy and guard against misuse, I am concerned about the risk of innocent Americans being inadvertently swept up in criminal investigations.”
The report offers the FBI six recommendations, including that it “[c]onduct tests of NGI-IPS to verify that the system is sufficiently accurate for all allowable candidate list sizes.”
The day the report was released, the National Telecommunications and Information Association brought in business and advocacy groups to discuss ways to enforce privacy and accuracy standards for facial recognition technology.
At the NTIA meeting, officials drafted guidelines on facial recognition software to stress the importance of transparency, security and the opportunity to control sharing. In the document, board members encouraged groups to let people know if they are using facial recognition and how it is being used, as well as making sure the collected data remains safe.
The Center for Democracy and Technology found that the guidelines lacked sufficient privacy protections and withdrew its support.
“Facial recognition technology raises serious privacy concerns, whether it is used for retail tracking, photo tagging, or public targeting,” CDT Deputy Director of Privacy & Data Michelle De Mooy said in a statement.
She added, “At a minimum, businesses should notify consumers and seek permission when facial technology is used, especially if it’s being deployed to track them in public or inform decisions on issues such as employment, health care, credit, or housing.
Contact the reporter on this story via email: Jeremy.Snow@FedScoop.com. Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here: fdscp.com/sign-me-on.