A major privacy group has filed a lawsuit against the FBI to force the bureau to release all relevant documents about its plan to share a huge amount of biometric information with the Department of Defense.

The lawsuit filed by EPIC (Electronic Privacy Information Center) concerns the FBI’s Next Generation Identification system, which comprises fingerprint, iris scan, and facial recognition data, and the bureau has been using it for several years.

“With NGI, the FBI will expand the number of uploaded photographs and provide investigators with ‘automated facial recognition search capability.’ The FBI intends to do this by eliminating restrictions on the number of submitted photographs (including photographs that are not accompanied by tenprint fingerprints) and allowing the submission of non-facial photographs (e.g. scars or tattoos),” the EPIC lawsuit says.

“The FBI also widely disseminates this NGI data. According to the FBI’s latest NGI fact sheet, 24,510 local, state, tribal, federal and international partners submitted queries to NGI in September 2016.”

Privacy advocates, including EPIC, have said that the new database presents serious problems because of the high error rates seen with facial recognition systems. Also, the collection and storage of that data is a significant risk for the people whose information is in the database.

“The FBI recognized several risks associated with increased use of facial recognition technology in a Privacy Impact Assessment. The FBI stated that ‘[i]ncreased collection and retention of personally identifiable information (PII) presents a correspondingly increased risk that the FBI will then be maintaining more information that might potentially be subject to loss or unauthorized use’ and that, because ‘photographs may now be submitted without accompanying ten-print fingerprints,’ the accompanying photo ‘may be associated with the wrong identity.'”

EPIC’s lawsuit asks that the FBI be forced to release records about the plan to share NGI data with the Department of Defense under the Freedom of Information Act. EPIC filed a FOIA request about the plan last year and though the FBI said it has located 35 pages of records that are responsive to the request, it hasn’t released any of those records.

Earlier this year, the FBI asked the Department of Justice to exempt NGI data from the Privacy Act, keeping the information out of reach of the general public.

“It provides fingerprint identification and criminal history services, as well as biometric services such as latent fingerprint, palm print, and face recognition. In this rulemaking, the FBI proposes to exempt this Privacy Act system of records from certain provisions of the Privacy Act in order to prevent interference with the responsibilities of the FBI to detect, deter, and prosecute crimes and to protect the national security,” the FBI said in the request.

In its lawsuit, filed Nov. 10, EPIC says that the Department of Justice has failed to comply with the FOIA regulations and should be forced to release any documents related to the NGI data sharing.

Image: Kevin Dooley, CC By 2.0 license.