Group items tagged

The FBI doesn’t know exactly how accurate its facial recognition technology is, new watchdog report finds. The bureau's Next Generation Identification-Interstate Photo System, a database including more than 30 million photos of criminals, lets law enforcement match a surveillance camera photo to that of a known criminal by narrowing their identity to between two and 50 possible candidates. But the FBI hasn't ensured its facial recognition technology doesn’t “unnecessarily include photos of innocent people as investigative leads,” according to a new report from the Government Accountability Office. The NGI-IPS and the FBI’s "Facial Analysis, Comparison and Evaluation Services," or FACE, which accesses databases from other federal, state and local groups, were the subject of a recent audit.  Most photos in NGI-IPS are submitted from 18,000 external groups among federal, state and local law enforcement -- about 70 percent are criminal mugshots. It’s the same technology that helped the FBI and a state track down a sex offender who had been on the run for 20 years. The FBI has spent about $55 million on facial recognition over the last six years.

FBI officials haven’t tested the detection rate -- how often a match is generated against a submitted photo -- for lists less than 50 candidates, according to GAO. Law enforcement may request a specific number of candidates for any search, though the default is 20. Verifying that NGI-IPS is accurate for all candidate list sizes would provide more assurance that the system helps to “enhance, rather than hinder, criminal investigations,” the GAO report said. <a href="http://pubads.g.doubleclick.net/gampad/jump?sz=300x300&c=801138892&iu=%2F617%2Fnextgov.com%2Fsection_emergingtech%2Fcontent%2Fpid_129155&t=noscript%3Dtrue%26referring_domain%3DTyped%252FBookmarked%26pos%3Dinjector%26level%3D0"> <img src="http://pubads.g.doubleclick.net/gampad/ad?sz=300x300&c=801138892&iu=%2F617%2Fnextgov.com%2Fsection_emergingtech%2Fcontent%2Fpid_129155&t=noscript%3Dtrue%26referring_domain%3DTyped%252FBookmarked%26pos%3Dinjector%26level%3D0"/> </a> The FBI also hasn’t assessed how often errors occur in facial matching. These can be caused both by lower-quality technology, but also by low-quality photos, the report said. The detection- and the false-positive rate are key data points that will help the bureau and the public understand these risks before the technology is deployed, the report said. GAO also found FBI hadn’t determined whether the facial recognition technology its federal, state and local partners use is accurate enough to support its own investigations. These oversights could impinge on citizen's privacy and civil liberties, the report noted. In 2012, the advocacy group the Electronic Frontier Foundation suggested facial recognition systems could allow “covert, remote, and mass capture and identification of images.”

In criminal cases, a false positive might force a defendant to prove he or she isn’t who the facial recognition system thought he was -- such a scenario might “alter the traditional presumption of innocence,” an EFF statement said. The FBI has also been slow in publishing its privacy protocol, the report found. The Justice Department hadn’t updated a key “Privacy Impact Assessment” between 2008 and 2015; and though NGI-IPS has existed since 2011, the FBI also didn’t publish the requisite System of Records Notice, explaining how the technology is used, until May 2016. Publishing these notices more promptly would reassure the public “the FBI is evaluating risks to privacy,” the report said.  The GAO review comes shortly after DOJ published a notice arguing its massive biometric database should be excluded from the Privacy Act, which requires the federal government to disclose, upon inquiry from the subject, the information it collects on the public. The system includes finger and palm prints, iris and facial scans, images of tattoos, from criminals, suspects, detainees and anyone undergoing background checks, security clearances and other government assessments.

According to a Government Accountability Office (GOA) report from May of this year, the Federal Bureau of Investigations (FBI) facial recognition programs are violating public privacy and raises civil liberties concerns.

Despite many studies showing that facial recognition software is incorrect more often than not when identifying minorities, women and under 20-somethings, The sixty-eight page report details how the FBI could not confirm the accuracy of the program which gives law enforcement the ability to search databases of photographs from passports, driver’s licenses, and mugshots taken by various governmental agencies. Using the brought online the Next Generation Identification System (NGIS), the FBI has access to a gigantic biometric database that uses images and facial recognition software (FRS) to identify criminals. The GAO report revealed that the Facial Analysis, Comparison and Evaluation (FACE) Services has allowed certain FBI agents to access the State Department and the Pentagon and check on individuals who have never been suspected of any criminal or terroristic activities. So far an estimated 411 million facial images have been compromised by the FBI; and yet nearly a half-billion in total could have been violated.

Bedoya continued: “We found out that [the FBI] have no idea if they’re misusing it or not. They’ve literally never done an audit.” Concerning privacy expectations, Bedoya said: “When you turn 16 or 17, you don’t go down to the police station and give them your fingerprints; you go get your driver’s license. Turns out, it’s the same thing as far as the FBI is concerned. They might not be storing these photos at Quantico but it has built, in effect, a nationwide biometric database using driver’s license photos. It’s breathtaking.” The FBI has been using the faulty facial recognition software and databases much more “than had previously been understood” which is worrisome because “the FBI hasn’t done enough to audit its own use of facial recognition technology or that of other law enforcement agencies that partner with the FBI, nor has it taken adequate steps to ensure the technology’s accuracy.”

The FBI’s use of facial recognition technology is exploding, according to a new report from the Government Accountability Office — and its growth is largely unchecked, unaudited, and possibly flawed. “FBI should better ensure privacy and accuracy” of its facial recognition technology and the databases that photographs are stored in, urged the GAO. According to the report, the FBI has never reviewed its facial recognition searches for misuse — on either state databases or its own massive biometric database, known as the Next Generation Identification system. The FBI has access to 16 different state databases of driver’s license photos – almost 173 million people — not just criminal mug shots.

The FBI also hasn’t run any tests on how accurate the facial recognition technology is when searching state databases, and whether those searches come back with false positives, which could lead to misidentifying an innocent person as a criminal suspect. According to a National Institute of Standards and Technology report on facial recognition, error rates of technology surveyed can range between a few percent to more than 50. And the bureau has repeatedly dragged its feet when assessing the privacy impact of its facial recognition technology — information that would “improve the public’s understanding” of the FBI’s efforts to protect privacy, according to the GAO. “When people go to the DMV to take their driver’s license photos, they don’t expect that their faces will be scanned and searched tens of thousands of times by the FBI. They don’t expect that their faces will become part of a permanent, digital line-up. What the FBI is doing may be legal, but it isn’t right,” Alvaro Bedoya, the executive director of Georgetown Law School’s Center on Privacy and Technology, wrote in a statement.

In the meantime, the FBI has requested that its own biometric database be exempt from legal provisions in the Privacy Act that would require the agency to tell people their fingerprints, faces, and more have been collected so they can challenge the accuracy of the information.

Today the federal Government Accountability Office (GAO) finally published its exhaustive report on the FBI’s face recognition capabilities. The takeaway: FBI has access to hundreds of millions more photos than we ever thought. And the Bureau has been hiding this fact from the public—in flagrant violation of federal law and agency policy—for years. According to the GAO Report, FBI’s Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to FBI’s Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, it also has access to the State Department’s Visa and Passport databases, the Defense Department’s biometric database, and the drivers license databases of at least 16 states. Totaling 411.9 million images, this is an unprecedented number of photographs, most of which are of Americans and foreigners who have committed no crimes. The FBI has done little to make sure that its search results (which the Bureau calls “investigative leads”) do not include photos of innocent people, according to the report. The FBI has conducted only very limited testing to ensure the accuracy of NGI's face recognition capabilities. And it has not taken any steps to determine whether the face recognition systems of its external partners—states and other federal agencies—are sufficiently accurate to prevent innocent people from being identified as criminal suspects. As we know from previous research, face recognition is notoriously inaccurate across the board and may also misidentify African Americans and ethnic minorities, young people, and women at higher rates than whites, older people, and men, respectively.

The GAO’s findings are especially shocking, given the timing. Just over a month ago the FBI demanded its face recognition capabilities be exempt from several key provisions of the federal Privacy Act—and provided the public with only 30 days to respond.

Scientists have developed a means of ultimate privacy: glowing glasses that block photographs and facial recognition systems. Developed by Japan's National Institute of Informatics, these privacy goggles include eleven LEDs that blast a privacy curtain of near-infrared light into the wearer's face. The light thereby prevents facial-recognition systems from registering the wearer's face. According to Gizmodo, the light is undetectable to the human eye; unlike most glasses, the LEDs are placed to illuminate the eyes and nose, which facial recognition systems depend on to identify a face.

New documents released by the FBI show that the Bureau is well on its way toward its goal of a fully operational face recognition database by this summer. The EFF received these records in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI)—the FBI’s massive biometric database that may hold records on as much as one-third of the US population. The facial recognition component of this database poses real threats to privacy for all Americans.

eOnline reports: A new app will allow total strangers to ID you and pull up all your information, just by looking at you and scanning your face with their Google Glass. The app is called NameTag and it sounds CREEPY. The “real-time facial recognition” software “can detect a face using the Google Glass camera, send it wirelessly to a server, compare it to millions of records, and in seconds return a match complete with a name, additional photos and social media profiles.” The information listed could include your name, occupation, any social media profiles you have set up and whether or not you have a criminal record (“CRIMINAL HISTORY FOUND” pops up in bright red letters according to the demo).

Since the NSA is tapping into all of our digital communications, it is not unreasonable to assume that all of the info from your digital glasses – yup, everything – may be recorded by the spy agency. Are we going to have millions of mini NSAs walking around recording everything … glassholes? It doesn’t help inspire confidence that America’s largest police force and Taser are beta-testing Google Glasses. Postscript: I love gadgets and tech, and previously discussed the exciting possibilities of Google Glasses. But the NSA is ruining the fun, just like it’s harming U.S. Internet business.

In a Chicago court, several Facebook users filed a class-action lawsuit against the social media giant for allegedly violating its users’ privacy rights to acquire the largest privately held stash of biometric face-recognition data in the world. The court documents reveal claims that “Facebook began violating the Illinois Biometric Information Privacy Act (IBIPA) of 2008 in 2010, in a purported attempt to make the process of tagging friends easier.”

This would be a violation of the IBIPA which states it is “unlawful to collect biometric data without written notice to the subject stating the purpose and length of the data collection, and without obtaining the subject’s written release.” Because all users are automatically part of the “faceprint’ facial recognition program, this is an illegal act in the state of Illinois, according to the complaint. Jay Edelson, attorney for the plaintiffs, asserts the opt-out ability to prevent other Facebook users from tagging them in photos is “insufficient”.

This was accomplished through the “tag suggestions” feature provided by Facebook which “scans all pictures uploaded by users and identifies any Facebook friends they may want to tag.” The Facebook users maintain that this feature is a “form of data mining [that] violates user’s privacy”. One plaintiff said this is a “brazen disregard for its users’ privacy rights,” through which Facebook has “secretly amassed the world’s largest privately held database of consumer biometrics data.” Because “Facebook actively conceals” their protocol using “faceprint databases” to identify Facebook users in photos, and “doesn’t disclose its wholesale biometrics data collection practices in its privacy policies, nor does it even ask users to acknowledge them.”

The Federal Bureau of Investigation (FBI) is developing a biometric identification database program called "Next Generation Identification" (NGI). When completed, the NGI system will be the largest biometric database in the world. The program is of particular interest to EPIC because of the far-reaching implications for personal privacy and the risks of mass surveillance.[1] The vast majority of records contained in the NGI database will be of US citizens. The NGI biometric identifiers will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and photographs. The system will include facial recognition capabilities to analyze collected images. Millions of individuals who are neither criminals nor suspects will be included in the database.

Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Biometric records collected by various civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras. [2] The Department of Homeland Security has expended hundreds of millions of dollars to establish state and local surveillance systems, including CCTV cameras that record the routine activities of millions of individuals. [3] There are an estimated 30 million surveillance cameras in the United States. If NGI system was integrated with CCTV cameras operated by public agencies and private entities, NGI could use facial recognition on images of crowds to identify individuals in public settings, whether or not the police have made the necessary legal showing to compel the disclosure of identification documents. The NGI database will be used for both law enforcement and non-law enforcement purposes. It will be available to law enforcement agencies at the local, state, and federal level. But it will also be available to private entities, unrelated to a law enforcement agency. EPIC’s “Spotlight on Surveillance” project takes a deeper look at this massive surveillance initiative.

Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.Yahoo reacted furiously to the webcam interception when approached by the Guardian. The company denied any prior knowledge of the program, accusing the agencies of "a whole new level of violation of our users' privacy".

GCHQ does not have the technical means to make sure no images of UK or US citizens are collected and stored by the system, and there are no restrictions under UK law to prevent Americans' images being accessed by British analysts without an individual warrant.The documents also chronicle GCHQ's sustained struggle to keep the large store of sexually explicit imagery collected by Optic Nerve away from the eyes of its staff, though there is little discussion about the privacy implications of storing this material in the first place.

"Face detection has the potential to aid selection of useful images for 'mugshots' or even for face recognition by assessing the angle of the face," it reads. "The best images are ones where the person is facing the camera with their face upright."The agency did make efforts to limit analysts' ability to see webcam images, restricting bulk searches to metadata only.However, analysts were shown the faces of people with similar usernames to surveillance targets, potentially dragging in large numbers of innocent people. One document tells agency staff they were allowed to display "webcam images associated with similar Yahoo identifiers to your known target".Optic Nerve was based on collecting information from GCHQ's huge network of internet cable taps, which was then processed and fed into systems provided by the NSA. Webcam information was fed into NSA's XKeyscore search tool, and NSA research was used to build the tool which identified Yahoo's webcam traffic.

Baltimore Police didn’t bother to inform the public (or anyone, for that matter) when they implemented a privately-funded mass surveillance program in January using a wide-angle camera-equipped plane flying above the city — which instantly uploaded and stored everything it recorded, just in case they needed it later. As Bloomberg’s Monte Reel reports, a small Cessna plane equipped with “a sophisticated array of cameras” capable of capturing “an area of roughly 30 square miles,” funded by an a private donor and provided by Dayton, Ohio-based Persistent Surveillance Systems, sometimes circled above the city for up to 10 hours per day recording and storing everything without anyone being privy to its presence. Since January, Reel noted, the Baltimore Police Department has been using this covert Big Brother’s eye-in-the-sky “to investigate all sorts of crimes, from property thefts to shootings.” Gone, apparently, are the days when the government’s surveillance state drew ire for attempting to ferret out potential terrorists — residents of Baltimore have been guinea pigs for an altogether more insidious spy dragnet. Persistent Surveillance Systems’ technology automatically stores all the footage on massive hard drives, making it available to law enforcement long afterward — but the idea police could access this information to solve a simple property crime is no less than alarming.

Particularly considering the company’s founder has an intense military background. Ross McNutt, Bloomberg reports, “is an Air Force Academy graduate, physicist, and MIT-trained astronautical engineer who in 2004 founded the Air Force’s Center for Rapid Product Development. The Pentagon asked him if he could develop something to figure out who was planting the roadside bombs that were killing and maiming American soldiers in Iraq. In 2006 he gave the military Angel Fire, a wide-area, live-feed surveillance system that could cast an unblinking eye on an entire city.” Though the technology had imperfections — even determining the gender of a person on the ground was impossible — its TiVo-like capabilities more than made up for any shortcomings. A person of interest could be followed by rewinding footage after, say, an IED exploded roadside, to track their movements — even if the cameras weren’t focused directly on the explosion at the moment it occurred. If the cameras were in the air at the time, anything that happened was fully trackable both back and forward in time. McNutt’s pitch for his technology concisely summarized, “Imagine Google Earth with TiVo capability.” Angel Fire truly evolved at the Los Alamos National Laboratory in New Mexico after 2007, when upgrades allowed for “all-weather and nighttime capabilities and then was used as the basis for another system, called Blue Devil, which coupled wide-area cameras with narrow-focus zoom lenses in the same package.”

Over time, after McNutt retired from the military, he worked to further improve the camera array and attended security conferences in hopes of garnering clients. After a brief but effective test run over the skies of Ciudad Juárez, Los Angeles became the first U.S. city to employ Persistent Surveillance’ system — and just as covertly as what has been taking place in Baltimore for the last eight months.

Chicago Mayor Rahm Emanuel has proposed an ordinance that would compel all gun dealers to video-record sales (“to discourage traffickers and buyers who use false identification”). Presumably the video recordings would have to be kept for an extended time, since future investigations that would use the video recordings could happen years after the sale. A similar New York state bill would require that the videos be kept for one year. Likewise, two weeks ago, Minnesota enacted a law — with much less fanfare — that would require video- or photo recording of people who come to sell cellular phones, with each recording to be kept for at least 30 days:

The ostensible focus of the law is on people who sell the phones (presumably in order to deter phone theft), but any video cameras — which “must be turned on at all times” — will also capture all cell phone buyers as well. The Center for Democracy & Technology has more on this statute. Likewise, last year, Minnesota enacted a similar law applicable to people who sell scrap vehicles, presumably aimed at sellers of stolen vehicles. I suspect that, especially if the gun sales videorecording bills are enacted, similar laws will be proposed for sales of alcohol (which is often sold to underage buyers who have fake IDs, or to straw purchasers who are buying on behalf of an underage buyer), for sales of marijuana in places where it has been legalized, for sales of legal substances that are nonetheless potential drug or bomb precursors, and so on.

The Justice Department has been building a national database to track in real time the movement of vehicles around the U.S., a secret domestic intelligence-gathering program that scans and stores hundreds of millions of records about motorists, according to current and former officials and government documents. The primary goal of the license-plate tracking program, run by the Drug Enforcement Administration, is to seize cars, cash and other assets to combat drug trafficking, according to one government document. But the database’s use has expanded to hunt for vehicles associated with numerous other potential crimes, from kidnappings to killings to rape suspects, say people familiar with the matter. Officials have publicly said that they track vehicles near the border with Mexico to help fight drug cartels. What hasn’t been previously disclosed is that the DEA has spent years working to expand the database “throughout the United States,’’ according to one email reviewed by The Wall Street Journal.

Many state and local law-enforcement agencies are accessing the database for a variety of investigations, according to people familiar with the program, putting a wealth of information in the hands of local officials who can track vehicles in real time on major roadways. The database raises new questions about privacy and the scope of government surveillance. The existence of the program and its expansion were described in interviews with current and former government officials, and in documents obtained by the American Civil Liberties Union through a Freedom of Information Act request and reviewed by The Wall Street Journal. It is unclear if any court oversees or approves the intelligence-gathering.

For the first nine days of February, eight of the Los Angeles Police Department’s top brass were 7,500 miles away from home, being shuttled around Israel in a minibus.

LAPD Deputy Chief Jose Perez, a good-natured 30-year veteran of the department who oversees its central bureau, tweeted updates at nearly every stop. On Feb. 2, he shared a group photo of the Los Angeles delegation visiting the corporate headquarters of Nice Systems, an Israeli security and cyber intelligence company that can intercept and instantly analyze video, audio and text-based communications. (A seemingly tongue-in-cheek inspirational poster on the wall behind them reads: “Every voice deserves to be heard.”)

The group visited private security firms and drone manufacturers, as well as the terror-prone Ashdod Port, a museum in Sderot full of old rockets shot from nearby Gaza (the same one United States President Barack Obama visited on his 2008 campaign trip to Israel), and a “safe city” underground control center in the large suburb of Rishon LeZion, which receives live streams from more than 1,000 cameras with license plate recognition installed throughout the city.

The European data protection activists behind the Europe v Facebook (evf) campaign group, that has long been a thorn in Facebook’s side in Europe, have filed new complaints under regional data protection law targeting Facebook, Apple, Microsoft, Skype and Yahoo for their alleged collaboration with the NSA’s Prism data collection program. The student activist organisation is targeting the European subsidiaries of these five U.S. companies, arguing that their corporate structure means they fall fully under European privacy laws despite being U.S. headquartered companies. And yet, being as they are U.S. companies, they are required to comply with U.S. surveillance laws — putting them in the “tricky” situation of having to comply with potentially conflicting legal requirements. It’s that legal conflict evf is now probing.

Evf takes the view that the law needs clarifying — and it using these new data protection complaints as the vehicle to obtain clarification from the various regional data protection agencies. Facebook and Apple; Microsoft and Skype; and Yahoo have subsidiaries in Ireland, Luxembourg and Germany respectively. ”We want a clear statement by the authorities if a European company may simply give foreign intelligence agencies access to its customer data. If this turns out to be legal, then we might have to change the laws,” noted evf speaker, Max Schrems, in a statement. The key question, as evf sees it, is whether “mass transfer” of personal data from to a foreign intelligence agency is legal under European law.  ”Many journalists have asked us in recent weeks if PRISM is legal from a EU perspective. We have looked at that a little closer. The result was – after consulting with legal experts – that it is very likely illegal under EU data protection laws, because of the corporate structure of the companies,” added Schrems. Google and YouTube have not been included in this first round of evf complaints being as they have a different corporate structure that does not include European subsidiaries. However it notes they do have datacenters in European countries, which will give evf a route to filing Prism-related data protection complaints against both at a later date.

Writing in a press notice announcing its new action, evf added: If a European subsidiary sends user data to the American parent company, this is considered an “export” of personal data. Under EU law, an export of data is only allowed if the European subsidiary can ensure an “adequate level or protection” in the foreign country. After the recent disclosures on the “PRISM” program such trust in an “adequate level of protection” by the involved companies can hardly be upheld. There can in no way be an adequate level of protection if they cooperate with the NSA on the other end of the line. Right now an export of data to the US must be seen as illegal if the involved companies cannot disprove the reports on the PRISM program. According to evf, the subsidiaries being targeted by these complaints have “the burden of proof” — to either “credibly assure” that the Prism program is a hoax, or “explain how mass access by a foreign intelligence agency interplays with EU data protection laws”. Evf cites a 2006 case precedent involving payment processor SWIFT which had forwarded transaction details to U.S. authorities. In that case it says a group of EU data protection authorities decided that such a mass data transfer is illegal under EU law, leading to SWIFT to move European data to a server in Switzerland. The case also led to an agreement between the U.S. and the EU on the use of payment data to combat crime.

The Drug Enforcement Administration (DEA) is using license-plate reader technology to photograph motorists and passengers in the US as part of an official exercise to build a database on people’s lives. According to DEA documents published on Thursday by the American Civil Liberties Union (ACLU), the agency is capturing images of occupants in the front and rear seats of vehicles in a programme that monitors Americans’ travel patterns on a wider scale than previously thought. The disclosure follows the ACLU’s revelation last week about the potential scale of a DEA database containing the data of millions of drivers, which kindled renewed concern about government surveillance.

The latest published internal DEA communications, obtained under the Freedom of Information Act, show that automated license plate scanners, known as ALPRs, record images of human beings as well as license plates. A document from 2009 said the programme could provide “the requester” with images that “may include vehicle license plate numbers (front and/or rear), photos of visible vehicle occupants [redacted] and a front and rear overall view of the vehicle”. A document from 2011 said the DEA’s system had the ability to store “up to 10 photos per vehicle transaction including 4 occupant photos”. The documents confirmed that license plate scanners did not always focus just on license plates, the ACLU said on Thursday: “Occupant photos are not an occasional, accidental byproduct of the technology, but one that is intentionally being cultivated.”

The ability to travel in the United States is about to become more restrictive as the TSA announces it will soon be enforcing new identification standards in American airports. Beginning in 2016, passengers attempting to pass through a federal TSA checkpoint will be subject to the requirements of the REAL ID Act. To that end, the TSA will put higher scrutiny on travelers’ identities, and will only accept a federal passport or a “REAL-ID” card, which is issued by the states to meet federal requirements. Passengers will not be allowed to fly through an American airport without submitting to the advanced federal specifications. Both federal passports and REAL-ID cards require a number of unique personal identifiers to be stored together in government databases, including his or her full name, date of birth, Social Security Number, scanned signature, and other identifiers. Both cards require biometric data: a front-facing digital photograph of the passenger’s face, which is ultimately used with a facial recognition database.

The enhanced security measures stem from the passage of the REAL ID Act of 2005, a U.S. law enacted by President Bush that states that a Federal agency may not accept state-issued identification cards without complying with a number of enhanced standards of the REAL ID Act. The states were given a number of years to comply, and many moved to pass their own laws to meet the benchmarks of the REAL ID Act. Due to some sluggish response, DHS extended the compliance deadline several times. Unfortunately, most states were all too willing to bend to the requirements of the federal government in order to obtain “state certifications” of compliance. To signify their compliance with the federal standards, many states are now issuing identity cards emblazoned with gold stars in the corner.

According to the Department of Homeland Security, only Arizona, Idaho, Louisiana, Maine, Minnesota, New Hampshire, New York, and American Samoa have not met REAL ID standards as of January 2015. By DHS estimates, 70%-80% of all U.S. drivers are already carrying around REAL ID cards or live in states that have received extensions for compliance. Some states have even gone as far as to require the applicant to present birth certificates, W-2 tax forms, bank statements, and/or pay stubs to verify one’s identity before handing out the new REAL-ID cards. Some cards have RFID chips embedded in them. Among the 39 benchmarks of the REAL ID Act, state ID cards have to be scannable with a bar code reader, and the states are required to share access to an electronic database with all other states.

The Drug Enforcement Administration is collecting information about more than just license plates with the tracking system revealed by the American Civil Liberties Union. Documents released by the ACLU this morning show that the DEA is also using the license plate readers (LPRs) on which this system relies to capture photographs of a vehicles’ passengers. The images can then be run through facial recognition software. This is meant to give the DEA more context about the people whose movements it’s tracking with this program, which gathers data from more than 100 LPRs managed by an unknown number of police departments around the country to aid in their investigations. The program was originally meant to assist with civil asset forfeiture cases, but it has since expanded to assist departments approved by the El Paso Intelligence Center with investigations into murders, rapes, and other crimes, the Wall Street Journal reports.

Previous reports indicated that the DEA was collecting license plate information about “millions” of Americans. That figure might be low if it didn’t account for the number of plates collected versus the number of people in a vehicle when these images are taken. Either way, this program represents a clear violation of privacy for many Americans, most of whom didn’t know the DEA could collect this information. As I wrote before: The result is a national surveillance program with an unknown number of contributors offering up location data about millions of Americans; all to a database used by an untold number of police departments without any public oversight regarding their searches.

That’s a problem. Backchannel reported in December that police have used their access to license plate readers to stalk former colleagues, and IB Times revealed earlier this month that Gov. Chris Christie (R-NJ) used location data to smear a political rival. Perhaps the DEA will support the program by claiming that learning who is in a vehicle isn’t much different from learning where the vehicle was going — it could all be considered metadata, and the government considers that information to be fair game.

The ability to travel in the United States is about to become more restrictive as the TSA announces it will soon be enforcing new identification standards in American airports. Beginning in 2016, passengers attempting to pass through a federal TSA checkpoint will be subject to the requirements of the REAL ID Act. To that end, the TSA will put higher scrutiny on travelers’ identities, and will only accept a federal passport or a “REAL-ID” card, which is issued by the states to meet federal requirements. Passengers will not be allowed to fly through an American airport without submitting to the advanced federal specifications. Both federal passports and REAL-ID cards require a number of unique personal identifiers to be stored together in government databases, including his or her full name, date of birth, Social Security Number, scanned signature, and other identifiers. Both cards require biometric data: a front-facing digital photograph of the passenger’s face, which is ultimately used with a facial recognition database.