[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
LAW ENFORCEMENT'S USE OF FACIAL RECOGNITION TECHNOLOGY
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
FIRST SESSION
__________
MARCH 22, 2017
__________
Serial No. 115-52
__________
Printed for the use of the Committee on Oversight and Government Reform
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.fdsys.gov
http://oversight.house.gov
______
U.S. GOVERNMENT PUBLISHING OFFICE
28-689 PDF WASHINGTON : 2018
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
Committee on Oversight and Government Reform
Jason Chaffetz, Utah, Chairman
John J. Duncan, Jr., Tennessee Elijah E. Cummings, Maryland,
Darrell E. Issa, California Ranking Minority Member
Jim Jordan, Ohio Carolyn B. Maloney, New York
Mark Sanford, South Carolina Eleanor Holmes Norton, District of
Justin Amash, Michigan Columbia
Paul A. Gosar, Arizona Wm. Lacy Clay, Missouri
Scott DesJarlais, Tennessee Stephen F. Lynch, Massachusetts
Trey Gowdy, South Carolina Jim Cooper, Tennessee
Blake Farenthold, Texas Gerald E. Connolly, Virginia
Virginia Foxx, North Carolina Robin L. Kelly, Illinois
Thomas Massie, Kentucky Brenda L. Lawrence, Michigan
Mark Meadows, North Carolina Bonnie Watson Coleman, New Jersey
Ron DeSantis, Florida Stacey E. Plaskett, Virgin Islands
Dennis A. Ross, Florida Val Butler Demings, Florida
Mark Walker, North Carolina Raja Krishnamoorthi, Illinois
Rod Blum, Iowa Jamie Raskin, Maryland
Jody B. Hice, Georgia Peter Welch, Vermont
Steve Russell, Oklahoma Matt Cartwright, Pennsylvania
Glenn Grothman, Wisconsin Mark DeSaulnier, California
Will Hurd, Texas John P. Sarbanes, Maryland
Gary J. Palmer, Alabama
James Comer, Kentucky
Paul Mitchell, Michigan
Jonathan Skladany, Staff Director
William McKenna, General Counsel
Troy Stock, Information Technology Subcommittee Staff Director
Sean Brebbia, Senior Counsel
Sharon Casey, Deputy Chief Clerk
David Rapallo, Minority Staff Director
C O N T E N T S
----------
Page
Hearing held on March 22, 2017................................... 1
WITNESSES
Kimberly Del Greco, Deputy Assistant Director of Criminal Justice
Information Services Division, Federal Bureau of Investigation
Oral Statement............................................... 5
Written Statement............................................ 7
Diana Maurer, Director, Homeland Security and Justice Issues,
U.S. Government Accountability Office
Oral Statement............................................... 12
Written Statement............................................ 14
Charles Romine, Ph.D., Director of Information Technology Lab,
National Institute of Standards and Technology
Oral Statement............................................... 36
Written Statement............................................ 38
Alvaro Bedoya, Executive Director, Center on Privacy &
Technology, Georgetown Law
Oral Statement............................................... 45
Written Statement............................................ 47
Benji Hutchinson, Senior Director, NEC Corporation of America On
behalf of The International Biometrics + Identity Association
Oral Statement............................................... 64
Written Statement............................................ 66
Jennifer Lynch, Senior Staff Attorney, Electronic Frontier
Foundation
Oral Statement............................................... 76
Written Statement............................................ 78
APPENDIX
Letter of June 23, 2016, Requesting Congressional Oversight,
submitted by Mr. Chaffetz...................................... 132
Letter of September 6, 2016, to Mr. James B. Corney, Federal
Bureau of lnvestigation, submitted by Mr. Chaffetz............. 138
Response from Dr. Romine, NIST, to Questions for the Record...... 141
LAW ENFORCEMENT'S USE OF FACIAL RECOGNITION TECHNOLOGY
----------
Wednesday, March 22, 2017
House of Representatives,
Committee on Oversight and Government Reform,
Washington, D.C.
The committee met, pursuant to call, at 9:30 a.m., in Room
2154, Rayburn House Office Building, Hon. Jason Chaffetz
[chairman of the committee] presiding.
Present: Representatives Chaffetz, Duncan, Jordan, Gosar,
Foxx, DeSantis, Ross, Grothman, Palmer, Comer, Mitchell,
Cummings, Maloney, Norton, Clay, Lynch, Connolly, Kelly, and
Krishnamoorthi.
Chairman Chaffetz. The Committee on Oversight and
Government Reform will come to order.
Without objection, the chair is authorized to declare a
recess at any time.
We have an important hearing today about law enforcement's
use of facial recognition technology. It's exciting technology.
The world of technology offers us a lot of opportunities, but
just because we can doesn't mean we necessarily should, and so
there are a number of things that we need to have discussions
about and try to figure out and tackle as a society.
And this is one in a series of things that we're going to
be discussing in this year and next as technology brings us to
new frontiers and new paths and new things that we need to dive
into and look at, because, again, while there's a lot of
excitement and a lot of opportunity, there's also opportunities
to have it misused or overused or create a whole other set of
problems that maybe our Nation and our society and our
generation have not yet dealt with.
This happens to be one of those types of technologies.
Facial recognition technology, it is exciting what can be done,
but we have to look at how this affects law enforcement and our
rights as Americans, particularly suspicion-less Americans and
our right for privacy.
The days of the old Sherlock Holmes dusting for
fingerprints and looking for clues, they're being replaced by
algorithms and software scanning millions of images at
unprecedented speeds to match a face to a name. However, like
many technologies used in the wrong hands or without
appropriate parameters, it is ripe for abuse; therefore, the
oversight of the use of this technology is essential.
Until recently, fingerprint analysis was the most widely
used biometric technology for positively identifying arrestees
and linking them to previous criminal history. In 2010, the FBI
began replacing its legacy fingerprint database with an updated
database that incorporates advancements in biometrics, such as
facial recognition, called the Next Generation Identification,
or NGI. This is a database with an estimated cost of $1.2
billion. The FBI claims the NGI system, ``brought the FBI's
biometric identification system and criminal history
information to the next level.''
Unfortunately, the FBI failed--failed--to fulfill its
statutory duty to inform the public of this new next-level
capability and used facial recognition technology for 5 years
without publishing the required Privacy Impact Assessment, as
required by law. Further, agreements are in place with 18
States that allow the FBI to request those States search their
databases, including driver's license databases, using facial
recognition technology.
And if we have a graphic, let me have them put that up
here, if we could. Just to give you--those States in the dark
blue are the ones that have various types of relationships with
the FBI. Those in the light blue do not have those types of
relationships. But you can kind of get a sense of where the
Nation is going and how States are entering into these
memorandums of understanding.
You can take the graphic down.
To be clear, this is a database or a network of databases
comprised primarily of law-abiding Americans. Eighty percent of
the photos in the FBI's facial recognition network are of
noncriminal entries, each of the photos from driver's
licenses--they come from places like driver's licenses,
passports, and whatnot.
It would be one thing if facial recognition technology were
perfect or near perfect, but it clearly is not. Facial
recognition technology does make mistakes. For example, in a
test the FBI conducted prior to deploying NGI, roughly one in
seven searches of the FBI system returned a list of entirely
innocent candidates, even though the actual target was in the
database.
I also have concerns about studies suggesting facial
recognition technology may have been unintended--have
unintended racial, gender, or age bias or deficiencies. Any
technology biases or weaknesses correlating to race, gender,
and age raise some serious concerns and need to be widely known
and contemplated by law enforcement, legislative bodies, and
the judiciary.
Facial recognition technology is a powerful tool for law
enforcement that can be used to protect people, their property,
our borders, and our Nation. The private sector may use
technology to control access to sensitive information, protect
financial transactions, verify time and attendance, and prevent
fraud or identity theft, among other uses.
But it can also be used by bad actors to harass or stalk
individuals. It can be used in a way that chills free speech
and free association by targeting people attending certain
political meetings, protests, churches, or other types of
places in the public.
Perhaps most concerning is the prospect of its real-time
use to track people's location throughout the day, a potential
use that would fundamentally change what it means to live in a
free society. For those reasons and others, we must conduct
proper oversight of this emerging technology. I appreciate the
witnesses and what they bring here.
One of the things that we're going to also talk about today
is, what does it mean when you populate the database? If the
FBI could have its way, the best I can understand it, they
would put everybody's face in one database or a whole series of
databases. And so what does that mean? I guess, if it's in a
secure lockbox that nobody else can look at except the FBI,
some people would argue that's a good thing. But we've seen the
FBI, most recently, can't even keep the 702 information private
and secure.
I don't trust the Federal Government. I don't believe that
there is such a thing where they can keep all of this
information locked down and secure. Does anybody really trust
and believe that they can create this massive database? Imagine
how valuable that database is going to be if they had the
facial recognition of every single American in their system.
And then you could just go online and you could start figuring
out exactly who is walking in your door. Some companies are
actually using this type of technology. They know who you are
before you walk in the door. And what does that mean if this
information were to get into the wrong hands? So it poses a
number of issues and challenges.
I'd now like to yield such time as he may consume to Mr.
Jordan of Ohio.
Mr. Jordan. Thank you, Mr. Chairman, and I'll be real
brief. I just wanted to thank you for this hearing and your
continued focus on privacy, particularly in this digital age
which we find ourselves a part of, and announce to the
committee that I'm pleased to be working with, on a bipartisan
basis, Congressman Lieu on developing a framework for facial
recognition technology, how that is appropriate, what we hope
is model legislation, frankly working with some of the good
folks on our panel, like Mr. Bedoya, to develop that
information.
Understand the context. We learned that several Federal
agencies used StingRay technology to conduct surveillance on
Americans without a probable cause warrant. During that
hearing, we also learned that the IRS several times used that
same technology without a probable cause warrant, the same IRS
that targeted people for exercising their First Amendment
liberties, targeted people for their political beliefs.
That is the context we find ourselves in today, and now we
have this system in all those States that the chairman just put
up. This is a critical issue at the appropriate time. And so I
just, again, wanted to thank the chairman and look forward to
hearing from our witnesses today, and appreciate this hearing
and just how critically important it is to Americans' First
Amendment and Fourth Amendment liberties.
With that, I yield back.
Chairman Chaffetz. I thank the gentleman.
Again, one of the key questions, seminal questions, before
us is, is it the right public policy to populate a database
with everybody's face in it, even the suspicion-less Americans?
Is that the American way? Or--or--should they maybe be building
a database of known criminal elements, people who maybe earned
it, rather than the suspicion-less people who went in to get
their driver's license and didn't know that they were also
giving that information to the Federal Government and that the
Federal Government would be using it for who knows what?
And as Mr. Jordan pointed out, there is technology, more--
almost 500 units of these cell phone simulators, where the
government is using cell phone simulators to track suspicion-
less Americans in their very geolocation and their very
location. You combine that with facial recognition technology,
where somebody's walking down the street and they can be
recognized and identified into a database that has been built
by the FBI; it does pose questions.
The technology will also show us, the statistical data will
show us the bigger the database, the more difficult it is for
the facial recognition technology to get it right. If the
database was smaller to known criminals, wanted criminals,
people that are here illegally, maybe those are the types of
things that we should be focused on, as opposed to everybody.
And that's one of the questions that--and why we have a
distinguished panel today.
So I will hold the record open for 5 legislative days for
members who would like to submit their written statement.
And I would now like to recognize our panel of witnesses.
We're pleased to welcome Ms. Kimberly Del Greco, who is the
Deputy Assistant Director of the Criminal Justice Information
Services Division of the Federal Bureau of Investigation. We do
appreciate you being here.
We also have Diana Maurer--did I pronounce that right? I
hope so--Director for Homeland Security and Justice Issues at
the United States Government Accountability Office. She was
just in Judiciary yesterday. So we appreciate the quick
turnaround in being here again today.
Mr. Charles Romine, the Director of Information Technology
Lab at the National Institute of Standards and Technology.
Mr. Alvaro Bedoya is the executive director for the Center
of Privacy & Technology at Georgetown Law. Great mind and
thought on this topic, and we appreciate you being here, sir.
Mr. Benji Hutchinson, senior director for the NEC
Corporation of America, testifying on behalf of the
International Biometrics + Identity Association.
And Ms. Jennifer Lynch, senior staff attorney for the
Electronic Frontier Foundation. We thank you for being here as
well.
Pursuant to committee rules, all witnesses are to be sworn
before they testify. If you could please rise and raise your
right hand. We also get to get your picture. Do you solemnly
swear or affirm that the testimony you're about to give will be
the truth, the whole truth, and nothing but the truth so help
you God?
Thank you. Let the record reflect that all witnesses
answered in the affirmative.
In order to allow time for discussion, we would appreciate
it if you would limit your verbal testimony to 5 minutes. Your
entire written record and the attachments will be made part of
the official record.
But Ms. Del Greco, let's start with you, and you are now
recognized for 5 minutes.
Can I tell you all: these microphones in this committee,
you've got to straighten them out, bring them right up
uncomfortably close, and then there we go.
Ms. Del Greco, you're now recognized for 5 minutes.
WITNESS STATEMENTS
STATEMENT OF KIMBERLY DEL GRECO
Ms. Del Greco. Thank you, Chairman Chaffetz and Ranking
Member Cummings and the members of the committee for this
opportunity, along with our colleagues from NIST, with whom we
have worked closely on a number of efforts.
I have submitted a written statement for record and will
not take the committee's time to repeat all of the report. The
statement provides a good description of the authorized
programs we have in place. These programs utilize face
technology to provide law enforcement partners with the needed
capabilities to safeguard the American people.
It is crucial that authorized members of the law
enforcement and national security communities have access to
advanced biometric technologies to investigate, identify,
apprehend, and prosecute terrorists and criminals.
The services and performance improvements in speed and
accuracy delivered by the FBI's Next Generation Identification
system, which includes face recognition technology, have
enhanced our ability to solve crimes across the country.
With that said, the FBI's core value is strict adherence to
the U.S. Constitution. The protection of the privacy and civil
liberties of all persons in this country remains integral to
the development and implementation of any new technology. The
FBI's use of face recognition technology is confined within the
same statutory, regulatory, and policy framework as all
investigative initiatives by the FBI.
Today, I will discuss the following FBI programs which use
face recognition technology for law enforcement purposes. They
are, one, the FBI's Next Generation Identification Interstate
Photo System; and two, the FACE Services Unit, both located at
the FBI Criminal Justice Information Services Division.
Specifically, the Next Generation Identification Interstate
Photo System allows for the searching of criminal mugshots
authorized by law enforcement agencies. It is a search of law
enforcement photos by law enforcement agencies for law
enforcement purposes.
Law enforcement has performed photo lineups and manually
reviewed mugshots for decades. Face recognition software allows
this to be accomplished in an automated manner. Automated face
recognition is an effective means of locating potential
candidates for further investigation, but it remains an
investigative lead only, and the candidates must be further
reviewed by specialized face examiners and/or the relevant
investigators.
The FBI has promulgated policies and procedures to
emphasize that photos returned from the Next Generation
Identification Interstate Photo System are not to be considered
positive identifications and that the searches of the mugshots
merely result in a ranked listing of candidates that require
further investigation to determine a subject's true identity.
This guidance has been provided in the Next Generation
Identification Interstate Photo System Policy and
Implementation Guide, which has been made available to
authorized law enforcement users who receive candidate photos
from the Next Generation Identification Interstate Photo
System.
FACE Services: The FACE Services Unit provides
investigative lead support to the FBI field offices,
operational divisions, and legal attaches by comparing the face
images of persons associated with an open FBI assessment or an
active investigation against face images available in State and
Federal photo repositories.
The FACE Services Unit only accepts probe photos that have
been collected pursuant to appropriate legal authorities as
part of an authorized FBI investigation. Upon receipt of the
photo, the FACE Services Unit searches the photo using face
recognition software against the database authorized for use by
the FBI, which results in a photo gallery of potential
candidates.
The FACE Services Unit performs comparisons of candidate
photos against the probe photo to determine the candidate's
value as an investigative lead. If a most likely candidate is
found, it will be provided to the requesting FBI personnel;
however, the FBI does not retain any photos that are not a most
likely candidate.
As with the Next Generation Identification Interstate Photo
System, this service does not provide a positive identification
but rather an investigative lead and analysis to support that
lead.
Finally, the FBI's strength is directly attributed to the
dedication of its people who work for and on behalf of their
fellow citizens. Our adversaries and the threats we face are
relentless. The FBI must continue to identify and use new
capabilities, such as an automated facial recognition system,
to meet the high expectations for the FBI to preserve our
Nation's freedom.
I want to thank my colleagues for their support and each
and every FBI employee for their dedicated service. Thank you.
[Prepared statement of Ms. Del Greco follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Chaffetz. Thank you.
Director, you're now recognized for 5 minutes.
STATEMENT OF DIANA MAURER
Ms. Maurer. Good morning, Mr. Chairman, Ranking Member
Cummings, and other members and staff. I'm pleased to be here
today to discuss the findings from our review of the FBI's use
of facial recognition.
We're all familiar with the general idea behind this
technology, and it's a good one: Instead of relying on books of
mugshots from the ``Hill Street Blues'' era, law enforcement
can use ``CSI''-era computers to nearly instantly identify a
criminal from a grainy crime scene photo. Of course, that's the
idea. The reality is far from what we currently see in movies
or TV.
Face recognition is relatively new for the FBI, and there
are significant technical and legal limitations on what it can
do. Even so, it's a valuable tool that can greatly enhance the
efficiency and effectiveness of Federal law enforcement.
The FBI uses face recognition in two ways: First, it
developed a system that currently has over 50 million images
for State, local, and FBI use; second, the FBI accesses other
systems at the Departments of Defense and State as well as
driver's license photos from 18 States, with total potential
access to over 400 million images.
Used properly, face recognition can help make us all safer.
However, the pictures of millions of Americans, including
millions with no criminal convictions, are being searched by
the FBI, which is why attention to privacy and accuracy is so
important. We found that the FBI needs to do a better job on
both fronts.
First, we'll talk about privacy. Federal law requires
agencies to publicly share how they plan to use personal
information, such as facial images, when they roll out a new
capability and when they update it. We found that the
Department of Justice and the FBI did not do so in a timely
manner.
Specifically, DOJ initially published a Privacy Impact
Assessment for the Interstate Photo System in 2008; however,
the FBI did not update or publish a new assessment before it
began using the system or made significant changes to it. DOJ
also did not approve a privacy assessment when the FBI began
accessing other systems to support its own investigations.
The FBI eventually issued privacy assessments in 2015
during our review and over 3 years after they began using both
systems. During that time, the public remained unaware of how
facial images were being used because the assessments were not
published as required.
We also had several concerns about the FBI's efforts to
ensure accuracy. There are two key aspects to accuracy for
facial recognition: the detection rate, how often it correctly
generates a match; and the false positive rate, how often it
incorrectly generates a match. We have concerns about how the
FBI approaches both measures.
In tests, the FBI system generated a correct match 86
percent of the time, 1 percent more than the requirement. How
the FBI defined a match is important. For each query, the
system generated 50 potential images. If the correct image was
among the 50, it was scored as a match. In the real world,
however, users frequently only generate the top handful of
images, which requires a much higher degree of accuracy for the
results to be useful to investigators.
Further, the FBI does not test for false positives. So it
doesn't know how often a system incorrectly identifies someone
as the potential suspect. High levels of false positives could
hinder criminal investigations with false leads. Further,
innocent people could bear the burden of being falsely accused,
including the implications of Federal investigators showing up
at their home or place of business.
Finally, the FBI has not assessed the accuracy of face
recognition systems operated by external partners to ensure
they are sufficiently accurate to support FBI investigations.
We made six commonsense recommendations to help address these
problems, but we were, frankly, concerned when the Department
and the FBI only fully agreed with one.
The good news is that the FBI has begun taking steps to
address two of our recommendations. My hope is that, in the
aftermath of today's hearing, the FBI and the Department will
decide to take action to fully address all six.
Face recognition could prove to be an immensely valuable
tool in solving crime and enhancing national security, but the
FBI and DOJ need to take further action to address privacy and
accuracy concerns. Doing so will help inform the public on how
facial images are being used, enhance the efficiency of law
enforcement, and avoid wasting valuable investigative
resources, and unnecessarily involving innocent people.
Mr. Chairman, thank you for the opportunity to testify
today. I look forward to your questions.
[Prepared statement of Ms. Maurer follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Chaffetz. Thank you.
Mr. Romine, you're now recognized for 5 minutes.
STATEMENT OF CHARLES ROMINE, PH.D.
Mr. Romine. Chairman Chaffetz, Ranking Member Cummings, and
members of the committee, thank you for the opportunity to
discuss the NIST role in standards and testing for facial
recognition technology.
Biometric technologies, including face recognition, can
provide a means for uniquely recognizing humans based upon one
or more physical or behavioral characteristics and can be used
to establish or verify identity of individuals.
For decades, biometric technologies were used primarily for
homeland security and law enforcement applications. But, today,
the marketplace for biometric solutions includes private sector
applications, including physical security and retail
applications.
NIST has more than five decades of experience improving
human identification systems. NIST responds to government and
market requirements for biometric standards, including facial
recognition technologies, by collaborating with other Federal
agencies, law enforcement, industry, and academic partners to
support the timely development of scientifically valid fit-for-
purpose standards; develop the required conformance testing,
architectures, and tools; research measurement, evaluation, and
interoperability; and develop common models and metrics for
identity management.
NIST work improves the accuracy, quality, usability,
interoperability, and consistency of identity management
systems and ensures that United States interests are
represented internationally. NIST research provides state-of-
the-art technology benchmarks and guidance to industry and U.S.
Government agencies that depend upon biometrics recognition.
NIST encourages and coordinates Federal agency use of
voluntary consensus standards and participation in the
development of standards. NIST works with other agencies to
coordinate standards issues and priorities with the private
sector through industry-led consensus standards-developing
organizations.
Starting in 1986 and under accreditation by the American
National Standards Institute, or ANSI, NIST has developed a
succession of standards for the interchange of biometric data.
This standard used around the world facilitates interoperable
biometric data exchange across jurisdictional lines and between
systems developed by different manufacturers.
From the inception of the International Organization for
Standardization's Subcommittee on Biometrics, NIST has led and
provided technical expertise to develop international biometric
standards that have received widespread international and
national market acceptance.
For more than a decade, NIST has been organizing and
conducting large biometric technology challenge programs and
evaluations. NIST biometric evaluations measure the core
algorithmic capability of biometric recognition algorithms and
report the accuracy, throughput, reliability, and sensitivity
of algorithms to image characteristics, for example, noise or
compression, and subject characteristics, for example, age or
gender.
NIST biometric evaluations advance the technology by
identifying and reporting gaps and limitations of current
biometric recognition technologies. NIST evaluations also
provide quantitative data to facilitate development of
consensus-based standards.
NIST's face recognition vendor tests, or FRVT, assess
capabilities of prototype face recognition systems for one-to-
many identification and one-to-one verification and provides
independent evaluations of commercially available and prototype
face recognition technologies.
FRVT provides the U.S. Government with information to
assist in determining where and how facial recognition
technology can best be deployed. FRVT results also help
identify future research directions for the face recognition
community. The latest FRVT will measure face recognition
performance gains on an ongoing basis to align evaluation and
development schedules.
NIST research has helped enhance identity systems,
including the Federal Bureau of Investigation's Next Generation
Identification system, the Department of Homeland Security
Automated Biometric Identification System, the Department of
Defense Automated Biometric Identification System, the
Department of State biometrics visa program, and the
intelligence community systems. For example, virtually all law
enforcement biometric collections worldwide use the ANSI NIST
standard for data interchange.
NIST is proud of the positive impact it has had in the last
54 years on the evolution of biometrics capabilities. With
NIST's extensive experience and broad expertise, both in its
laboratories and in successful collaborations with the private
sector and other government agencies, NIST is actively pursuing
the standards and measurement research necessary to deploy
interoperable, secure, reliable, and usable identity management
systems.
Thank you for your--for the opportunity to testify in NIST
activities in facial recognition and identity management. I'd
be happy to answer any questions you may have.
[Prepared statement of Mr. Romine follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Chaffetz. Thank you. I do appreciate it.
Mr. Bedoya, you're now recognized for 5 minutes.
STATEMENT OF ALVARO BEDOYA
Mr. Bedoya. Thank you, Mr. Chairman, Ranking Member
Cummings, and members of the committee.
Why should people care about face recognition? Well,
historically, law enforcement, when they wanted to identify
someone, they had to approach them; they had to talk to them
and ask them for ID. Face recognition lets law enforcement
identify someone from far away and in secret--and not just one
person. The latest generation of this technology will allow law
enforcement to scan the face of every man, woman, and child
walking in front of a street surveillance camera or police
body-worn camera.
This technology raises some serious questions, some basic
questions. Do you have the right to walk down the street
without the government secretly scanning your face? Is it a
good idea to give government so much power with so few limits?
Let me say this: with the right protections for privacy, civil
liberties, and civil rights, this technology can and will be a
tool for good.
Mr. Chairman, our center spent a year studying whether
those protections were in place. They are not. No Federal law
controls this technology. No court decision limits it. With a
few important exceptions, this technology is not under control.
What do I mean by that, ``not under control''? Well, start
with the databases. Whose faces are in face recognition
databases? You would hope that they'd mostly be made up of
known or suspected criminals. In fact, just by having a
driver's license, one out of two American adults have been
enrolled in a criminal face recognition network. That's 125
million people, 51 percent of adults, and 32 out of 44 members
of this committee. Twenty-six of those are searchable by FBI.
This has never happened before, not with fingerprints, not
with DNA, and most people have no idea that this is happening.
That's the databases. Whose faces can you scan and search
within those databases? Do you need a warrant to scan someone's
face? Do you at least need to reasonably suspect them of a
crime, or can you scan anyone?
We surveyed over 100 law enforcement agencies across the
country. We found 52 that had used or were using face
recognition technology. Not one required a warrant. And in most
agencies, as well as the FBI, officials do not need to
reasonably suspect someone of a crime before scanning and
searching their face.
How is this going to affect free speech? Are you going to a
gun rights rally or a protest against the President, for that
matter, if the government can secretly scan your face and
identify you? This is not a hypothetical. In the course of our
investigations, we met a college student who is now in at least
two separate face recognition databases after an arrest for
peaceful civil disobedience. Now she is so scared that,
whenever she goes to a protest, she is afraid to show her face.
What about accuracy? Is there a risk that innocent people
will be misidentified and investigated as dangerous criminals?
As the GAO just said, yes, there is. The details are unclear,
but we know, for New York, that NYPD system has misidentified
at least five people.
Face recognition makes more mistakes than fingerprints, far
more mistakes than DNA. And FBI-coauthored research suggests
that face recognition is more likely to make mistakes when it
looks for the faces of African Americans, women, and young
people.
Finally, are there safeguards in place to make sure that
these systems are not misused or abused? Unfortunately not. The
FBI has run tens of thousands of searches against the faces of
law-abiding drivers. But from the GAO's testimony and their
reports, we know that none of those searches have been checked
for abuse. Those are searches of the DMV driver's license
databases.
So, if there is abuse, we would not know it. Mr. Chairman,
the safety benefits to this technology are real, but we do not
need to choose between safety and privacy. As you know well,
the members of this committee have long argued that Americans
deserve both.
So I would submit that the question before this committee
is not, do we allow face recognition, or do we ban it? I think
the question is, how do we put in place checks and balances
that let law enforcement do its job while also protecting our
rights and our freedoms?
Where might you look for some of these answers? You might
look to Ohio, Mr. Jordan's State, for its policy against
monitoring protests. You might look to Michigan for their
safeguards against misuse and their policy of removing anyone
who hasn't been convicted of a crime from a face recognition
database. You might look to San Diego for their practice of
actually going to elected officials every year and getting
approval for their policies. The list goes and on, and all of
these proposals are in our report, ``The Perpetual Lineup.''
Thank you very much for your time. I look forward to your
questions.
[Prepared statement of Mr. Bedoya follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Chaffetz. Thank you.
Mr. Hutchinson, you're now recognized for 5 minutes.
STATEMENT OF BENJI HUTCHINSON
Mr. Hutchinson. Good morning, Chairman Chaffetz, Ranking
Member Cummings, and committee members. Thank you for inviting
me to testify today on behalf of IBIA.
I have 13 years of experience in the biometrics and
identity tech industry. I've supported Federal and law
enforcement customers, and I currently teach a graduate level
course on ethics, privacy, and policy at George Mason
University for identity analysis.
The purpose of my testimony today is to provide the
committee with an overview of the identity tech industry, our
perspective on privacy and policy, and the status of the
efficacy of facial recognition technology.
IBIA is the leading international trade group representing
the identity tech industry. Our mission is to advance the
adoption, responsible use of this technology for managing
identity--human identity to enhance security, privacy,
productivity, and convenience.
We have 27 member companies serving customers in the public
and private sectors. The use cases of our customers include
everything from law enforcement, security, national defense,
finance, and health care, and many others.
Members of IBIA believe these technologies should be used
solely for legal, ethical, and nondiscriminatory purposes. We
are committed to the highest standards of system integrity and
database security in order to deter identity theft, protect
personal privacy, and ensure equal rights under the law.
The industry believes in transparency and openness with
these systems. We support and encourage best practices to
ensure privacy and ethical use. We believe it should be fielded
with appropriate privacy policies that cover how the data are
processed, stored, and used.
Let me say a couple of words about policy. IBIA sees many
areas of shared consensus across this community where we can
work together: Number one, we do not support the use of facial
recognition in tracking or profiling individuals based solely
on age, gender, race, ethnicity, or religion, or any other
violation of constitutionally protected rights to free speech
and assembly. Number two, we support a clear delineation on how
data are used and who has access. We do not support a violation
of statutes related to the use of data. Number three, Federal
and State audits of these facial recognition systems are
reasonable. Number four, there are existing policies and
regulations in place. They should be reexamined and
strengthened where necessary after a debate among all the
stakeholders. And, number five, industry should have a limited
access to real-world data for testing purposes.
Let me talk a little bit about what IBIA has done in this
privacy debate. We participated in the NTIA multistakeholder
process to develop and publish general guidelines. The output
of that was the privacy best practices recommendation for
commercial facial recognition use. We also are a member of the
Future of Privacy Forum for at least 2 years.
Let me talk a little bit about the value of biometrics.
This is a valuable national security tool and for law
enforcement. According to a 2015 document published by the
American Association of Motor Vehicles, John Robert Jones was
convicted in 1974 of murdering a fellow soldier at Fort Dix,
New Jersey. After 3 years in prison, Jones escaped and was on
the run for more than 37 years under an assumed identity. He
was listed as one of the Army's top 15 most wanted fugitives.
The U.S. Marshals office submitted a photograph of Jones for
comparison in the Florida DMV's facial recognition system. A
match with an image on a driver's license that Jones had
fraudulently acquired in 1981 was returned. Jones was
subsequently apprehended, and his fingerprints confirmed he was
indeed the wanted fugitive. These are valuable tools to produce
leads and to capture known suspects.
A few words on accuracy. The accuracy of automated facial
recognition technology has steadily improved over the past 15
years. For high-performing algorithms, error rates can be as
low as 1 percent. So this means that, in most cases, they can
match 99 percent of the time.
However, matching accuracy is highly dependent on image
quality, image gallery quality, and the proprietary algorithm
in use. The human element in training cannot be understated.
Professionally trained humans are responsible for deciding to
take action on a face match. Facial recognition is an
investigative tool.
And, finally, race, ethnicity, gender, and age are not
generally considered or factored into the mathematics of a
facial recognition algorithm. Algorithms are developed to be as
accurate as possible using mathematical vector sets, such as
the number of pixels between the eyes. However, when dealing
with homogeneous data sets of faces, there have been instances
and test results where certain technologies' effectiveness has
varied.
I thank you for this opportunity to testify today, and I
look forward to your questions.
[Prepared statement of Mr. Hutchinson follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Chaffetz. Thank you.
Ms. Lynch, you're now recognized for 5 minutes.
STATEMENT OF JENNIFER LYNCH
Ms. Lynch. Chairman Chaffetz, Ranking Member Cummings, and
members of the committee, thank you very much for the
invitation to testify today.
Since my 2012 testimony on face recognition before the
Senate Subcommittee on Privacy, Technology, and the Law, face
recognition technologies have advanced significantly. Now, law
enforcement officers can use mobile devices to capture face-
recognition-ready photographs of people they stop on the
street. Surveillance cameras boast real-time tracking and face
scanning and identification capabilities, and the FBI has
access to hundreds of millions of face recognition images of
law-abiding Americans.
However, the adoption of face recognition technologies like
these has occurred without meaningful oversight, without proper
accuracy testing, and without legal protections to prevent
their misuse. This has led to the development of unproven
systems that will impinge on constitutional rights and
disproportionately impact people of color.
The FBI's Interstate Photo System and FACE Services Unit
exemplify these problems. The minimal testing conducted by the
Bureau showed the IPS was incapable of accurate identification
at least 15 percent of the time. This has real-world
consequences. An inaccurate system will implicate people for
crimes they didn't commit, and it will shift the burden onto
innocent defendants to show they are not who the system says
they are.
This threat will disproportionately impact people of color.
Face recognition misidentifies African Americans and ethnic
minorities at higher rates than whites. Because mugshot
databases include a disproportionate number of African
Americans, Latinos, and immigrants, people of color will likely
shoulder exponentially more of the burden of the IPS'
inaccuracies than whites.
Despite these known challenges, FBI has for years failed to
be transparent about its use of face recognition. It took 7
years to update its Privacy Impact Assessment for the IPS and
didn't release a new PIA until a year after the system was
fully operational.
And the public had no idea how many images were accessible
to its FACE Services Unit until last year's GAO report revealed
the Bureau could access nearly 412 million images, most of
which were taken for noncriminal reasons, like obtaining a
driver's license or a passport.
Without transparency, accountability, and proper security
protocols in place, face recognition systems may be vulnerable
to security breach and misuse. This has already occurred in
other contexts. For example, in 2010, ICE enlisted local police
officers to use license plate readers to gather information on
gun show customers. In 2015, hackers breached the Office of
Personnel Management systems and stole sensitive data,
including biometric data, on more than 25 million people. And
in 2015, the Baltimore Police may have used face recognition
and social media to identify and arrest people in the protests
following Freddie Gray's death.
Americans should not be forced to submit to criminal face
recognition searches merely because they want to drive a car.
They shouldn't have to worry their data will be misused by
unethical government officials or stolen in a security breach.
And they shouldn't have to fear that their every move will be
tracked if the network of surveillance cameras that already
blanket many cities are linked to face recognition.
But without meaningful legal protections, this is where we
may be headed. Without laws in place, it could be relatively
easy for the government to amass databases of images of all
Americans and use those databases to identify and track people
in real time as they go about their daily lives.
As this committee noted in its excellent 2016 report on law
enforcement use of cell-site simulators, advances in emerging
surveillance technologies, like face recognition, require
careful evaluation to ensure their use is consistent with the
protections afforded under the First and Fourth Amendments.
And just as with cell-site simulators, transparency and
accountability are critical to ensuring that face recognition's
use not only comports with constitutional protections but also
preserves democratic values.
Justice Alito noted in his concurring opinion in United
States v. Jones that, in circumstances involving dramatic
technological change, the best solution to privacy concerns may
be legislative. Just as this committee found with cell-site
simulators, the use of face recognition must be limited.
Specifically, law enforcement should be required to get a
warrant before accessing noncriminal face recognition databases
and before conducting real-time tracking and identification.
I urge this committee to introduce legislation to do just
that. Thank you once again for the invitation to testify. I'm
happy to respond to questions.
[Prepared statement of Ms. Lynch follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Chaffetz. Thank you. I appreciate it.
We'll now recognize the ranking member, Mr. Cummings, for 5
minutes.
Mr. Cummings. Thank you very much, Mr. Chairman.
And I want to welcome our witnesses here today.
Let me start by acknowledging that facial recognition
technology provides law enforcement officials with an
innovative and valuable tool to identify suspects and
criminals, which helps keep all of us safe. We all know that.
The FBI has told us that this technology helps them
identify and apprehend criminals and bring them to justice. I
strongly believe that our law enforcement authorities should
have access to the most advanced crime-fighting tools available
to protect our communities.
But serious questions have been raised in your testimony
today already about the accuracy of facial recognition
technology, its disparate impact on certain populations, and
its use against law-abiding Americans.
To help our law enforcement authorities do their job as
effectively as possible while at the same time protecting the
rights of constituents, we need to examine these questions head
on because they are very, very significant. So I am thankful
that we are having this discussion today.
There are three key points that I would like to address
today. The first is that whole question of accuracy. Last year,
the Government Accountability Office issued its report with a
very significant warning. The GAO reported that the FBI has,
and I quote, ``limited information on the accuracy of its face
recognition technology capabilities,'' end of quote.
The GAO also warned that the FBI did not assess how often
these searches, and I quote, ``erroneously match a person to
the database that falsifies the rate,'' end of quote. That's a
big problem.
As one of the Members of Congress who live in the inner
city of Baltimore, where I have seen the impact of police,
certain police tactics, with regard to African-American males
and having been an African-American male for 66 years on this
Earth, I can tell you I have a lot of concerns about this.
GAO made a series of recommendations, including proposing
that the FBI conduct more testing to, and I quote, ``help
ensure that the system is capable of producing sufficiently
accurate search results.'' That seems like a reasonable
request. Unfortunately, the Department of Justice disputed the
need for more accuracy testing and maintains that current
testing is adequate.
Second is the question of disparate treatment of some
Americans. In 2012, senior technology experts with the FBI
coauthored a study finding that some of the leading algorithms
used in face recognition systems were 5 percent to 10 percent
less accurate on African Americans as compared to Caucasians.
Similarly, on October 18, 2016, the Center on Privacy &
Technology at the Georgetown University Law Center issued a
report finding that, I quote, ``African Americans are
disproportionately likely to be subject to police face
recognition,'' end of quote.
According to these reports, if you're Black, you're more
likely to be subjected to this technology, and the technology
is more likely to be wrong. That's a hell of a combination,
particularly when you're talking about subjecting somebody to
the criminal justice system. We need to let this sink in.
For these reasons, the center made a very sensible
recommendation, that the FBI simply test the system for racial
bias. Why can't we do that? What's the problem? In response,
the FBI claims there's no need to test for racial bias because
the system is race-blind. I disagree. I disagree.
Walk around this country as a Black man, in this country,
and this kind of--don't get me wrong. I believe strongly that
police should have every tool they need to solve crime. But I'm
telling you: we have seen some things in Baltimore where the
African-American community is almost like a guinea pig
sometimes. Say, okay, we believe all the crime is happening
here, so everything goes there. And this is the neighborhood I
live in, that I go home to every night. So the response is very
troubling.
I'm almost finished, Mr. Chairman.
Rather than conducting testing that would show whether or
not these concerns have merit, the FBI chooses to ignore
growing evidence that the technology has a disproportionate
impact on African Americans.
Third is the question of protecting other rights of the
American people, including their privacy rights, their civil
liberties, and their right to free speech. And I want to
applaud the chairman for constantly raising these kinds of
issues because they are very important.
I've said many times that sometimes we take for granted
this democracy that we have. We take it for granted. It has
been working so well that we assume we can--it will be here
forever. But we have to guard it every day. And I think that,
when you see things that begin to chip away at it, you have to
pause and say: ``Wait a minute. Hold on. Where are we going
here?''
And so, according to GAO, law enforcement authorities now
have the ability to search more than 400 million photos. There
does not have to be a warrant. There does not even have to be
probable cause. They search not only criminal mugshots but
photos of law-abiding citizens that are submitted when they
apply for jobs, passports, and even driver's licenses.
I doubt many Americans realize that when they go down to
the DMV to get their driver's licenses, their photos could be
made part of a database that can be searched by the FBI. The
Center on Privacy & Technology estimates that 80 percent of
photos in the FBI's network of facial recognition searches are
people who have never been accused of a single crime.
Last year, the ACLU reported that the Baltimore Police
Department used this technology against crowds of people who
were protesting against police misconduct as a result of the
death of Freddie Gray. Now, I was in the crowd. I was in the
crowd, night after night, six nights in a row. So I guess
they've got my photo. And they probably have a lot of other
photos. There were a lot of people there in the crowd with us
in Baltimore who have never been arrested, who have never
committed a crime, but yet still they're subject to this.
Now, understand, I guess my concern is that if we are going
to, again, use tools, it seems to me that we would do
everything in our power to make sure that those tools are used
in a fair way, that we are testing for accuracy, and that
there's not bias against one part of our population.
And so I'm glad that we're having the hearing today. I'll
have some questions later, but thank you, Mr. Chairman.
And I yield back.
Chairman Chaffetz. I thank the gentleman.
All right. I'll now recognize myself for 5 minutes and then
members will ask questions.
Ms. Del Greco, the GAO report asserts that the FBI failed,
even though it's directed by law, to put out the Privacy Impact
Assessment. Why did the FBI not fulfill the law, the
requirement of the law, and why did you not update the Privacy
Impact Assessment? You have to put the----
Ms. Del Greco. Thank you. Thank you, Mr. Chairman.
I will defer to DOJ on that question.
Chairman Chaffetz. What do you mean ``defer to DOJ''? You
are DOJ. So what do you mean ``defer''?
Ms. Del Greco. The Privacy Impact Assessment was submitted
to the Department. I will defer to them for a response.
Chairman Chaffetz. I'm sorry. We're having a hearing to ask
you the questions, and the DOJ put you up there. You seem like
a very nice person, but you're supposed to be the one to answer
that question. What do you mean ``defer''?
Ms. Del Greco. As I've stated, the Privacy Impact
Assessment was submitted, and they----
Chairman Chaffetz. Years late, right?
Director Maurer, do you want to comment on this?
Ms. Maurer. Yes, that's correct. It was submitted years
after both systems were being used for real-world use.
Chairman Chaffetz. So here's the problem: You're required
by law to put out a privacy statement, and you didn't. And now
we're supposed to trust you with hundreds of millions of
peoples' faces in a system that you couldn't protect, even with
the 702 issue. Now, we're talking about Mr. Flynn and how he
was unmasked and all that, and there can be political
gyrations, but set the name aside, and Donald Trump and all
that.
But even in that most stringent circumstance where they're
looking at information, somebody decided to take off that veil
and release that out to the public. And we're supposed to--and
the Office of Personnel Management had tens of millions of
Federal workers who had information where--and some of it
included fingerprints and other types of things, and that was
stolen and let out, and those people are having to suffer the
consequences the rest of their lives. Why should we trust you?
Ms. Del Greco. The privacy was part of the entire process
in the development phases of the Interstate Photo System.
Chairman Chaffetz. I know, but--okay. The point is, that
the GAO has rightfully, I think, pointed out, the FBI was
required by law to comply with the law--you are part of the
Department of Justice--and you failed to do so. I hope you can
see how this is a problem.
Ms. Del Greco. A Privacy Impact Assessment was initiated in
2008 on a pilot project for a proof of concept. Throughout the
whole process, our privacy attorney was being advised of the
changes that were being made in the development.
Chairman Chaffetz. Yeah, well, we don't believe you, and
the second part of that is you're supposed to make that public.
And the failure here is, years after it was supposed to be made
public, you didn't do it. You were using it in a real-world
circumstance. You were actually using it and didn't issue the
statement.
Let me move on. You said a couple of times, Ms. Del Greco,
in your testimony that this was a, and I quote, ``an
investigative lead,'' that everybody should relax; it's just
being used for an investigative lead. Correct?
Ms. Del Greco. That is correct.
Chairman Chaffetz. So why not collect everybody's
fingerprints? That would be an investigative lead, right?
Wouldn't that be easier if you had everybody's fingerprints?
Why not collect everybody's fingerprints?
Ms. Del Greco. We use fingerprint technology as a positive
identification, and we still do today.
Chairman Chaffetz. But why not collect them all in advance?
I mean, that would be easier, right? If you have a database,
you collect them all in advance; then, when you go and you pull
off somebody's fingerprints, you've got a database, right? Why
not do that?
Ms. Del Greco. Fingerprints are collected with a criminal
mugshot for an arrested purpose, for a law enforcement purpose.
Chairman Chaffetz. Yeah. But you see the difference, right,
somebody is actually arrested; then they take their
fingerprints. Somebody who is actually convicted, then you
collect the--then you have your fingerprints. But why not get
them all in advance? What if we had all 330 million Americans'
fingerprints in advance? That would be easier, wouldn't it? It
would be easier, right? That's a question.
Ms. Del Greco. We collect fingerprints with the criminal
law enforcement purpose only.
Chairman Chaffetz. Right. Right. Why not collect
everybody's DNA? How about when everybody's born in the United
States, we take a little vile, a sample of blood? Why don't we
do that? Then we'd have everybody's DNA. And then when there's
a crime, then we could go back and say, ``Oh, well, let's
collect that DNA, and now we have 330 million Americans.'' That
would be easier. Wouldn't it?
Ms. Del Greco. I'm not at liberty to speak about the DNA
collection.
Chairman Chaffetz. This is different. See, this is how DNA
is a valuable investigative tool. Fingerprints are a valuable
investigative lead and tool. But what scares me is the FBI and
the Department of Justice proactively trying to collect
everybody's face, and then having a system with a network of
cameras where, if you go out in public, that too can be
collected and then used in the wrong hands, nefarious hands,
somebody in government misusing it. It does scare me.
Are you aware of any other country that does this? Anybody
on this panel. Is there any other country that's doing this?
Let me ask you one other thing, and I've gone past my time
here--past my time here. Do you have plans to match this
database up with anything that's posted on social media? So, in
other words, if you go up on Instagram, Facebook, Snapchat, and
whatever the next new technology is, are you collecting that
information that is out there on social media?
Ms. Del Greco. No, we are not. The only information the FBI
has and has collected in our database are criminal mugshot
photos. We do not have any other photos in our repository.
Chairman Chaffetz. That's not true. You are not collecting
driver's licenses?
Ms. Del Greco. We do not have driver's license photos in
our repository at the FBI.
Chairman Chaffetz. Does anybody care to weigh in on this?
Mr. Bedoya?
Mr. Bedoya. Sure, Mr. Chairman. I think this is a
technicality. Who owns and operates a database matters a lot
less than who uses it and how it's used. The FBI has access to
now 18 States' driver's license photos that either can run
those searches or request them. We're talking more than a third
of all Americans. So the FBI does have access to these photos.
They searched them tens of thousands of times and, apparently,
by GAO's testimony, never audited those searches for misuse.
Chairman Chaffetz. Would you disagree with that, Ms. Del
Greco?
Ms. Del Greco. We have access to the data. We do not
maintain the data in our repository. And the access we have is
pursuant to the provision in the Driver's Protection Act within
the State, accordance with Federal law.
Chairman Chaffetz. Does anybody else care to weigh in on
this topic? Ms. Lynch?
Ms. Lynch. Thank you, Mr. Chairman.
I would also add that the FBI has civil photos in its
repository. So it's not just relying on driver's license
databases, but it also has access to civil photos in its own
NGI-IPS database. These photos may in the future come from
background checks that people submit to as trying to get
employment or as a licensing requirement, but the database is
not limited to just mugshot photos.
Mr. Cummings. Would the chairman yield?
Chairman Chaffetz. Sure.
Mr. Cummings. Just to clear up, Ms. Del Greco, when the
chairman asked you about what photos you had, you said over and
over again, we have just a mugshot--what did she say?
Chairman Chaffetz. Just the criminal.
Mr. Cummings. I just feel that you could've been a little--
after we got this more clarification, seemed like you would
have told us that, what they just told us. I mean, it just
seems--I mean, I don't know how he feels, but if I was left
with your answer and didn't have clarification, I would have
assumed that that's it.
But they were able to clarify, these other two witnesses,
that you have access to all kinds of photos. Hello? I just
think it is a little unfair to the committee. I usually don't
do this. But it just--it kind of left me not feeling very good.
And I'm sure the chairman probably felt the same way.
Chairman Chaffetz. So, if they are in your database or you
own that database and own those photos, what other databases
are you also tapping into at will?
Ms. Del Greco. We do not search the civil photos that are
in our repository. They are not located in the Interstate Photo
System. We only search the criminal mugshots that we have in
our repository. We are not authorized; they are not searchable,
the civil photos.
We also retain the investigative photo from the FBI agent,
but those are not--the civil photos are not searchable.
Chairman Chaffetz. Well, I'm going to flesh this out. I'm
well past my time. So we'll continue to flesh this out.
But let's go to Mr. Lynch of Massachusetts now.
Mr. Lynch of Massachusetts. Thank you, Mr. Chairman and
Ranking Member, for your work on this.
I appreciate the presence and testimony of our witnesses.
I don't think it's a stretch to say that the majority of
Americans today feel that the rapid advances in surveillance
technology have far outpaced the ability of Congress to protect
the basic privacy of American citizens. And apart from the
willingness of people to put some of their most intimate
information online, I think there's been an aggressive
development of surveillance technology that we've seen come to
the forefront. And when you think about how this could change
who we are as a Nation, it's very, very troubling. This country
was founded on protest--it really was--and is continually
reshaped by protest. And it disturbs me greatly that, whether
it was the death Freddie Gray and those protests or the women's
protest recently that was all over the country, millions of
people, it disturbs me greatly that we're out there taking in
this information.
And I fully support the suggestion of Ms. Lynch--no
relation--that a warrant should be required in those cases and
that, if we're going to build these databases and have this
ability to surveil innocent individuals, then that is really a
game-changer for this country.
The background here, Ms. Del Greco, goes back to the
confidential informant programs that are run by the FBI, DEA,
ATF. And we have had zero cooperation from the FBI in the tens
of thousands of confidential informants that you run daily in
this country.
We did get a report from the Inspector General's Office
that explained that the DEA, in addition to the FBI, is
operating 18,000 confidential informants. They paid $237
million to confidential informants. And we can't get
information on who's getting paid for what. So, in addition, I
think there's probably 15,000 to 20,000 FBI informants that are
out there. And we have very little accountability as to what
they are doing, who they are working for, what they are being
paid for, what their prior crimes were, what their extant
crimes are while they are being paid as informants. So I have
zero confidence in the FBI or the DOJ, to be frank with you, of
keeping this in check.
Mr. Bedoya, you talked about some of the things that might
be put in place--Ms. Lynch as well. I'm certainly going to join
in legislation to put a warrant requirement in on this. There
are some areas, you know--I know that we had some enhanced
alerts regarding threats to our transportation system. So we
put in surveillance cameras at South Station, at Union Station,
because we had threats in those specific areas for limited
periods of time. And I don't dispute that, on occasion, with
specific threats and specific information, we should use that
tool.
But, Mr. Bedoya and Ms. Lynch, what else should be included
in legislation that would allow us to use this tool, this
technology, while balancing the preservation of individual
rights and privacy for American citizens?
Mr. Bedoya, you could start.
Mr. Bedoya. Yes, sir. There's a couple of points, and I can
go through them quickly. We need to target this powerful
technology to serious criminals. And so that, in the first
instance, we need to do. Secondly, we need to restrict real-
time face scanning to situations like you described, very
specific threats, very specific occasions. We need to make sure
this technology's accurate. We need to test it publicly and
independently for bias. We need safeguards to prevent against
misuse and abuse. So we need audits to spot if this technology
is being abused. And we need reporting like you would have
for--under the Wiretap Act, where if you do a wiretap, later
on, you report about it: the crime, what happened with that
prosecution. So, across the board, there are reforms that could
be made that are modeled on existing law and also modeled on
the policies of the States represented on this committee that
could be best practices and commonsense rules for the road
here.
Mr. Lynch of Massachusetts. What about an opt-out provision
for any citizen who is not suspected of a crime, to have
somebody, some ombudsman, go through and delete all the
pictures of people who aren't under active consideration for
criminal activity? I mean, I think that's something that--
innocent people should not be on this database. This is really
Nazi Germany here what we're talking about. They had meticulous
files on individuals, most of them of Jewish faith, and that's
how they tracked their people. And I see little difference in
the way people are being tracked under this, you know, just
getting one wide net and collecting information on all American
citizens. I think it is corrosive of our very liberty. I just
appreciate your testimony.
Ms. Lynch, anything to add?
Ms. Lynch. I think the only thing I would add to Mr.
Bedoya's response is that we need to have protections to
prevent the use of face recognition on First Amendment-
protected activities. So, as I think that you just noted, one
of the risks in using face recognition would be to identify
people who are engaging in political protest, which is a
bedrock value in our society, to be able to engage in political
protest without the fear that the government will be
identifying us and targeting us for our political beliefs. So,
if any legislation is introduced, I would encourage a provision
in that legislation to cover First Amendment-protected
activities.
Mr. Lynch of Massachusetts. Thank you.
I appreciate the courtesy, and I yield back the balance of
my time.
Chairman Chaffetz. I thank the gentleman.
I now recognize the gentleman from Michigan, Mr. Mitchell.
Mr. Mitchell. Thank you, Mr. Chairman.
Mr. Cummings, this will be the second time in a week where
I'm going to climb into the boat with you, sir.
Chairman Chaffetz. Uh-oh, boat analogy.
Mr. Mitchell. My boating analogy for the day.
My older son is a police officer. He is a detective in
Michigan. And as I read this, I'm, frankly, appalled. I
didn't--I wasn't informed that, when my driver's license was
renewed, my photograph was going to be in a repository that
could be searched by law enforcement across the country. As you
did your MOU with the Michigan State Police, what efforts did
you take to make sure, in fact, privacy requirements were
maintained?
Ms. Del Greco. Well, first, we looked at the State law and
worked with the State to ensure that there was a State law that
allowed for the use of those records for law enforcement
purposes.
Mr. Mitchell. So we made sure there was a State law that
said privacy didn't matter?
Ms. Del Greco. It was a privacy document with regard to
driver's license photos in the State.
Mr. Mitchell. So, again, if the State said it was okay that
we collected them, there's--I'm not aware of anything in the
State of Michigan that said they can just provide those photos
to other parties for law enforcement purposes.
Ms. Del Greco. We work with the State's legal counsel along
with our legal counsel to ensure that the appropriate laws are
in place before an MOU is drafted and approved.
Mr. Mitchell. So law enforcement all got together and said,
``It's okay, and we're going to do that.''
Followup question for you, I spent 35 years in private
business, and we had to comply with Federal privacy laws. We
were involved in student education, student aid. I was subject
to criminal and civil penalties personally as the CEO of the
company if, in fact, we failed to maintain compliance to
privacy laws. What civil and criminal penalties have the
Department of Justice been subjected to for failure to comply
with the privacy requirements?
Ms. Del Greco. With regard to FACE Services?
Mr. Mitchell. Well, with regard to filing the updated
privacy information that the chairman referred to. You're years
late.
Ms. Del Greco. That I am not an expert to speak on, sir.
Mr. Mitchell. You're not aware. So we don't know whether or
not--has any action been taken for failure to move forward? You
said you implemented the report. Has any action been taken for
the individuals that stopped the report because it was not
issued?
Ms. Del Greco. I have no knowledge.
Mr. Mitchell. There are days that ignorance is bliss; I
appreciate that.
Question for Mr. Bedoya, if you would, sir, is there any
legal standard that law enforcement must use in order to
request access to the database? I see, on page 3 of the GAO
report, there is--essentially--effective, the State makes a
request, and then they access the database. Is there any legal
standard for access there, sir?
Mr. Bedoya. Sure, for the FBI, the FBI can open an
investigation, can run a face recognition search--for example,
your face in Michigan--on mere allegation or information.
Mr. Mitchell. How about the State agency requesting the
information from the FBI and/or other States? What do they have
to submit?
Mr. Bedoya. The State agency has to have a criminal justice
purpose but is not required to have reasonable suspicion to
search the FBI's database.
Mr. Mitchell. So they don't have to tell the FBI why it is
they are asking for access to that database, just that they
need it.
Mr. Bedoya. I am not familiar with the exact field they
need to fill out, but they do not need to meet the most minimal
standard, which would be reasonable suspicion.
Mr. Mitchell. Ms. Del Greco, can you explain that?
Ms. Del Greco. A State law enforcement agency must have an
originating agency identifier. They have to be a criminal
justice agency. In fact, for FACE Services, they have to be in
a law enforcement agency. So the rules are a little bit more
refined.
Mr. Mitchell. So refined I guess, but so long as you're a
law enforcement agency, you can request access to the database
because they say they want it?
Ms. Del Greco. They have to have an agency identifier in
order to do so.
Mr. Mitchell. An agency identifier is what, please?
Ms. Del Greco. It's an identifier that we provide to an
authorized law enforcement agency that has authorized purposes
to our system.
Mr. Mitchell. So they have to have the top secret code.
Ms. Del Greco. We clarify and verify that that agency is
authorized to have access to our system.
Mr. Mitchell. But, again, they haven't had to provide any
indication of investigation or, as has been noted by my
colleagues, a search warrant or what the investigation; it's
just that they want access for some--correct?
Ms. Del Greco. It has to be for law enforcement purposes.
Mr. Mitchell. Based on someone saying it is, without any
documentation?
Ms. Del Greco. Based on their rules and their authorities
within their State, yes, sir.
Mr. Mitchell. Mr. Bedoya or Ms. Lynch, any comment on that?
Mr. Bedoya. Sir, I can quickly comment on that. The FBI
leaves it entirely to the States to decide what their policies
will be for when and why they search this database above the
standards that Ms. Del Greco raised. And, frankly, you know, I
think we need to take a step back and ask, if this technology
had been in place for the Boston Tea Party or during the 1960s
civil rights protest, what would have happened then? I think
this is a very serious issue across the board.
Mr. Mitchell. Well, I think the issue goes beyond the First
Amendment concerns that were expressed by Ms. Lynch and is
broader. I don't want to just protect someone if they are at a
political protest from being identified. The reality is we
should protect everybody unless there is a valid, documented
criminal justice action. Why should my photo--God knows lately
it's in every place in the world, including Facebook--be
subject, because I get a driver's license, to access?
And I agree with the ranking member, the comment regarding
the, ``Well, we don't have access to that,'' is disingenuous
because, frankly, the FBI has access to, whether you own the
database or not, to 400 million photos of Americans solely
because you say you have a criminal justice reason for them. I
have to tell you--and my time is expiring; I apologize, Mr.
Chairman--to me, that's appalling. And I would join in making
you take actions to, in fact, limit that dramatically.
I'm sorry for going over. I appreciate the patience, and I
yield back, sir.
Chairman Chaffetz. I thank the gentleman.
We will now recognize the ranking member, Mr. Cummings.
Mr. Cummings. Mr. Bedoya, last year, the Center on Privacy
& Technology released a report on police facial recognition and
found that, and I quote, ``There is a real risk that police
face recognition will be used to stifle free speech.'' Is that
right?
Mr. Bedoya. Certainly, I believe so. And we have a couple
of instances where this has happened. You mentioned one, the
Freddie Gray protests. In 2012, thanks to Freedom of
Information Act requests filed by the Electronic Frontier
Foundation, we saw that, in fact, FBI presentations showed how
this technology could be used on Presidential campaign rallies
in 2008. And so I think there's a real risk that law-abiding
Americans are going to be too scared to protest because they
are afraid the government is going to secretly scan and
identify and track their faces.
Mr. Cummings. So what steps should be taken to ensure that
the technology is not used to stifle protests?
Mr. Bedoya. I think you could have a belt-and-suspenders
method, sir. The first is you need to have reasonable
suspicious that someone is engaged in a crime if you are
actually encountering them. So they can see you. But if you are
doing this outside of the public eye against mugshots, we think
that should be restricted to felonies. And if you are doing it
with driver's licenses, we think that the public of the State
should actually vote to approve that; otherwise, it should not
be allowed. And even then, we think there should be a warrant
to access that information based on probable cause. And,
separately, you need to have a policy like Ohio's or like the
one proposed by DHS and FBI, actually----
Mr. Cummings. And I realize that Ohio is the only one that
prohibits the use of facial recognition. Is that right?
Mr. Bedoya. I wouldn't say ``prohibits,'' sir. I would say
actively discourages it, and that is a standard also proposed
by DHS and FBI in a working group in----
Mr. Cummings. So you would support that?
Mr. Bedoya. Certainly, sir.
Mr. Cummings. Ms. Del Greco, despite the findings and
recommendations, the FBI refuses to conduct any test to
determine whether the system has racially disparate error
rates. If one of the FBI's own senior technology experts as
well as outside groups like the center have identified evidence
that these systems may be less accurate for African Americans,
does that concern you?
Ms. Del Greco. Our requirement when we developed the
Interstate Photo System did not include tone or ethnicity. It
was based on the mathematical computation only.
Mr. Cummings. But you didn't answer my question. I said,
did that concern you?
Ms. Del Greco. I'm confident in the development of our use
and the system that the FBI utilizes for facial recognition.
Mr. Cummings. So it wouldn't bother you if a certain
segment of the population was treated unfairly? I mean, you are
with the FBI, right?
Ms. Del Greco. The responses we get back are based on the
mathematical computation. And then our facial recognition
examiners are highly trained then to make the final decision on
whether there's a most likely candidate. It is not based on the
tone or ethnicity of the candidate.
Mr. Cummings. So you're still saying everything is color-
blind? Ma'am?
Ms. Del Greco. When we get back a response from the search
from a probe photo, it could be all races. It is only a
mathematical computation that returns the candidate list.
Mr. Cummings. Ms. Lynch, you've got to respond to that for
me, please.
Ms. Lynch. Well, I think there are a few things I'd like to
respond to. I think the first is that we do have these studies
that show that African Americans and young people and women are
misidentified at higher rates than Whites and men and older
people. And that is due to the training data that's used in
face recognition systems. Most face recognition systems are
developed using pretty homogeneous images of people's faces. So
that means mostly Whites and men. And so the system learns from
that data and doesn't learn how to identify African-American
faces as well as White faces.
Mr. Cummings. Can we stick a pin in that?
Ms. Lynch. Yes----
Mr. Cummings. Whoa, whoa, whoa. If we're in denial that
something is--that there's a problem, going back to--I'm not
saying you're denying it, but you're close--and it seems as if,
with all of our expertise, with all of our great minds, we
would say, ``Okay, well, maybe we can improve on this.'' You
just said that maybe there are not enough samples or whatever.
My point is, is that, if we don't recognize that there is a
problem, we'll never improve on it.
And I mean, I think everybody wants to make sure we're
safe. We want to make sure that law enforcement has the tools
they need. But at the same time, if I turn a blind eye and say,
``This is color-blind,'' I'll never improve the system. But go
ahead.
Ms. Lynch. Well, I think that we have to look a little bit
broader. We have to look, not just at the system, but also, who
is doing the backup identification? So the FBI produces a
ranked candidate list in response to most of the face
recognition searches that are done by the States or the local
agencies. Now these are automated searches. So the FBI isn't
looking through those candidates and saying, ``This is the most
likely match.'' It is just the system that is looking through
those candidates and saying, ``This is the most likely match.''
And then a human has to look through those and say, ``This is
the person who is in the grainy surveillance camera photo that
I'm trying to identify.''
But the problem is not just that the system misidentifies
African Americans at a higher rate but also that human ID
backup fails as well. So, if a person is not properly trained
in how to do the backup identification, then they may
misidentify the person as well. And we know that this is even
more true if the person who is doing the identification is of a
different race or ethnicity than the candidate.
Mr. Cummings. I think my time is up.
Thank you, Mr. Chairman.
Chairman Chaffetz. Thank you.
We'll now recognize Mr. Ross of Florida for 5 minutes.
Mr. Ross. Thank you, Mr. Chairman.
I want to preface my remarks by saying that, 35 years ago,
I was in the computer industry in both selling and installing
computer systems. And I set that by way of example because of
my friend, Mr. Lynch, has set the proposition that technology
has advanced so exponentially that it has outpaced Congress'
ability to, I think, really provide the protections necessary.
And this really intrigues me, this particular topic,
because, Mr. Bedoya, as you talk about some of the legal
protections, one thing I haven't heard is the protections
granted by the Fourth Amendment to unlawful search and seizure.
And I would like to bifurcate this in two ways: one, in the
collection of data or the collection of facial recognition;
and, two, in the application of it. And is there not an
expectation of privacy? And is there an expectation of privacy
that would protect the collection of any facial recognition
data, given the advancements in technology and the high
resolution of this equipment, that really there is no
protection?
Mr. Bedoya. So, yes, sir, I do think there is. No court has
ever looked at this, which is part of the problem.
Mr. Ross. Well, I don't think we are at that point yet.
Because I can see the collection of data saying, ``Okay,
that''--who allowed you to collect my facial recognition? Well,
you're in public.
Mr. Bedoya. I don't think that people reasonably expect
that, when they stand for a driver's license photo, that it
will be searched like a criminal's fingerprint, thousands of
times a month, without warrants, without oversight, without
even reasonable suspicion. So I do think there is a reasonable
expectation of privacy. And while the court hasn't decided it,
I think in the Jones case, the Knotts case, the court has
signaled that certain kinds of dragnet tracking and certain
kinds of public activity and things you volunteer to other
people do deserve protection.
So I do think there is a Fourth Amendment interest here and
quite a strong one.
Mr. Ross. And, Ms. Lynch, when you talked about legal
protections, is it sufficient enough that I state a disclaimer
that ``collection of your facial recognition data may be
ongoing through the surveillance cameras''? Is that what we're
talking about in terms of legal protections, or is that just
one level of legal protection that we are looking at?
Ms. Lynch. I think that's just one level. And I actually
don't think that that's sufficient because I think it gets back
to Mr. Bedoya's point that we don't reasonably expect our image
to be captured when we're walking around in public.
Mr. Ross. But it's being done anyway, and it has been done
in surveillance. I mean, cameras and you see, of course,
notices that say ``surveillance cameras in use on this
property'' or whatever. So----
Ms. Lynch. True. There are surveillance cameras in many
cities, both private and public surveillance cameras.
But I think what's different is face recognition allows
people to search through those images very, very quickly. So--
--
Mr. Ross. And that's the application of it, and my question
is more to the collection of it. I mean, I agree there is an
expectation of privacy to a degree, but if you put up a
disclaimer that you're under surveillance or that surveillance
is being used, does that not give the protection necessary into
the collection of the data? I'm not talking about the
application in the database in the search of it, but----
Ms. Lynch. No, I don't think that gives the protection that
we're looking for. And I think an example could be law
enforcement says, ``We are going to now search all of your
email, or we are going to''----
Mr. Ross. Right.
Ms. Lynch. --``come into every single house, and we're just
putting you on notice of that fact.'' That doesn't destroy a
First Amendment protected interest against unlawful searches
and seizures. And I think a notice on a surveillance camera
also would not destroy that protection.
Mr. Ross. Okay.
Ms. Del Greco, how secure is the database? I mean, have you
had incidents of hacking or access, unauthorized access?
Ms. Del Greco. The Next Generation Identification System is
a secure, unclassified system. It's fully accredited. It's met
the Federal Information Security Management Act at the highest
level.
Mr. Ross. But no--there hasn't been any unauthorized
access?
Ms. Del Greco. There has not.
Mr. Ross. Okay.
Now, Mr. Romine and Mr. Hutchinson, for your input here, as
I've watched technology advance and I've also--obviously, the
government doesn't maintain a monopoly on technology. And, in
fact, probably they are at the low end of the availability of
technology. The commercial availability of facial recognition
technology, is that out there?
Mr. Romine. It is, sir.
Mr. Ross. And it is being utilized in the private sector,
correct?
Mr. Romine. That's correct.
Mr. Ross. And are we not seeing some of these same issues
as to an invasion of privacy as a result of a business or some
private concern utilizing it, even for marketing purposes? I
can do a market analysis by facial recognition as to how many
times this particular person comes into my store or comes onto
my property. Realistically, you could use it for that, correct?
Mr. Romine. It certainly could be used for that. NIST's
role is really just an independent and unbiased arbiter of
the----
Mr. Ross. But the availability exists in a commercial
setting.
Mr. Hutchinson.
Mr. Hutchinson. Yes, sir. The availability does exist. And
it is subject to consent, in most cases, because these retail
outlets, these private sector customers that may use this
technology, they see the sensitivity of making sure their
customers are comfortable, and they certainly don't want to
alienate them. But absolutely it's out there.
Mr. Ross. Thank you. I appreciate that.
I yield back.
Chairman Chaffetz. The gentleman yields back.
We'll now recognize the gentleman from Virginia, Mr.
Connolly, for 5 minutes.
Mr. Connolly. Thank you, Mr. Chairman.
And welcome to the panel.
Mr. Bedoya, I was struck by your comments on driver's
licenses. When I get my driver's license renewed and I have my
picture taken, I don't do it with the presumption that that's
now public property. Is that not correct?
Mr. Bedoya. I certainly don't also.
Mr. Connolly. And, therefore, it's not okay for the FBI or,
for that matter--I don't know--you know, Target to purchase my
picture without my consent.
Mr. Bedoya. Or have access to it.
Mr. Connolly. Or have access to it. That is your position.
Mr. Bedoya. That is my position, yes, sir.
Mr. Connolly. And presumably that would be the position of
most citizens, absent an active decision that ``yes, you can
have it,'' you can't have it. Otherwise, I might have
reexamined getting that driver's license.
Mr. Bedoya. I would agree with that. I think that the
citizens of the State not only should be notified and have to
volunteer, but the citizens of the State should vote if they
want to allow this highly invasive scanning of their faces.
Mr. Connolly. Has this concept ever been challenged in a
court of law?
Mr. Bedoya. We've carefully reviewed Federal and State law
specifically for face recognition cases and found none.
Sometimes it's discussed tangentially or very briefly, but
nothing square on, sir.
Mr. Connolly. Ms. Del Greco, does the FBI have a different
interpretation of the presumption of privacy with respect to
the picture on a driver's license?
Ms. Del Greco. We utilize the Driver's Privacy Protection
Act. And that is allowed through Federal law. The FBI that
utilizes the driver's license photos do so with an open, active
FBI investigation and is verified by the employees when they
receive the photo from the FBI agent.
Mr. Connolly. But you are citing an act of law. Does that
act of law explicitly grant the FBI or any other Federal agency
the right to the presumption of access, unlimited access
apparently, to the picture on the driver's license, which is
issued, I might add, by a State?
Ms. Del Greco. It is utilized for law enforcement purposes.
Mr. Connolly. Mr. Bedoya.
Mr. Bedoya. The Driver's Privacy Protection Act was passed
in 1994. The first law enforcement face recognition system in
the country began operating 2001. The DPPA clearly contemplates
sharing of individual photos with law enforcement
circumstances.
Mr. Connolly. Right.
Mr. Bedoya. I don't believe it would allow what you're
describing, nor has it been tested.
Mr. Connolly. I agree.
Ms. Del Greco, I would suggest to you: We're not the
Judiciary Committee, but I think you're on very shaky legal
grounds in making the assertion you just made, that that
provides you with the broad authority to have ubiquitous access
to across 50 States with respect to the picture on a driver's
license. I don't think it was ever contemplated, and I think
Mr. Bedoya makes an awfully good point: the law was, in fact,
written before this technology existed.
Who advised you to interpret the law that way, your general
counsel? ``You'' meaning the FBI, not you personally.
Ms. Del Greco. Thank you. We have a team of council members
that advise us. We have privacy attorneys that have been
involved in every facet of the development and implementation
of the Interstate Photo System and the FACE Services Unit. We
also work with the attorneys within each of the States that a
memorandum is developed.
Mr. Connolly. Well, I just--I'm not a lawyer. This isn't
the Judiciary Committee. But I know how to read a law. I know
how to write laws. I do it for a living. I think it's a great
stretch to take a law that preceded the technology and apply it
in as sweeping a way as you do. And I just think you're going
to have to get, frankly, either tested in court or you're going
to have to get additional statutory authority to proceed down
the road you're proceeding.
Ms. Maurer, you found that--let me see, we haven't tested
the technology since 2011 prior to its deployment by the FBI.
Is that correct?
Ms. Maurer. Yeah. We found that the FBI needed to do more
on ensuring that it is actually making a difference in meeting
its operational and mission needs. In fact, the FBI has its own
requirements for conducting at least annual operational
reviews. That's not been conducted with these systems.
Mr. Connolly. Since 2011.
Ms. Maurer. I don't believe it's ever been conducted fully
with FACE Services for IPS.
Mr. Connolly. Right, fully.
Ms. Maurer. Fully.
Mr. Connolly. Correct. I think your report says the last
time the FBI tested the accuracy of facial recognition
technology was 2011.
Ms. Maurer. Yes, that was before full deployment.That's
correct.
Mr. Connolly. So, Ms. Del Greco, why haven't there been
more comprehensive tests in the last 6 years?
Ms. Del Greco. The FBI feels that the Interstate Photo
System performs within the state of the art in the discipline
for face matching today. If the NIST were to show extreme
improvements in face recognition technology, the FBI clearly
would plug in a new algorithm for the accuracy.
Mr. Connolly. Well, let me read to you the conclusion of
the GAO report. It says: Because of the lack of testing,
there's limited information on the accuracy of your face
recognition technology capabilities.
Do you dispute that finding?
Ms. Del Greco. We feel that the technology we have today
is--at the state of the art.
Mr. Connolly. So you're just happy as a clam with the
accuracy.
Ms. Maurer, do you care to comment?
Ms. Maurer. This was one of the areas of disagreement
between GAO and the Department of Justice and FBI. We think
it's very important for the FBI to continually test the
accuracy of these systems because of all the privacy issues
that this committee discussed all morning. There is criteria
that exist within the FBI that they can use as a way to guide
these operational reviews, both for the accuracy of the system
and to ensure it meets law enforcement needs.
Mr. Connolly. I think my time is up, Mr. Chairman.
Chairman Chaffetz. Would the gentleman yield to me?
Mr. Connolly. Of course.
Chairman Chaffetz. Just I would like to ask unanimous
consent to enter into the record two letters: one is June 23,
2016, entitled ``The FBI's Use of Facial Recognition and
Proposal to Exempt the Bureau's Next Generation Identification
System from Privacy Act Obligation,'' as well as a letter that
Mr. Cummings and I sent to the FBI on September 6, 2016.
Without objection, so ordered.
Chairman Chaffetz. This letter, Ms. Del Greco, while you
say you comply with the various privacy laws, the FBI went to
great lengths to exempt this database from the Privacy Act. I
hope you can understand and respect our skepticism because the
Privacy Act is in place to protect against these types of
things, but the FBI went to great lengths to get itself
exempted from the Privacy Act and that's a big part of the
concern.
Mr. Connolly. And, Mr. Chairman, just in this questioning--
I'm so glad we're having this hearing. I think there are more
questions raised than answers as to the statutory authority
being cited and whether or not we need additional statutory
authority to both encumber the FBI and to authorize it and to
protect citizens. But there are also technology issues that
have been raised here as to accuracy.
Chairman Chaffetz. Yes.
Mr. Connolly. And if we're relying on this everywhere, that
raises its own set of questions that I think we need to delve
into. So I thank my friend and the ranking member for having
this hearing. It's raised some really important questions.
Chairman Chaffetz. I thank the gentleman.
I now recognize the gentleman from Tennessee, Mr. Duncan,
for 5 minutes.
Mr. Duncan. Well, thank you, Mr. Chairman.
And I'm sorry that other meetings prevented me from hearing
the testimony of the witnesses because I'm very concerned about
all of this, and I share the concerns that have been expressed
by the members that I've heard here while I've been here.
I will tell you that, you know, all of our modern
technology and the internet, it's got a lot of good, but it
seems to me that it has just about done away with privacy in
this country. I'm wondering if we've reached a point--these
cases seem to turn on the question of whether people have a
reasonable expectation of privacy. And I wonder if we've
reached a point where there's no reasonable expectation about
privacy about anything. I remember a few years ago in this
committee a company appeared before us that had downloaded
250,000 Federal income tax returns just to show that it could
be done. They had been on one of the morning television shows,
and they weren't in trouble, because they didn't use those
returns in any way.
But now it seems that people can find out what
prescriptions you've gotten, what grocery purchases you've
made, your every detail about your homes. I mean, I just wonder
if there's--I think we're reaching a very sad point, a very
dangerous point, when we're doing away with a reasonable
expectation of privacy about anything.
And I share the chairman and ranking member's concern. Ms.
Del Greco, it says in this CNN report--the report criticizes
the FBI for not giving the public adequate information about
the programs and their privacy implications, as required under
the 1974 Privacy Act. And it also says the systems have not
been sufficiently tested for accuracy. We've heard about that
here this morning. It seems to me that the FBI needs to step
back and take another look at this GAO report and respond to it
a little bit in a little more detailed fashion, because I think
most people who have read this report and have heard some of
these things that have been expressed here this morning would
wonder if we're ending up in a Federal police state that's
gotten totally out of control and really has far too much
power.
I mean, the President, a month or so ago, people laughed
when he said if you want to have--if you want to keep something
private, don't put it into a computer; write it out and hand
deliver it. And there were some sarcastic jokes about that.
But, unfortunately, it's almost become true.
But I certainly commend you, Mr. Chairman, for holding this
hearing and looking into this to the extent that you have
because I think a lot of questions have been raised here today.
Thank you very much.
Mr. Cummings. Thank you very much.
Mr. Duncan, first of all, I want to associate myself with
everything you just said. Before you got here, I mentioned that
we really do have to guard our democracy. And I said that we
sometimes I think take it for granted, and we have--when we see
this chipping away with regard to privacy--and you having been
a judge, you know what I'm talking about--you've got to guard
this thing. And I think what happens is we get to a point where
we, because we have gotten used to our way of life, we assume
it's going to be that way forever. But I think it is important
that we, both Republicans and Democrats, whenever we see that
democracy being threatened, that very democracy that allows us
to be who we are and the great Nation that we are, we have to
call it and try to work together to try to address those
issues. So when I heard your comments, I just wanted to let you
know that I agree with you.
I yield back to the gentleman.
Mr. Duncan. [Presiding.] Well, thank you very much, and I
do have interest in this because I was a criminal court judge
for 7-1/5 years trying the felony criminal cases, and I had a
very good relationship with law enforcement. But there have
been some pretty serious matters discussed here this morning,
and I think we need to try to do everything we possibly can to
make sure that we don't just totally do away with people's
expectation of privacy in this country. And we're getting close
to that point, I think.
Mrs. Maloney. I want to thank the ranking member and
chairman for holding this important hearing and all of our
panel.
I'd like very much to be associated with the statements on
both the Republican and Democratic side. This is an issue where
both are expressing a lot of concern. When I go home on the
weekends, there are at least three protests in my district. The
protests are definitely in, and they are well attended with
hundreds of thousands of people. And really the number one
protection in our Constitution is the right to protest, freedom
of speech, and then freedom of the press. So it is a very
protected area, and this hearing is raising major concerns
about the technology and the secrecy and the Privacy Act.
But before I start jumping on the FBI, I do have to share
my appreciation. Three months ago, two bombs went off in the
district that I'm privileged to represent. Many people were
injured. Gratefully, no one was killed. But in 48 hours, the
FBI and the police working together apprehended the person that
was causing so much damage to innocent people. So I want to
personally thank you, working 24 hours a day to crack down and
catch.
So there's a conflict now. We live in probably the most
dangerous time for innocent people because of attacks on so-
called soft targets. And you've done a great job, but we've got
to be careful about the transparency that you provide and
protections. And it is essential that the FBI pursue its law
enforcement agenda, as you do, but with transparency and with
the protection of civil liberty and privacy as two of the most
guiding principles.
Now, according to the GAO report, the FBI has been years
behind in fulfilling its reporting obligations under the
Privacy Act, the E-Government Act, and internal privacy
policies for its facial recognition system. And as a result of
the FBI's delay in complying with reporting these obligations,
GAO found--and correct me if I am wrong, Ms. Maurer--and I
quote, they said: ``The public had limited understanding of the
nature of the system and how their personal information,
including face images, is being used and protected,'' end
quote.
So I'd like to ask you, Ms. Maurer, what obligations did
the FBI have to the public in this area?
Ms. Maurer. Thank you very much for the question. The FBI
was obligated to provide transparency in how it was planning to
use and eventually did start using the facial images of the
members of the American public. There were a number of
different reporting requirements that the FBI, through the
Department of Justice, failed to meet.
They eventually did issue the required privacy notification
documents. It was only years after they started using both of
their systems for real-world use. That was of great concern to
us from a transparency perspective.
Mrs. Maloney. So, in other words, did the FBI meet its
legal obligations with regard to updating and publishing these
critical privacy documents that you mentioned?
Ms. Maurer. No. They did not.
Mrs. Maloney. Now, can you explain what these privacy
documents are? What are the Privacy Impact Assessments and the
System of Records Notices? What is it?
Ms. Maurer. A Privacy Impact Assessment is required by the
E-Gov Act. It's required of any Federal system when it's first
created and when it is newly expanded. It is to provide
transparency so the public has an understanding of how their
personal information is being used.
The System of Records Notice is required under the Privacy
Act. That's also when new systems are established. It pursues--
tries to achieve a similar goal: transparency.
These are both useful documents. The PIAs, in particular,
provide a fair bit of information and detail about how personal
information is being used by the Federal Government. We thought
it was important for them do it in a timely basis. They did not
do so.
Mrs. Maloney. Ms. Lynch is a representative of an
organization that represents the public.
Why should the public be concerned about this? What's the
impact of this?
Ms. Lynch. I think the impact is that the public cannot
assess what our government is doing if the government doesn't
follow the law by producing Privacy Impact Assessments and
updating the System of Records Notices.
So this has real impact on my job because I read through
these things. And I write about them, and I try and tell
people, including journalists and the public and our members,
what's going on.
So, for example, I had no idea--and I think most privacy
advocates had no idea--exactly how many images the FBI could
access until the GAO published its report in 2016.
I think that most estimates were closer to about 50
million, and it turned out that the FBI could access about 412
million. So that's a significant difference, and if the Bureau
is not responsible in publishing information on its divisions
and on the impact of its programs, the public has no idea
what's going on.
Mrs. Maloney. Well, my time has expired, and thank you.
Mr. Duncan. Mr. Grothman, have you had a chance to catch
your breath?
Mr. Grothman. No, I haven't, but we'll charge ahead anyway
without catching my breath.
Ms. Del Greco, do you think you have my face? Do you have
access to the data regarding my face, do you think?
Ms. Del Greco. We would only access a face that you would
have in a DMV record if there was an active FBI investigation
or----
Mr. Grothman. So you have it. If you had to, you could get
it.
Ms. Del Greco. If you're one of the States that we have an
MOU with.
Mr. Grothman. Is Wisconsin one? Do you know off the top of
your head? Maybe you don't know.
Ms. Del Greco. I'm not sure, sir.
Mr. Grothman. Do you see why people are concerned about
having the government have access to data in which you can tell
where I am at any given time, given that we have more photos of
people in the crowd, people in the stands, whatever? Do you see
any concern as the government databases or access to databases,
as you say, grows, grows, grows all the time?
Ms. Del Greco. Of course, I see why there would be a
concern. However, we want to ensure the public that we are
protecting their privacy by only accessing the data for legal
purposes and a law enforcement purpose.
Mr. Grothman. Do you think, in the past, the government's
done a good job in making sure data is only accessed for legal
purposes?
Ms. Del Greco. I do.
Mr. Grothman. The IRS, for example?
Ms. Del Greco. I definitely do. Our FACE Services Unit will
undergo an audit in accordance with the CJIS Audit Unit. And we
also will audit the State and local agencies for their use of
our system.
Mr. Grothman. Does the FBI deploy real-time facial
recognition technology on my video surveillance camera video
feeds?
Ms. Del Greco. I'm not an expert in all areas of the FBI.
In my area, we do not.
Mr. Grothman. Would anybody else care to take a crack at
that? Oh, okay.
Are you aware, is anybody aware of any domestic law
enforcement entities that utilize or would ever plan to utilize
real-time facial recognition technology?
Mr. Bedoya. Yes, sir, if I may. We are. We're aware of six
major law enforcement agencies that have either stated plans to
use real-time face scanning or have actually purchased the
technology or have said they are using it. So this is very much
real. And about a quarter of the current body camera vendors
are making provisions for use of face recognition off of body
camera video. So this is very real.
Mr. Grothman. Explain how that is going to work.
Mr. Bedoya. It could work any number of ways. Probably the
riskiest and most threatening way would be for every face that
walks past a police officer to be scanned. So not just the
faces of criminals, not just the faces of terrorists, the face
of every man, woman, and child that walks by. To our knowledge,
we've yet to see that, but we have seen it off of surveillance
cameras.
Mr. Grothman. But they have the ability to do it. It must
be there for some purpose, right?
Mr. Bedoya. A DOJ-funded study found that body camera
vendors are, quote, ``fine tuning'' the ability to incorporate
face recognition into body cameras. And I have a copy of that
report, and I am happy to submit it to you on the record.
Mr. Grothman. Would it be the type of thing where,
eventually, if I'm walking by a cop, a police officer, it would
show up that there is Glenn Grothman? If we're walking down the
street?
Mr. Bedoya. To our knowledge, right now, this operates on
smaller watch lists, but the technology is getting better and
better such that, eventually, in theory, it could encompass
much larger databases like, for example, Wisconsin's driver's
license database. To our knowledge, it does not operate on that
large a database, but that is certainly where this appears to
be headed.
Mr. Grothman. Okay. So the day is going to come where Big
Brother, if we call it that, will know, as we walk down the
street, there's Ms. Del Greco and Ms. Maurer and Mr. Romine and
just shows up that this is who is walking along or this is who
I am seeing?
Mr. Bedoya. Again, this is what a Department of Justice-
funded study released at the end of last year said: fine-tuning
face recognition capabilities for body cameras. To be clear,
those capabilities don't necessarily need to be real-time right
now. They could be after-the-fact face scanning, but certainly
this is what a lot of law enforcement vendors are offering
right now in terms of the surveillance cameras, and they want
to go to the body camera----
Mr. Grothman. Okay.
Mr. Hutchinson, where is this technology going?
Mr. Hutchinson. Yes, sir. Thank you. I wanted to comment.
That technology is not commercially available right now. It is
true that there is facial recognition technology available that
can detect faces in video feeds. It has not been deployed to
body-worn cameras. Also, as far as the access to the data----
Mr. Grothman. Is it going to be?
Mr. Hutchinson. Potentially, potentially. It can be used
with video feeds, but it's important to understand how the data
is loaded into the camera so that it can be detected or
identified. And as Mr. Bedoya stated, usually it is only watch
list data, and as Ms. Del Greco stated, it is typically only
felons. It typically does not have access to every single face
imaginable.
Mr. Grothman. Do you think some day it will? I could
imagine why people would want it to.
Mr. Hutchinson. That would depend on the particular use
case for the Federal law enforcement entity.
Mr. Grothman. Can you explain why FRT is less accurate when
used to identify certain groups of people?
Mr. Hutchinson. The algorithms are mathematic; they are
math instructions for a computer basically. And they use
certain vectors to determine how a face is searched and how it
is identified in a database. It is highly dependent on the
algorithm that you use. It is also highly dependent on the data
in the database, but it is also dependent on the quality. And
that's the most important piece. There have been some tests
that indicate that certain groups of folks, whether its
ethnicities or so forth, there can be challenges; the
algorithms perform differently. But it is very important to
understand what type of testing data is used to train that
algorithm, because there was--I wanted to make a clarification
earlier: a lot of the data the vendors use is not homogeneous.
It is purposefully heterogeneous, and it has a lot of different
faces from different races and different ages and different
sexes, specifically to tune the data so that it does not have
any sort of biases
Mr. Duncan. I'm sorry. We need to move on now to Ms. Kelly.
Ms. Kelly. Thank you, Mr. Chair.
The FBI's facial recognition systems include images from
external partners such as the State Department, the Department
of Defense, and at least 17 States. These external systems,
however, operate, from my understanding, independently of the
FBI's protocol and standards. And the GAO has raised concerns
about that. According to the GAO, and I quote: ``Because the
FBI does not assess the accuracy of its partners' technology,
it risks relying on technologies that could potentially have
higher error rates or could be obsolete.''
Ms. Del Greco, does the FBI do anything to ensure that the
results it receives from the face recognition systems of its
Federal and State law enforcement partners are accurate?
Ms. Del Greco. We do not have the authority to test
external agency databases. Rather, we focus on the quality of
the data that we're getting. So we share training tools. We
offer training, and we share our best practices.
Ms. Kelly. Does the FBI do anything--I'll get to you--does
the FBI do anything to make sure its Federal and State partners
are taking adequate measures to protect against misuse of a
system? And if you don't, why not?
Ms. Del Greco. We have a robust audit process at the FBI.
We audit the State and local and Federal agencies. We have a
sanctions process that's in place for noncompliance. There is a
letter of censure that is issued if there is a misuse
identified. If that is not corrected, we raise it to the level
in the State to the Governor. If that is not corrected, and
then we will shut off the system from the State.
Ms. Kelly. I see you want to say something.
Ms. Maurer. Yes, absolutely. We are happy that the FBI has
begun to conduct these audits. I would note that they didn't
start doing these audits or have these audits include facial
recognition technology until after our report.
In terms of our recommendation to the FBI to assess the
accuracy of the information that it receives from the other
databases, our recommendation was not intended to require the
FBI to independently assess the validity of other databases
but, rather, have a better understanding of the accuracy for
its own uses. The FBI has that technical capability. They can
build it into the operational reviews. That was another one of
our recommendations. So they can do it; they just chose not to.
Ms. Kelly. Any comment?
Ms. Del Greco. Well, we disagree. We have trained
fingerprint--I'm sorry facial recognition examiners--they are
called biometric image specialists--that go through rigorous
training. So, when a candidate comes back, it's not a positive
identification; it takes human review to find a most likely
candidate.
Ms. Kelly. Thank you.
The FBI also claims that it does not have the authority to
oversee its Federal and State partners, as you said, yet the
FBI's Criminal Justice Information Services Unit enforces
similar external audit policies for other programs. According
to GAO, and again, I quote: ``CJIS security policy states that
the CJIS Audit Unit is required to conduct triannual audits of
each of its States and local law enforcement users to assess
agency compliance with applicable statutes, regulations, and
policies related to the CJIS systems.''
Ms. Maurer, do these audits include face recognition
searches of the FBI system?
Ms. Maurer. Recently, the FBI has begun to include facial
recognition as part of these audits they are conducting of
different States. To my understanding, I think they have
completed four of those, but those were not begun until after
our report was issued.
Ms. Kelly. And you fully support the idea--so they are done
in only four States, or they've only done four?
Ms. Maurer. They've only done them in four States so far.
They've told us they plan to do them in the others. These are
parts of broader audits that the FBI does of how the States are
using the full array of biometric information.
Ms. Kelly. Mr. Bedoya, did you have a comment?
Mr. Bedoya. Ms. Kelly, I do. I just want to clarify what's
being discussed here. We're talking about 36,000 searches of
driver's license photos, including likely your face, since
you're an Illinois driver. And none of those searches, per the
GAO's reporting, were audited for misuse or abuse.
So, going forward, it sounds like there will be an audit,
which is terrific. But since 2012, the FBI is saying there's
going to be these audits, and only now this year--and that was
before Congress, audits will be done before Congress. Only now
this year are they starting to be done.
Ms. Kelly. Ms. Del Greco, when will you get to the other
States?
Ms. Del Greco. So, during the GAO review, we had a paper
that was going through our Advisory Policy Board to talk about
the audits and how the audits would be conducted. It was
intended to do the audits as part of our triannual audit
process with the CJIS Audit Unit. We do intend to audit all
State, local, Federal agencies, as well as the FBI FACE
Services.
Ms. Kelly. Do you have a timeline?
Ms. Del Greco. The FBI FACE Services will be audited in
2018. There is a schedule for the other States.
Ms. Kelly. I am out of time. So I yield back.
Mr. Duncan. Thank you very much.
Mr. Clay.
Mr. Clay. Thank you, Mr. Chair.
And let me thank the panel of witnesses.
Let me state in the beginning that misidentifying a
criminal suspect can have dramatic and permanent real-world
implications. So, with that, last year, the GAO released a
report on its review of the FBI's use of facial recognition
technology. Chief among GAO's findings is that the FBI has not
examined how often, and I quote, ``face recognition searches
erroneously match a person to the database,'' in other words,
the false positive rate.
Dr. Romine, why is testing for false positives so important
in assessing the accuracy of a facial recognition system?
Mr. Romine. When we test algorithms for accuracy, one of
the characteristics we want to know is not just how often an
image that is in the gallery that matches a probe is returned
but also the extent to which the algorithm can fail to
recognize or, in some cases, return erroneous results, as you
mentioned. And that's just an important consideration with
regard to measurements, science, capabilities. We want to be
sure that we provide as much information to stakeholders as we
can about all aspects of the performance of the algorithms that
we test.
Mr. Clay. I see. And to better address the challenge of
false positive matches, GAO's report recommends that the FBI
begin testing the false positive rate.
Ms. Del Greco, despite GAO's findings and recommendation as
to the importance of testing the false positive rate, the FBI
did not agree with GAO's recommendation. Is that right?
Ms. Del Greco. That is correct, sir. A false positive rate
measures when searches are resulting in one match, and we
always receive the candidate list back that requires a human
review.
Mr. Clay. But aren't you concerned that, by not adopting
this testing, the FBI may be using a system that isn't as
accurate as it should be?
Ms. Del Greco. The false positive rate is not based on the
return of the candidates but of the human reviewing and the
response that the human review gives to either the examiner or
FBI agent.
Mr. Clay. So what happens when you bring a suspect in and
it's the wrong one? Do you recognize that fault, or do you go
on what your facial recognition?
Ms. Del Greco. We provide a most likely candidate to the
FBI agent. The FBI agent then has to make the determination if
that is the person that they are--that is under investigation.
Mr. Clay. Well, that sounds like a crapshoot. It sounds
like you're taking a chance: maybe this guy is the one. I mean,
come on.
Ms. Del Greco. Our system doesn't provide positive
identification for facial recognition.
Mr. Clay. Okay.
Ms. Maurer, can you explain how the adoption of such
testing could improve the accuracy of the FBI system?
Ms. Maurer. Sure. First off, as my colleague from NIST has
correctly pointed out, false positive testing is a bedrock of
accuracy for facial recognition technologies, which is the
reason why we recommended the FBI do that.
Our understanding is their system has a technical
capability to test for false positives. They chose not to
exercise that capability.
We are also concerned about the way it could impact people
in the real world as well as the impact on the FBI's use of its
own resources. They could end up spending some of their
valuable investigative time on wild-goose chases rather than
focusing on the actual individual they are trying to find.
Mr. Clay. Yeah. It sounds like a crapshoot to me. It sounds
like you're just shooting in the dark, maybe this is the guy.
You know, Ms. Del Greco, in your written testimony, you
state that the FBI's facial recognition system, and I quote,
``is only used as an investigative lead and not as a means of
positive identification.'' Is that right?
Ms. Del Greco. That is correct, sir.
Mr. Clay. Ms. Lynch, if the FBI says facial recognition
searches are only used as investigative leads, can you explain
the consequences for potentially innocent individuals who are
identified due to a false positive result?
Ms. Lynch. Well, if investigative leads are returned, that
means that a number of people will be returned and produced as
suspects for a crime. Each one of those people could be brought
in for questioning. Each one of those people will have to
justify where they were on a given time and day. It's very
difficult, I think, for a lot of people to prove where they
were in the past. And it makes people suspects for crimes that
they didn't commit.
Mr. Clay. My time is up, but I'm sure it wreaks havoc on
peoples' lives.
So thank you, Mr. Chairman.
Mr. Duncan. Ms. Del Greco, the Bureau presently has
memorandums of understanding with 18 States in regard to this
facial recognition program. Do you know, are other States going
to be added in the future, or is there an effort being done in
that regard now to move this to all 50 States?
Ms. Del Greco. Where there's a law that allows the use of
the DMV photos for law enforcement purposes, we will continue
to work with those States to develop an MOU. There are States
that do not allow the use of facial recognition technology. Not
all 50 States will have MOUs with the FBI.
Mr. Duncan. All right.
Ms. Lynch, do you have any concerns about using photographs
to identify people's fingerprints--identifying fingerprints
from photos?
Ms. Lynch. Identifying fingerprints or identifying faces? I
think the big difference between fingerprints and face images
is that generally somebody knows if they are providing that
fingerprint. So, to obtain a fingerprint from somebody, in
general----
Mr. Duncan. No. I mean, if they have a photo of a person
with an open palm, using that photo to identify, to take the
fingerprints from that photo.
Ms. Lynch. I'm not sure I----
Mr. Duncan. You haven't heard of that?
Ms. Lynch. Well, palm prints are----
Mr. Duncan. Mr. Bedoya, I think, knows something about it.
Mr. Bedoya. It's a series of little-known studies; Dr.
Latanya Sweeney, among others, has shown you can, in fact, do
that. So this was done famously in Germany. Some individuals
took a German Minister's photo of his hand and actually figured
out his fingerprint from that. So that is something that is
technically possible now but, to my knowledge, is not in wide
use in the United States. But that's--it may be in use; I just
don't know it.
Mr. Duncan. All right.
Well, I want to thank all the witnesses for taking the time
to appear here today.
And I ask unanimous consent that members have 5 legislative
days to submit questions for the record.
Without objection, so ordered.
If there's no further business, the committee stands
adjourned.
[Whereupon, at 11:37 a.m., the committee was adjourned.
APPENDIX
----------
Material Submitted for the Hearing Record
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[all]