The Associated Press reports that FBI agents in North Carolina are accessing biometric data of innocent Americans, “using facial-recognition technology on millions of motorists, comparing driver’s license photos with pictures of convicts in a high-tech analysis of chin widths and nose sizes.”

When the REAL ID Act of 2005 (pdf) passed (as part of a bill providing tsunami relief and military appropriations), civil liberties advocates explained it created a national identification system for a number of reasons including its requirement that each State “Provide electronic access to all other States to information contained in the motor vehicle database of the State.” That means a person with access to one State’s database would have access to all States’ database. That means access to 250 million people’s State data nationwide.

State and federal laws allow driver’s license agencies to release records for law enforcement, and local agencies have access to North Carolina’s database, too. But the FBI is not authorized to collect and store the photos. That means the facial-recognition analysis must be done at the North Carolina Division of Motor Vehicles.

“Unless the person’s a criminal, we would not have a need to have that information in the system,” said Kim Del Greco, who oversees the FBI’s biometrics division. “I think that would be a privacy concern. We’re staying away from that.”

ACLU Legislative Counsel Christopher Calabrese (a colleague) makes an important point. “Everybody’s participating, essentially, in a virtual lineup by getting a driver’s license.”

This is the classic example of data gathered for one purpose — issuing a driver’s license — being used for another purpose — fishing expeditions with high error-rate technology — because the data is available and there are not protections against this use.

Last year, in an article for Scientific American, Anil K. Jain and Sharath Pankanti discussed the problems of error rates with biometric data.

Experts generally agree that neither the false accept rate nor the false reject rate of a biometric authentication system should exceed 0.1 percent (that is, one mistake in 1,000 assertions of a match and one mistake in 1,000 assertions of a nonmatch). But in evaluations conducted by the National Institute of Standards and Technology between 2003 and 2006, error rates for systems based on the fingerprint, face, iris and voice—another commonly used biometric trait—all exceeded the 0.1 percent level.

This entry was posted on Tuesday, October 13th, 2009 and is filed under Anonymity, Biometrics, Cameras, Civil liberties, Identification, Security, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Possibly related posts:

• NextGov: FBI to launch nationwide facial recognition service
• Associated Press: FBI’s push to clarify electronic authority raises privacy concern
• San Jose Mercury News: DMV biometric plan will undergo public hearings