Why the FBI’s NGI Biometrics Database Should Worry You

Dann Albright 20-06-2016

The FBI’s controversial Next Generation Identification (NGI) system has been making headlines recently after a request to exempt it from the Privacy Act. But what, exactly, is in the database? Why should we worry if it’s exempted? And should you be concerned about it violating your privacy? Here’s what you should know about the NGI and how it relates to the Privacy Act.


What Is the Next Generation Identification System?

Most of the time when we talk about surveillance and privacy worries Lessons Learned From Don't Spy On Us: Your Guide To Internet Privacy Read More , we’re talking about the NSA. But the FBI has been playing an increasingly large role in discussions over privacy and security as well, like when it tried to compel companies to put backdoors into their products FBI Backdoors Won't Help Anybody - Not Even the FBI The FBI wants to force technology companies to enable security services to snoop on instant messaging. But such security backdoors don't actually exist, and if they did, would you trust your government with them? Read More that would compromise users’ security.

According to the FBI’s website, the NGI “provides the criminal justice community with the world’s largest and most efficient electronic repository of biometric and criminal history information.” The page describing the system lists fingerprints (including latent prints and palm prints), a facial recognition system Top 5 Ways You Are Spied On Every Day And Don't Know It The chances are you're oblivious to the ways in which you're being monitored almost daily as you go about your business. Learn how to take precautions to protect yourself against these surveillance threats. Read More , and iris scans as parts of the database. It also provides other services, including an automatically updating background check service, a cold-case search system, and a repository of “individuals of special concern.”


Other sources speculate on additional pieces of information that could be stored, including DNA profiles Does Your Cousin's DNA Make You a Suspect? Genealogy websites are now selling DNA testing which will help them to link you to lost branches of your family tree. But this service has a privacy breaching downside, one that could see you incarcerated. Read More , gait analyses, photos of tattoos, voice recordings, and other valuable identifying data. Whether these are in the database or how widely they’re used isn’t immediately clear, but the FBI does call the NGI the “world’s largest and most efficient electronic repository of biometric and criminal history information,” so it does seem likely that they’re storing as much as they possibly can.

Because the FBI is trying to create the world’s largest database of this type of information, they’re using as many sources of information as possible, which is another point of contention, as it’s not just criminals whose information is stored.



Information from background checks (the majority of which are probably run on non-criminals) is also stored there, as well as information on people applying for permanent residency or naturalization. And with the number of spurious arrests that don’t result in convictions, another source of non-criminal information is flowing directly into the NGI.

The Problems with the NGI

Okay, so we have another national database of identifying information 10 Pieces of Information That Are Used to Steal Your Identity Identity theft can be costly. Here are the 10 pieces of information you need to protect so your identity isn't stolen. Read More for use by law enforcement: what’s the big deal? We’ve had a giant database of fingerprints maintained by the FBI for many years, and the addition of new information was bound to happen, right? While that might be true, there are some specific, worrying things about the NGI, that have a lot of people clamoring for a change.

First, it contains non-criminals’ information. That’s a pretty big deal, and a lot of people think that violates our rights to privacy. The storage of identifying information in a national law enforcement database is worrying on a number of levels, and has a very dystopian, surveillance-state feel to it. Do you think you should be in an FBI database if you’ve never been arrested, much less convicted?


Second, it may not affect everyone equally. A recent letter to the FBI (pdf) signed by a large number of organizations, including the ACLU, the Constitutional Alliance, the Electronic Frontier Foundation, the National LGBTQ Task Force, and a range of others, pointed out that a number of factors may result in this information affecting people very differently. For example, the database likely contains a disproportionate amount of African-Americans, Latinos, and immigrants.


In addition to legal and ethical challenges, this fact also poses a technical one. The aforementioned letter pointed out that research, including research authored by the FBI, indicates that “some of the biometrics at the core of NGI, like facial recognition, may misidentify African Americans, young people, and women at higher rates than whites, older people, and men, respectively.”

Third, information in the database may not be complete. Arrest records, for example, are often missing information on whether a person was convicted, acquitted, or had their charges dropped. A recent investigation reported that potentially thousands of people have lost work due to incomplete or incorrect FBI background check records. Expanding the amount of information in the database isn’t likely to help that problem.


Fourth, too much data makes it harder to find relevant, important informationA number of whistleblowers and officials have come forward saying that both the US and UK surveillance systems are so overwhelmed with the huge amount of information they collect that they’re becoming inefficient in actually finding useful data. One NSA official has even stated that this has led to successful terrorist attacks, and a similar report has come out of the UK.

Collecting and storing a huge amount of information on criminals and non-criminals, especially when that data is incomplete, is a danger to both to law enforcement and citizens.

What You Should Be Most Worried About

As if the points listed above weren’t bad enough, the FBI has made a request for legislation that would exempt the NGI from the Privacy Act, a very important piece of legislation that seeks to increase transparency in government actions so citizens can ensure accountability. A number of important provisions are included in the act, and the FBI wants the NGI to be exempt from all of them. This would have a number of repercussions.

Citizens would no longer have the right to get information about their records. The Privacy Act states that anyone can request their record from a government database so it can be reviewed and any errors corrected. That right would be eliminated if the database were exempted, meaning no one would ever know what information the FBI had on them.



The FBI could collect any information it wanted. According to the letter referenced earlier, “the Privacy Act generally bars the government from creating databases about the political activities of its citizens . . . Under the FBI’s proposal, the FBI could violate that rule – and private citizens could never take them to court.” With no way to find out what information is in any individual’s file, there’s no accountability, and the FBI could collect any data they choose, regardless of whether it’s legal or not.

Records could be shared among any individuals and agencies. The Privacy Act states that the subject of any given record must be notified that an agency wishes to share their information with any other person or agency, and that the person who the record pertains to must give their permission for the transfer. Without that clause, government agencies and individuals could share any information they want.

There are already exceptions in place for this rule, including an exception for law enforcement, but a mass exception to this provision is worrying.

The FBI already has a long record of trying to keep this database and its affect on privacy a secret:

For years, the American public has waited for the FBI to publish basic privacy notices about this database. Federal law requires that the FBI publish a System of Records Notice (SORN) and/or a Privacy Impact Assessment (PIA) when the agency starts to keep – or significantly changes – a database like NGI. For years, the FBI has not met these requirements.

Despite significant specific requests, the NGI has remained in the shadows.

In 2011, for example, the FBI began to allow state law enforcement to run facial recognition searches against photos in the NGI database. Despite pressure from Congress and civil society, the FBI didn’t release a Privacy Impact Assessment about this program until September 2015. In fact, even though NGI itself was launched in 2008, the FBI didn’t publish a System of Records Notice about NGI until May 5, 2016 – the same day it proposed to exempt the system from other, even more basic transparency requirements.

Of course, there are some good reasons for exempting parts of the database from some parts of the Privacy Act. Especially when it comes to law enforcement; full transparency isn’t feasible or even always a good idea. But the FBI isn’t asking for specific exemptions: they’re asking for a full exemption for the entire database from the entire Privacy Act.

The FBI has also repeatedly changed its story on what will be included in the NGI, and some of its plans contradict earlier statements and, potentially, privacy laws. For example, the EFF reported that the FBI was working on a way for law enforcement officers to collect biometric data in the field and submit it directly to the NGI, which explicitly contradicts what they told Congress in 2012 about only using mugshots.

A number of other contradictory and worrying statements about this database, have also been made, and exempting it from the Privacy Act will turn it into a black hole of citizen surveillance.

A Worrying Development

As of right now, we don’t know if the NGI will be exempted from the Privacy Act. Although there is public pressure to keep privacy protections intact, the words “national security” and “terrorism” often convince members of Congress and the judiciary that privacy should be compromised for increased security, despite the fact that increased surveillance often results in decreased efficacy.

If you feel strongly about keeping privacy protections in place on the FBI’s biometric database, now is the time to act, as a decision on its Privacy Act exemption is likely coming soon. A number of petitions are available for you to sign (check out this one from Color of Change), and getting in touch with your Congressional representatives is always a good idea when it comes to issues this big.

What do you think of the FBI’s biometric database? Are you worried about privacy violations, or are you willing to sacrifice some protections for an attempt at increasing national security? Share your thoughts in the comments below!

Image credits: State of California Office of the Attorney General [No Longer Available].

Related topics: Online Privacy, Surveillance.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. B.D.Moore
    September 13, 2016 at 2:51 am

    I guess the biggest reason. My attention was redirected toward! bLackberry. In a market catered to a younger generation. With only two major competitors. I found the lack of variety. Mundane in the least. My first BlackBerry (pearl). Left me in awe! It was like going from. The invention of the wheel to formula1 racing touring The Le Mans . !!!

    So, in searching for an alternative. Revisiting thoughts of nostalgia Blackberry seemed the most logical choice.
    Needless to say . I chose The BlackBerry Passport.
    To call this a phone would be and understatement. The proportional dementions of it. Place me directly in the driver's seat. Multitasking with ease. Accompanied by a sinister grin and feeling of appeasement.

    The bb10 os. IS light years ahead of the other +os' that I have tried. Make me wonder how I ever gravitated away in the first place.???

    Things that make you go hmmmmm???

    • Dann Albright
      October 4, 2016 at 9:44 pm

      I'm not sure how this is relevant to the article above . . . but I also had a Pearl, and I loved it. Sometimes I miss that phone!

  2. Anonymous
    June 21, 2016 at 2:32 pm

    Hope is great when you're dealing with faith and religion, not when our privacy is at stake.

    For decades, it has been an article of faith that totalitarian regimes such as USSR, East Germany, Nazi Germany, China, North Korea, etc. had extensive files on all of their citizens, and how undemocratic that was of them. Now, two of the top current world democracies, UK and USA, make those totalitarian regimes look like like bumbling amateurs when it comes to surveillance and data collection about their inhabitants. But that's OK because UK and US are doing it in the name of "National Security", "motherhood and apple pie" and to protect its inhabitants from potential terrorist attacks while the regimes did it to oppress its citizens and suppress dissent.

    Having lived under a totalitarian regime, I can tell you that the only difference between them and UK/US is that over there the collar was of steel, while here it is made of velvet but it is a collar nevertheless.

    Slowly but surely all the freedoms so many over the years have died protecting, are being eroded by governments that purport to be the defenders of democracy.

    • Dann Albright
      June 27, 2016 at 3:04 pm

      Yeah, the US/UK surveillance systems do have the advantage of having a tangible threat to respond to. There have actually been terrorist attacks, and many people lost their lives, and that makes those threats feel very immediate. It's much easier to convince people that this surveillance and control is for their own good when you can show that people have died, ostensibly from a lack of data. And it's hard to argue against it, 'cause when emotion (fear) and reason go up against each other, it's usually emotion that comes out on top.

      • Anonymous
        June 27, 2016 at 7:33 pm

        So let's make UK and US into virtual concentration camps where everybody is under surveillance 24/7/365. What happens when terrorists still succeed in their attacks? Do you then, in the name of Almighty NATIONAL SECURITY mandate that everybody wear brain monitors? Do we then mandate thought control?! Brave New World and 1984 combined are going to look like a f*ing kindergarten.

  3. Anonymous
    June 20, 2016 at 10:59 pm

    Looks like the FBI has taken J. Edgar Hoover's personal database of dirt on people and institutionalized it. Now everybody can be blackmailed by the FBI, not just individuals on J. Edgar's "don't like" list. Using the NGI database, the FBI can blackmail Congress into approving a full exemption from ANY laws.

    • Dann Albright
      June 21, 2016 at 1:49 pm

      I haven't heard anything about whether or not the exemption is likely to pass (not much of anything about the NGI over the past few days, actually), but we just have to hope it doesn't!