In criminal cases, a false positive might force a defendant to prove he or she isn’t who the facial recognition system thought he was -- such a scenario might “alter the traditional presumption of innocence,” an EFF statement said.
The FBI has also been slow in publishing its privacy protocol, the report found. The Justice Department hadn’t updated a key “Privacy Impact Assessment” between 2008 and 2015; and though NGI-IPS has existed since 2011, the FBI also didn’t publish the requisite System of Records Notice, explaining how the technology is used, until May 2016.
Publishing these notices more promptly would reassure the public “the FBI is evaluating risks to privacy,” the report said.
The GAO review comes shortly after DOJ published a notice arguing its massive biometric database should be excluded from the Privacy Act, which requires the federal government to disclose, upon inquiry from the subject, the information it collects on the public. The system includes finger and palm prints, iris and facial scans, images of tattoos, from criminals, suspects, detainees and anyone undergoing background checks, security clearances and other government assessments.