The FBI is working on augmenting the modest fingerprint with biometric data to help chase bad guys as part of its $1 billion ID system upgrade, and privacy advocates are concerned if the Feds can get it right.
The fallout between advocates and detractors could have a big influence on the widespread use of biometrics in IT and cloud IAM projects, with the biggest issues likely being liability for those that collect and store the data.
In the FBI's case, the sticking point is how the information is used.
The agency is spending $1 billion on its Next Generations Identification (NGI) program to complement the humble inkpad and the human index finger as a way to catch crooks.
The project started in 2008 when the FBI awarded Lockheed Martin a 10-year, $1 billion contract to develop and maintain the NGI for use by state, local and federal authorities. The critical mass of rollouts is expected to come in the next few years with 2018 the target date for completion of the initiative.
The NGI’s most talked about development is facial recognition, which has been in pilot mode since late 2011 in Michigan, Hawaii, and Maryland. Other biometric projects include palm prints (also in pilot mode), along with voice recognition and iris scans to complete a multimodal biometric ID system.
As part of the facial recognition efforts, officials have been scanning law enforcement mug shots looking for matches, but FBI officials want to be able to pick faces out of crowds and hope to start with a database that will contain 12 million searchable frontal photos.
Will yours be one of them?
Privacy groups worry that citizens will be subject to invasions of privacy and to having their freedom of expression curtailed.
“There is a real chilling effect on freedom of expression when you feel you are under constant surveillance by the government,” Ginger McCall, Open Government counsel for the Electronic Privacy Information Center, told Thom Hartmann late last year on The Big Picture television program.
Minnesota Sen. Al Franken, chairman of the Judiciary Committee's Subcommittee on Privacy, Technology and the Law, has spoken out about how facial recognition could be abused by law enforcement or government agencies to identify protesters or participants of political rallies.
Take the recently completed political conventions. Otherwise innocent demonstrators outside the arena could find their faces in a national database and be subject to questioning or harassment if publicly identified. Could you be at the same protest and standing next to a suspected bad guy and get linked to that person in the database?
On the other hand, authorities may be able to pick out known terrorists and thwart attacks.
Will people be compelled to limit their support of contentious issues or controversial events? What if getting out of the FBI photo database (or at least deleting the metadata associated with your picture) was akin to getting information deleted from your credit report? Possible, but not always realistic or prompt.
The technology was not so well received when Facebook rolled out its version last year. Ironically, the U.S. government had concerns, along with the European Union.
So far the FBI is only uploading the pictures of known criminals, according to the July Senate testimony of Jerome Pender, the FBI’s deputy assistant director. The agency also has revealed it has been conducting privacy assessments since 2006.
The ongoing battle over biometric data will impact the identity management landscape. The storage, use and protection of that data will likely pose a heavy liability for those that collect it.
Is this the inevitable march of technology, or is now the time to work out issues before the technology hits critical mass?