Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Wants Biometric Database Hidden From Privacy Act (onthewire.io)

Posted by BeauHD on from the nothing-to-see-here dept.

Trailrunner7 quotes a report from onthewire.io: The FBI is working to keep information contained in a key biometric database private and unavailable, even to people whose information is contained in the records. The database is known as the Next Generation Identification System (NGIS), and it is an amalgamation of biometric records accumulated from people who have been through one of a number of biometric collection processes. That could include convicted criminals, anyone who has submitted records to employers, and many other people. The NGIS also has information from agencies outside of the FBI, including foreign law enforcement agencies and governments. Because of the nature of the records, the FBI is asking the federal government to exempt the database from the Privacy Act, making the records inaccessible through information requests. From the report: "The bureau says in a proposal to exempt the database from disclosure that the NGIS should be exempt from the Privacy Act for a number of reasons, including the possibility that providing access 'could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another's personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.'" RT released a similar report on the matter.

3 of 81 comments (clear)

  1. secret == Cannot verify by wierd_w · · Score: 4, Interesting

    The information in this database needs to have extraction and viewing privilige by the person the data concerns.

    Otherwise, there is no way to show that, for instance, the finger and iris scan data in the database actually matches the person it is supposed to correspond to.

    Example: I pretend I am some other person; say I am actually an illegal migrant, and I have falsified papers attesting that I am a citizen, but the actual person who's credentials I am using/stealing is alive and well in some distant part of the US. This happens all the time. I do this so that I can be hired for a job that needs biometric data on file. So, I arrive at the site, I give finger prints, they scan my eyeballs, maybe take a cheek swab or blood sample, and booya, I have the job.

    Later, I comit some felony, and flee the scene.

    The guy who's data I stole with my falsified/stolen paperwork cannot contest that the biometric data on file is not his, because he cannot subpoena the data for verification. There are fingerprints on file, they match the ones at the scene-- obviously he is guilty! (And with how eagerly US prosecutors go after people like this, this is a very real threat.)

    If the guy and demand reproduction of the biometric data in the file, he can have the data independently verified by a reputable firm by supplying his own, legitimate biometric data, and show that the data in the database is fraudulent, and cannot possibly be him.

    If you want to entertain the Big Brother Totalitarian Despotic Rule chain of thought, there is nothing to stop the FBI from straight up fabricating biometric data for a person they want to use the system against, claim the made up data matches the made up crime they invented, and indict/prosecute an innocent person for purely political reasons.

    The supposed issues of disclosing incorrect biometric data and thus disclosing sensitive information incorrectly only happen when the data in the database is *gasp* incorrect.

    Rather, the FBI is expecting everyone else to just accept, without question, that the data in the database is legit, citing privacy issues.

    Bullshit.

  2. Re: oh snap! by rtb61 · · Score: 5, Interesting

    Three fools in a row. For a start, just because you know about it does not mean anyone else does, so informing everyone of a petition, informs them about the problem and gets them started on political activity regarding that action and as they have committed to opposing that, come election time, they are more likely to vote against politicians who cause that problem. Next up, just because you do that one action does not mean it is the only action you will do, gaining that information about that problem, gives you the opportunity to do more and many will, depending upon how important they deem that problem to be. Numbers at election time count and how you get those numbers is all down to communicating issues and getting people to support those issues and everyone tracks those numbers because they do make a difference.

    All political activism counts, no matter how little, and when main stream media pushes the corporate line 24/7/365, then every single possible alternate method of informing the public and seeking to gain their support is important and presenting them with petitions and getting the to read them and getting them to think about them and make a decision about them is very important, especially considering the alternate message is empty main stream media pseudo celebrity worshipping bullshit and the lie that you should never discuss politics because it hurts people feelings, pretty scummy lie that one.

    To be clear, families should discuss political policy at the dinner table because political policy affects all of them (see promoting that whilst it does not seem like much will make a major change, as long as they do it). Note, only political policy should be discussed and most definitely no rah rah barrack for your side, because that is stupid, politicians have time and time again have proven they can not be trusted, so do not barrack for them or the parties that prop them up, only support those policies that you share.

    --
    Chaos - everything, everywhere, everywhen
  3. Problem: the FBI doesn't own most of the data. . . by Salgak1 · · Score: 3, Interesting

    I've worked at the FBI Data Center in WV, and worked requirements on NGI.

    One point you rarely hear, is that the FBI has limited rights to much of the data in their system. It is (mostly) provided to the FBI by state, tribal, and territorial agencies, all of which have separate and specific caveats on the use of the biometric data. The only data the FBI **DOES** own, is that supplied by Federal and Defense agencies.

    While I never worked a FOIA claim while at FBI, consider a case where the data on a given individual comes from multiple sources. Each one would have to sign off on the FOIA release, or provide a reason why it was withheld, prior to releasing a FOIA package back to the requestor.

    For other data, this is what I recall is stored (in general) at NGI

    1. Fingerprint records, either scanned from 10-print cards, or directly captured via a capture device.

    2. "Hand Geometry": i.e. palm lines, finger lengths, any trauma such as scarring or amputation.

    3. Scars, Marks, and Tattoos: markings plainly visible, primarily on the face, head, or neck, and on the hands and arms. Don't recall if leg data was included.

    4. Facial geometry (i.e. face recognition) may or may not be there. It was mentioned when I was working on the requirements team in 2005, but I wasn't working that area. Suspect it's there now, but I have no gauge of certainty on it.

    All of the above is linked to an individual. The individual is then linked to records in the National Crime Information Center (NCIC) database, with history, priors (if any), known associates, etc,

    When a query goes in to the system (I'm familiar with the old "IAFIS" system, that just did fingerprints. . .) it matched the submitted prints to those in the databases (there was an algorithm and check-sums involved, as I recall. . .). and then reported back with all the NCIC data on the suspect.

    Mind you, ALL of this is 9+ years old, and from memory. . .