Think you can escape the biometrics matrix because you've never been arrested, or because you are a US citizen? Not so fast.
As EFF's Jennifer Lynch observes in her superb report on government biometrics programs, while the US government currently collects the vast majority of biometrics through criminal justice, immigration and military channels, the government is increasingly deploying biometrics technologies that can and will ensnare all of us, criminal record and citizenship status aside.
The federal government has been investing billions of dollars into projects that enable the incidental and stealth collection of our biometric data, but we lack the statutory protections we need to protect our privacy.
All signs point to this problem getting worse, because instead of legislating to protect us against these growing threats, Congress is authorizing more funds for the development of military and civilian technologies that will inevitably come back to haunt us.
The FBI has fingerprint and face recognition-ready photos (or "face prints") on every person arrested in the United States in recent decades, and DHS has millions of records of foreign-born people and visitors to the United States. The US military has been capturing and storing biometrics data on Iraqis and Afghanis for nearly a decade now. The State Department maintains a biometrics database of its own, which includes information on everyone who has applied for a visa to visit the United States in recent years.
All of this information -- biometrics data on US persons, immigrants, visitors to the country, Iraqis and Afghanis -- will soon be retained in a joint FBI-DoD data center in West Virginia, called the Biometrics Technology Center.
The categories of biometrics the government collects, and the methods it uses to collect them, are expanding, too.
Lynch breaks down the biggest biometrics containers in the world, all US government programs: the FBI's Integrated Automated Fingerprint System (IAFIS) and DHS' Automated Biometric Identification System (IDENT), the latter part of the US Visitor and Immigration Status Indicator Technology program (US-VISIT). Additionally, the US Department of Defense maintains the Automated Biometric Identification System (ABIS), containing palmprint, face print and iris scan records on about 6 million people. And the State Department's Consular Consolidated Database (CCD) holds more than 110 million records and 90 million photographs.
The FBI's IAFIS contains biometrics collected via both criminal and civil processes. If you are arrested in the United States your fingerprints will be stored in and checked against the database. People who apply for jobs requiring federal background checks, including "childcare workers, law-enforcement officers, lawyers and federal employees" must submit their fingerprints to the FBI, where they are checked against existing criminal records and then stored in IAFIS. Lynch reports that there are "over 71 million subjects in the criminal master file and more than 33 million civil fingerprints." Over 18,000 law enforcement agencies "at the state, local, tribal, federal and international level" access and contribute data to IAFIS.
The DHS biometrics warehouse, IDENT, obtains data from any "individuals who interact with the various agencies under the DHS umbrella, including Immigrations and Customs Enforcement (ICE), US Citizenship and Naturalization Services (USCIS), Customs and Border Protection (CBP), the Transportation Security Administration (TSA), the US Coast Guard, and others," including the State Department. "IDENT processes more than 300,000 "encounters" every day and has 130 million fingerprint records on file," Lynch writes.
Each state has its own biometrics database, and some regions have regional databases, many of which include DNA data. In some states, like Massachusetts, the government plans on retaining automatic license plate recognition capture data in its Criminal Justice databases, alongside biometric data of arrestees and civil license applicants. As Lynch points out, the pooling of these disparate data points presents a serious threat to our liberty because it "increases the potential for tracking and surveillance."
The means by which the government collects biometrics data from us are changing rapidly, though these advances are happening largely under the radar. While the retention and sharing of biometrics data collected at borders, in other nations and from arrestees pose serious threats to our liberty, we must also pay closer attention to the rapid development of technologies that enable the incidental and stealth collection of biometrics data.
You mustn't be arrested or pass through a border in order to get caught up in a biometrics database. For most US persons, the most likely path to a biometrics database is through your local RMV. Most states require that people take off their glasses and hats and maintain a neutral facial expression in their drivers' license photos, rendering the photographs face recognition ready.
Instead of applying protections to prevent the wholesale dumping of civil biometrics data like drivers license "face prints" into criminal biometrics databases, some states are taking the plunge in precisely the wrong direction. In 2008, the FBI teamed up with the North Carolina Division of Motor Vehicles in a program called "Fask Mask," which automatically checks all 30 million drivers' license photographs against the FBI's biometrics files. This is a perfect example of incidental biometrics collection that could affect hundreds of millions of people with the push of a button.
Stealth biometrics collection is pretty creepy, too, and the government is extremely interested in the development of technologies that will enable it to more easily identify us at a distance, without our knowledge. It's one thing to be photographed in a mug shot, or to be physically fingerprinted. It's something else entirely to have your biometrics data taken surreptitiously. From a National Institutes of Justice 2010 grant advertisement:
The U.S. Department of Justice (DOJ), Office of Justice Programs (OJP), National Institute of Justice (NIJ) is pleased to announce that it is seeking applications for funding for research and development, or evaluation, of cost-effective, hand-held biometric devices capable of identifying an individual at a distance. NIJ is especially interested in research and development proposals for technology to identify or verify the identity of a person at a distance of 1000 meters.
The government wants to be able to surreptitiously identify us from a distance of 1000 meters, the equivalent of more than 10 football fields. But that's not all: the government also wants to be able to detect people in "live or taped video," or from images online.
NIJ is funding several development efforts to detect faces in live or taped video, or Web pages and optimize the facial image and compare it to large image databases. One project will apply these technologies to access control, controlled surveillance and web searches for missing or exploited children. The Defense Advance Research Projects Agency (DARPA) recently has initiated a HumanID program with the goal of developing and demonstrating advanced surveillance methods that automatically detect, recognize and identify individuals from a distance and alert operators to any potential security concerns.
Beyond basic image-to-image comparison of faces, there have also been breakthroughs in 'video-to-video' matching and 'still-face-to-video' matching. Improvements in face recognition technology will continue with programmatically focused investments by government agencies. For example, the U.S. Special Operations Command (USSOCOM) funded a proof-of-concept effort to create handheld, mobile binoculars capable of automatic face recognition at ranges up to 100 meters in outside daylight.
In mid May 2012 I photographed a bunch of surveillance cameras in a Boston subway station and was approached by a transit police officer who proceeded to interrogate me about what I was doing. That he found me suspicious wasn't particularly shocking given that the Department of Homeland Security and the Department of Justice have for years been training police to watch out for people "overly" interested in surveillance or concerned about their privacy. The FBI even considers the latter to be a possible indicator of terrorist activity!
I got pretty up close and personal with those many surveillance cameras, so the following police statement, pulled from a very interesting article in The Bay Citizen, is more than a little worrying. Describing how San Franscisco Police officers share information with federal agencies through the "Terrorism Liaison Officer" program, the manager of the project said:
If we think it might have a nexus to terrorism, we would forward it to NCRC...There have been instances of unknown people taking pictures of security cameras around the city, that were considered high sensitivity. We forward that over to [the surveillance center] so they’d be aware there was some possible security issue.
We can safely bet that police in Boston have received training similar to that given their counterparts in the Bay Area. Does that mean that agents in the Commonwealth Fusion Center or the Boston Regional Intelligence Center are currently poring over my data, figuring out whether or not I'm a threat to the Commonwealth or the nation because I took some pictures of surveillance cameras in a subway station? I hope not, but it's certainly possible.
When the government can use face-recognition enabled surveillance cameras to identify us from our "face prints", perhaps compared against our drivers' license photos, we have lost our ability to walk anonymously in public streets. It's already a nightmare scenario, and the DOJ appears intent on making it worse.
The new mobile biometric devices allow first responders, police, military and criminal justice organizations to collect biometric data with a handheld device on a street corner or in a remote area and then wirelessly send it for comparison to other samples on watch lists and databases in near real-time.
The FBI's "Biometrics Center of Excellence" is working hard and fast to develop "breakthrough" biometrics identification tools like the "Automated Face Detection and Recognition" (AFDAR) project, also known as "Cluster Base", "a forensic image analysis tool that locates faces within images and clusters them based on similarity." These tools "process stills and video, allowing investigative agencies to analyze large collections of images and video recordings."
Lynch, the Immigration Policy Center and EFF propose a number of needed fixes that taken together could stop the hemorrhaging of our rights as biometrics technology advances and increasingly finds itself in the hands of local and state police. They advise that policymakers institute clear rules to:
"Limit the collection of biometrics; define clear rules on the legal process required for collection; limit the amount and type of data stored; limit the combination of more than one biometric in a single database; limit data retention; define clear rules for use and sharing; enact robust security procedures to avoid data compromise; mandate notice procedures; define and standardize audit trails and accountability throughout the system; [and] ensure independent oversight."
Unfortunately, none of those things is happening today. Instead, the federal government is investing loads of money into advanced biometrics research and doling out millions to state and local police to acquire biometrics ready technologies, the better to eviscerate whatever privacy in public we have left.
Congress and your state legislators won't pay any attention to these problems unless we make a stink about them. The government says we need to pool biometric data and give local police access to military grade mobile detection technology in order to keep us safe.
Do you believe that? Is that how you want to spend your money? And is the coming total surveillance society one you want to live in?
If your answers to these questions are 'no', share this information with your friends and family. Surveillance programs like these are powerful because they operate in the shadows. Don't let them.