WASHINGTON, DC – U.S. Senator Gary Peters (D-MI), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, led a bipartisan, bicameral group of colleagues in pressing the Department of Homeland Security (DHS) and the Federal Bureau of Investigations (FBI) over recent reports that facial recognition technology is used to search state driver’s license databases without individuals’ knowledge or consent. In a letter addressed to Acting DHS Secretary Kevin McAleenan and FBI Director Christopher Wray, the Members requested information on the legal basis for the searches, expressed their concern regarding law enforcement’s reliance on a new technology, and questioned whether safeguards exist to protect the privacy of Americans who are not suspected of or charged with criminal activity.
Peters was joined on the letter by U.S. Senators Ron Johnson (R-WI), Chairman of the Senate Homeland Security and Governmental Affairs Committee, Congressman Bennie Thompson (D-MS), Chairman of the House Homeland Security Committee, as well as U.S. Senators Chris Coons (D-CT), Mike Lee (R-UT), Richard Blumenthal (D-CT), Rand Paul (R-KY) and U.S. Representative Jerry Nadler (D-NY), Chairman of the House Judiciary Committee.
“We are conducting oversight regarding ICE’s and the FBI’s increased reliance on facial recognition technology as a key investigative tool without the express consent of the individuals, state legislatures, and Congress,” the Members wrote. “Specifically, we are concerned that ICE and the FBI are entering into agreements with state executives to share these databases without instituting proper privacy restrictions and safeguards, assessments of accuracy of systems, and adequate standards governing the performance of these technologies.”
Recent reports indicate that Immigration and Customs Enforcement (ICE) and the FBI are able to conduct facial recognition searches of databases containing millions of U.S. citizens’ state driver’s license or photo identification records. Because these databases include large amounts of information, the searches capture data of millions of U.S. citizens – including people who are not suspected of or charged with criminal activity, raising serious consent and intent issues. Furthermore, questions have been raised about the accuracy and reliability of facial recognition technology, which experts argue is more likely to misidentify women and people of color. It is unclear who at the state level is negotiating access to searches of state databases, what government approval is involved, and whether individuals are notified that this information sharing occurs.
The lawmakers are requesting information on the extent and frequency of these reported searches, and whether federal authorities’ use of emerging facial recognition technology is safe, reliable, and appropriately designed to accomplish narrowly tailored law enforcement goals without intruding on Americans’ right to privacy.
The text of the letter is copied below and available here:
September 12, 2019
The Honorable Kevin K. McAleenan
Acting Secretary
U.S. Department of Homeland Security
245 Murray Lane, SW
Washington, DC 20528
The Honorable Christopher Wray
Director
Federal Bureau of Investigations
935 Pennsylvania Avenue, NW
Washington, DC 20535
Dear Acting Secretary McAleenan and Director Wray:
Immigration and Customs Enforcement (ICE) and the Federal Bureau of Investigations (FBI) have accessed millions of Americans’ photographs without their knowledge or consent through state driver’s license databases. We understand that ICE and FBI database searches are done for the purpose of supporting federal criminal investigations. However, almost all of the photographs maintained in these databases and reviewed by ICE or the FBI are individuals not suspected of or charged with criminal activity. We write to request information about how ICE and FBI uses those databases, and specifically how those agencies use facial recognition technology, to scan individuals’ photographs and personal information for criminal investigative purposes.
Recent investigative reports have disclosed how ICE and FBI agents use state driver’s license databases to search photographs using facial recognition technology. In three states, Washington; Utah; and Vermont, ICE and FBI were able to conduct facial recognition searches of databases containing millions of U.S. citizens’ state driver’s license or photo identification records. In Utah alone, over 5 million driver’s licenses and state photo identification cards were reportedly available for search. Public reporting also revealed that Vermont state Department of Motor Vehicles officials — potentially in violation of a Vermont state law banning the use of facial recognition technology — continued to conduct searches using biometric identifiers.
Currently, the FBI has access to and conducts searches in databases from 21 states and the District of Columbia, and it is negotiating access in 11 other states. In sum, the FBI has access to local, state, and federal databases containing more than 641 million photographs, and it has invested over $1 billion in its Next Generation Identification system (NGI) database. NGI contains over 30 million photos available for facial recognition searches by state and local law enforcement agencies. The Department of Homeland Security (DHS), in turn, has built a repository of biometric data on more than 200 million individuals and is in the process of migrating this data to a new Homeland Advance Recognition Technology (HART) system.
We are conducting oversight regarding ICE’s and the FBI’s increased reliance on facial recognition technology as a key investigative tool without the express consent of the individuals, state legislatures, and Congress. Specifically, we are concerned that ICE and the FBI are entering into agreements with state executives to share these databases without instituting proper privacy restrictions and safeguards, assessments of accuracy of systems, and adequate standards governing the performance of these technologies.
To better understand and assess the policies and processes in place to govern how ICE and the FBI are using facial recognition technology to search state and local databases containing records of U.S. citizens, we request your responses to the following questions by September 27, 2019:
1. Legal basis
a. Please describe the legal basis relied on by FBI and ICE for conducting facial recognition searches. Please indicate if 18 U.S.C. § 2721(b)(1)’s exception to the prohibition of disclosure of highly restricted personal information without consent is the only legal basis relied on by FBI and ICE.
2. Scope
a. In how many state or local databases do FBI and ICE run facial recognition searches?
b. For each database identified in (a) above, please identify the state or locality; the database; the state or local official or office granting approval; and the agreement and/or method of approval.
3. Agreements
a. Please provide any memoranda of understanding or alternative agreements that the FBI and/or ICE has or has had with each state to conduct facial recognition searches.
b. For each agreement identified in (a) above, please identify the office or entity that the FBI and/or ICE negotiated with in each state to reach such an agreement.
c. Please provide all documents and information that govern the policies and procedures for use of and access to facial recognition technology and biometric data once obtained by the FBI and ICE.
4. Methodology
a. Please describe the purpose of and frequency of FBI and ICE facial recognition searches.
b. Please describe your approval process required for requesting or conducting facial recognition searches.
c. On average, how many potential matches do you encounter when running a facial recognition search on a state database?
d. Please describe the process you use to review and determine potential matches after completing a facial recognition search on a state database.
e. Please describe your processes for maintaining, using, sharing, and destroying any information received as a result of a search.
f. Please describe your procedures for complying with applicable data privacy and security laws.
5. Accuracy
a. Does the FBI and/or ICE require that state facial recognition technology meet any accuracy or performance metrics before contracting with a state to conduct facial recognition searches on behalf of the agency? If so, what are those standards, do they account for a range of quality of photographs, and are they the same for each state that the agency contracts with?
b. Does the FBI and/or ICE collect accuracy or performance statistics of the facial recognition software run on internal FBI and/or ICE (or DHS) databases, such as NGI and HART? If so, please provide those statistics and explain how they were calculated.
The Committee on Homeland Security and Governmental Affairs is authorized by Rule XXV of the Standing Rules of the Senate to investigate “the efficiency, economy, and effectiveness of all agencies and departments of the Government.” Additionally, Senate Resolution 70 (116th Congress) authorizes the Committee to investigate “the efficiency and economy of operations of all branches of the Government.” The Committee on Homeland Security, under House Rule X, has jurisdiction of overall homeland security policy and the organization, administration, and general management of the Department of Homeland Security.
Thank you for your prompt attention to this request.
###