The FBI recently announced that its Next Generation Identification System (NGIS) has "reached its initial operating capacity". This vast new biometrics project, for which Lockheed Martin won a $1 billion contract in 2008, encompasses not only fingerprints but also, possibly, such biometrics as iris scans, face recognition, bodily scars, marks and tattoos.
Such a system raises a number of concerns from a civil liberties perspective. Many types of biometrics are of particular concern because they allow individuals to be tracked secretly and at a distance. For instance, facial recognition may allow a person to be tracked by various CCTV cameras across a city. Worse, in the future, this may be automated and done by computers.
The FBI is rushing ahead with this system in a larger context that is very troubling. Since 9/11, we've repeatedly seen the government throw together new identity and tracking systems without building in the necessary protections to make sure innocent people aren't caught up in them. A good example is aviation watchlists. Countless travelers have found themselves trapped in a Kafkaesque nightmare — improperly listed as suspected terrorists, hassled, arrested or worse, and with no way to clear their names in the eyes of the government's secretive security bureaucracies. The problem is not just errors and mistaken identification, or the lack of due process or rigorous procedures for keeping the lists accurate, but also the possibility that government bureaucrats have used a "when in doubt, thrown a name on the list" approach.
We don't want to see the NGIS operate that way. Unfortunately, the FBI's record does not inspire confidence. In 2003, the bureau exempted its main criminal database, the National Crime Information Center (NCIC), from a requirement under the Privacy Act that agencies maintain records with "such accuracy, relevance, timeliness and completeness as is reasonably necessary to assure fairness to the individual". Some people have experienced the reality of this, such as a Maryland woman named Amy Studnitz who was fired from her job after an NCIC background check erroneously reported that she had a criminal record (even after the error was discovered, she was not rehired).
The experience of Oregon attorney Brandon Mayfield is also a cautionary tale. Considered a suspect in the 2004 bombing of a Madrid train due to a faulty fingerprint match, the FBI spied on Mayfield without a warrant, broke into his home several times and arrested him under the "material witness" statute. The FBI also investigated 19 other individuals whose fingerprints, like Mayfield's, were deemed similar to those found on evidence in Madrid.
Finally, the FBI's giant biometric project is taking place in a context where the United States — almost alone in the industrialised world — has no strong, overarching privacy laws, and no robust, independent institutions to enforce such laws. In another country where such institutions existed to protect people from error and abuse, this kind of programme might be cause for less concern. But rather than building such institutions, the US government has instead been granting sweeping new powers to our security agencies, and dismantling the checks and balances that are needed to ensure those powers are not misused.
Most technologies have good and bad uses, and limited uses of biometrics can be fine. But these databases need strict oversight, and now is the time to make sure the proper safeguards are in place. As the use of biometrics expands and our law enforcement moves into the future, so too should our privacy rights.