FBI Wants Biometric Database Hidden From Privacy Act

Trailrunner7 quotes a report from onthewire.io: The FBI is working to keep information contained in a key biometric database private and unavailable, even to people whose information is contained in the records. The database is known as the Next Generation Identification System (NGIS), and it is an amalgamation of biometric records accumulated from people who have been through one of a number of biometric collection processes. That could include convicted criminals, anyone who has submitted records to employers, and many other people. The NGIS also has information from agencies outside of the FBI, including foreign law enforcement agencies and governments. Because of the nature of the records, the FBI is asking the federal government to exempt the database from the Privacy Act, making the records inaccessible through information requests. From the report: "The bureau says in a proposal to exempt the database from disclosure that the NGIS should be exempt from the Privacy Act for a number of reasons, including the possibility that providing access 'could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another's personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.'" RT released a similar report on the matter.

I wish they would have thought of this earlier...

before some hackers got a hold of my fingerprints and other stuff...

Re: oh snap!

[TimMD909]

Dammit. *is a waste of time. Damn first post rush...

Clean record

[AK+Marc]

Almost good. If you have a background check, and the FBI classifies everything, then your background check will come back clean, when in the past, it would reveal the presence (and some content) of your FBI file. More criminals will be able to get sensitive jobs. How is this a bad thing?

Re:Clean record

[ShanghaiBill]

More criminals will be able to get sensitive jobs. How is this a bad thing?

It is not a bad thing. Employment drastically reduces recidivism, and a criminal record is not correlated with poor performance for most jobs. Many other things are better correlated with poor job performance, such as typing in all lowercase, or using IE as your browser when you fill out the application. So employers should look at those criteria instead of wasting time on background checks.

Re: Clean record

[AK+Marc]

False. An arrest by the FBI will not show up in your local court system. Nor would an arrest by another jurisdiction, if you have moved.

Hell No!

[samantha]

It is precisely these sort of records that can do us the most mischief - those that government enforcers and some kinds of other interested parties would be most likely to use against us. We must demand to especially see these records and others like them and to be allowed to correct or at least file protest on any that we find inaccurate. In some cases we need to sue against misuse of information voluntarily given in one context in another context in ways never justified against our own interests.

Re:Hell No!

You do know that ALL ***NON CRIMINAL CIVILIAN*** fingerprints from employment, licensing, and other "background checks"... whether rolled ink or scanned... are stored in the FBI's database FOREVER, and you CANNOT have them removed, regardless of whether or not you were EVER involved in ANY crime.
This policy has been in place for many years.
Also, many STATES bureaus of identification are ALSO storing your prints from those checks... FOREVER.

What you thought was a simple background check... now results in you being tracked for life, treated as a criminal, and able to be rolled up on THEIR WHIM, not yours through at least legally fighting being printed.... into any investigation where an unknown mashup of prints are found, such as in public places, workplaces, etc... and JAILED FOR LIFE upon even the slightest database screwup or ZEALOUS PROSECUTION.

Don't believe me? File a FOIA, it's all there.
How's it feel, you slave bitches!

Re:Hell No!

[dj245]

It is precisely these sort of records that can do us the most mischief - those that government enforcers and some kinds of other interested parties would be most likely to use against us. We must demand to especially see these records and others like them and to be allowed to correct or at least file protest on any that we find inaccurate. In some cases we need to sue against misuse of information voluntarily given in one context in another context in ways never justified against our own interests.

Personally I'm getting sick and tired of all these records NOT being used for the benefit and convenience of the people. The government aught to know who my kids are. The government knows that I am married and the name of my wife. I filed a form when those life events happened. The government knows how much I make every year, because my employer reports that information. They know where I keep my investments, and how much I have, because Vanguard reports that information to them. They know if I own a house or not, how many cars I own, etc. But you would never know that. Every time I interact with the government it is like talking to someone with amnesia.

Maybe some people like the fact that the government is so unorganized, but to me it is a complete waste of my time and tax dollars. A huge amount of money could be saved by eliminating all the government workers responsible for collecting, entering, and processing information again and again and again as if it was never collected before. For a country that is supposedly high tech and the most advanced in the world, our government's IT projects look very primative and poorly managed when compared to the initiatives that are taking place in Estonia.

Privacy?

[jddj]

Nice of the FBI to be concerned about our privacy. They're always so thoughtful.

Scope?

[John+Marter]

If they get the exemption for that database, what will keep them from migrating all data to that database?

Re:Scope?

You don't seem to get that "that database" already is "all data" NGIS is not a single database, it's a database inter-operability infrastructure.

Several years ago, I worked for a contractor that was trying to get a piece of the proverbial action. Don't get too excited, we didn't get it. But we at least wanted to put in a bid, and that meant searching for all the publicly available data on it, which is a surprising amount. (I may be AC, but I'm not talking out of school. This is all still open source info.)

Basically, the premise of NGIS is "hey, everyone is collecting biometric data. Wouldn't it be great if we could actually all talk to each other and run queries on that data that's theoretically legally available?" NGIS is not a database. That's a major oversimplification. A slightly more accurate oversimplification is that it's an inter-database language. The data stays where it is, but you add glue to make it look like one big database.

This is not a trivial problem. The FBI has IAFIS. DHS has IDENT. DOD has ABIS. There are specialty databases for military CAC cards, US-VISIT for foreigners on VISAs, and TWICs for port workers, and a dozen or so databases under the control of the military, justice department, state department, and so on. All of them track different things. All of them were built by different people at different times for different cases. Some of those entries will be periodically deleted as criminal cases close. Some are not for criminals at all, but just travelers and workers. Some are classified. Some are basically public knowledge. That there is a pretty good reason to not lump it all together under a single "NGIS" umbrella for legal purposes, including the privacy act. The FBI is not the keeper of the data, just one doorway to it.

The first layer of NGI is a ridiculously over-defined XML format for describing shared data. On who? (And believe me, "who" takes up many fields, not one.) How was it collected? What are the access restrictions? What is the data? A the data can be anything from a fingerprint to a tattoo description to one of the 40 enumerated hair colors (yes, they include artificial ones).

Once you have the sum total description of all the data you could possibly define in advance, you need a middleware layer for talking between all the databases, which last I heard (almost a decade ago) was SOAP-based. And of course, part of the query is your credentials explaining why you need to know. And then you get a reply which may or may not be your data. It could also be a notice that there is may or may not be more data that you cannot access, or it may be a notice that part of your reply is held up for human examination for up to XX hours. That's because all of those different databases have different access requirements, and the SOAP layer doesn't change that: it just describes what the possible delivery/waiting states are.

And after that? Well, frankly, I don't know. That was about as much as we needed to know to get in a bid (but not win it). And again, it's all open source if you just search for it. You'll find most of the info at fbi.gov and dhs.gov. It's a major IT job, but fundamentally it's not anything that isn't already done by humans, being done on data that they already have. There is no new data to which the privacy act may apply. The data that was so protected as part of the sub-databases is still protected as such.

Re: oh snap!

[BarbaraHudson]

Change.org petitions are also a waste of time. Slacktivism at it's worst.

International epercussions

[BarbaraHudson]

Citizens of foreign countries will not be happy to find that their information has been shared contrary to their country's laws. Heads can fall.

Re:International epercussions

[Type44Q]

Heads can fall.

And will. Unfortunately, rarely if ever is it those heads that need to fall.

Ya we need that too.

[AndyKron]

I think we need to start keeping a database on the people who work for the FBI, and not let them see it.

The Ghost Of

[Tablizer]

It seems J. Edgar Hoover is back. The agency is becoming rather power-hungry of late.

It's not their job to push for policy, only implement it. It's fine if they say, "we can do our job better if we have access to X", but to use scare tactics and political pressure to get X is over-stepping their bounds, bordering on McCarthyism.

Re:The Ghost Of

[rahvin112]

Hoover never left. His ghost roams the halls of the FBI and directs policy. This database is nothing more than an extension of the very files the Hoover built to build his own power but dramatically scaled to allow the blackmail of anyone in power or anyone that could ever be in power. None of us are safe when the FBI builds these databases.

Make no mistake, if you've ever submitted ANY biometric information to anyone for any reason it's been added to this database never to be deleted. And that is what they want, biometric information from everyone in the world that they link back to the CIA and homeland security databases with which they know every single thing about you including sequencing your entire DNA.

Very troubling precedence !!

[Taco+Cowboy]

... The FBI is working to keep information contained in a key biometric database private and unavailable, even to people whose information is contained in the records ...

Bolded part above is what troubling me

If the biometric is mine, and the records are related to me, I should have the right to check and the right to oversee where those records end up with and who is / are using / checking those records

But as we all already know, our government is marching towards BIG BROTHER TOTALITARIANISM - this is just another attempt by BIG BROTHER to deny us our rights over the records that are basically ours

Kinda sad ... I ran away from a totalitarian regime only to end up into another regime that is gradually turning into totalitarian

Re:Very troubling precedence !!

[currently_awake]

If they remotely access your cell camera and use the network link with the porno-cameras (T rays) in airports to fill out their biometric database, they would not want that known. Hiding criminal activity is a well known justification for hiding stuff.

Re:Very troubling precedence !!

[stealth_finger]

And they say you can't access it, without a hint of irony no doubt "which would constitute an unwarranted invasion of another's personal privacy; "

Re:Very troubling precedence !!

[maharvey]

That's my thought: They don't want us to know how much they know, what they are storing, because it would be alarming or unacceptable.

NGIS would be a good TV show

[Yesimbald]

Imagine a mix between Star Trek: the Next Generation and NCIS, where captain Picard send Gibbs team to collect samples and investigate deaths of alien monsters.

Re:oh snap!

[guises]

I'm not sure I'd call it defeatism, he's saying that these sorts of stories need to be paired with information about a means to address them. If anything, I'd call that optimistic.

It's not a bad idea, we get deluged with stories like this all the time and if we're to have any hope of getting away from this downward spiral at some point we're going to have to learn to respond. change.org isn't completely useless, those petitions do get referenced in the press every once in a while. A whitehouse.gov petition is a little more direct though.

secret == Cannot verify

[wierd_w]

The information in this database needs to have extraction and viewing privilige by the person the data concerns.

Otherwise, there is no way to show that, for instance, the finger and iris scan data in the database actually matches the person it is supposed to correspond to.

Example: I pretend I am some other person; say I am actually an illegal migrant, and I have falsified papers attesting that I am a citizen, but the actual person who's credentials I am using/stealing is alive and well in some distant part of the US. This happens all the time. I do this so that I can be hired for a job that needs biometric data on file. So, I arrive at the site, I give finger prints, they scan my eyeballs, maybe take a cheek swab or blood sample, and booya, I have the job.

Later, I comit some felony, and flee the scene.

The guy who's data I stole with my falsified/stolen paperwork cannot contest that the biometric data on file is not his, because he cannot subpoena the data for verification. There are fingerprints on file, they match the ones at the scene-- obviously he is guilty! (And with how eagerly US prosecutors go after people like this, this is a very real threat.)

If the guy and demand reproduction of the biometric data in the file, he can have the data independently verified by a reputable firm by supplying his own, legitimate biometric data, and show that the data in the database is fraudulent, and cannot possibly be him.

If you want to entertain the Big Brother Totalitarian Despotic Rule chain of thought, there is nothing to stop the FBI from straight up fabricating biometric data for a person they want to use the system against, claim the made up data matches the made up crime they invented, and indict/prosecute an innocent person for purely political reasons.

The supposed issues of disclosing incorrect biometric data and thus disclosing sensitive information incorrectly only happen when the data in the database is *gasp* incorrect.

Rather, the FBI is expecting everyone else to just accept, without question, that the data in the database is legit, citing privacy issues.

Bullshit.

Re:secret == Cannot verify

[Agripa]

So this is a win-win for the FBI and any other agencies which have access to this database?

Re:secret == Cannot verify

[wierd_w]

If you read the verbiage of their proposal, they "acknowledge the need for ... accuracy (in records)", but desire, "at their sole descretion" to cooperate with third parties to assure that this is the case--- meaning, they want to be able to say "No" when challenged on the accuracy of their records, with requests to have the data verified by such a third party, while pretending that they would say "yes" when asked.

Basically, the FBI wants to self regulate, and is using some batshit horrible excuses to justify this desire.

The really onerous statment is that they feel meeting the legally protected right of a citizen to know that they are charged with a crime, and who has charged them would constitute an undue burden on their ability to conduct an investigation. (Because, how dare they try to defend themselves in court!) Clearly, the FBI believes that citizens are guilty until proven innocent. This kind of thinking alone should cause any civically minded person to scream bloody murder about this request of theirs.

Re:secret == Cannot verify

[Agripa]

The situation seems to be setup to support an existing despicable behavior in court where agencies like the FBI and especially BATFE testify that their records are 100% accurate. This continues even though revealed agency memos show that they know this is not the case and it is just another way they lie to the courts and the courts accept it.

Re: oh snap!

[rtb61]

Three fools in a row. For a start, just because you know about it does not mean anyone else does, so informing everyone of a petition, informs them about the problem and gets them started on political activity regarding that action and as they have committed to opposing that, come election time, they are more likely to vote against politicians who cause that problem. Next up, just because you do that one action does not mean it is the only action you will do, gaining that information about that problem, gives you the opportunity to do more and many will, depending upon how important they deem that problem to be. Numbers at election time count and how you get those numbers is all down to communicating issues and getting people to support those issues and everyone tracks those numbers because they do make a difference.

All political activism counts, no matter how little, and when main stream media pushes the corporate line 24/7/365, then every single possible alternate method of informing the public and seeking to gain their support is important and presenting them with petitions and getting the to read them and getting them to think about them and make a decision about them is very important, especially considering the alternate message is empty main stream media pseudo celebrity worshipping bullshit and the lie that you should never discuss politics because it hurts people feelings, pretty scummy lie that one.

To be clear, families should discuss political policy at the dinner table because political policy affects all of them (see promoting that whilst it does not seem like much will make a major change, as long as they do it). Note, only political policy should be discussed and most definitely no rah rah barrack for your side, because that is stupid, politicians have time and time again have proven they can not be trusted, so do not barrack for them or the parties that prop them up, only support those policies that you share.

Little known fact

[JustAnotherOldGuy]

It's a little known fact, but the FBI is considering changing its name to "Government Enforcement Streamlined To Aid Police Officers".

Re:Little known fact

[stealth_finger]

It's "GESTAPO", the poster above made all the aid bold instead of only the first letter by mistake.

...thanks for clearing that up

Re:Little known fact

[cdrudge]

GESTAidPO?

Re:Little known fact

[JustAnotherOldGuy]

GESTAidPO?

Yes, exactly.

Hmm....

[fahrbot-bot]

Next Generation Identification System (NGIS), and it is an amalgamation of biometric records accumulated from people who have been through one of a number of biometric collection processes.

Like Google's Project Abacus on Android phones. (You laugh; just wait.)

FBI Wants Biometric Database Hidden From Privacy A

[DivineKnight]

"FBI Wants Biometric Database Hidden From Privacy Act"

And I want the various members of the FBI to read the US Constitution, and anyone who snorts or giggles during or immediately after doing so to be summarily banned from being a part of that organization.

We'll just have to believe their evidence on faith

Nothing like classified inaccessible ones to protect against false-positives, misidentification, or their much less accidental abusive relatives...

It's complicated

[Bruce66423]

There seem to be three different elements to this story:

1) What is the data being held? Is is merely the biometric' - i.e. what they would get if they took bits of me from me / photographs of me, or is it an awful lot more?

2) Who is the data being held about? The fact that the FBI has data about X means that at some point they've got that biometric data about X from somewhere. How they got it may be significant, that they have it may indicate that there's a human source collecting the nail clippings...

3) Who has access to this when? The most basis element - the biometric - must be available in the case of a disputed identification issue. It's the stuff beyond that that's the problem.

Part of the issue here is that the FBI is part police force, part intelligence agency. Having the same database for those different functions will tend to end in tears. The UK separation of MI5 from the police makes for a clearer distinction. Similarly the UK Data Protection Act gives subject access to anyone to obtain and challenge the facts that the POLICE hold about you - though certain information 'held for the prevention of crime' can be redacted.

It seems likely that the FBI will use this to hide data that they shouldn't have. We need to see a grand jury empanelled to investigate data abuse at the FBI and elsewhere as a criminal case. This would be on the basis of the laws used to bring federal charges against people who escaped prosecution for racist murderers in the past: 'deprivation of civil rights'. Any bets on that happening?

Hypocrits

[sociocapitalist]

"disclose information which would constitute an unwarranted invasion of another's personal privacy"

It's only okay for the feds to unwarrantedly invade one's privacy.

Problem: the FBI doesn't own most of the data. . .

[Salgak1]

I've worked at the FBI Data Center in WV, and worked requirements on NGI.

One point you rarely hear, is that the FBI has limited rights to much of the data in their system. It is (mostly) provided to the FBI by state, tribal, and territorial agencies, all of which have separate and specific caveats on the use of the biometric data. The only data the FBI **DOES** own, is that supplied by Federal and Defense agencies.

While I never worked a FOIA claim while at FBI, consider a case where the data on a given individual comes from multiple sources. Each one would have to sign off on the FOIA release, or provide a reason why it was withheld, prior to releasing a FOIA package back to the requestor.

For other data, this is what I recall is stored (in general) at NGI

1. Fingerprint records, either scanned from 10-print cards, or directly captured via a capture device.

2. "Hand Geometry": i.e. palm lines, finger lengths, any trauma such as scarring or amputation.

3. Scars, Marks, and Tattoos: markings plainly visible, primarily on the face, head, or neck, and on the hands and arms. Don't recall if leg data was included.

4. Facial geometry (i.e. face recognition) may or may not be there. It was mentioned when I was working on the requirements team in 2005, but I wasn't working that area. Suspect it's there now, but I have no gauge of certainty on it.

All of the above is linked to an individual. The individual is then linked to records in the National Crime Information Center (NCIC) database, with history, priors (if any), known associates, etc,

When a query goes in to the system (I'm familiar with the old "IAFIS" system, that just did fingerprints. . .) it matched the submitted prints to those in the databases (there was an algorithm and check-sums involved, as I recall. . .). and then reported back with all the NCIC data on the suspect.

Mind you, ALL of this is 9+ years old, and from memory. . .

Its open to public comment - go add your voice

[sasparillascott]

This "proposal" is open to public comment folks, so be sure to go add your voice to whether you think the FBI creating another secret database of your information, which you can't correct or update, is a good idea or not.

https://www.federalregister.go...

Re:Problem: the FBI doesn't own most of the data.

A better way to think of it is that NGIS is not a database: it is an internet of existing databases. You create a query with credentials, the query is structured according to modern-ish web standards, it's distributed to all the databases, and the results are amalgamated into a response. The data at no time leaves the original databases, it's just a new way to query them all at once.

The FBI hasn't have control of fall the data. No agency has control of all the data. They are all just doorways to a big pool of data, some of which they might control. And all of those agencies have completely different regulations.

Re:next generation .... of secrets

[dcw3]

They are not part of the CIA,NSA or the 'Star Chamber'

You'll find them in the middle of the list.
https://en.wikipedia.org/wiki/...

Re: oh snap!

[BarbaraHudson]

Bull and shit.

Most people just sign it and they're done. And often the petition is so one-sided it's stupid. Or full of misinformation, like wanting to boycott GMO foods because Frankenfood.

Commitment from petition signers? You are so naive. Look at the million people who said they were going to boycott target over their trans-friendly bathroom policy. They're not even following through. They're still shopping at Target (and if they did boycott places with trans-friendly bathroom policies, they'd also be boycotting Walmart, McDonalds, and most national chains).

"Numbers at election time count" is another lie. Voters count. People who actually vote, not people who just sign petitions. You really want to change things, you ignore the politicians and go through the courts. Why suck up for something that can be changed by the next person elected when you can get a judge to tell them F.U. ? Petitions are for wimps who don't even have the guts to do protests because they might get arrested.

I have zero respect for petitions. Action speaks louder than words. Picket, protest, run against the incumbents, sue. Those are actions that earn respect (plus they're all an absolute blast to do).

Re: oh snap!

[BarbaraHudson]

I gave change.org a big f.u. because it simply is not the motivator for the changes that do occur, despite what the petition starters like to claim. I got sick and tired of continuous updates that were meaningless. "Oh, we met with so-and-so politician." BFD. Did anything change? No? Then don't waste my time.

Re: oh snap!

[BarbaraHudson]

So who's the real slacker here?

Not me. I've lead protests, I've been in other protests, I've picketed, I've run for office. Plus meeting with various politicians to discuss issues, which rates far below the other things I've named, and barely above starting a petition on-line.

Electronic petitions aren't worth the paper they're written on. Can't even use them to line a bird cage.