Update: FBI seeks exemption in law for using biometric data

UPDATE – 5/16, 2:31 p.m. EST: While Facebook is being held liable for storing facial recognition information on its users, The Daily Dot reported Friday that the Justice Department (DOJ) submitted a rule change proposal with the federal registrar to exempt the FBI’s Next Generation Identification (NGI) system from identity protections written into the Privacy Act.

NGI utilizes the same basic biometric data technology that Facebook and Google use to recognize users.

The FBI uses the technology as a more sophisticated method for gathering data on domestic criminals, which the Bureau has been doing since 2014 after contracting with Lockheed Martin for $1 billion to upgrade its systems.

DOJ’s Systems of Records Notice, however, explicitly states that the FBI’s NGI system collects data on, “Individuals who have provided biometrics (e.g. palm prints, facial images)” for “employment, licensing, military service, or volunteer service” and “immigration benefits, alien registration and naturalization”.

One important caveat is accuracy: where Facebook’s biometrics’ system, called DeepFace, is estimated to be 97 percent accurate, NGI only has an 85 percent accuracy match rating.

According to Stephen Fischer, head of the FBI’s Criminal Justice Information Services’ media department, the NGI has 26 million images in its photo file. 


A District Court judge in San Francisco on Thursday rejected Facebook Inc.’s motion to dismiss a lawsuit filed in March that alleges the company violated an Illinois statute which prohibits the collection of biometric data without user consent.

Plaintiffs in the suit are Illinois’ residents and cite the state’s Biometric Information Privacy Act (2008) as grounds for injury. The complaint specifically cites Facebook’s “tag suggestions” feature which uses facial recognition technology to identify individuals in user-uploaded photos.

Facebook’s lawyers tried to get the case dismissed by arguing that the social media site’s user agreement explicitly states that only California law applies in legal complaints.

“The Court accepts as true plaintiffs’ allegations that Facebook’s face recognition technology invokes a scan of face geometry that was done without plaintiffs’ consent,” Judge James Donato said in his ruling.

The Illinois’ statute cited in the lawsuit states that user-consent is required before “faceprints” can be collected by a “private entity”.

Google is also known to collect biometric data without the explicit consent of its customers.


[Reuters] [USA Today] [Photo courtesy Hang the Bankers]