[House Hearing, 115 Congress] [From the U.S. Government Publishing Office] LAW ENFORCEMENT'S USE OF FACIAL RECOGNITION TECHNOLOGY ======================================================================= HEARING BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED FIFTEENTH CONGRESS FIRST SESSION __________ MARCH 22, 2017 __________ Serial No. 115-52 __________ Printed for the use of the Committee on Oversight and Government Reform [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.fdsys.gov http://oversight.house.gov ______ U.S. GOVERNMENT PUBLISHING OFFICE 28-689 PDF WASHINGTON : 2018 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Publishing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 Committee on Oversight and Government Reform Jason Chaffetz, Utah, Chairman John J. Duncan, Jr., Tennessee Elijah E. Cummings, Maryland, Darrell E. Issa, California Ranking Minority Member Jim Jordan, Ohio Carolyn B. Maloney, New York Mark Sanford, South Carolina Eleanor Holmes Norton, District of Justin Amash, Michigan Columbia Paul A. Gosar, Arizona Wm. Lacy Clay, Missouri Scott DesJarlais, Tennessee Stephen F. Lynch, Massachusetts Trey Gowdy, South Carolina Jim Cooper, Tennessee Blake Farenthold, Texas Gerald E. Connolly, Virginia Virginia Foxx, North Carolina Robin L. Kelly, Illinois Thomas Massie, Kentucky Brenda L. Lawrence, Michigan Mark Meadows, North Carolina Bonnie Watson Coleman, New Jersey Ron DeSantis, Florida Stacey E. Plaskett, Virgin Islands Dennis A. Ross, Florida Val Butler Demings, Florida Mark Walker, North Carolina Raja Krishnamoorthi, Illinois Rod Blum, Iowa Jamie Raskin, Maryland Jody B. Hice, Georgia Peter Welch, Vermont Steve Russell, Oklahoma Matt Cartwright, Pennsylvania Glenn Grothman, Wisconsin Mark DeSaulnier, California Will Hurd, Texas John P. Sarbanes, Maryland Gary J. Palmer, Alabama James Comer, Kentucky Paul Mitchell, Michigan Jonathan Skladany, Staff Director William McKenna, General Counsel Troy Stock, Information Technology Subcommittee Staff Director Sean Brebbia, Senior Counsel Sharon Casey, Deputy Chief Clerk David Rapallo, Minority Staff Director C O N T E N T S ---------- Page Hearing held on March 22, 2017................................... 1 WITNESSES Kimberly Del Greco, Deputy Assistant Director of Criminal Justice Information Services Division, Federal Bureau of Investigation Oral Statement............................................... 5 Written Statement............................................ 7 Diana Maurer, Director, Homeland Security and Justice Issues, U.S. Government Accountability Office Oral Statement............................................... 12 Written Statement............................................ 14 Charles Romine, Ph.D., Director of Information Technology Lab, National Institute of Standards and Technology Oral Statement............................................... 36 Written Statement............................................ 38 Alvaro Bedoya, Executive Director, Center on Privacy & Technology, Georgetown Law Oral Statement............................................... 45 Written Statement............................................ 47 Benji Hutchinson, Senior Director, NEC Corporation of America On behalf of The International Biometrics + Identity Association Oral Statement............................................... 64 Written Statement............................................ 66 Jennifer Lynch, Senior Staff Attorney, Electronic Frontier Foundation Oral Statement............................................... 76 Written Statement............................................ 78 APPENDIX Letter of June 23, 2016, Requesting Congressional Oversight, submitted by Mr. Chaffetz...................................... 132 Letter of September 6, 2016, to Mr. James B. Corney, Federal Bureau of lnvestigation, submitted by Mr. Chaffetz............. 138 Response from Dr. Romine, NIST, to Questions for the Record...... 141 LAW ENFORCEMENT'S USE OF FACIAL RECOGNITION TECHNOLOGY ---------- Wednesday, March 22, 2017 House of Representatives, Committee on Oversight and Government Reform, Washington, D.C. The committee met, pursuant to call, at 9:30 a.m., in Room 2154, Rayburn House Office Building, Hon. Jason Chaffetz [chairman of the committee] presiding. Present: Representatives Chaffetz, Duncan, Jordan, Gosar, Foxx, DeSantis, Ross, Grothman, Palmer, Comer, Mitchell, Cummings, Maloney, Norton, Clay, Lynch, Connolly, Kelly, and Krishnamoorthi. Chairman Chaffetz. The Committee on Oversight and Government Reform will come to order. Without objection, the chair is authorized to declare a recess at any time. We have an important hearing today about law enforcement's use of facial recognition technology. It's exciting technology. The world of technology offers us a lot of opportunities, but just because we can doesn't mean we necessarily should, and so there are a number of things that we need to have discussions about and try to figure out and tackle as a society. And this is one in a series of things that we're going to be discussing in this year and next as technology brings us to new frontiers and new paths and new things that we need to dive into and look at, because, again, while there's a lot of excitement and a lot of opportunity, there's also opportunities to have it misused or overused or create a whole other set of problems that maybe our Nation and our society and our generation have not yet dealt with. This happens to be one of those types of technologies. Facial recognition technology, it is exciting what can be done, but we have to look at how this affects law enforcement and our rights as Americans, particularly suspicion-less Americans and our right for privacy. The days of the old Sherlock Holmes dusting for fingerprints and looking for clues, they're being replaced by algorithms and software scanning millions of images at unprecedented speeds to match a face to a name. However, like many technologies used in the wrong hands or without appropriate parameters, it is ripe for abuse; therefore, the oversight of the use of this technology is essential. Until recently, fingerprint analysis was the most widely used biometric technology for positively identifying arrestees and linking them to previous criminal history. In 2010, the FBI began replacing its legacy fingerprint database with an updated database that incorporates advancements in biometrics, such as facial recognition, called the Next Generation Identification, or NGI. This is a database with an estimated cost of $1.2 billion. The FBI claims the NGI system, ``brought the FBI's biometric identification system and criminal history information to the next level.'' Unfortunately, the FBI failed--failed--to fulfill its statutory duty to inform the public of this new next-level capability and used facial recognition technology for 5 years without publishing the required Privacy Impact Assessment, as required by law. Further, agreements are in place with 18 States that allow the FBI to request those States search their databases, including driver's license databases, using facial recognition technology. And if we have a graphic, let me have them put that up here, if we could. Just to give you--those States in the dark blue are the ones that have various types of relationships with the FBI. Those in the light blue do not have those types of relationships. But you can kind of get a sense of where the Nation is going and how States are entering into these memorandums of understanding. You can take the graphic down. To be clear, this is a database or a network of databases comprised primarily of law-abiding Americans. Eighty percent of the photos in the FBI's facial recognition network are of noncriminal entries, each of the photos from driver's licenses--they come from places like driver's licenses, passports, and whatnot. It would be one thing if facial recognition technology were perfect or near perfect, but it clearly is not. Facial recognition technology does make mistakes. For example, in a test the FBI conducted prior to deploying NGI, roughly one in seven searches of the FBI system returned a list of entirely innocent candidates, even though the actual target was in the database. I also have concerns about studies suggesting facial recognition technology may have been unintended--have unintended racial, gender, or age bias or deficiencies. Any technology biases or weaknesses correlating to race, gender, and age raise some serious concerns and need to be widely known and contemplated by law enforcement, legislative bodies, and the judiciary. Facial recognition technology is a powerful tool for law enforcement that can be used to protect people, their property, our borders, and our Nation. The private sector may use technology to control access to sensitive information, protect financial transactions, verify time and attendance, and prevent fraud or identity theft, among other uses. But it can also be used by bad actors to harass or stalk individuals. It can be used in a way that chills free speech and free association by targeting people attending certain political meetings, protests, churches, or other types of places in the public. Perhaps most concerning is the prospect of its real-time use to track people's location throughout the day, a potential use that would fundamentally change what it means to live in a free society. For those reasons and others, we must conduct proper oversight of this emerging technology. I appreciate the witnesses and what they bring here. One of the things that we're going to also talk about today is, what does it mean when you populate the database? If the FBI could have its way, the best I can understand it, they would put everybody's face in one database or a whole series of databases. And so what does that mean? I guess, if it's in a secure lockbox that nobody else can look at except the FBI, some people would argue that's a good thing. But we've seen the FBI, most recently, can't even keep the 702 information private and secure. I don't trust the Federal Government. I don't believe that there is such a thing where they can keep all of this information locked down and secure. Does anybody really trust and believe that they can create this massive database? Imagine how valuable that database is going to be if they had the facial recognition of every single American in their system. And then you could just go online and you could start figuring out exactly who is walking in your door. Some companies are actually using this type of technology. They know who you are before you walk in the door. And what does that mean if this information were to get into the wrong hands? So it poses a number of issues and challenges. I'd now like to yield such time as he may consume to Mr. Jordan of Ohio. Mr. Jordan. Thank you, Mr. Chairman, and I'll be real brief. I just wanted to thank you for this hearing and your continued focus on privacy, particularly in this digital age which we find ourselves a part of, and announce to the committee that I'm pleased to be working with, on a bipartisan basis, Congressman Lieu on developing a framework for facial recognition technology, how that is appropriate, what we hope is model legislation, frankly working with some of the good folks on our panel, like Mr. Bedoya, to develop that information. Understand the context. We learned that several Federal agencies used StingRay technology to conduct surveillance on Americans without a probable cause warrant. During that hearing, we also learned that the IRS several times used that same technology without a probable cause warrant, the same IRS that targeted people for exercising their First Amendment liberties, targeted people for their political beliefs. That is the context we find ourselves in today, and now we have this system in all those States that the chairman just put up. This is a critical issue at the appropriate time. And so I just, again, wanted to thank the chairman and look forward to hearing from our witnesses today, and appreciate this hearing and just how critically important it is to Americans' First Amendment and Fourth Amendment liberties. With that, I yield back. Chairman Chaffetz. I thank the gentleman. Again, one of the key questions, seminal questions, before us is, is it the right public policy to populate a database with everybody's face in it, even the suspicion-less Americans? Is that the American way? Or--or--should they maybe be building a database of known criminal elements, people who maybe earned it, rather than the suspicion-less people who went in to get their driver's license and didn't know that they were also giving that information to the Federal Government and that the Federal Government would be using it for who knows what? And as Mr. Jordan pointed out, there is technology, more-- almost 500 units of these cell phone simulators, where the government is using cell phone simulators to track suspicion- less Americans in their very geolocation and their very location. You combine that with facial recognition technology, where somebody's walking down the street and they can be recognized and identified into a database that has been built by the FBI; it does pose questions. The technology will also show us, the statistical data will show us the bigger the database, the more difficult it is for the facial recognition technology to get it right. If the database was smaller to known criminals, wanted criminals, people that are here illegally, maybe those are the types of things that we should be focused on, as opposed to everybody. And that's one of the questions that--and why we have a distinguished panel today. So I will hold the record open for 5 legislative days for members who would like to submit their written statement. And I would now like to recognize our panel of witnesses. We're pleased to welcome Ms. Kimberly Del Greco, who is the Deputy Assistant Director of the Criminal Justice Information Services Division of the Federal Bureau of Investigation. We do appreciate you being here. We also have Diana Maurer--did I pronounce that right? I hope so--Director for Homeland Security and Justice Issues at the United States Government Accountability Office. She was just in Judiciary yesterday. So we appreciate the quick turnaround in being here again today. Mr. Charles Romine, the Director of Information Technology Lab at the National Institute of Standards and Technology. Mr. Alvaro Bedoya is the executive director for the Center of Privacy & Technology at Georgetown Law. Great mind and thought on this topic, and we appreciate you being here, sir. Mr. Benji Hutchinson, senior director for the NEC Corporation of America, testifying on behalf of the International Biometrics + Identity Association. And Ms. Jennifer Lynch, senior staff attorney for the Electronic Frontier Foundation. We thank you for being here as well. Pursuant to committee rules, all witnesses are to be sworn before they testify. If you could please rise and raise your right hand. We also get to get your picture. Do you solemnly swear or affirm that the testimony you're about to give will be the truth, the whole truth, and nothing but the truth so help you God? Thank you. Let the record reflect that all witnesses answered in the affirmative. In order to allow time for discussion, we would appreciate it if you would limit your verbal testimony to 5 minutes. Your entire written record and the attachments will be made part of the official record. But Ms. Del Greco, let's start with you, and you are now recognized for 5 minutes. Can I tell you all: these microphones in this committee, you've got to straighten them out, bring them right up uncomfortably close, and then there we go. Ms. Del Greco, you're now recognized for 5 minutes. WITNESS STATEMENTS STATEMENT OF KIMBERLY DEL GRECO Ms. Del Greco. Thank you, Chairman Chaffetz and Ranking Member Cummings and the members of the committee for this opportunity, along with our colleagues from NIST, with whom we have worked closely on a number of efforts. I have submitted a written statement for record and will not take the committee's time to repeat all of the report. The statement provides a good description of the authorized programs we have in place. These programs utilize face technology to provide law enforcement partners with the needed capabilities to safeguard the American people. It is crucial that authorized members of the law enforcement and national security communities have access to advanced biometric technologies to investigate, identify, apprehend, and prosecute terrorists and criminals. The services and performance improvements in speed and accuracy delivered by the FBI's Next Generation Identification system, which includes face recognition technology, have enhanced our ability to solve crimes across the country. With that said, the FBI's core value is strict adherence to the U.S. Constitution. The protection of the privacy and civil liberties of all persons in this country remains integral to the development and implementation of any new technology. The FBI's use of face recognition technology is confined within the same statutory, regulatory, and policy framework as all investigative initiatives by the FBI. Today, I will discuss the following FBI programs which use face recognition technology for law enforcement purposes. They are, one, the FBI's Next Generation Identification Interstate Photo System; and two, the FACE Services Unit, both located at the FBI Criminal Justice Information Services Division. Specifically, the Next Generation Identification Interstate Photo System allows for the searching of criminal mugshots authorized by law enforcement agencies. It is a search of law enforcement photos by law enforcement agencies for law enforcement purposes. Law enforcement has performed photo lineups and manually reviewed mugshots for decades. Face recognition software allows this to be accomplished in an automated manner. Automated face recognition is an effective means of locating potential candidates for further investigation, but it remains an investigative lead only, and the candidates must be further reviewed by specialized face examiners and/or the relevant investigators. The FBI has promulgated policies and procedures to emphasize that photos returned from the Next Generation Identification Interstate Photo System are not to be considered positive identifications and that the searches of the mugshots merely result in a ranked listing of candidates that require further investigation to determine a subject's true identity. This guidance has been provided in the Next Generation Identification Interstate Photo System Policy and Implementation Guide, which has been made available to authorized law enforcement users who receive candidate photos from the Next Generation Identification Interstate Photo System. FACE Services: The FACE Services Unit provides investigative lead support to the FBI field offices, operational divisions, and legal attaches by comparing the face images of persons associated with an open FBI assessment or an active investigation against face images available in State and Federal photo repositories. The FACE Services Unit only accepts probe photos that have been collected pursuant to appropriate legal authorities as part of an authorized FBI investigation. Upon receipt of the photo, the FACE Services Unit searches the photo using face recognition software against the database authorized for use by the FBI, which results in a photo gallery of potential candidates. The FACE Services Unit performs comparisons of candidate photos against the probe photo to determine the candidate's value as an investigative lead. If a most likely candidate is found, it will be provided to the requesting FBI personnel; however, the FBI does not retain any photos that are not a most likely candidate. As with the Next Generation Identification Interstate Photo System, this service does not provide a positive identification but rather an investigative lead and analysis to support that lead. Finally, the FBI's strength is directly attributed to the dedication of its people who work for and on behalf of their fellow citizens. Our adversaries and the threats we face are relentless. The FBI must continue to identify and use new capabilities, such as an automated facial recognition system, to meet the high expectations for the FBI to preserve our Nation's freedom. I want to thank my colleagues for their support and each and every FBI employee for their dedicated service. Thank you. [Prepared statement of Ms. Del Greco follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Chaffetz. Thank you. Director, you're now recognized for 5 minutes. STATEMENT OF DIANA MAURER Ms. Maurer. Good morning, Mr. Chairman, Ranking Member Cummings, and other members and staff. I'm pleased to be here today to discuss the findings from our review of the FBI's use of facial recognition. We're all familiar with the general idea behind this technology, and it's a good one: Instead of relying on books of mugshots from the ``Hill Street Blues'' era, law enforcement can use ``CSI''-era computers to nearly instantly identify a criminal from a grainy crime scene photo. Of course, that's the idea. The reality is far from what we currently see in movies or TV. Face recognition is relatively new for the FBI, and there are significant technical and legal limitations on what it can do. Even so, it's a valuable tool that can greatly enhance the efficiency and effectiveness of Federal law enforcement. The FBI uses face recognition in two ways: First, it developed a system that currently has over 50 million images for State, local, and FBI use; second, the FBI accesses other systems at the Departments of Defense and State as well as driver's license photos from 18 States, with total potential access to over 400 million images. Used properly, face recognition can help make us all safer. However, the pictures of millions of Americans, including millions with no criminal convictions, are being searched by the FBI, which is why attention to privacy and accuracy is so important. We found that the FBI needs to do a better job on both fronts. First, we'll talk about privacy. Federal law requires agencies to publicly share how they plan to use personal information, such as facial images, when they roll out a new capability and when they update it. We found that the Department of Justice and the FBI did not do so in a timely manner. Specifically, DOJ initially published a Privacy Impact Assessment for the Interstate Photo System in 2008; however, the FBI did not update or publish a new assessment before it began using the system or made significant changes to it. DOJ also did not approve a privacy assessment when the FBI began accessing other systems to support its own investigations. The FBI eventually issued privacy assessments in 2015 during our review and over 3 years after they began using both systems. During that time, the public remained unaware of how facial images were being used because the assessments were not published as required. We also had several concerns about the FBI's efforts to ensure accuracy. There are two key aspects to accuracy for facial recognition: the detection rate, how often it correctly generates a match; and the false positive rate, how often it incorrectly generates a match. We have concerns about how the FBI approaches both measures. In tests, the FBI system generated a correct match 86 percent of the time, 1 percent more than the requirement. How the FBI defined a match is important. For each query, the system generated 50 potential images. If the correct image was among the 50, it was scored as a match. In the real world, however, users frequently only generate the top handful of images, which requires a much higher degree of accuracy for the results to be useful to investigators. Further, the FBI does not test for false positives. So it doesn't know how often a system incorrectly identifies someone as the potential suspect. High levels of false positives could hinder criminal investigations with false leads. Further, innocent people could bear the burden of being falsely accused, including the implications of Federal investigators showing up at their home or place of business. Finally, the FBI has not assessed the accuracy of face recognition systems operated by external partners to ensure they are sufficiently accurate to support FBI investigations. We made six commonsense recommendations to help address these problems, but we were, frankly, concerned when the Department and the FBI only fully agreed with one. The good news is that the FBI has begun taking steps to address two of our recommendations. My hope is that, in the aftermath of today's hearing, the FBI and the Department will decide to take action to fully address all six. Face recognition could prove to be an immensely valuable tool in solving crime and enhancing national security, but the FBI and DOJ need to take further action to address privacy and accuracy concerns. Doing so will help inform the public on how facial images are being used, enhance the efficiency of law enforcement, and avoid wasting valuable investigative resources, and unnecessarily involving innocent people. Mr. Chairman, thank you for the opportunity to testify today. I look forward to your questions. [Prepared statement of Ms. Maurer follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Chaffetz. Thank you. Mr. Romine, you're now recognized for 5 minutes. STATEMENT OF CHARLES ROMINE, PH.D. Mr. Romine. Chairman Chaffetz, Ranking Member Cummings, and members of the committee, thank you for the opportunity to discuss the NIST role in standards and testing for facial recognition technology. Biometric technologies, including face recognition, can provide a means for uniquely recognizing humans based upon one or more physical or behavioral characteristics and can be used to establish or verify identity of individuals. For decades, biometric technologies were used primarily for homeland security and law enforcement applications. But, today, the marketplace for biometric solutions includes private sector applications, including physical security and retail applications. NIST has more than five decades of experience improving human identification systems. NIST responds to government and market requirements for biometric standards, including facial recognition technologies, by collaborating with other Federal agencies, law enforcement, industry, and academic partners to support the timely development of scientifically valid fit-for- purpose standards; develop the required conformance testing, architectures, and tools; research measurement, evaluation, and interoperability; and develop common models and metrics for identity management. NIST work improves the accuracy, quality, usability, interoperability, and consistency of identity management systems and ensures that United States interests are represented internationally. NIST research provides state-of- the-art technology benchmarks and guidance to industry and U.S. Government agencies that depend upon biometrics recognition. NIST encourages and coordinates Federal agency use of voluntary consensus standards and participation in the development of standards. NIST works with other agencies to coordinate standards issues and priorities with the private sector through industry-led consensus standards-developing organizations. Starting in 1986 and under accreditation by the American National Standards Institute, or ANSI, NIST has developed a succession of standards for the interchange of biometric data. This standard used around the world facilitates interoperable biometric data exchange across jurisdictional lines and between systems developed by different manufacturers. From the inception of the International Organization for Standardization's Subcommittee on Biometrics, NIST has led and provided technical expertise to develop international biometric standards that have received widespread international and national market acceptance. For more than a decade, NIST has been organizing and conducting large biometric technology challenge programs and evaluations. NIST biometric evaluations measure the core algorithmic capability of biometric recognition algorithms and report the accuracy, throughput, reliability, and sensitivity of algorithms to image characteristics, for example, noise or compression, and subject characteristics, for example, age or gender. NIST biometric evaluations advance the technology by identifying and reporting gaps and limitations of current biometric recognition technologies. NIST evaluations also provide quantitative data to facilitate development of consensus-based standards. NIST's face recognition vendor tests, or FRVT, assess capabilities of prototype face recognition systems for one-to- many identification and one-to-one verification and provides independent evaluations of commercially available and prototype face recognition technologies. FRVT provides the U.S. Government with information to assist in determining where and how facial recognition technology can best be deployed. FRVT results also help identify future research directions for the face recognition community. The latest FRVT will measure face recognition performance gains on an ongoing basis to align evaluation and development schedules. NIST research has helped enhance identity systems, including the Federal Bureau of Investigation's Next Generation Identification system, the Department of Homeland Security Automated Biometric Identification System, the Department of Defense Automated Biometric Identification System, the Department of State biometrics visa program, and the intelligence community systems. For example, virtually all law enforcement biometric collections worldwide use the ANSI NIST standard for data interchange. NIST is proud of the positive impact it has had in the last 54 years on the evolution of biometrics capabilities. With NIST's extensive experience and broad expertise, both in its laboratories and in successful collaborations with the private sector and other government agencies, NIST is actively pursuing the standards and measurement research necessary to deploy interoperable, secure, reliable, and usable identity management systems. Thank you for your--for the opportunity to testify in NIST activities in facial recognition and identity management. I'd be happy to answer any questions you may have. [Prepared statement of Mr. Romine follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Chaffetz. Thank you. I do appreciate it. Mr. Bedoya, you're now recognized for 5 minutes. STATEMENT OF ALVARO BEDOYA Mr. Bedoya. Thank you, Mr. Chairman, Ranking Member Cummings, and members of the committee. Why should people care about face recognition? Well, historically, law enforcement, when they wanted to identify someone, they had to approach them; they had to talk to them and ask them for ID. Face recognition lets law enforcement identify someone from far away and in secret--and not just one person. The latest generation of this technology will allow law enforcement to scan the face of every man, woman, and child walking in front of a street surveillance camera or police body-worn camera. This technology raises some serious questions, some basic questions. Do you have the right to walk down the street without the government secretly scanning your face? Is it a good idea to give government so much power with so few limits? Let me say this: with the right protections for privacy, civil liberties, and civil rights, this technology can and will be a tool for good. Mr. Chairman, our center spent a year studying whether those protections were in place. They are not. No Federal law controls this technology. No court decision limits it. With a few important exceptions, this technology is not under control. What do I mean by that, ``not under control''? Well, start with the databases. Whose faces are in face recognition databases? You would hope that they'd mostly be made up of known or suspected criminals. In fact, just by having a driver's license, one out of two American adults have been enrolled in a criminal face recognition network. That's 125 million people, 51 percent of adults, and 32 out of 44 members of this committee. Twenty-six of those are searchable by FBI. This has never happened before, not with fingerprints, not with DNA, and most people have no idea that this is happening. That's the databases. Whose faces can you scan and search within those databases? Do you need a warrant to scan someone's face? Do you at least need to reasonably suspect them of a crime, or can you scan anyone? We surveyed over 100 law enforcement agencies across the country. We found 52 that had used or were using face recognition technology. Not one required a warrant. And in most agencies, as well as the FBI, officials do not need to reasonably suspect someone of a crime before scanning and searching their face. How is this going to affect free speech? Are you going to a gun rights rally or a protest against the President, for that matter, if the government can secretly scan your face and identify you? This is not a hypothetical. In the course of our investigations, we met a college student who is now in at least two separate face recognition databases after an arrest for peaceful civil disobedience. Now she is so scared that, whenever she goes to a protest, she is afraid to show her face. What about accuracy? Is there a risk that innocent people will be misidentified and investigated as dangerous criminals? As the GAO just said, yes, there is. The details are unclear, but we know, for New York, that NYPD system has misidentified at least five people. Face recognition makes more mistakes than fingerprints, far more mistakes than DNA. And FBI-coauthored research suggests that face recognition is more likely to make mistakes when it looks for the faces of African Americans, women, and young people. Finally, are there safeguards in place to make sure that these systems are not misused or abused? Unfortunately not. The FBI has run tens of thousands of searches against the faces of law-abiding drivers. But from the GAO's testimony and their reports, we know that none of those searches have been checked for abuse. Those are searches of the DMV driver's license databases. So, if there is abuse, we would not know it. Mr. Chairman, the safety benefits to this technology are real, but we do not need to choose between safety and privacy. As you know well, the members of this committee have long argued that Americans deserve both. So I would submit that the question before this committee is not, do we allow face recognition, or do we ban it? I think the question is, how do we put in place checks and balances that let law enforcement do its job while also protecting our rights and our freedoms? Where might you look for some of these answers? You might look to Ohio, Mr. Jordan's State, for its policy against monitoring protests. You might look to Michigan for their safeguards against misuse and their policy of removing anyone who hasn't been convicted of a crime from a face recognition database. You might look to San Diego for their practice of actually going to elected officials every year and getting approval for their policies. The list goes and on, and all of these proposals are in our report, ``The Perpetual Lineup.'' Thank you very much for your time. I look forward to your questions. [Prepared statement of Mr. Bedoya follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Chaffetz. Thank you. Mr. Hutchinson, you're now recognized for 5 minutes. STATEMENT OF BENJI HUTCHINSON Mr. Hutchinson. Good morning, Chairman Chaffetz, Ranking Member Cummings, and committee members. Thank you for inviting me to testify today on behalf of IBIA. I have 13 years of experience in the biometrics and identity tech industry. I've supported Federal and law enforcement customers, and I currently teach a graduate level course on ethics, privacy, and policy at George Mason University for identity analysis. The purpose of my testimony today is to provide the committee with an overview of the identity tech industry, our perspective on privacy and policy, and the status of the efficacy of facial recognition technology. IBIA is the leading international trade group representing the identity tech industry. Our mission is to advance the adoption, responsible use of this technology for managing identity--human identity to enhance security, privacy, productivity, and convenience. We have 27 member companies serving customers in the public and private sectors. The use cases of our customers include everything from law enforcement, security, national defense, finance, and health care, and many others. Members of IBIA believe these technologies should be used solely for legal, ethical, and nondiscriminatory purposes. We are committed to the highest standards of system integrity and database security in order to deter identity theft, protect personal privacy, and ensure equal rights under the law. The industry believes in transparency and openness with these systems. We support and encourage best practices to ensure privacy and ethical use. We believe it should be fielded with appropriate privacy policies that cover how the data are processed, stored, and used. Let me say a couple of words about policy. IBIA sees many areas of shared consensus across this community where we can work together: Number one, we do not support the use of facial recognition in tracking or profiling individuals based solely on age, gender, race, ethnicity, or religion, or any other violation of constitutionally protected rights to free speech and assembly. Number two, we support a clear delineation on how data are used and who has access. We do not support a violation of statutes related to the use of data. Number three, Federal and State audits of these facial recognition systems are reasonable. Number four, there are existing policies and regulations in place. They should be reexamined and strengthened where necessary after a debate among all the stakeholders. And, number five, industry should have a limited access to real-world data for testing purposes. Let me talk a little bit about what IBIA has done in this privacy debate. We participated in the NTIA multistakeholder process to develop and publish general guidelines. The output of that was the privacy best practices recommendation for commercial facial recognition use. We also are a member of the Future of Privacy Forum for at least 2 years. Let me talk a little bit about the value of biometrics. This is a valuable national security tool and for law enforcement. According to a 2015 document published by the American Association of Motor Vehicles, John Robert Jones was convicted in 1974 of murdering a fellow soldier at Fort Dix, New Jersey. After 3 years in prison, Jones escaped and was on the run for more than 37 years under an assumed identity. He was listed as one of the Army's top 15 most wanted fugitives. The U.S. Marshals office submitted a photograph of Jones for comparison in the Florida DMV's facial recognition system. A match with an image on a driver's license that Jones had fraudulently acquired in 1981 was returned. Jones was subsequently apprehended, and his fingerprints confirmed he was indeed the wanted fugitive. These are valuable tools to produce leads and to capture known suspects. A few words on accuracy. The accuracy of automated facial recognition technology has steadily improved over the past 15 years. For high-performing algorithms, error rates can be as low as 1 percent. So this means that, in most cases, they can match 99 percent of the time. However, matching accuracy is highly dependent on image quality, image gallery quality, and the proprietary algorithm in use. The human element in training cannot be understated. Professionally trained humans are responsible for deciding to take action on a face match. Facial recognition is an investigative tool. And, finally, race, ethnicity, gender, and age are not generally considered or factored into the mathematics of a facial recognition algorithm. Algorithms are developed to be as accurate as possible using mathematical vector sets, such as the number of pixels between the eyes. However, when dealing with homogeneous data sets of faces, there have been instances and test results where certain technologies' effectiveness has varied. I thank you for this opportunity to testify today, and I look forward to your questions. [Prepared statement of Mr. Hutchinson follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Chaffetz. Thank you. Ms. Lynch, you're now recognized for 5 minutes. STATEMENT OF JENNIFER LYNCH Ms. Lynch. Chairman Chaffetz, Ranking Member Cummings, and members of the committee, thank you very much for the invitation to testify today. Since my 2012 testimony on face recognition before the Senate Subcommittee on Privacy, Technology, and the Law, face recognition technologies have advanced significantly. Now, law enforcement officers can use mobile devices to capture face- recognition-ready photographs of people they stop on the street. Surveillance cameras boast real-time tracking and face scanning and identification capabilities, and the FBI has access to hundreds of millions of face recognition images of law-abiding Americans. However, the adoption of face recognition technologies like these has occurred without meaningful oversight, without proper accuracy testing, and without legal protections to prevent their misuse. This has led to the development of unproven systems that will impinge on constitutional rights and disproportionately impact people of color. The FBI's Interstate Photo System and FACE Services Unit exemplify these problems. The minimal testing conducted by the Bureau showed the IPS was incapable of accurate identification at least 15 percent of the time. This has real-world consequences. An inaccurate system will implicate people for crimes they didn't commit, and it will shift the burden onto innocent defendants to show they are not who the system says they are. This threat will disproportionately impact people of color. Face recognition misidentifies African Americans and ethnic minorities at higher rates than whites. Because mugshot databases include a disproportionate number of African Americans, Latinos, and immigrants, people of color will likely shoulder exponentially more of the burden of the IPS' inaccuracies than whites. Despite these known challenges, FBI has for years failed to be transparent about its use of face recognition. It took 7 years to update its Privacy Impact Assessment for the IPS and didn't release a new PIA until a year after the system was fully operational. And the public had no idea how many images were accessible to its FACE Services Unit until last year's GAO report revealed the Bureau could access nearly 412 million images, most of which were taken for noncriminal reasons, like obtaining a driver's license or a passport. Without transparency, accountability, and proper security protocols in place, face recognition systems may be vulnerable to security breach and misuse. This has already occurred in other contexts. For example, in 2010, ICE enlisted local police officers to use license plate readers to gather information on gun show customers. In 2015, hackers breached the Office of Personnel Management systems and stole sensitive data, including biometric data, on more than 25 million people. And in 2015, the Baltimore Police may have used face recognition and social media to identify and arrest people in the protests following Freddie Gray's death. Americans should not be forced to submit to criminal face recognition searches merely because they want to drive a car. They shouldn't have to worry their data will be misused by unethical government officials or stolen in a security breach. And they shouldn't have to fear that their every move will be tracked if the network of surveillance cameras that already blanket many cities are linked to face recognition. But without meaningful legal protections, this is where we may be headed. Without laws in place, it could be relatively easy for the government to amass databases of images of all Americans and use those databases to identify and track people in real time as they go about their daily lives. As this committee noted in its excellent 2016 report on law enforcement use of cell-site simulators, advances in emerging surveillance technologies, like face recognition, require careful evaluation to ensure their use is consistent with the protections afforded under the First and Fourth Amendments. And just as with cell-site simulators, transparency and accountability are critical to ensuring that face recognition's use not only comports with constitutional protections but also preserves democratic values. Justice Alito noted in his concurring opinion in United States v. Jones that, in circumstances involving dramatic technological change, the best solution to privacy concerns may be legislative. Just as this committee found with cell-site simulators, the use of face recognition must be limited. Specifically, law enforcement should be required to get a warrant before accessing noncriminal face recognition databases and before conducting real-time tracking and identification. I urge this committee to introduce legislation to do just that. Thank you once again for the invitation to testify. I'm happy to respond to questions. [Prepared statement of Ms. Lynch follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Chaffetz. Thank you. I appreciate it. We'll now recognize the ranking member, Mr. Cummings, for 5 minutes. Mr. Cummings. Thank you very much, Mr. Chairman. And I want to welcome our witnesses here today. Let me start by acknowledging that facial recognition technology provides law enforcement officials with an innovative and valuable tool to identify suspects and criminals, which helps keep all of us safe. We all know that. The FBI has told us that this technology helps them identify and apprehend criminals and bring them to justice. I strongly believe that our law enforcement authorities should have access to the most advanced crime-fighting tools available to protect our communities. But serious questions have been raised in your testimony today already about the accuracy of facial recognition technology, its disparate impact on certain populations, and its use against law-abiding Americans. To help our law enforcement authorities do their job as effectively as possible while at the same time protecting the rights of constituents, we need to examine these questions head on because they are very, very significant. So I am thankful that we are having this discussion today. There are three key points that I would like to address today. The first is that whole question of accuracy. Last year, the Government Accountability Office issued its report with a very significant warning. The GAO reported that the FBI has, and I quote, ``limited information on the accuracy of its face recognition technology capabilities,'' end of quote. The GAO also warned that the FBI did not assess how often these searches, and I quote, ``erroneously match a person to the database that falsifies the rate,'' end of quote. That's a big problem. As one of the Members of Congress who live in the inner city of Baltimore, where I have seen the impact of police, certain police tactics, with regard to African-American males and having been an African-American male for 66 years on this Earth, I can tell you I have a lot of concerns about this. GAO made a series of recommendations, including proposing that the FBI conduct more testing to, and I quote, ``help ensure that the system is capable of producing sufficiently accurate search results.'' That seems like a reasonable request. Unfortunately, the Department of Justice disputed the need for more accuracy testing and maintains that current testing is adequate. Second is the question of disparate treatment of some Americans. In 2012, senior technology experts with the FBI coauthored a study finding that some of the leading algorithms used in face recognition systems were 5 percent to 10 percent less accurate on African Americans as compared to Caucasians. Similarly, on October 18, 2016, the Center on Privacy & Technology at the Georgetown University Law Center issued a report finding that, I quote, ``African Americans are disproportionately likely to be subject to police face recognition,'' end of quote. According to these reports, if you're Black, you're more likely to be subjected to this technology, and the technology is more likely to be wrong. That's a hell of a combination, particularly when you're talking about subjecting somebody to the criminal justice system. We need to let this sink in. For these reasons, the center made a very sensible recommendation, that the FBI simply test the system for racial bias. Why can't we do that? What's the problem? In response, the FBI claims there's no need to test for racial bias because the system is race-blind. I disagree. I disagree. Walk around this country as a Black man, in this country, and this kind of--don't get me wrong. I believe strongly that police should have every tool they need to solve crime. But I'm telling you: we have seen some things in Baltimore where the African-American community is almost like a guinea pig sometimes. Say, okay, we believe all the crime is happening here, so everything goes there. And this is the neighborhood I live in, that I go home to every night. So the response is very troubling. I'm almost finished, Mr. Chairman. Rather than conducting testing that would show whether or not these concerns have merit, the FBI chooses to ignore growing evidence that the technology has a disproportionate impact on African Americans. Third is the question of protecting other rights of the American people, including their privacy rights, their civil liberties, and their right to free speech. And I want to applaud the chairman for constantly raising these kinds of issues because they are very important. I've said many times that sometimes we take for granted this democracy that we have. We take it for granted. It has been working so well that we assume we can--it will be here forever. But we have to guard it every day. And I think that, when you see things that begin to chip away at it, you have to pause and say: ``Wait a minute. Hold on. Where are we going here?'' And so, according to GAO, law enforcement authorities now have the ability to search more than 400 million photos. There does not have to be a warrant. There does not even have to be probable cause. They search not only criminal mugshots but photos of law-abiding citizens that are submitted when they apply for jobs, passports, and even driver's licenses. I doubt many Americans realize that when they go down to the DMV to get their driver's licenses, their photos could be made part of a database that can be searched by the FBI. The Center on Privacy & Technology estimates that 80 percent of photos in the FBI's network of facial recognition searches are people who have never been accused of a single crime. Last year, the ACLU reported that the Baltimore Police Department used this technology against crowds of people who were protesting against police misconduct as a result of the death of Freddie Gray. Now, I was in the crowd. I was in the crowd, night after night, six nights in a row. So I guess they've got my photo. And they probably have a lot of other photos. There were a lot of people there in the crowd with us in Baltimore who have never been arrested, who have never committed a crime, but yet still they're subject to this. Now, understand, I guess my concern is that if we are going to, again, use tools, it seems to me that we would do everything in our power to make sure that those tools are used in a fair way, that we are testing for accuracy, and that there's not bias against one part of our population. And so I'm glad that we're having the hearing today. I'll have some questions later, but thank you, Mr. Chairman. And I yield back. Chairman Chaffetz. I thank the gentleman. All right. I'll now recognize myself for 5 minutes and then members will ask questions. Ms. Del Greco, the GAO report asserts that the FBI failed, even though it's directed by law, to put out the Privacy Impact Assessment. Why did the FBI not fulfill the law, the requirement of the law, and why did you not update the Privacy Impact Assessment? You have to put the---- Ms. Del Greco. Thank you. Thank you, Mr. Chairman. I will defer to DOJ on that question. Chairman Chaffetz. What do you mean ``defer to DOJ''? You are DOJ. So what do you mean ``defer''? Ms. Del Greco. The Privacy Impact Assessment was submitted to the Department. I will defer to them for a response. Chairman Chaffetz. I'm sorry. We're having a hearing to ask you the questions, and the DOJ put you up there. You seem like a very nice person, but you're supposed to be the one to answer that question. What do you mean ``defer''? Ms. Del Greco. As I've stated, the Privacy Impact Assessment was submitted, and they---- Chairman Chaffetz. Years late, right? Director Maurer, do you want to comment on this? Ms. Maurer. Yes, that's correct. It was submitted years after both systems were being used for real-world use. Chairman Chaffetz. So here's the problem: You're required by law to put out a privacy statement, and you didn't. And now we're supposed to trust you with hundreds of millions of peoples' faces in a system that you couldn't protect, even with the 702 issue. Now, we're talking about Mr. Flynn and how he was unmasked and all that, and there can be political gyrations, but set the name aside, and Donald Trump and all that. But even in that most stringent circumstance where they're looking at information, somebody decided to take off that veil and release that out to the public. And we're supposed to--and the Office of Personnel Management had tens of millions of Federal workers who had information where--and some of it included fingerprints and other types of things, and that was stolen and let out, and those people are having to suffer the consequences the rest of their lives. Why should we trust you? Ms. Del Greco. The privacy was part of the entire process in the development phases of the Interstate Photo System. Chairman Chaffetz. I know, but--okay. The point is, that the GAO has rightfully, I think, pointed out, the FBI was required by law to comply with the law--you are part of the Department of Justice--and you failed to do so. I hope you can see how this is a problem. Ms. Del Greco. A Privacy Impact Assessment was initiated in 2008 on a pilot project for a proof of concept. Throughout the whole process, our privacy attorney was being advised of the changes that were being made in the development. Chairman Chaffetz. Yeah, well, we don't believe you, and the second part of that is you're supposed to make that public. And the failure here is, years after it was supposed to be made public, you didn't do it. You were using it in a real-world circumstance. You were actually using it and didn't issue the statement. Let me move on. You said a couple of times, Ms. Del Greco, in your testimony that this was a, and I quote, ``an investigative lead,'' that everybody should relax; it's just being used for an investigative lead. Correct? Ms. Del Greco. That is correct. Chairman Chaffetz. So why not collect everybody's fingerprints? That would be an investigative lead, right? Wouldn't that be easier if you had everybody's fingerprints? Why not collect everybody's fingerprints? Ms. Del Greco. We use fingerprint technology as a positive identification, and we still do today. Chairman Chaffetz. But why not collect them all in advance? I mean, that would be easier, right? If you have a database, you collect them all in advance; then, when you go and you pull off somebody's fingerprints, you've got a database, right? Why not do that? Ms. Del Greco. Fingerprints are collected with a criminal mugshot for an arrested purpose, for a law enforcement purpose. Chairman Chaffetz. Yeah. But you see the difference, right, somebody is actually arrested; then they take their fingerprints. Somebody who is actually convicted, then you collect the--then you have your fingerprints. But why not get them all in advance? What if we had all 330 million Americans' fingerprints in advance? That would be easier, wouldn't it? It would be easier, right? That's a question. Ms. Del Greco. We collect fingerprints with the criminal law enforcement purpose only. Chairman Chaffetz. Right. Right. Why not collect everybody's DNA? How about when everybody's born in the United States, we take a little vile, a sample of blood? Why don't we do that? Then we'd have everybody's DNA. And then when there's a crime, then we could go back and say, ``Oh, well, let's collect that DNA, and now we have 330 million Americans.'' That would be easier. Wouldn't it? Ms. Del Greco. I'm not at liberty to speak about the DNA collection. Chairman Chaffetz. This is different. See, this is how DNA is a valuable investigative tool. Fingerprints are a valuable investigative lead and tool. But what scares me is the FBI and the Department of Justice proactively trying to collect everybody's face, and then having a system with a network of cameras where, if you go out in public, that too can be collected and then used in the wrong hands, nefarious hands, somebody in government misusing it. It does scare me. Are you aware of any other country that does this? Anybody on this panel. Is there any other country that's doing this? Let me ask you one other thing, and I've gone past my time here--past my time here. Do you have plans to match this database up with anything that's posted on social media? So, in other words, if you go up on Instagram, Facebook, Snapchat, and whatever the next new technology is, are you collecting that information that is out there on social media? Ms. Del Greco. No, we are not. The only information the FBI has and has collected in our database are criminal mugshot photos. We do not have any other photos in our repository. Chairman Chaffetz. That's not true. You are not collecting driver's licenses? Ms. Del Greco. We do not have driver's license photos in our repository at the FBI. Chairman Chaffetz. Does anybody care to weigh in on this? Mr. Bedoya? Mr. Bedoya. Sure, Mr. Chairman. I think this is a technicality. Who owns and operates a database matters a lot less than who uses it and how it's used. The FBI has access to now 18 States' driver's license photos that either can run those searches or request them. We're talking more than a third of all Americans. So the FBI does have access to these photos. They searched them tens of thousands of times and, apparently, by GAO's testimony, never audited those searches for misuse. Chairman Chaffetz. Would you disagree with that, Ms. Del Greco? Ms. Del Greco. We have access to the data. We do not maintain the data in our repository. And the access we have is pursuant to the provision in the Driver's Protection Act within the State, accordance with Federal law. Chairman Chaffetz. Does anybody else care to weigh in on this topic? Ms. Lynch? Ms. Lynch. Thank you, Mr. Chairman. I would also add that the FBI has civil photos in its repository. So it's not just relying on driver's license databases, but it also has access to civil photos in its own NGI-IPS database. These photos may in the future come from background checks that people submit to as trying to get employment or as a licensing requirement, but the database is not limited to just mugshot photos. Mr. Cummings. Would the chairman yield? Chairman Chaffetz. Sure. Mr. Cummings. Just to clear up, Ms. Del Greco, when the chairman asked you about what photos you had, you said over and over again, we have just a mugshot--what did she say? Chairman Chaffetz. Just the criminal. Mr. Cummings. I just feel that you could've been a little-- after we got this more clarification, seemed like you would have told us that, what they just told us. I mean, it just seems--I mean, I don't know how he feels, but if I was left with your answer and didn't have clarification, I would have assumed that that's it. But they were able to clarify, these other two witnesses, that you have access to all kinds of photos. Hello? I just think it is a little unfair to the committee. I usually don't do this. But it just--it kind of left me not feeling very good. And I'm sure the chairman probably felt the same way. Chairman Chaffetz. So, if they are in your database or you own that database and own those photos, what other databases are you also tapping into at will? Ms. Del Greco. We do not search the civil photos that are in our repository. They are not located in the Interstate Photo System. We only search the criminal mugshots that we have in our repository. We are not authorized; they are not searchable, the civil photos. We also retain the investigative photo from the FBI agent, but those are not--the civil photos are not searchable. Chairman Chaffetz. Well, I'm going to flesh this out. I'm well past my time. So we'll continue to flesh this out. But let's go to Mr. Lynch of Massachusetts now. Mr. Lynch of Massachusetts. Thank you, Mr. Chairman and Ranking Member, for your work on this. I appreciate the presence and testimony of our witnesses. I don't think it's a stretch to say that the majority of Americans today feel that the rapid advances in surveillance technology have far outpaced the ability of Congress to protect the basic privacy of American citizens. And apart from the willingness of people to put some of their most intimate information online, I think there's been an aggressive development of surveillance technology that we've seen come to the forefront. And when you think about how this could change who we are as a Nation, it's very, very troubling. This country was founded on protest--it really was--and is continually reshaped by protest. And it disturbs me greatly that, whether it was the death Freddie Gray and those protests or the women's protest recently that was all over the country, millions of people, it disturbs me greatly that we're out there taking in this information. And I fully support the suggestion of Ms. Lynch--no relation--that a warrant should be required in those cases and that, if we're going to build these databases and have this ability to surveil innocent individuals, then that is really a game-changer for this country. The background here, Ms. Del Greco, goes back to the confidential informant programs that are run by the FBI, DEA, ATF. And we have had zero cooperation from the FBI in the tens of thousands of confidential informants that you run daily in this country. We did get a report from the Inspector General's Office that explained that the DEA, in addition to the FBI, is operating 18,000 confidential informants. They paid $237 million to confidential informants. And we can't get information on who's getting paid for what. So, in addition, I think there's probably 15,000 to 20,000 FBI informants that are out there. And we have very little accountability as to what they are doing, who they are working for, what they are being paid for, what their prior crimes were, what their extant crimes are while they are being paid as informants. So I have zero confidence in the FBI or the DOJ, to be frank with you, of keeping this in check. Mr. Bedoya, you talked about some of the things that might be put in place--Ms. Lynch as well. I'm certainly going to join in legislation to put a warrant requirement in on this. There are some areas, you know--I know that we had some enhanced alerts regarding threats to our transportation system. So we put in surveillance cameras at South Station, at Union Station, because we had threats in those specific areas for limited periods of time. And I don't dispute that, on occasion, with specific threats and specific information, we should use that tool. But, Mr. Bedoya and Ms. Lynch, what else should be included in legislation that would allow us to use this tool, this technology, while balancing the preservation of individual rights and privacy for American citizens? Mr. Bedoya, you could start. Mr. Bedoya. Yes, sir. There's a couple of points, and I can go through them quickly. We need to target this powerful technology to serious criminals. And so that, in the first instance, we need to do. Secondly, we need to restrict real- time face scanning to situations like you described, very specific threats, very specific occasions. We need to make sure this technology's accurate. We need to test it publicly and independently for bias. We need safeguards to prevent against misuse and abuse. So we need audits to spot if this technology is being abused. And we need reporting like you would have for--under the Wiretap Act, where if you do a wiretap, later on, you report about it: the crime, what happened with that prosecution. So, across the board, there are reforms that could be made that are modeled on existing law and also modeled on the policies of the States represented on this committee that could be best practices and commonsense rules for the road here. Mr. Lynch of Massachusetts. What about an opt-out provision for any citizen who is not suspected of a crime, to have somebody, some ombudsman, go through and delete all the pictures of people who aren't under active consideration for criminal activity? I mean, I think that's something that-- innocent people should not be on this database. This is really Nazi Germany here what we're talking about. They had meticulous files on individuals, most of them of Jewish faith, and that's how they tracked their people. And I see little difference in the way people are being tracked under this, you know, just getting one wide net and collecting information on all American citizens. I think it is corrosive of our very liberty. I just appreciate your testimony. Ms. Lynch, anything to add? Ms. Lynch. I think the only thing I would add to Mr. Bedoya's response is that we need to have protections to prevent the use of face recognition on First Amendment- protected activities. So, as I think that you just noted, one of the risks in using face recognition would be to identify people who are engaging in political protest, which is a bedrock value in our society, to be able to engage in political protest without the fear that the government will be identifying us and targeting us for our political beliefs. So, if any legislation is introduced, I would encourage a provision in that legislation to cover First Amendment-protected activities. Mr. Lynch of Massachusetts. Thank you. I appreciate the courtesy, and I yield back the balance of my time. Chairman Chaffetz. I thank the gentleman. I now recognize the gentleman from Michigan, Mr. Mitchell. Mr. Mitchell. Thank you, Mr. Chairman. Mr. Cummings, this will be the second time in a week where I'm going to climb into the boat with you, sir. Chairman Chaffetz. Uh-oh, boat analogy. Mr. Mitchell. My boating analogy for the day. My older son is a police officer. He is a detective in Michigan. And as I read this, I'm, frankly, appalled. I didn't--I wasn't informed that, when my driver's license was renewed, my photograph was going to be in a repository that could be searched by law enforcement across the country. As you did your MOU with the Michigan State Police, what efforts did you take to make sure, in fact, privacy requirements were maintained? Ms. Del Greco. Well, first, we looked at the State law and worked with the State to ensure that there was a State law that allowed for the use of those records for law enforcement purposes. Mr. Mitchell. So we made sure there was a State law that said privacy didn't matter? Ms. Del Greco. It was a privacy document with regard to driver's license photos in the State. Mr. Mitchell. So, again, if the State said it was okay that we collected them, there's--I'm not aware of anything in the State of Michigan that said they can just provide those photos to other parties for law enforcement purposes. Ms. Del Greco. We work with the State's legal counsel along with our legal counsel to ensure that the appropriate laws are in place before an MOU is drafted and approved. Mr. Mitchell. So law enforcement all got together and said, ``It's okay, and we're going to do that.'' Followup question for you, I spent 35 years in private business, and we had to comply with Federal privacy laws. We were involved in student education, student aid. I was subject to criminal and civil penalties personally as the CEO of the company if, in fact, we failed to maintain compliance to privacy laws. What civil and criminal penalties have the Department of Justice been subjected to for failure to comply with the privacy requirements? Ms. Del Greco. With regard to FACE Services? Mr. Mitchell. Well, with regard to filing the updated privacy information that the chairman referred to. You're years late. Ms. Del Greco. That I am not an expert to speak on, sir. Mr. Mitchell. You're not aware. So we don't know whether or not--has any action been taken for failure to move forward? You said you implemented the report. Has any action been taken for the individuals that stopped the report because it was not issued? Ms. Del Greco. I have no knowledge. Mr. Mitchell. There are days that ignorance is bliss; I appreciate that. Question for Mr. Bedoya, if you would, sir, is there any legal standard that law enforcement must use in order to request access to the database? I see, on page 3 of the GAO report, there is--essentially--effective, the State makes a request, and then they access the database. Is there any legal standard for access there, sir? Mr. Bedoya. Sure, for the FBI, the FBI can open an investigation, can run a face recognition search--for example, your face in Michigan--on mere allegation or information. Mr. Mitchell. How about the State agency requesting the information from the FBI and/or other States? What do they have to submit? Mr. Bedoya. The State agency has to have a criminal justice purpose but is not required to have reasonable suspicion to search the FBI's database. Mr. Mitchell. So they don't have to tell the FBI why it is they are asking for access to that database, just that they need it. Mr. Bedoya. I am not familiar with the exact field they need to fill out, but they do not need to meet the most minimal standard, which would be reasonable suspicion. Mr. Mitchell. Ms. Del Greco, can you explain that? Ms. Del Greco. A State law enforcement agency must have an originating agency identifier. They have to be a criminal justice agency. In fact, for FACE Services, they have to be in a law enforcement agency. So the rules are a little bit more refined. Mr. Mitchell. So refined I guess, but so long as you're a law enforcement agency, you can request access to the database because they say they want it? Ms. Del Greco. They have to have an agency identifier in order to do so. Mr. Mitchell. An agency identifier is what, please? Ms. Del Greco. It's an identifier that we provide to an authorized law enforcement agency that has authorized purposes to our system. Mr. Mitchell. So they have to have the top secret code. Ms. Del Greco. We clarify and verify that that agency is authorized to have access to our system. Mr. Mitchell. But, again, they haven't had to provide any indication of investigation or, as has been noted by my colleagues, a search warrant or what the investigation; it's just that they want access for some--correct? Ms. Del Greco. It has to be for law enforcement purposes. Mr. Mitchell. Based on someone saying it is, without any documentation? Ms. Del Greco. Based on their rules and their authorities within their State, yes, sir. Mr. Mitchell. Mr. Bedoya or Ms. Lynch, any comment on that? Mr. Bedoya. Sir, I can quickly comment on that. The FBI leaves it entirely to the States to decide what their policies will be for when and why they search this database above the standards that Ms. Del Greco raised. And, frankly, you know, I think we need to take a step back and ask, if this technology had been in place for the Boston Tea Party or during the 1960s civil rights protest, what would have happened then? I think this is a very serious issue across the board. Mr. Mitchell. Well, I think the issue goes beyond the First Amendment concerns that were expressed by Ms. Lynch and is broader. I don't want to just protect someone if they are at a political protest from being identified. The reality is we should protect everybody unless there is a valid, documented criminal justice action. Why should my photo--God knows lately it's in every place in the world, including Facebook--be subject, because I get a driver's license, to access? And I agree with the ranking member, the comment regarding the, ``Well, we don't have access to that,'' is disingenuous because, frankly, the FBI has access to, whether you own the database or not, to 400 million photos of Americans solely because you say you have a criminal justice reason for them. I have to tell you--and my time is expiring; I apologize, Mr. Chairman--to me, that's appalling. And I would join in making you take actions to, in fact, limit that dramatically. I'm sorry for going over. I appreciate the patience, and I yield back, sir. Chairman Chaffetz. I thank the gentleman. We will now recognize the ranking member, Mr. Cummings. Mr. Cummings. Mr. Bedoya, last year, the Center on Privacy & Technology released a report on police facial recognition and found that, and I quote, ``There is a real risk that police face recognition will be used to stifle free speech.'' Is that right? Mr. Bedoya. Certainly, I believe so. And we have a couple of instances where this has happened. You mentioned one, the Freddie Gray protests. In 2012, thanks to Freedom of Information Act requests filed by the Electronic Frontier Foundation, we saw that, in fact, FBI presentations showed how this technology could be used on Presidential campaign rallies in 2008. And so I think there's a real risk that law-abiding Americans are going to be too scared to protest because they are afraid the government is going to secretly scan and identify and track their faces. Mr. Cummings. So what steps should be taken to ensure that the technology is not used to stifle protests? Mr. Bedoya. I think you could have a belt-and-suspenders method, sir. The first is you need to have reasonable suspicious that someone is engaged in a crime if you are actually encountering them. So they can see you. But if you are doing this outside of the public eye against mugshots, we think that should be restricted to felonies. And if you are doing it with driver's licenses, we think that the public of the State should actually vote to approve that; otherwise, it should not be allowed. And even then, we think there should be a warrant to access that information based on probable cause. And, separately, you need to have a policy like Ohio's or like the one proposed by DHS and FBI, actually---- Mr. Cummings. And I realize that Ohio is the only one that prohibits the use of facial recognition. Is that right? Mr. Bedoya. I wouldn't say ``prohibits,'' sir. I would say actively discourages it, and that is a standard also proposed by DHS and FBI in a working group in---- Mr. Cummings. So you would support that? Mr. Bedoya. Certainly, sir. Mr. Cummings. Ms. Del Greco, despite the findings and recommendations, the FBI refuses to conduct any test to determine whether the system has racially disparate error rates. If one of the FBI's own senior technology experts as well as outside groups like the center have identified evidence that these systems may be less accurate for African Americans, does that concern you? Ms. Del Greco. Our requirement when we developed the Interstate Photo System did not include tone or ethnicity. It was based on the mathematical computation only. Mr. Cummings. But you didn't answer my question. I said, did that concern you? Ms. Del Greco. I'm confident in the development of our use and the system that the FBI utilizes for facial recognition. Mr. Cummings. So it wouldn't bother you if a certain segment of the population was treated unfairly? I mean, you are with the FBI, right? Ms. Del Greco. The responses we get back are based on the mathematical computation. And then our facial recognition examiners are highly trained then to make the final decision on whether there's a most likely candidate. It is not based on the tone or ethnicity of the candidate. Mr. Cummings. So you're still saying everything is color- blind? Ma'am? Ms. Del Greco. When we get back a response from the search from a probe photo, it could be all races. It is only a mathematical computation that returns the candidate list. Mr. Cummings. Ms. Lynch, you've got to respond to that for me, please. Ms. Lynch. Well, I think there are a few things I'd like to respond to. I think the first is that we do have these studies that show that African Americans and young people and women are misidentified at higher rates than Whites and men and older people. And that is due to the training data that's used in face recognition systems. Most face recognition systems are developed using pretty homogeneous images of people's faces. So that means mostly Whites and men. And so the system learns from that data and doesn't learn how to identify African-American faces as well as White faces. Mr. Cummings. Can we stick a pin in that? Ms. Lynch. Yes---- Mr. Cummings. Whoa, whoa, whoa. If we're in denial that something is--that there's a problem, going back to--I'm not saying you're denying it, but you're close--and it seems as if, with all of our expertise, with all of our great minds, we would say, ``Okay, well, maybe we can improve on this.'' You just said that maybe there are not enough samples or whatever. My point is, is that, if we don't recognize that there is a problem, we'll never improve on it. And I mean, I think everybody wants to make sure we're safe. We want to make sure that law enforcement has the tools they need. But at the same time, if I turn a blind eye and say, ``This is color-blind,'' I'll never improve the system. But go ahead. Ms. Lynch. Well, I think that we have to look a little bit broader. We have to look, not just at the system, but also, who is doing the backup identification? So the FBI produces a ranked candidate list in response to most of the face recognition searches that are done by the States or the local agencies. Now these are automated searches. So the FBI isn't looking through those candidates and saying, ``This is the most likely match.'' It is just the system that is looking through those candidates and saying, ``This is the most likely match.'' And then a human has to look through those and say, ``This is the person who is in the grainy surveillance camera photo that I'm trying to identify.'' But the problem is not just that the system misidentifies African Americans at a higher rate but also that human ID backup fails as well. So, if a person is not properly trained in how to do the backup identification, then they may misidentify the person as well. And we know that this is even more true if the person who is doing the identification is of a different race or ethnicity than the candidate. Mr. Cummings. I think my time is up. Thank you, Mr. Chairman. Chairman Chaffetz. Thank you. We'll now recognize Mr. Ross of Florida for 5 minutes. Mr. Ross. Thank you, Mr. Chairman. I want to preface my remarks by saying that, 35 years ago, I was in the computer industry in both selling and installing computer systems. And I set that by way of example because of my friend, Mr. Lynch, has set the proposition that technology has advanced so exponentially that it has outpaced Congress' ability to, I think, really provide the protections necessary. And this really intrigues me, this particular topic, because, Mr. Bedoya, as you talk about some of the legal protections, one thing I haven't heard is the protections granted by the Fourth Amendment to unlawful search and seizure. And I would like to bifurcate this in two ways: one, in the collection of data or the collection of facial recognition; and, two, in the application of it. And is there not an expectation of privacy? And is there an expectation of privacy that would protect the collection of any facial recognition data, given the advancements in technology and the high resolution of this equipment, that really there is no protection? Mr. Bedoya. So, yes, sir, I do think there is. No court has ever looked at this, which is part of the problem. Mr. Ross. Well, I don't think we are at that point yet. Because I can see the collection of data saying, ``Okay, that''--who allowed you to collect my facial recognition? Well, you're in public. Mr. Bedoya. I don't think that people reasonably expect that, when they stand for a driver's license photo, that it will be searched like a criminal's fingerprint, thousands of times a month, without warrants, without oversight, without even reasonable suspicion. So I do think there is a reasonable expectation of privacy. And while the court hasn't decided it, I think in the Jones case, the Knotts case, the court has signaled that certain kinds of dragnet tracking and certain kinds of public activity and things you volunteer to other people do deserve protection. So I do think there is a Fourth Amendment interest here and quite a strong one. Mr. Ross. And, Ms. Lynch, when you talked about legal protections, is it sufficient enough that I state a disclaimer that ``collection of your facial recognition data may be ongoing through the surveillance cameras''? Is that what we're talking about in terms of legal protections, or is that just one level of legal protection that we are looking at? Ms. Lynch. I think that's just one level. And I actually don't think that that's sufficient because I think it gets back to Mr. Bedoya's point that we don't reasonably expect our image to be captured when we're walking around in public. Mr. Ross. But it's being done anyway, and it has been done in surveillance. I mean, cameras and you see, of course, notices that say ``surveillance cameras in use on this property'' or whatever. So---- Ms. Lynch. True. There are surveillance cameras in many cities, both private and public surveillance cameras. But I think what's different is face recognition allows people to search through those images very, very quickly. So-- -- Mr. Ross. And that's the application of it, and my question is more to the collection of it. I mean, I agree there is an expectation of privacy to a degree, but if you put up a disclaimer that you're under surveillance or that surveillance is being used, does that not give the protection necessary into the collection of the data? I'm not talking about the application in the database in the search of it, but---- Ms. Lynch. No, I don't think that gives the protection that we're looking for. And I think an example could be law enforcement says, ``We are going to now search all of your email, or we are going to''---- Mr. Ross. Right. Ms. Lynch. --``come into every single house, and we're just putting you on notice of that fact.'' That doesn't destroy a First Amendment protected interest against unlawful searches and seizures. And I think a notice on a surveillance camera also would not destroy that protection. Mr. Ross. Okay. Ms. Del Greco, how secure is the database? I mean, have you had incidents of hacking or access, unauthorized access? Ms. Del Greco. The Next Generation Identification System is a secure, unclassified system. It's fully accredited. It's met the Federal Information Security Management Act at the highest level. Mr. Ross. But no--there hasn't been any unauthorized access? Ms. Del Greco. There has not. Mr. Ross. Okay. Now, Mr. Romine and Mr. Hutchinson, for your input here, as I've watched technology advance and I've also--obviously, the government doesn't maintain a monopoly on technology. And, in fact, probably they are at the low end of the availability of technology. The commercial availability of facial recognition technology, is that out there? Mr. Romine. It is, sir. Mr. Ross. And it is being utilized in the private sector, correct? Mr. Romine. That's correct. Mr. Ross. And are we not seeing some of these same issues as to an invasion of privacy as a result of a business or some private concern utilizing it, even for marketing purposes? I can do a market analysis by facial recognition as to how many times this particular person comes into my store or comes onto my property. Realistically, you could use it for that, correct? Mr. Romine. It certainly could be used for that. NIST's role is really just an independent and unbiased arbiter of the---- Mr. Ross. But the availability exists in a commercial setting. Mr. Hutchinson. Mr. Hutchinson. Yes, sir. The availability does exist. And it is subject to consent, in most cases, because these retail outlets, these private sector customers that may use this technology, they see the sensitivity of making sure their customers are comfortable, and they certainly don't want to alienate them. But absolutely it's out there. Mr. Ross. Thank you. I appreciate that. I yield back. Chairman Chaffetz. The gentleman yields back. We'll now recognize the gentleman from Virginia, Mr. Connolly, for 5 minutes. Mr. Connolly. Thank you, Mr. Chairman. And welcome to the panel. Mr. Bedoya, I was struck by your comments on driver's licenses. When I get my driver's license renewed and I have my picture taken, I don't do it with the presumption that that's now public property. Is that not correct? Mr. Bedoya. I certainly don't also. Mr. Connolly. And, therefore, it's not okay for the FBI or, for that matter--I don't know--you know, Target to purchase my picture without my consent. Mr. Bedoya. Or have access to it. Mr. Connolly. Or have access to it. That is your position. Mr. Bedoya. That is my position, yes, sir. Mr. Connolly. And presumably that would be the position of most citizens, absent an active decision that ``yes, you can have it,'' you can't have it. Otherwise, I might have reexamined getting that driver's license. Mr. Bedoya. I would agree with that. I think that the citizens of the State not only should be notified and have to volunteer, but the citizens of the State should vote if they want to allow this highly invasive scanning of their faces. Mr. Connolly. Has this concept ever been challenged in a court of law? Mr. Bedoya. We've carefully reviewed Federal and State law specifically for face recognition cases and found none. Sometimes it's discussed tangentially or very briefly, but nothing square on, sir. Mr. Connolly. Ms. Del Greco, does the FBI have a different interpretation of the presumption of privacy with respect to the picture on a driver's license? Ms. Del Greco. We utilize the Driver's Privacy Protection Act. And that is allowed through Federal law. The FBI that utilizes the driver's license photos do so with an open, active FBI investigation and is verified by the employees when they receive the photo from the FBI agent. Mr. Connolly. But you are citing an act of law. Does that act of law explicitly grant the FBI or any other Federal agency the right to the presumption of access, unlimited access apparently, to the picture on the driver's license, which is issued, I might add, by a State? Ms. Del Greco. It is utilized for law enforcement purposes. Mr. Connolly. Mr. Bedoya. Mr. Bedoya. The Driver's Privacy Protection Act was passed in 1994. The first law enforcement face recognition system in the country began operating 2001. The DPPA clearly contemplates sharing of individual photos with law enforcement circumstances. Mr. Connolly. Right. Mr. Bedoya. I don't believe it would allow what you're describing, nor has it been tested. Mr. Connolly. I agree. Ms. Del Greco, I would suggest to you: We're not the Judiciary Committee, but I think you're on very shaky legal grounds in making the assertion you just made, that that provides you with the broad authority to have ubiquitous access to across 50 States with respect to the picture on a driver's license. I don't think it was ever contemplated, and I think Mr. Bedoya makes an awfully good point: the law was, in fact, written before this technology existed. Who advised you to interpret the law that way, your general counsel? ``You'' meaning the FBI, not you personally. Ms. Del Greco. Thank you. We have a team of council members that advise us. We have privacy attorneys that have been involved in every facet of the development and implementation of the Interstate Photo System and the FACE Services Unit. We also work with the attorneys within each of the States that a memorandum is developed. Mr. Connolly. Well, I just--I'm not a lawyer. This isn't the Judiciary Committee. But I know how to read a law. I know how to write laws. I do it for a living. I think it's a great stretch to take a law that preceded the technology and apply it in as sweeping a way as you do. And I just think you're going to have to get, frankly, either tested in court or you're going to have to get additional statutory authority to proceed down the road you're proceeding. Ms. Maurer, you found that--let me see, we haven't tested the technology since 2011 prior to its deployment by the FBI. Is that correct? Ms. Maurer. Yeah. We found that the FBI needed to do more on ensuring that it is actually making a difference in meeting its operational and mission needs. In fact, the FBI has its own requirements for conducting at least annual operational reviews. That's not been conducted with these systems. Mr. Connolly. Since 2011. Ms. Maurer. I don't believe it's ever been conducted fully with FACE Services for IPS. Mr. Connolly. Right, fully. Ms. Maurer. Fully. Mr. Connolly. Correct. I think your report says the last time the FBI tested the accuracy of facial recognition technology was 2011. Ms. Maurer. Yes, that was before full deployment.That's correct. Mr. Connolly. So, Ms. Del Greco, why haven't there been more comprehensive tests in the last 6 years? Ms. Del Greco. The FBI feels that the Interstate Photo System performs within the state of the art in the discipline for face matching today. If the NIST were to show extreme improvements in face recognition technology, the FBI clearly would plug in a new algorithm for the accuracy. Mr. Connolly. Well, let me read to you the conclusion of the GAO report. It says: Because of the lack of testing, there's limited information on the accuracy of your face recognition technology capabilities. Do you dispute that finding? Ms. Del Greco. We feel that the technology we have today is--at the state of the art. Mr. Connolly. So you're just happy as a clam with the accuracy. Ms. Maurer, do you care to comment? Ms. Maurer. This was one of the areas of disagreement between GAO and the Department of Justice and FBI. We think it's very important for the FBI to continually test the accuracy of these systems because of all the privacy issues that this committee discussed all morning. There is criteria that exist within the FBI that they can use as a way to guide these operational reviews, both for the accuracy of the system and to ensure it meets law enforcement needs. Mr. Connolly. I think my time is up, Mr. Chairman. Chairman Chaffetz. Would the gentleman yield to me? Mr. Connolly. Of course. Chairman Chaffetz. Just I would like to ask unanimous consent to enter into the record two letters: one is June 23, 2016, entitled ``The FBI's Use of Facial Recognition and Proposal to Exempt the Bureau's Next Generation Identification System from Privacy Act Obligation,'' as well as a letter that Mr. Cummings and I sent to the FBI on September 6, 2016. Without objection, so ordered. Chairman Chaffetz. This letter, Ms. Del Greco, while you say you comply with the various privacy laws, the FBI went to great lengths to exempt this database from the Privacy Act. I hope you can understand and respect our skepticism because the Privacy Act is in place to protect against these types of things, but the FBI went to great lengths to get itself exempted from the Privacy Act and that's a big part of the concern. Mr. Connolly. And, Mr. Chairman, just in this questioning-- I'm so glad we're having this hearing. I think there are more questions raised than answers as to the statutory authority being cited and whether or not we need additional statutory authority to both encumber the FBI and to authorize it and to protect citizens. But there are also technology issues that have been raised here as to accuracy. Chairman Chaffetz. Yes. Mr. Connolly. And if we're relying on this everywhere, that raises its own set of questions that I think we need to delve into. So I thank my friend and the ranking member for having this hearing. It's raised some really important questions. Chairman Chaffetz. I thank the gentleman. I now recognize the gentleman from Tennessee, Mr. Duncan, for 5 minutes. Mr. Duncan. Well, thank you, Mr. Chairman. And I'm sorry that other meetings prevented me from hearing the testimony of the witnesses because I'm very concerned about all of this, and I share the concerns that have been expressed by the members that I've heard here while I've been here. I will tell you that, you know, all of our modern technology and the internet, it's got a lot of good, but it seems to me that it has just about done away with privacy in this country. I'm wondering if we've reached a point--these cases seem to turn on the question of whether people have a reasonable expectation of privacy. And I wonder if we've reached a point where there's no reasonable expectation about privacy about anything. I remember a few years ago in this committee a company appeared before us that had downloaded 250,000 Federal income tax returns just to show that it could be done. They had been on one of the morning television shows, and they weren't in trouble, because they didn't use those returns in any way. But now it seems that people can find out what prescriptions you've gotten, what grocery purchases you've made, your every detail about your homes. I mean, I just wonder if there's--I think we're reaching a very sad point, a very dangerous point, when we're doing away with a reasonable expectation of privacy about anything. And I share the chairman and ranking member's concern. Ms. Del Greco, it says in this CNN report--the report criticizes the FBI for not giving the public adequate information about the programs and their privacy implications, as required under the 1974 Privacy Act. And it also says the systems have not been sufficiently tested for accuracy. We've heard about that here this morning. It seems to me that the FBI needs to step back and take another look at this GAO report and respond to it a little bit in a little more detailed fashion, because I think most people who have read this report and have heard some of these things that have been expressed here this morning would wonder if we're ending up in a Federal police state that's gotten totally out of control and really has far too much power. I mean, the President, a month or so ago, people laughed when he said if you want to have--if you want to keep something private, don't put it into a computer; write it out and hand deliver it. And there were some sarcastic jokes about that. But, unfortunately, it's almost become true. But I certainly commend you, Mr. Chairman, for holding this hearing and looking into this to the extent that you have because I think a lot of questions have been raised here today. Thank you very much. Mr. Cummings. Thank you very much. Mr. Duncan, first of all, I want to associate myself with everything you just said. Before you got here, I mentioned that we really do have to guard our democracy. And I said that we sometimes I think take it for granted, and we have--when we see this chipping away with regard to privacy--and you having been a judge, you know what I'm talking about--you've got to guard this thing. And I think what happens is we get to a point where we, because we have gotten used to our way of life, we assume it's going to be that way forever. But I think it is important that we, both Republicans and Democrats, whenever we see that democracy being threatened, that very democracy that allows us to be who we are and the great Nation that we are, we have to call it and try to work together to try to address those issues. So when I heard your comments, I just wanted to let you know that I agree with you. I yield back to the gentleman. Mr. Duncan. [Presiding.] Well, thank you very much, and I do have interest in this because I was a criminal court judge for 7-1/5 years trying the felony criminal cases, and I had a very good relationship with law enforcement. But there have been some pretty serious matters discussed here this morning, and I think we need to try to do everything we possibly can to make sure that we don't just totally do away with people's expectation of privacy in this country. And we're getting close to that point, I think. Mrs. Maloney. I want to thank the ranking member and chairman for holding this important hearing and all of our panel. I'd like very much to be associated with the statements on both the Republican and Democratic side. This is an issue where both are expressing a lot of concern. When I go home on the weekends, there are at least three protests in my district. The protests are definitely in, and they are well attended with hundreds of thousands of people. And really the number one protection in our Constitution is the right to protest, freedom of speech, and then freedom of the press. So it is a very protected area, and this hearing is raising major concerns about the technology and the secrecy and the Privacy Act. But before I start jumping on the FBI, I do have to share my appreciation. Three months ago, two bombs went off in the district that I'm privileged to represent. Many people were injured. Gratefully, no one was killed. But in 48 hours, the FBI and the police working together apprehended the person that was causing so much damage to innocent people. So I want to personally thank you, working 24 hours a day to crack down and catch. So there's a conflict now. We live in probably the most dangerous time for innocent people because of attacks on so- called soft targets. And you've done a great job, but we've got to be careful about the transparency that you provide and protections. And it is essential that the FBI pursue its law enforcement agenda, as you do, but with transparency and with the protection of civil liberty and privacy as two of the most guiding principles. Now, according to the GAO report, the FBI has been years behind in fulfilling its reporting obligations under the Privacy Act, the E-Government Act, and internal privacy policies for its facial recognition system. And as a result of the FBI's delay in complying with reporting these obligations, GAO found--and correct me if I am wrong, Ms. Maurer--and I quote, they said: ``The public had limited understanding of the nature of the system and how their personal information, including face images, is being used and protected,'' end quote. So I'd like to ask you, Ms. Maurer, what obligations did the FBI have to the public in this area? Ms. Maurer. Thank you very much for the question. The FBI was obligated to provide transparency in how it was planning to use and eventually did start using the facial images of the members of the American public. There were a number of different reporting requirements that the FBI, through the Department of Justice, failed to meet. They eventually did issue the required privacy notification documents. It was only years after they started using both of their systems for real-world use. That was of great concern to us from a transparency perspective. Mrs. Maloney. So, in other words, did the FBI meet its legal obligations with regard to updating and publishing these critical privacy documents that you mentioned? Ms. Maurer. No. They did not. Mrs. Maloney. Now, can you explain what these privacy documents are? What are the Privacy Impact Assessments and the System of Records Notices? What is it? Ms. Maurer. A Privacy Impact Assessment is required by the E-Gov Act. It's required of any Federal system when it's first created and when it is newly expanded. It is to provide transparency so the public has an understanding of how their personal information is being used. The System of Records Notice is required under the Privacy Act. That's also when new systems are established. It pursues-- tries to achieve a similar goal: transparency. These are both useful documents. The PIAs, in particular, provide a fair bit of information and detail about how personal information is being used by the Federal Government. We thought it was important for them do it in a timely basis. They did not do so. Mrs. Maloney. Ms. Lynch is a representative of an organization that represents the public. Why should the public be concerned about this? What's the impact of this? Ms. Lynch. I think the impact is that the public cannot assess what our government is doing if the government doesn't follow the law by producing Privacy Impact Assessments and updating the System of Records Notices. So this has real impact on my job because I read through these things. And I write about them, and I try and tell people, including journalists and the public and our members, what's going on. So, for example, I had no idea--and I think most privacy advocates had no idea--exactly how many images the FBI could access until the GAO published its report in 2016. I think that most estimates were closer to about 50 million, and it turned out that the FBI could access about 412 million. So that's a significant difference, and if the Bureau is not responsible in publishing information on its divisions and on the impact of its programs, the public has no idea what's going on. Mrs. Maloney. Well, my time has expired, and thank you. Mr. Duncan. Mr. Grothman, have you had a chance to catch your breath? Mr. Grothman. No, I haven't, but we'll charge ahead anyway without catching my breath. Ms. Del Greco, do you think you have my face? Do you have access to the data regarding my face, do you think? Ms. Del Greco. We would only access a face that you would have in a DMV record if there was an active FBI investigation or---- Mr. Grothman. So you have it. If you had to, you could get it. Ms. Del Greco. If you're one of the States that we have an MOU with. Mr. Grothman. Is Wisconsin one? Do you know off the top of your head? Maybe you don't know. Ms. Del Greco. I'm not sure, sir. Mr. Grothman. Do you see why people are concerned about having the government have access to data in which you can tell where I am at any given time, given that we have more photos of people in the crowd, people in the stands, whatever? Do you see any concern as the government databases or access to databases, as you say, grows, grows, grows all the time? Ms. Del Greco. Of course, I see why there would be a concern. However, we want to ensure the public that we are protecting their privacy by only accessing the data for legal purposes and a law enforcement purpose. Mr. Grothman. Do you think, in the past, the government's done a good job in making sure data is only accessed for legal purposes? Ms. Del Greco. I do. Mr. Grothman. The IRS, for example? Ms. Del Greco. I definitely do. Our FACE Services Unit will undergo an audit in accordance with the CJIS Audit Unit. And we also will audit the State and local agencies for their use of our system. Mr. Grothman. Does the FBI deploy real-time facial recognition technology on my video surveillance camera video feeds? Ms. Del Greco. I'm not an expert in all areas of the FBI. In my area, we do not. Mr. Grothman. Would anybody else care to take a crack at that? Oh, okay. Are you aware, is anybody aware of any domestic law enforcement entities that utilize or would ever plan to utilize real-time facial recognition technology? Mr. Bedoya. Yes, sir, if I may. We are. We're aware of six major law enforcement agencies that have either stated plans to use real-time face scanning or have actually purchased the technology or have said they are using it. So this is very much real. And about a quarter of the current body camera vendors are making provisions for use of face recognition off of body camera video. So this is very real. Mr. Grothman. Explain how that is going to work. Mr. Bedoya. It could work any number of ways. Probably the riskiest and most threatening way would be for every face that walks past a police officer to be scanned. So not just the faces of criminals, not just the faces of terrorists, the face of every man, woman, and child that walks by. To our knowledge, we've yet to see that, but we have seen it off of surveillance cameras. Mr. Grothman. But they have the ability to do it. It must be there for some purpose, right? Mr. Bedoya. A DOJ-funded study found that body camera vendors are, quote, ``fine tuning'' the ability to incorporate face recognition into body cameras. And I have a copy of that report, and I am happy to submit it to you on the record. Mr. Grothman. Would it be the type of thing where, eventually, if I'm walking by a cop, a police officer, it would show up that there is Glenn Grothman? If we're walking down the street? Mr. Bedoya. To our knowledge, right now, this operates on smaller watch lists, but the technology is getting better and better such that, eventually, in theory, it could encompass much larger databases like, for example, Wisconsin's driver's license database. To our knowledge, it does not operate on that large a database, but that is certainly where this appears to be headed. Mr. Grothman. Okay. So the day is going to come where Big Brother, if we call it that, will know, as we walk down the street, there's Ms. Del Greco and Ms. Maurer and Mr. Romine and just shows up that this is who is walking along or this is who I am seeing? Mr. Bedoya. Again, this is what a Department of Justice- funded study released at the end of last year said: fine-tuning face recognition capabilities for body cameras. To be clear, those capabilities don't necessarily need to be real-time right now. They could be after-the-fact face scanning, but certainly this is what a lot of law enforcement vendors are offering right now in terms of the surveillance cameras, and they want to go to the body camera---- Mr. Grothman. Okay. Mr. Hutchinson, where is this technology going? Mr. Hutchinson. Yes, sir. Thank you. I wanted to comment. That technology is not commercially available right now. It is true that there is facial recognition technology available that can detect faces in video feeds. It has not been deployed to body-worn cameras. Also, as far as the access to the data---- Mr. Grothman. Is it going to be? Mr. Hutchinson. Potentially, potentially. It can be used with video feeds, but it's important to understand how the data is loaded into the camera so that it can be detected or identified. And as Mr. Bedoya stated, usually it is only watch list data, and as Ms. Del Greco stated, it is typically only felons. It typically does not have access to every single face imaginable. Mr. Grothman. Do you think some day it will? I could imagine why people would want it to. Mr. Hutchinson. That would depend on the particular use case for the Federal law enforcement entity. Mr. Grothman. Can you explain why FRT is less accurate when used to identify certain groups of people? Mr. Hutchinson. The algorithms are mathematic; they are math instructions for a computer basically. And they use certain vectors to determine how a face is searched and how it is identified in a database. It is highly dependent on the algorithm that you use. It is also highly dependent on the data in the database, but it is also dependent on the quality. And that's the most important piece. There have been some tests that indicate that certain groups of folks, whether its ethnicities or so forth, there can be challenges; the algorithms perform differently. But it is very important to understand what type of testing data is used to train that algorithm, because there was--I wanted to make a clarification earlier: a lot of the data the vendors use is not homogeneous. It is purposefully heterogeneous, and it has a lot of different faces from different races and different ages and different sexes, specifically to tune the data so that it does not have any sort of biases Mr. Duncan. I'm sorry. We need to move on now to Ms. Kelly. Ms. Kelly. Thank you, Mr. Chair. The FBI's facial recognition systems include images from external partners such as the State Department, the Department of Defense, and at least 17 States. These external systems, however, operate, from my understanding, independently of the FBI's protocol and standards. And the GAO has raised concerns about that. According to the GAO, and I quote: ``Because the FBI does not assess the accuracy of its partners' technology, it risks relying on technologies that could potentially have higher error rates or could be obsolete.'' Ms. Del Greco, does the FBI do anything to ensure that the results it receives from the face recognition systems of its Federal and State law enforcement partners are accurate? Ms. Del Greco. We do not have the authority to test external agency databases. Rather, we focus on the quality of the data that we're getting. So we share training tools. We offer training, and we share our best practices. Ms. Kelly. Does the FBI do anything--I'll get to you--does the FBI do anything to make sure its Federal and State partners are taking adequate measures to protect against misuse of a system? And if you don't, why not? Ms. Del Greco. We have a robust audit process at the FBI. We audit the State and local and Federal agencies. We have a sanctions process that's in place for noncompliance. There is a letter of censure that is issued if there is a misuse identified. If that is not corrected, we raise it to the level in the State to the Governor. If that is not corrected, and then we will shut off the system from the State. Ms. Kelly. I see you want to say something. Ms. Maurer. Yes, absolutely. We are happy that the FBI has begun to conduct these audits. I would note that they didn't start doing these audits or have these audits include facial recognition technology until after our report. In terms of our recommendation to the FBI to assess the accuracy of the information that it receives from the other databases, our recommendation was not intended to require the FBI to independently assess the validity of other databases but, rather, have a better understanding of the accuracy for its own uses. The FBI has that technical capability. They can build it into the operational reviews. That was another one of our recommendations. So they can do it; they just chose not to. Ms. Kelly. Any comment? Ms. Del Greco. Well, we disagree. We have trained fingerprint--I'm sorry facial recognition examiners--they are called biometric image specialists--that go through rigorous training. So, when a candidate comes back, it's not a positive identification; it takes human review to find a most likely candidate. Ms. Kelly. Thank you. The FBI also claims that it does not have the authority to oversee its Federal and State partners, as you said, yet the FBI's Criminal Justice Information Services Unit enforces similar external audit policies for other programs. According to GAO, and again, I quote: ``CJIS security policy states that the CJIS Audit Unit is required to conduct triannual audits of each of its States and local law enforcement users to assess agency compliance with applicable statutes, regulations, and policies related to the CJIS systems.'' Ms. Maurer, do these audits include face recognition searches of the FBI system? Ms. Maurer. Recently, the FBI has begun to include facial recognition as part of these audits they are conducting of different States. To my understanding, I think they have completed four of those, but those were not begun until after our report was issued. Ms. Kelly. And you fully support the idea--so they are done in only four States, or they've only done four? Ms. Maurer. They've only done them in four States so far. They've told us they plan to do them in the others. These are parts of broader audits that the FBI does of how the States are using the full array of biometric information. Ms. Kelly. Mr. Bedoya, did you have a comment? Mr. Bedoya. Ms. Kelly, I do. I just want to clarify what's being discussed here. We're talking about 36,000 searches of driver's license photos, including likely your face, since you're an Illinois driver. And none of those searches, per the GAO's reporting, were audited for misuse or abuse. So, going forward, it sounds like there will be an audit, which is terrific. But since 2012, the FBI is saying there's going to be these audits, and only now this year--and that was before Congress, audits will be done before Congress. Only now this year are they starting to be done. Ms. Kelly. Ms. Del Greco, when will you get to the other States? Ms. Del Greco. So, during the GAO review, we had a paper that was going through our Advisory Policy Board to talk about the audits and how the audits would be conducted. It was intended to do the audits as part of our triannual audit process with the CJIS Audit Unit. We do intend to audit all State, local, Federal agencies, as well as the FBI FACE Services. Ms. Kelly. Do you have a timeline? Ms. Del Greco. The FBI FACE Services will be audited in 2018. There is a schedule for the other States. Ms. Kelly. I am out of time. So I yield back. Mr. Duncan. Thank you very much. Mr. Clay. Mr. Clay. Thank you, Mr. Chair. And let me thank the panel of witnesses. Let me state in the beginning that misidentifying a criminal suspect can have dramatic and permanent real-world implications. So, with that, last year, the GAO released a report on its review of the FBI's use of facial recognition technology. Chief among GAO's findings is that the FBI has not examined how often, and I quote, ``face recognition searches erroneously match a person to the database,'' in other words, the false positive rate. Dr. Romine, why is testing for false positives so important in assessing the accuracy of a facial recognition system? Mr. Romine. When we test algorithms for accuracy, one of the characteristics we want to know is not just how often an image that is in the gallery that matches a probe is returned but also the extent to which the algorithm can fail to recognize or, in some cases, return erroneous results, as you mentioned. And that's just an important consideration with regard to measurements, science, capabilities. We want to be sure that we provide as much information to stakeholders as we can about all aspects of the performance of the algorithms that we test. Mr. Clay. I see. And to better address the challenge of false positive matches, GAO's report recommends that the FBI begin testing the false positive rate. Ms. Del Greco, despite GAO's findings and recommendation as to the importance of testing the false positive rate, the FBI did not agree with GAO's recommendation. Is that right? Ms. Del Greco. That is correct, sir. A false positive rate measures when searches are resulting in one match, and we always receive the candidate list back that requires a human review. Mr. Clay. But aren't you concerned that, by not adopting this testing, the FBI may be using a system that isn't as accurate as it should be? Ms. Del Greco. The false positive rate is not based on the return of the candidates but of the human reviewing and the response that the human review gives to either the examiner or FBI agent. Mr. Clay. So what happens when you bring a suspect in and it's the wrong one? Do you recognize that fault, or do you go on what your facial recognition? Ms. Del Greco. We provide a most likely candidate to the FBI agent. The FBI agent then has to make the determination if that is the person that they are--that is under investigation. Mr. Clay. Well, that sounds like a crapshoot. It sounds like you're taking a chance: maybe this guy is the one. I mean, come on. Ms. Del Greco. Our system doesn't provide positive identification for facial recognition. Mr. Clay. Okay. Ms. Maurer, can you explain how the adoption of such testing could improve the accuracy of the FBI system? Ms. Maurer. Sure. First off, as my colleague from NIST has correctly pointed out, false positive testing is a bedrock of accuracy for facial recognition technologies, which is the reason why we recommended the FBI do that. Our understanding is their system has a technical capability to test for false positives. They chose not to exercise that capability. We are also concerned about the way it could impact people in the real world as well as the impact on the FBI's use of its own resources. They could end up spending some of their valuable investigative time on wild-goose chases rather than focusing on the actual individual they are trying to find. Mr. Clay. Yeah. It sounds like a crapshoot to me. It sounds like you're just shooting in the dark, maybe this is the guy. You know, Ms. Del Greco, in your written testimony, you state that the FBI's facial recognition system, and I quote, ``is only used as an investigative lead and not as a means of positive identification.'' Is that right? Ms. Del Greco. That is correct, sir. Mr. Clay. Ms. Lynch, if the FBI says facial recognition searches are only used as investigative leads, can you explain the consequences for potentially innocent individuals who are identified due to a false positive result? Ms. Lynch. Well, if investigative leads are returned, that means that a number of people will be returned and produced as suspects for a crime. Each one of those people could be brought in for questioning. Each one of those people will have to justify where they were on a given time and day. It's very difficult, I think, for a lot of people to prove where they were in the past. And it makes people suspects for crimes that they didn't commit. Mr. Clay. My time is up, but I'm sure it wreaks havoc on peoples' lives. So thank you, Mr. Chairman. Mr. Duncan. Ms. Del Greco, the Bureau presently has memorandums of understanding with 18 States in regard to this facial recognition program. Do you know, are other States going to be added in the future, or is there an effort being done in that regard now to move this to all 50 States? Ms. Del Greco. Where there's a law that allows the use of the DMV photos for law enforcement purposes, we will continue to work with those States to develop an MOU. There are States that do not allow the use of facial recognition technology. Not all 50 States will have MOUs with the FBI. Mr. Duncan. All right. Ms. Lynch, do you have any concerns about using photographs to identify people's fingerprints--identifying fingerprints from photos? Ms. Lynch. Identifying fingerprints or identifying faces? I think the big difference between fingerprints and face images is that generally somebody knows if they are providing that fingerprint. So, to obtain a fingerprint from somebody, in general---- Mr. Duncan. No. I mean, if they have a photo of a person with an open palm, using that photo to identify, to take the fingerprints from that photo. Ms. Lynch. I'm not sure I---- Mr. Duncan. You haven't heard of that? Ms. Lynch. Well, palm prints are---- Mr. Duncan. Mr. Bedoya, I think, knows something about it. Mr. Bedoya. It's a series of little-known studies; Dr. Latanya Sweeney, among others, has shown you can, in fact, do that. So this was done famously in Germany. Some individuals took a German Minister's photo of his hand and actually figured out his fingerprint from that. So that is something that is technically possible now but, to my knowledge, is not in wide use in the United States. But that's--it may be in use; I just don't know it. Mr. Duncan. All right. Well, I want to thank all the witnesses for taking the time to appear here today. And I ask unanimous consent that members have 5 legislative days to submit questions for the record. Without objection, so ordered. If there's no further business, the committee stands adjourned. [Whereupon, at 11:37 a.m., the committee was adjourned. APPENDIX ---------- Material Submitted for the Hearing Record [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] [all]