If the revelation that the NSA has been amassing the private communications of U.S. citizens and allies as well as its enemies wasn't controversial enough, then a report in the New York Times, based on Snowden documents, that the agency is collecting images and using facial recognition to identify intelligence targets, has renewed concerns over privacy and raised the hackles of advocates.
According to The Times, the documents show that the NSA has ramped up its efforts to use biometric information and is collecting millions of images of people daily through its surveillance efforts, 55,000 or so of which are “facial recognition quality images.”
The report quotes a 2010 document as saying, “It's not just the traditional communications we're after: It's taking a full-arsenal approach that digitally exploits the clues a target leaves behind in their regular activities on the net to compile biographic and biometric information.”
That the NSA would collect images and use facial recognition technology to identify potential terrorists and other criminals is not surprising. The agency has created programs like Tundra Freeze, an in-house facial recognition initiative. And law enforcement organizations at the federal, state and local levels across the country are investing in facial recognition technologies to help them apprehend and thwart criminals.
In a statement sent via email to SCMagazine.com, NSA spokesperson Vanee Vines, said the agency “would not be doing our job if we didn't seek ways to continuously improve the precision of signals intelligence activities – aiming to counteract the efforts of valid foreign intelligence targets to disguise themselves or conceal plans to harm the United States and its allies.” Vines added that “the lawful collection of foreign identity intelligence allows NSA to better identify and track such targets.”
But what exactly are the parameters of “lawful collection”? The NSA statement claimed the agency's “foreign intelligence operations support national security requirements, are as tailored as feasible, and are designed to comply with applicable U.S. laws and policy direction, to include the Fourth Amendment to the U.S. Constitution, the Foreign Intelligence Surveillance Act, and Presidential Policy Directive No. 28.”
Still, privacy advocates say facial recognition is uncharted—and most unregulated—territory that could invite violations.
Alarmed by Facebook's “expansion of its facial recognition database,” Sen. Al Franken (D-Minn.), chairman of the Senate Subcommittee on Privacy, Technology and the Law, penned a letter to the National Telecommunications and Information Administration (NTIA) last December, expressing concerned about the impact of the technology on privacy. “Facial recognition technology can allow a stranger to identify you, by name and in secret, from a photograph taken on the street or copied from the Internet.”
It has, he noted, “serious implications” when it comes to consumer privacy and personal safety. “Unfortunately, our privacy laws provide no express protections for facial recognition data; under current law, any company can use facial recognition technology on anyone without getting their permission – and without any meaningful transparency,” he said.
He reiterated those concerns in February in a letter to FacialNetworks.com, taking aim at the NameTag app the company had developed for Google Glass.
And the EFF filed a lawsuit last summer to make the FBI fulfill three Freedom of Information Act requests designed to elicit information on the agency's biometrics database.
Franken has said that he is mulling legislation to safeguard biometric information.
