In a shocking article published Tuesday by the Verge, it was revealed the FBI has been quietly collecting hundreds of thousands of iris scans as part an experimental program referred to as the “FBI Iris Pilot.” Working together with local police departments, U.S. Border Patrol, and the Pentagon, the FBI has discreetly amassed 434,000 iris scans.
The surveillance technology, used primarily by airports and private security companies, was pitched in 2013 as a way to help police departments catch criminals in a safer and more efficient manner. At that point, the FBI already had 30,000 scans and was looking to coordinate with local and national agencies to develop a searchable database of scans taken by police departments across the nation. The iris scan, which can be taken from a distance and requires no physical contact, was to be taken upon arrest and submitted whether charges were pressed or not.
California was the first to get on board with the program, according to a memo signed by representatives from the FBI and California Department of Justice. Departments in Texas and Missouri also participate, but records show the bulk of scans in the database come from California. Riverside, Los Angeles, and San Bernadino have all submitted data to the FBI, with San Bernardino, alone, responsible for a staggering 200,000 scans. The pilot program was to last only one year before being evaluated, but a year came and went as the FBI continued to quietly stockpile private information from American citizens without their knowledge.
All agencies are required by law to conduct Privacy Impact Assessments on programs collecting personal information, but no such assessment was made on the pilot program prior to its operation. According to the Verge, an FBI representative claimed they were exempt in this case “because the pilot was conducted with limited participation for a limited period of time.”
The potential ramifications of a surveillance program that can collect an average of 189 iris scans per day—from one department alone—could be severe and warrant heavy scrutiny before being implemented nationwide. Nicole Ozer, Technology and Civil Liberties Policy director at the ACLU of California, spoke out against the program. “The fact these systems have gone forward without any public debate or oversight that we’ve been able to find is very troubling,” she said.
“You imagine 58 counties in California, and all the other places this might be around the country. If hundreds of thousands of people are being added to this system on a yearly basis, what are those implications?”
Just last month, the FBI was found to have been collecting hundreds of millions of facial scans in a separate program much like the iris pilot. A report from the Government Accountability Office showed not only that the program was being operated with an out-of-date privacy assessment, but also that tens of millions of facial scans came from “driver’s license photos that were not linked to any crime.”
The most alarming discovery is that both programs operate under the FBI’s Next Generation database, a project the Bureau is working to keep outside the reach of the Privacy Act. This has (rightfully) drawn the attention of critics who believe the FBI should not be permitted to operate in complete darkness. In May, privacy advocates sent a letter to the FBI signed by over forty organizations. They wrote:
“The FBI asks to be exempt from Privacy Act rules that would let people find out whether they’re in the NGI database, whether their profile has been shared with other parts of the government, and whether their profile is accurate or full of errors. In certain cases, some of these exemptions may be warranted. As a whole, they seem to go far beyond that. In fact, the FBI hasn’t just asked to be exempt from specific provisions of the Privacy Act; it has asked to be exempt from the part of the law that lets citizens enforce any Privacy Act violation (5 U.S.C. § 552a(g)) – even violations of requirements that the FBI isn’t exempt from. For example, the Privacy Act generally bars the government from creating databases about the political activities of its citizens (5 U.S.C. § 552a(e)(7)). Under the FBI’s proposal, the FBI could violate that rule – and private citizens could never take them to court.
“The Privacy Act was enacted to ensure that individuals had an enforceable right to know the records that the government keeps about their activities. While there may be legitimate reasons for exempting some law enforcement activities from some of the Act’s provisions, exemptions must not render the Act meaningless.”
That letter was written before either the facial recognition or iris pilot programs were discovered. It’s absurd for anyone to deny the fact the United States government is using every tool at its disposal to obtain personal information from its citizens, violating the most basic of human rights. When the government is permitted to know everything about its citizens while it is simultaneously allowed to protect its own privacy, there’s a very serious problem.
* * *