The FBI’s Massive Facial Recognition Database Raises Concern

11,019 4 Loading

SH-79_1-BIGFacial recognition technology isn’t yet sophisticated enough to identify people accurately — something which most technology watchers cite as a reason not to be overly concerned, yet, about its privacy implications.

But the Federal Bureau of Investigation plans to start using the software anyway, according to papers obtained by the Electronic Frontier Foundation in a FOIA lawsuit. And when used by law enforcement agencies, imprecise facial recognition algorithms hold at least as much potential for abuse as a terrifyingly precise one, say civil liberties advocates.

The FBI has been building what it calls a Next-Generation Identification system to hold its identification data and, responding to political pressure in the wake of 9/11, to make it sharable between agencies. Civil liberties groups were tense about how more powerful suspect search-engines might affect average citizens, and that’s where the lawsuit came in.

mug_shot-Michael_MagnafichiThe papers the FBI turned over just last week reveal that it has been making impressive progress toward a facial recognition database with a wide-range of sources. But despite clear evidence that the software generates a lot of false positive and false negative results, the bureau’s progress toward guidelines on how the technology will be used is nowhere near as robust.

The database “may include as many as 52 million face images by 2015,” EFF said in an analysis of the government documents. It already contains more than 16 million images. More than 4 million come from non-criminal contexts, such as driver’s license photos.

But is the software, developed by MorphoTrust, accurate? The FBI’s criteria for accuracy specify that the object of the search will be returned in the top 50 candidates 85 percent of the time. That’s not bad, technically speaking, but for every false negative the algorithm spits out, there’s someone who could end up in an FBI interrogation room.

“We know from researchers that the risk of false positives increases as the size of the dataset increases—and, at 52 million images, the FBI’s face recognition is a very large dataset. This means that many people will be presented as suspects for crimes they didn’t commit. This is not how our system of justice was designed and should not be a system that Americans tacitly consent to move towards,” Jennifer Lynch, a senior staff attorney at EFF, wrote.

Civil liberties groups are displeased that the new database, unlike its predecessors, will draw in photos from civil sources, such as drivers’ licenses. Still, there’s no law prohibiting such merging of datasets, Chris Conley of the ACLU said. It just wasn’t practical before the digital age.

facial_recognitin_morphotrustBut the FBI has set loose rules about getting photos from sources beyond mug shots and government photo IDs. For instance, the documents say the bureau will get more than 200,000 images from “new repositories” — there’s no clarification of what those repositories may be. A poorly understood information-sharing program between the FBI and local law enforcement bodies would pour another 700,000 images into the database. Photos from social media are off-limits, though there are no procedures identified for enforcing the ban.

While few of us would enjoy being brought in for interrogation, law enforcement would be lax not to take use of powerful technologies like facial recognition at all. A few years from now, surveillance photos like those of the Boston Marathon bombers could lead directly to violent criminals.

So what’s the right way to use the technology?

“As a starting point with any technology, the goals should be in place and the system should be designed around those. We get concerned when the process is ‘let’s collect lots of data and figure out how to use it,’ without those specific guidelines in place,” Conley said.

Curiously, Conley's advice sounded a lot like common tech industry ground rules for web development projects.

Photos: Mikael Altemark/Flickr, State of Illinois, MorphoTrust

Cameron Scott

Cameron received degrees in Comparative Literature from Princeton and Cornell universities. He has worked at Mother Jones, SFGate and IDG News Service and been published in California Lawyer and SF Weekly. He lives, predictably, in SF.

Discussion — 4 Responses

  • hvw8 April 27, 2014 on 1:17 pm

    “Facial recognition technology isn’t yet sophisticated enough to identify people accurately — something which most technology watchers cite as a reason not to be overly concerned, yet, about its privacy implications.”

    According to the arXiv blog, face recognition algorithm are actually outperforming humans!

    • Karl Hörnell hvw8 April 27, 2014 on 10:43 pm

      Yeah, it clearly beats humans. I got 8/9 correct out of their sample images, their algorithm got 5 out of 9.

  • smurillo100 April 27, 2014 on 7:26 pm

    I don’t see the problem. I’d imagine that they currently have databases that search by name, age, race, height, weight, place of residence, etc. All of those criteria probably yield false results, but since people are not completely inept, they can still take the resulting data sets, and investigate accordingly. If facial recognition returns 50 results, I doubt they’ll just take that as evidence and blindly go grab someone from the street for questioning. They’d be smart enough to cross reference, and analyze the data, just like with any other criteria they´re currently searching for. At least, that would be my assumption.

  • cabhanlistis April 28, 2014 on 5:37 pm

    I would guess that the FBI isn’t going to rely on these image returns alone. They’ll certainly use them as guides to narrow their suspects, but while examining other information they’ll retrieve, such as travel habits and property.