EPIC presses FBI in lawsuit for details on biometric database

The Electronic Privacy Information Center has filed a Freedom of Information Act lawsuit against the FBI

A privacy watchdog has filed a lawsuit contending the U.S. Federal Bureau of Investigation has failed to provide requested technical information about a biometric identification database expected to be the largest in the world.

The Electronic Privacy Information Center (EPIC), a nonprofit organization based in Washington, alleges the FBI failed to disclose documents after it filed two Freedom of Information Act (FOIA) requests in September 2012.

EPIC sought information on the FBI's "Next Generation Identification" program, which will amass biometric information on mostly U.S. citizens from local, state and federal law enforcement agencies, including palm prints and iris scans. New York City's police department began collecting iris scans in 2010 of people who were arrested.

According to the FBI, a multi-million dollar contract was awarded to Lockheed Martin Transportation and Security Solutions to develop the system. When completed, it is expected to be the largest biometric database in the world, according to EPIC's lawsuit.

EPIC said it filed a FOIA request asking for the contracts of companies working on the project, which also include IBM, Accenture, BAE Systems Information Technology, Global Science and Technology, Innovative Management and Technology Services, Platinum Solutions and the National Center for State Courts. In a second FOIA request, EPIC asked for technical specifications related to the program.

The FBI contacted EPIC in October 2012 and asked the group to narrow its scope for the second FOIA request. EPIC said it has not heard back from the FBI since. Agencies are generally required to respond to a FOIA request within a month, but the deadline may be extended if an agency believes the FOIA request is not specific enough.

"Through the date of this pleading, the FBI has not contacted EPIC again regarding the status of either of EPIC's two FOIA requests," EPIC said in its suit.

EPIC's broad concern is the Next Generation Identification program could pose privacy risks since it could include photographs of people who are neither criminals nor suspects. People also may be unaware that data is being collected about them, the lawsuit said. It is also concerned data could be mishandled.

"There is a substantial risk that personally identifiable information could be lost or misused as a result of the creation of the NGI," EPIC's lawsuit said.

The suit was filed in U.S. District Court for the District of Columbia. EPIC is requesting the court order the "immediate disclosure of all responsive records and to provide other appropriate relief as it may determine." FBI officials could not immediately be reached for comment.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Bureau of InvestigationGovernment use of ITsecuritygovernmentElectronic Privacy Information Center

More about Accenture AustraliaBAE Systems AustraliaElectronic Privacy Information CenterFBIFederal Bureau of InvestigationIBM AustraliaLockheed MartinTechnologyTransportation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place