Privacy Organization Says FBI Director Shows “Reckless Disregard” for Privacy Rights of Americans
The Electronic Privacy Information Center (EPIC) has sued the FBI to obtain a secret agreement with the Department of Defense about “Next Generation Identification,” a biometric database containing detailed personal information on millions of Americans.
EPIC is a Washington-DC based civil liberties organization with a long history of successful Freedom of Information Act litigation against federal agencies. EPIC prevailed in a similar case against the FBI in 2014.
“Next Generation Identification” is one of the largest biometric databases in the world with digitized fingerprints, facial scans, and iris images on millions of Americans.
According to EPIC, the FBI has removed privacy safeguards even as the FBI has expanded the system.
“The FBI Director has shown a ‘reckless disregard’ for the privacy rights of Americans,” said Marc Rotenberg, President of EPIC. “Operating in secret, Director Comey has built a massive biometric database that places the privacy of all Americans at risk. And he has removed Privacy Act safeguards intended to ensure accuracy and accountability for the record system.”
In a previous FOIA lawsuit against the FBI, EPIC obtained documents which revealed that the FBI allows for an error rate of 20% in face recognition matches.
Jeramie Scott, Director of the EPIC Domestic Surveillance Project, said “The FBI biometric database raises significant privacy risks for Americans. Instead of fixing these problems and following the law, the Bureau has chosen instead to expand the program and remove barriers to data collection.”
Over the objections of EPIC and many organizations across the country, the FBI exempted itself from legal requirements for accuracy, relevancy, and transparency. EPIC said at the time, “Increasingly, the FBI is collecting information, including biometric information, for non-criminal reasons and keeping that data well beyond the original need for collection.” EPIC urged the FBI to comply with the federal law and limit data collection.
In June, a non-partisan coalition of 45 organizations asked Congress to undertake a comprehensive review of Next Generation Identification. Writing to leaders of both the House and Senate Judiciary Committees, the groups urged Congress to hold oversight hearings. The groups warned that “the FBI is retaining vast amounts of personal information and exposing millions of people to a potential data breach.”
In 2015 a breach of the Office Personnel Management record system compromised the personal information of 22 million federal employees, friends, and family members. The breach included 5 million digitized fingerprints (similar to the biometric identifiers stored by the FBI), and the form SF-86 used for sensitive background investigations.
EPIC has tracked the development of the FBI’s record systems for many years, urging the agency to comply with the federal Privacy Act and challenging the Bureau’s attempt to expand data collection practices.
In a similar open government case brought by EPIC against the FBI, a federal court ruled in EPIC’s favor in 2014, finding:
The dissemination of the material sought by EPIC, and the NGI system itself, are fairly within the public interest. The FBI’s own website proclaims that its current fingerprint identification system is the largest in the world. The implications of expanding this system to include multimodal biometric data and interoperability with existing and future technology are of significant public interest, whether in the form of EPIC’s concerns regarding liberty interests and privacy rights, the FBI’s concerns with more effectively combatting terrorism and crime, or otherwise. . . .
There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered.
In the most recent lawsuit, EPIC is seeking records pertaining to a memoranda of understanding between the FBI and DOD relating to biometric data transfers. EPIC sought these documents in a Freedom of Information Act request in April 2015. The FBI acknowledged receipt of the request but failed to provide the documents requested. EPIC then filed an administrative appeal. In September 2015, the FBI acknowledged that 35 pages of responsive records were located, but none of the records were released to EPIC. The Bureau said it had to consult with other agencies before releasing any records.
More than a year has passed since the last response to EPIC from the FBI. In the past year, the FBI has continued to expand the biometric database, obtain Privacy Act exemptions, and make determinations with adverse consequences for Americans across the country.
The case is EPIC v. FBI, No. 16-2237. Representing EPIC are EPIC President Marc Rotenberg, EPIC Senior Counsel Alan Butler, EPIC Domestic Surveillance Project Director Jeramie Scott, and EPIC Open Government Project Director John Tran.
EPIC is a non-profit public interest research organization in Washington, DC. EPIC was established in 1994 to focus public attention on emerging privacy and civil liberties issues. EPIC has prevailed in more than 40 Freedom of Information Act lawsuits against the federal government.
EPIC v. FBI , No. 16-2237
EPIC, “EPIC Sues FBI Over Biometric Data Program” (Nov 15, 2016)
https://epic.org/2016/11/epic-sues-fbi-over-biometric.htmlEPIC, Comments on Next Generation Identification, CPCLO Order No. 002-2016 (July 6, 2016)
EPIC, “EPIC v. FBI (Biometric Data Transfer Agreements)”
https://epic.org/foia/fbi/biometric-mou/default.htmlEPIC v. FBI , 72 F. Supp. 3d 338 (D.D.C. 2014) (“seeking to compel the FBI’s compliance with two Freedom of Information Act (“FOIA”) requests for the release of certain records related to the FBI’s Next Generation Identification (“NGI”) program.”)
EPIC, Next Generation Identification
http://epic.org/foia/fbi/ngi/Letter from 45 NGOs to Congress On Next Generation Identification (June 23, 2016)