The U.S. Government Accountability Office (GAO) released an update on April 17 on the 13 priority recommendations identified in April 2018 for the Department of Justice (DOJ) with facial recognition software still being a key area for required action by the agency.

GAO recommended that the FBI determine whether the users of the FBI’s facial recognition software are conducting image searches in accordance with privacy protection laws and policy requirements.

To improve this transparency of facial recognition capabilities, GAO recommended that Attorney General William Barr “assess the system of records notice (SORN) development process to determine why a SORN was not published that addressed the collection and maintenance of photos accessed and used through Next Generation Identification (NGI) for the FBI’s face recognition capabilities prior to using NGI-Interstate Photo System (IPS).”

The DOJ has submitted the SORN for publication, but disagrees that it is required by law to file a revised SORN. Among other recommendations, GAO recommended DOJ determine why privacy impact assessments (PIA) were not published as required, as well. The DOJ has reported to GAO that if the PIA pilot is deemed successful, it would consider extending the concept of the pilot to the preparation of the SORNs. GAO is still monitoring these efforts.

GAO also recommended to conduct audits to determine NGI-Interstate Photo System (NGI-IPS) users and biometric images specialists in Facial Analysis, Comparison, and Evaluation (FACE) Services are following Criminal Justice Information Services Division policy requirements. DOJ has followed through on this recommendation, but GAO still recommends verifying NGI-IPS accuracy through annual operational reviews and accuracy testing, as well as taking steps to determine accuracy of external face recognition systems used by FACE Services.