UPDATE: FBI seeks exemption in law for using biometric data

UPDATE — 5/16, 2:31 p.m. EDT: While Facebook is being held liable for storing facial recognition information on its users, The Daily Dot reported Friday the Justice Department (DOJ) submitted a rule change proposal with the federal registrar to exempt the FBI’s Next Generation Identification (NGI) system from identity protections written into the Privacy Act.

The FBI uses the same biometric technology as Facebook and Google, but applied as a more sophisticated method for gathering data on domestic criminals.

DOJ’s Systems of Records Notice, however, explicitly states that the FBI’s NGI system collects data on, “Individuals who have provided biometrics (e.g. palm prints, facial images)” for “employment, licensing, military service, or volunteer service” and “immigration benefits, alien registration and naturalization”.

According to Stephen Fischer, head of the FBI’s Criminal Justice Information Services’ media department, the NGI has 26 million images in its photo file. 


A District Court judge in San Francisco on Thursday rejected Facebook Inc.’s motion to dismiss a lawsuit filed in March that alleges the company violated an Illinois statute which prohibits the collection of biometric data without user consent.

Plaintiffs in the suit are Illinois’ residents and cite the state’s Biometric Information Privacy Act (2008) as grounds for injury. The complaint specifically cites Facebook’s “tag suggestions” feature which uses facial recognition technology to identify individuals in user-uploaded photos.

Facebook’s lawyers tried to get the case dismissed by arguing that the social media site’s user agreement explicitly states that only California law applies in legal complaints.

“The Court accepts as true plaintiffs’ allegations that Facebook’s face recognition technology invokes a scan of face geometry that was done without plaintiffs’ consent,” Judge James Donato said in his ruling.

The Illinois’ statute cited in the lawsuit states that user-consent is required before “faceprints” can be collected by a “private entity”.

Google is also known to collect biometric data without the explicit consent of its customers.


[Reuters] [USA Today] [Photo courtesy Hang the Bankers]