The FBI is working to keep information contained in a key biometric database private and unavailable, even to people whose information is contained in the records.
The database is known as the Next Generation Identification System, and it is an amalgamation of biometric records accumulated from people who have been through one of a number of biometric collection processes. That could include convicted criminals, anyone who has submitted records to employers, and many other people. The NGIS also has information from agencies outside of the FBI, including foreign law enforcement agencies and governments. Because of the nature of the records, the FBI is asking the federal government to exempt the database from the Privacy Act, making the records inaccessible through information requests.
The bureau says in a proposal to exempt the database from disclosure that the NGIS should be exempt from the Privacy Act for a number of reasons, including the possibility that providing access “could compromise sensitive law enforcement information, disclose information which would constitute an unwarranted invasion of another’s personal privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detection or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses.”
The FBI has access to a number of different biometric record collections, and the bureau describes the NGIS database as a master collection of those records.
“It provides fingerprint identification and criminal history services, as well as biometric services such as latent fingerprint, palm print, and face recognition. In this rulemaking, the FBI proposes to exempt this Privacy Act system of records from certain provisions of the Privacy Act in order to prevent interference with the responsibilities of the FBI to detect, deter, and prosecute crimes and to protect the national security,” the FBI’s description of the database says.
Biometrics have become key pieces in the authentication puzzle in the last few years, as more users and businesses have realized that passwords are highly limited authentication mechanisms. Apple allows users to employ fingerprints for authentication to unlock their devices and also to confirm purchases through its Apple Pay system. Some banks use the same system for authentication in mobile banking apps, as well. And credit card companies in come cases are using facial recognition in photos to authenticate themselves for mobile payments.
The proposed change to the implementation of the Privacy Act sought by the FBI is open for public comment until June 6.