The U.S. Federal Bureau of Investigation (FBI) aims to collect up to 52 million facial images of both criminals and ordinary citizens by 2015. These will be stored in a single expanded biometrics database that will allow law enforcement to search both criminal and non-criminal faces at the same time—a capability that has some watchdog groups warning of possible privacy violations.
The FBI's growing collection of facial recognition data inside its Next Generation Identification (NGI) database already includes 16 million images as of the middle of 2013, according to the Electronic Frontier Foundation (EFF), a nonprofit group focused on digital rights. The agency's goal of expanding to 52 million images by 2015 also includes a possible 4.3 million images taken for non-criminal purposes such as applying for a job. For the first time, U.S. law enforcement could run searches on both criminal and non-criminal faces simultaneously in the hunt for suspects.
That may provide a huge boost for law enforcement. But it also means that anyone submitting a photo as part of a background check for a job, applying for a driver's license or getting a passport could end up on a ranked list of faces when an FBI agent searches for suspects in the database. The EFF posted records detailing NGI's plans after obtaining them through a Freedom of Information Act lawsuit.
NGI's database assigns a "Universal Control Number" to every criminal or non-criminal record on file. Each record could contain fingerprints, palm prints, iris scans and facial recognition data linked to individual information such as name, home address, ID number, immigration status, age, race, etc. NGI is built upon the FBI's legacy fingerprint database that already includes over 100 million individual records, but previous FBI databases never combined criminal records with the records of ordinary citizens.
The FBI records released to the EFF say that NGI's accuracy means any search will include the candidate suspect among the top 50 candidate faces about 85 percent of the time—as long as the suspect's face is actually in the database. The facial recognition technology for the database was built by MorphoTrust, a company that also builds the face recognition systems used by 35 state DMVs, the U.S Department of State's facial recognition system (containing 244 million records), the U.S. Department of Defense, and many commercial businesses.
A system that flags innocent people's faces for investigation as possible suspects should ideally have technical or legal safeguards built in to avoid wrongly identifying innocents as criminals. But the FBI records state that "there should be NO legal issues" because the database search is only an "investigative search" that still requires law enforcement agencies to be responsible for identifying the actual suspects.
The facial recognition technology also still faces some technical challenges in accurately identifying people. For instance, an FBI project with the state of Oregon, called "Face Report Card," found that many of Oregon's face images on file had huge problems with image resolution, lighting, background and interference. Many of the images also had resolutions below the recommended resolution of 0.75 megapixels.
That probably won't provide much comfort for privacy advocates until the FBI clarifies its NGI usage and the legal implications of searching for suspect faces among the general population. Meanwhile, the FBI and other law enforcement agencies probably hope that cosmetic facial surgery doesn't catch on in a big way among lawbreakers.
Jeremy Hsu has been working as a science and technology journalist in New York City since 2008. He has written on subjects as diverse as supercomputing and wearable electronics for IEEE Spectrum. When he’s not trying to wrap his head around the latest quantum computing news for Spectrum, he also contributes to a variety of publications such as Scientific American, Discover, Popular Science, and others. He is a graduate of New York University’s Science, Health & Environmental Reporting Program.