Congress

Lawmakers fear that the FBI and TSA are misusing facial recognition tech

Law enforcement and national security agencies implementing new technology ‘without any real guard rails,’ top Democrat warns

A U.S. Customs and Border Protection officer instructs an international traveler to look into a camera as he uses facial recognition technology to screen a traveler entering the United States on February 27, 2018 at Miami International Airport in Miami, Florida. Both Democrats and Republicans on the House Committee on Oversight and Reform grilled leaders of the FBI and Transportation Security Administration on Tuesday about whether they are running afoul of privacy and transparency laws in their use of facial recognition software. (Joe Raedle/Getty Images)

Both Democrats and Republicans on the House Committee on Oversight and Reform grilled leaders of the FBI and Transportation Security Administration on Tuesday about how their use of facial recognition software conflicts with transparency and privacy laws.

“This technology is evolving extremely rapidly without any real guard rails,” Oversight Chairman Elijah Cummings warned in his opening statement at Tuesday’s hearing, the panel’s second in less than a month on facial recognition. “Whether we are talking about commercial use or government use, there are real concerns about the risks that this technology poses to our civil rights and liberties and our right to privacy.”

Democrats and Republicans on Oversight have not agreed on much so far this Congress, as Cummings has pursued multiple investigations into President Donald Trump’s administration and personal finances.

But members from both parties criticized the FBI and TSA for implementing new facial recognition technology without proper testing, transparent updates and assessments of accuracy and the impact on civil liberties. Lawmakers expressed concerns about law-abiding Americans’ rights to privacy, which include ensuring proper storage of photographs on government databases and preventing improper arrests based on imperfect facial recognition technology.

Kimberly Del Greco, the deputy assistant director of the FBI’s Criminal Justice Information Services section, sought to reassure lawmakers.

“At the FBI, trust is crucial,” Del Greco said. “Protecting the privacy and civil liberties of the American people is part of our culture.”

FBI’s facial recognition procedure

The bureau has internal procedure guidelines requiring agents to comply with the Fourth Amendment and other federal and local privacy laws when they attempt to match “probe photos” — images of unidentified suspects from a crime scene — with photos of people in their database.

There have been no recorded abuses of the facial recognition system to date, Del Greco testified Tuesday.

Del Greco said the FBI and other law enforcement agencies have been analyzing side-by-side comparisons of probe photos to database photos for decades. The process for developing leads on suspects using facial recognition is not different — the technology is.

The FBI’s facial recognition procedure falls into two categories: searches within its own database of 30 million criminal mugshots, and searches in local authorities’ databases.

If law enforcement agents get a potential match, they must treat it like an investigatory lead, not a suspect’s “positive identification,” Del Greco testified. She said the bureau's algorithm had an accuracy rate of  99.12 percent, according to internal testing. 

Lawmakers and an agency leader from the U.S. Government Accountability Office disputed the methodology that produced that metric.

Twenty-one states also allow the FBI to submit probe photos to cross-reference with their own local databases, many of which include noncriminal photos such as driver’s license images.

Some lawmakers argued the FBI should not have access to noncriminal photos. Del Greco said the agency does not have access. Rather, it submits photos to partner state authorities that run their own facial recognition analyses and provide any potential matches back to the FBI.

No accountability

Gretta Goodwin, director of the GAO’s Homeland Security and Justice division, said the FBI has continually failed to comply with standards and recommendations the office made in 2016 to provide transparent updates about a facial recognition system introduced during President Barack Obama’s administration.

Ohio Rep. Jim Jordan, the top Republican on the Oversight panel, railed against the FBI Tuesday, accusing the agency of dodging its responsibility to thoroughly report and test new facial recognition procedures.

“Ms. Del Greco said, ‘We have strict standards. You can count on us. We’ve got memorandums of understanding with the states to safeguard people.’ That’s what she told us. But when they started this system... there were five key things they were supposed to follow, and they didn’t,” the Ohio Republican said. “But we’re supposed to believe, ‘Don’t worry, everything’s just fine.’”

Concerns at TSA

The Transportation Security Administration is still in the preliminary stages of implementing facial recognition technology to prevent terrorists from boarding domestic and internationally bound planes.

In pilot programs at airports in Los Angeles, New York, and Atlanta, passengers have stood for photos that are fed to a facial recognition system that matches the images with the IDs — passports, driver’s licenses — they provide.

ID scans and photos of passengers on domestic flights are immediately discarded, but Austin Gould, TSA’s assistant administrator for requirements and capabilities analysis, said images of international travelers are kept on file.

In effect, international travelers have a choice: either submit to having a photo stored in a TSA database, or don’t travel internationally.

Democratic Rep. Stephen Lynch of Massachusetts reminded Gould that U.S. agencies don’t have a good “track record” of keeping databases with sensitive identity information secure.In 2014, Chinese hackers stole the personal information — including social security numbers — of roughly 20 million American government workers in the U.S. Office of Personnel Management database.“Adhering to cybersecurity rules associated with this program is something we take very, very seriously,” Gould said.“I hope so,” Lynch said.

Get breaking news alerts and more from Roll Call on your iPhone.