FBI Director James Comey testified Wednesday in front of the House Judiciary Committee that a next generation identification database his agency is piloting, which could contain as many as 52 million facial images by 2015, will not stockpile photos of innocent civilians.
Rep. Zoe Lofgren, D-Calif., questioned Comey about the new FBI facial recognition technology, asking him about the kind of balance it would strike between security and privacy.
“We are in an interesting time where obviously we would want to pursue people who do us harm, people who would violate the law,” Lofgren said. “At the same time, in a digital age, the expectations of privacy are shifting. Getting it right in terms of legislation is not an easy task.”
Comey, though, clarified that private, non-criminal civilians should not be concerned with the FBI’s exploratory facial recognition technology. The agency will only collect images of criminals, the director said, “to see if we can find bad guys by matching pictures to mugshots.”
The FBI isn’t the first agency to integrate facial recognition technology into its work. The State Department uses the same technology with a database of more than 244 million facial images. In fact, both databases were built by the same contractor, MorphoTrust, which drew concern from Lofgren on the ability for the two to share records.
Comey, however, wasn’t sure if that could happen.
“I don’t know,” he said. “I haven’t heard of that as current capability or an intended capability.”
Likewise, MorphoTrust built systems for the Defense Department and 35 state motor vehicle departments. Sharing records between the FBI and state DMVs was another of Lofgren’s concerns.
Comey did, however, explain there are some cases where those records might be shared.
“I think there are some circumstances in which when states send us records, they’ll send us pictures of people who are getting special driving licenses to transport children or explosive materials or something,” he said. “But as I understand it, those are not part of the searchable next generation identification database.”
The Electronic Frontier Foundation begs to differ. In an April blog post, Jennifer Lynch wrote on the nonprofit’s blog that sharing DMV records is one of the biggest concerns with the FBI’s facial recognition system.
“The FBI failed to release records discussing whether MorphoTrust uses a standard (likely proprietary) algorithm for its face templates,” she wrote, basing her analysis on a Freedom of Information Act disclosure of records. “If it does, it is quite possible that the face templates at each of these disparate agencies could be shared across agencies—raising again the issue that the photograph you thought you were taking just to get a passport or driver’s license is then searched every time the government is investigating a crime.”
The FBI seems to be leaning in this direction, according to Lynch. “An FBI employee email notes that the ‘best requirements for sending an image in the FR system’ include ‘obtain[ing] DMV version of photo whenever possible.’”
The FBI’s next generation identification database is still in the testing phase. But Lofgren wanted to make sure Comey understood that if it were to expand into a full-blown project, his agency would need to know where to draw the line between what’s private and what isn’t.
“Things that are in plain sight that we know are not private take on a different quality when they become part of a massive database that can be searched,” she said. “So if you walk outside you door, you’re in plain sight, you know your neighbor can see you. But you don’t really expect that you would be photographed and be part of a massive database so that the government could know where you are at any given time. The pictures, the identifiers — they’re useful to law enforcement, but where do we draw the line on privacy for the American people?”