FBI's next-gen identification system stirs Big Brother fears

The FBI says it will make the world a safer place by "[reducing] terrorist and criminal activity." But privacy and civil liberties advocates say it is installing the infrastructure for Big Brother.

Meet Next Generation Identification (NGI), a nationwide system the agency has had in development for several years that will allow it to monitor and identify "persons of interest" through multiple biometric means.

Using traditional methods -- like fingerprints -- to track criminals will continue, but they are pretty much last century. NGI will include voice recognition, iris and retina scan data, facial recognition and DNA analysis.

And those identifiers will all be integrated with thousands of closed-circuit television (CCTV) surveillance camera systems that now monitor streets and other public areas as well as banks, casinos, airports, military installations, restaurant parking lots and convenience stores.

The expansion of public surveillance cameras over the past five years has been funded in part by $300 million in federal grants to state and local governments, says the American Civil Liberties Union (ACLU).

Jennifer Lynch, staff attorney at the Electronic Freedom Foundation (EFF), wrote in a blog post that the FBI plans to roll out its facial recognition program in four states - Michigan, Hawaii, Maryland and possibly Oregon -- and when it is fully deployed in 2014 expects its facial recognition database will contain at least 12 million 'searchable frontal photos.'"

Jesus Diaz at Gizmodo writes, "1984 is arriving a little late, but it's getting here soon."

[See also: 6 ways we gave up our privacy]

The facial recognition technology alone, Diaz wrote, which is much more sophisticated than that found on Facebook or iPhoto, means that "law enforcement agents would be able to quickly go through catalogs of mugshots, images of tattoos or even street photos in search of specific individuals."

"While America will not become a science fiction Big Brother movie for the time being, you can be sure that this is where we are going," he wrote.

But Randy Sabett, an attorney at ZwillGen who specializes in information security and privacy, does not agree. He said the technology does not necessarily lead to the Big Brother nightmare. "I believe that the default position that 'we're all being watched' mischaracterizes the situation," he said.

"Is there a computer somewhere that might capture my image as I'm walking down the street and compare it to some database? Sure. Is there some person or group of people watching my every move? Very highly doubtful," Sabett said.

Sabett agrees that such a system would need a reasonable system of oversight. "But to simply say out of the box that such a system is unreasonable just because it increases surveillance and has the potential for misuse could be shortsighted," he said.

He notes that when there is a catastrophic attack, like 9/11, "our society screams that we need to be better protected. However, when the government comes up with a surveillance mechanism for doing that, "that mechanism has the potential for misuse, the dialog seems to focus only on the Big Brother aspects, and we lose sight of the good results that could occur."

The ACLU argues that "good results" are not guaranteed, and that they are an inadequate trade-off for the potential loss of civil liberties.

"Research demonstrates that video surveillance has no statistically significant effect on crime rates," the group said. "Several studies on video surveillance have been conducted in the UK, where surveillance cameras are pervasive ... [and] show that video surveillance has no impact on crime whatsoever. If it did, then there would be little crime in London, a city estimated to have about 500,000 cameras."

But it does introduce other problems, the ACLU argues. "Camera surveillance systems also inevitably raise issues of racial profiling and voyeurism," it said. "Everyone has heard of the camera operators who zoom in upon women's breasts or police officers who use infrared video surveillance systems to watch a couple engaged in romantic activity."

The EFF's Jennifer Lynch wrote that FBI and Criminal Justice Information Services (CJIS) Advisory Board documents suggest that the agency,"wants to be able to search and identify people in photos of crowds and in pictures posted on social media sites -- even if the people in those photos haven't been arrested for or even suspected of a crime."

She also expressed concern over the FBI's plan to combine civil and criminal biometrics records, noting that civil prints collected for employment verification, for background checks, for federal jobs, and even to become a lawyer in California have not been automatically searched every time criminal prints are checked against the database. "That will all change once FBI implements its unique identity system," Lynch said.

In testimony at a U.S. Senate hearing in July, Lynch said facial recognition technology raises both First and Fourth Amendment concerns, since it, "allows for covert, remote and mass capture and identification of images -- and the photos that may end up in a database include not just a person's face but also how she is dressed and possibly whom she is with."

Privacy advocates have also expressed concern that if biometric databases are hacked, people will be at much more risk than if their personal information like bank account or credit card numbers and passwords had been exposed, since biometrics cannot be changed like a password.

But Sabett said he didn't think that is a fair comparison. "First, the system doesn't need to store information that it acquires but then doesn't find of interest. That probably wouldn't be feasible anyway, given the amount of data produced," he said. "The acquired data is likely stored temporarily and if it doesn't produce a match against a criminal database, the image would be deleted."

"Even if it does get stored, however, the likelihood that a hack of a government system would immediately mean such data is compromised may not be accurate," he said.

Sabett also noted that threats are much more sophisticated now, and require sophisticated means for defense, including information sharing among agencies and even friendly countries.

"We need systems that allow law enforcement to more easily connect the dots that the attackers are doing a better job at obscuring," he said. "If this means each of us need to sacrifice a small amount of our privacy and it's done in a balanced way, then I think it's worth it."

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place