EPIC v. State Department (Facial Recognition Database)
Top News
- EPIC Urges NIST to Adopt Privacy-Protective Standards for Federal ID Cards: In comments responding to the National Institute of Standards and Technology's draft Federal Information Processing Standards for personal identity verification (ID cards and digital identity verification), EPIC urged the agency to adopt more privacy protective technology for federal employees and contractors. EPIC drew upon expertise from the Advisory Board for these comments. EPIC recently urged the Department of Homeland Security to suspend a new counterintelligence system of records which will collect biometric information. EPIC previously urged the Department of Transportation to provide more privacy protections for federal employees in the Insider Threat database. (Feb. 2, 2021)
- Hamburg DPA Deems Clearview AI's Biometric Photo database Illegal, Orders a Partial Deletion of Profile: The Hamburg Data Protection Authority has ruled that Clearview AI’s searchable database of biometric profiles is illegal under the EU’s GDPR and ordered the U.S. company to delete the claimant’s biometric profile. Clearview AI scrapes photos from websites to create a searchable database of biometric profiles. The database, which is marketed to private companies and U.S. law enforcement, contains over 3 billion images gathered from websites and social media. The claimant submitted a complaint to the Hamburg DPA after discovering that Clearview AI had added his biometric profile to the searchable database without his knowledge or consent. The DPA ordered Clearview to delete the mathematical hash values representing his profile but did not order Clearview to delete his captured photos. The DPA’s narrow order protects only the individual complainant because it is not a pan-European order banning the collection of any EU resident’s photos. The DPA decided that Clearview AI must comply with the GDPR, yet this narrow order places a burden on Europeans to have their profiles removed from the database. EPIC has long opposed systems like Clearview AI, filing an amicus brief before the 9th Circuit defending an individual's right to sue companies who violate BIPA and other privacy laws, submitting FOIA requests with several government agencies that use Clearview AI technology, and urgingthe Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government. (Jan. 28, 2021)
- EPIC to Maryland Legislators: Enact Biometric Privacy Law + (Jan. 27, 2021)
- EPIC Urges DHS to Suspend New Counterintelligence Records System + (Jan. 13, 2021)
- EPIC Urges CBP to Halt Use of Facial Recognition for Biometric Entry/Exit + (Dec. 21, 2020)
- EPIC Urges Advisory Council to Address Privacy Risks of DHS’s Use of Biometrics + (Dec. 11, 2020)
- EPIC Opposes DHS's Plans to Broadly Expand Biometric Collection + (Oct. 14, 2020)
- EPIC Urges DHS to Extend Comment Period on Massive Expansion of Biometric Data Collection + (Oct. 1, 2020)
- CBP Failed to Protect Sensitive Biometric Information in Test of Facial Recognition Program + (Sep. 24, 2020)
- Professors Hartzog and Richards: Clearview AI Gets Privacy and First Amendment Wrong + (Sep. 14, 2020)
- GAO Report: CBP Needs to Address Privacy Issues with Facial Recognition Deployment + (Sep. 3, 2020)
- Amazon Claims 'Halo' Device Will Monitor User's Voice for 'Emotional Well-Being' + (Sep. 1, 2020)
- Bill to Ban Face Surveillance Introduced in Congress + (Jun. 25, 2020)
- DHS Proposes Database to Link Biometric Data, EPIC will Oppose + (Apr. 1, 2020)
- In FOIA Case, EPIC Obtains Details on State Department's Facial Recognition Program + (Feb. 19, 2020)
- Supreme Court Declines to Review Facebook Face Scan Case + (Jan. 21, 2020)
- CBP Drops Airport Face Scanning Proposal + (Dec. 5, 2019)
- Facebook Asks Supreme Court to Review Face Scan Decision + (Dec. 5, 2019)
- Swiss Sign Convention 108+, 35 Countries Back Privacy Convention + (Nov. 21, 2019)
- Congress to Consider Moratorium on Facial Recognition + (Aug. 22, 2019)
- Federal Appeals Court Says Consumers Can Sue Facebook for Facial Recognition + (Aug. 8, 2019)
- Privacy Board to Review Use of Biometrics at Airports, Privacy of Passenger Data, and FBI Surveillance + (Jun. 26, 2019)
- EPIC to Congress: Suspend Facial Recognition at Airports + (Jun. 13, 2019)
- EPIC Sues State Department About Secret Facial Recognition Database + (May. 20, 2019)
- EPIC FOIA: Massive DHS Biometric Database Still Lacks a Privacy Impact Assessment + (May. 3, 2019)
- EPIC to TSA: Conduct Rulemaking on Facial Recognition + (Apr. 26, 2019)
- EPIC to Congress: Funding for TSA Facial Recognition Program Must Be Halted + (Apr. 3, 2019)
- Buzzfeed: EPIC Docs Reveal Flawed Facial Recognition Program + (Mar. 11, 2019)
- Unanimous Decision in Illinois Supreme Court Ensures Strict Limits on Biometric Data Collection + (Jan. 25, 2019)
- EPIC Amicus: Unlawful Collection of Biometric Data Establishes Standing + (Dec. 18, 2018)
- EPIC Investigates Airport Facial Recognition Opt-Out Procedures + (Dec. 12, 2018)
- EPIC to Congress: Federal Agency Making Up the Rules for Facial Recognition Screening + (Dec. 11, 2018)
- Indian Supreme Court Imposes New Limits on National Identity System + (Sep. 26, 2018)
- EPIC Urges DHS To Abandon Privacy Act Exemptions for New Biometric Database + (Aug. 31, 2018)
- EPIC Urges Suspension of Biometric Entry/Exit Program + (Jul. 25, 2018)
- EPIC Urges Illinois Supreme Court to Uphold Strict Limits on Biometric Data Collection + (Jul. 5, 2018)
- EPIC Pursues Privacy Impact Assessments for Proposed DHS Biometric Database + (Jun. 18, 2018)
- Senators Urge DHS to Address Concerns Over Facial Recognition at Airports; Conduct Public Rule-Making + (May. 11, 2018)
- EPIC to Congress: Enhanced Surveillance at Border Will Impact Rights of U.S. Citizens + (Apr. 24, 2018)
- EPIC FOIA: EPIC Obtains FBI Policy for Disseminating Biometric Info + (Mar. 22, 2018)
- Court Rules that Users have Standing to Sue Facebook about Facial Recognition + (Feb. 27, 2018)
- EPIC Urges Congress to Suspend Facial Recognition At US Airports + (Feb. 26, 2018)
- Republican DACA Bill Would Expand Use of Drones, Biometrics + (Feb. 21, 2018)
- EPIC Urges FBI to Limit Fingerprint-Based Background Checks + (Jan. 9, 2018)
- EPIC FOIA: Report Reveals Failure of Border Biometric Matching Program + (Dec. 18, 2017)
- EPIC Urges Senate to Block Biometric Collection At US Airports + (Sep. 28, 2017)
- NGOs to Meet with Privacy Commissioners at Public Voice Event in Hong Kong + (Sep. 19, 2017)
- EPIC Obtains Final Report on "Face ePassport Air Entry Experiment" + (Sep. 8, 2017)
- Supreme Court of India Rules Privacy is a Fundamental Right + (Aug. 24, 2017)
- EPIC to Congress: Examine Facial Recognition Surveillance at the Border + (Jul. 24, 2017)
- EPIC Files FOIA Lawsuit Over Border Biometrics, Expanded Tracking + (Jul. 20, 2017)
- EPIC Urges TSA to Consider Alternative to Biometric Collection + (Jul. 5, 2017)
- EPIC Urges Senate Committee to Investigate FBI's Massive Biometric Database + (May. 1, 2017)
- EPIC Joins Coalition to Urge FOIA Compliance on Immigration Enforcement + (Apr. 25, 2017)
- EPIC Urges House Oversight Committee to Explore FBI's Use of Biometric Data + (Mar. 21, 2017)
- Data Protection Experts Recommend New protections for Biometric Identification Online + (Mar. 17, 2017)
- EPIC FOIA: EPIC Seeks Information about Airport Eye Scans of U.S. Travelers + (Mar. 2, 2017)
- EPIC FOIA: EPIC Obtains FBI-DoD Biometric Data Plans + (Jan. 30, 2017)
- Open Government Lawsuits at Near-Record Highs in 2016 + (Dec. 9, 2016)
- EPIC FOIA: EPIC Obtains Secret Inspector General Reports + (Nov. 21, 2016)
- EPIC Sues FBI Over Biometric Data Program + (Nov. 14, 2016)
- High Court Extends Fourth Amendment Protections to DUI Blood Tests + (Jun. 23, 2016)
- Federal Court Upholds Photo Tagging Suit Against Facebook + (May. 8, 2016)
- Federal Agencies Seek Comment on Protections for Human Research Subjects + (Sep. 8, 2015)
- California Court Strikes Down DNA Collection Law + (Dec. 4, 2014)
- Senate to Hold Homeland Security Oversight Hearing + (Jun. 10, 2014)
- Sen. Franken Questions Apple on iPhone Fingerprint Scanning + (Sep. 21, 2013)
- EPIC FOIA - DHS Facial Recognition System Lacks Privacy Safeguards + (Aug. 22, 2013)
- EPIC Opposes DHS Biometric Collection + (Jun. 21, 2013)
- FBI Performs Massive Virtual Line-up by Searching DMV Photos + (Jun. 17, 2013)
- EPIC Sues FBI to Obtain Details of Massive Biometric ID Database + (Apr. 8, 2013)
- US to Retain Biometric Database on Iraqis + (Dec. 21, 2011)
- EPIC, Coalition Seeks Investigation of New FBI ID Program and "Secure Communities" + (Sep. 26, 2011)
- FTC Announces Workshop on Facial Recognition Technology + (Sep. 20, 2011)
More top news
Background
The State Department maintains a huge data warehouse called the Consular Consolidated Database ("CCD") that stores current and archived data about U.S. persons (i.e., citizens and legal permanent residents) and non-U.S. persons (i.e., foreign nationals). All data is pulled from applications for visas, passports, and American Citizen Services, and includes names, addresses, birthdates, biometric data (fingerprints and facial images), race, identification numbers (e.g., social security numbers and alien registration numbers) and country of origin.
Initially created to increase the efficiency of consular activity and to provide up-to-date information on transactions at domestic and post databases, the CCD functions as the “central consolidated storage facility” for the Bureau of Consular Affairs. The CCD also interfaces with other internal DOS facial recognition systems, such as the Automated Biometric Identification System (“ABIS”) and Integrated Biometric System (“IBS”). Both ABIS and IBS are “enterprise-level, facial-recognition matching” programs, and receive data from visa and passport applications via the CCD and disseminate facial recognition matching results with external agencies via the CCD. One of the uses of the data stored within the CCD is “[r]egistration of applicant facial images for Facial Recognition.”
The CCD also serves as the “repository of data flows” between the State Department and external federal agencies that provide input to passport and visa approval systems. The CCD is integrated with and serves as a “gateway” to the Department of Homeland Security's Automated Biometric Identification System (“IDENT”), which performs automated fingerprint checking, and “other Federal biometric systems.”
EPIC's Interest
External data dissemination via the CCD is of interest to EPIC because of the risks created by external agencies’ use of biometric data to perform facial recognition. For example, Customs and Border Protection uses facial photos collected by the State Department perform facial recogintion at airports as part of the Biometric Entry/Exit program.
Facial recognition systems are computer-based security systems that are able to automatically detect and identify human faces. Facial recognition technology can be deployed “covertly, even remotely, and on a mass scale,” and there is little an individual can do to prevent collection of his or her image. Facial images and other types of biometric data are especially sensitive because, “unlike other means of identification . . . it cannot be changed.” That external agency facial recognition programs receive data from and disseminate results through the CCD raises serious privacy and civil liberties concerns.
The CCD Privacy Impact Assessment states that “[a]ll external agencies that share information with the CCD are required to sign an Memorandum of Understanding or Memorandum of Agreement, which generally define a set of responsibilities and requirements.” EPIC is pursuing this FOIA request to make public these agreements and make more transparent the extent of dissemination of the biometric data collected by the State Department.
FOIA Documents
- EPIC's FOIA Request (October 12, 2018)
- 1st Interim Production
- Documentation of Agreements between State Department and the Social Security Administration
- Memorandum of Understanding between State Department and U.S. Agency for International Development Office of the Inspector General
- Communications between State Department and National Institute of Standards and Technology regarding requests for VISA data
- 2nd Interim Production
- 3rd Interim Production
- Memorandum of Understanding between the State Department and the [REDACTED] for Access to Passport Record System Databases
- Memorandum of Understanding between the State Department and Interior Department for Sharing Visa and Passport Records (June 4, 2019)
- Memorandum of Agreement between State Department and Defense Department for Limited Access to Passport Records (December 16, 2014)
- Agreement between the State Department and [REDACTED] Regarding the Sharing of Visa and Passport Records and [REDACTED] (November 27, 2013)
- Information Exchange Agreement between the [REDACTED] and the State Department (September 30, 2011)
- Memorandum of Understanding between State Department and [REDACTED] for Access to Certain Passport Services’ Databases (September 17, 2009)
- Memorandum of Understanding between the State Department and U.S. Customs Service (April 11, 1991)
- 4th Interim Production
- Memorandum of Agreement between State Department and The National Counterterrorism Center
- Memorandum of Understanding between Department of Justice and State Department for Provision of Automated [REDACTED] (August 11, 2017)
- Memorandum of Understanding between Department of Justice [REDACTED] and State Department for provision of [REDACTED] inmate information (June 19, 2013)
- Addendum One to Memorandum of Understanding between State Department and Department of Defense, Defense Intelligence Agency for the Sharing of Visa Records (November 14, 2011)
- Memorandum of Understanding between State Department and Department of Defense, Defense Intelligence Agency for the Sharing of Visa Records (March 27, 2008)
- Action Memo re: Purchase of California Department of Public Health Death Index (January 10, 2011)
Legal Documents
U.S. District Court for the District of Columbia (No. 19-1468)
- EPIC Complaint (May 20, 2019)
News
- States emboldened to move on biometrics privacy legislation, Biometric Update, February 3, 2021
- DHS must table self-serving biometrics report — EPIC, Biometric Update, December 14, 2020
- Facebook payout puts spotlight on ‘biometric privacy’, LiveMint, February 2, 2020
- Facebook's settlement puts spotlight on 'biometric privacy', Yahoo, February 1, 2020
- Privacy Tip #216 – Another Caution about Biometric Data, JDSupre, November 18, 2019
- FamilyTreeDNA Admits to Sharing Genetic Data With F.B.I., New York Times, February 4, 2019
- Six Flags’ Scan of Boy’s Thumbprint Tests Biometric Privacy Law, Bloomberg Law, October 16, 2018
- Biometric Privacy Suits Don't Need Actual Harm, Ill. Court Told, Law360, July 10, 2018
- DNA testing kits raise privacy concerns, WKRON, May 4, 2018
- DNA testing kits raise privacy concerns, WWLP, May 1, 2018
- A Serial Killer Was Caught Because Investigators Found His Family's DNA On A Website, BuzzFeed, April 27, 2018
- DHS, TSA testing touch-free fingerprint scanners, Biometric Update, August 16, 2017
- EPIC Demands Info About Biometric Tracking At U.S. Borders, Law 360, July 21, 2017
- EPIC Presses TSA Not To Expand Use Of Biometrics, Law360, July 7, 2017
- How Aadhaar compares to other biometric national identification systems around the world, Tech2, April 5, 2017
More news
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.