New FBI final rule — the biometrics we have on you are none of your business & not subject to the Privacy Act

On August 1, the FBI issued a “final rule to amend its Privacy Act exemption regulations for the system of records titled, “Next Generation Identification (NGI) System,” JUSTICE/FBI-009, last published in full on May 5, 2016. Specifically, the FBI exempts the records maintained in JUSTICE/FBI-009 from one or more provisions of the Privacy Act. The FBI asserts that “[t]he listed exemptions are necessary to avoid interference with the Department’s law enforcement and national security functions and responsibilities of the FBI.”  The final rule is effective on August 31.

The FBI’s Next Generation Identification system stores the biometric records of people who have undergone background checks for jobs, volunteer positions and military service, as well as of those who have criminal records.  The new rule will prevent millions[1] of people from finding out if their fingerprints, iris scans and other biometric information are stored in a massive federal database. The rule asserts that this is because it could “specifically reveal investigative interest by the FBI or agencies that are recipients of the disclosures.”

Moreover, according to the final rule, because most of the criminal records in the NGI System are obtained from state and local agencies at the time of arrest, the FBI cannot always collect information directly from the individual and “[i]t is not feasible” to notify them that their records are being included.

Jeramie Scott, EPIC’s Domestic Surveillance Project director, told Nextgov that a person might become the subject of investigation without being notified because that person’s image may be erroneously called up in a search for a different individual.

[1] Electronic Frontier Foundation estimated in 2014 that it could contain up to 52 million facial images by 2015.

Leave a Reply

Your email address will not be published.