Tag Archives: Government Invasion of Privacy

DHS Facial Recognition Privacy Risk Assessment Report

Standard
Image: “FCW

FCW

A new Privacy Impact Assessment details how the Department of Homeland Security’s Immigration and Customs Enforcement agency uses facial recognition and what protections it plans to put in place to prevent abuse.

_____________________________________________________________________________

“The assessment, signed by DHS Chief Privacy Officer Dena Kozanas and ICE Privacy Officer Jordan Holz, lays out more than a dozen potential privacy risks associated with the agency’s use of and access to numerous databases and algorithms to identify travelers or suspects. Those risks include the possibility that ICE could abuse those services or use them outside of their intended scope, that the agency might submit or rely upon low quality images that have been found to impact accurate identification, that it might rely on inaccurate information contained in third-party databases and that it could mishandle data, leading to a breach or compromise of personally identifiable information by hackers.

The document makes clear just how much information and data are within the program’s reach. DHS has two systems, the Automated Biometric Identification System (IDENT) and the Homeland Advanced Recognition Technology (HART), which stores and processes digital fingerprints, facial scans and iris scans along with biographical information for identified individuals.

However, the office that stores those images (the Office of Biometric Identity Management) is also in the process of connecting to the FBI’s primary identity management system, the Department of Defense’s Automated Biometric Identification System, the Department of State’s Consolidated Consular Database, databases compiled by state and local law enforcement organizations, region-specific intelligence fusion centers and databases maintained by commercial vendors.

Each system has its own database of images but many also track and collect other biometrics and information about individuals. Often DHS can also access that information and agencies like the FBI can hold onto and use probe photos sent by ICE later for other investigative purposes.

The report also notes that ICE investigators can run images through facial recognition systems that haven’t been approved for agency-wide use by the central Homeland Security Investigations Operational Systems Development and Management unit (OSDM) in the event of “exigent circumstances.”

One privacy risk cited in the assessment is the potential to use image for purposes other than that which they were initially collected. That risk is mitigated, according to ICE, by deleting images from facial recognition systems that were not vetted prior to use.

The assessment also notes the risk of abuse of facial recognition systems by employees and contractors. Training programs and rules of behavior that are being developed by Homeland Security Investigations, ICE’s privacy office and DHS’ Science and Technology Directorate. Supervisors will periodically audit each employee’s use of facial recognition services to ensure compliance and ICE Privacy will only approve commercial vendors who provide auditing capabilities for their own systems.

To guard against data breaches, HSI will only submit “the minimum amount of information necessary for the [service] to run a biometric query,” such as the probe photo, the case agent’s name and the legal violation being investigated. If a breach occurs “the information lost by the FRS will be minimal and out of context,” the report claims. Another DHS agency, Customs and Border Protection, saw tens of thousands of photos from its facial recognition program stolen last year when hackers compromised a subcontractor who had been storing and retaining the images without permission.

The use of facial recognition systems by DHS under the Trump administration has come under scrutiny as tech experts have fretted over the technical limitations and activists have complained about a lack of transparency from ICE regarding how it uses the technology and the potential to facilitate widespread targeting of Latinos, Muslims and other vulnerable populations.

In line with previous assessments from the National Institute of Standards and Technology, the privacy report also makes clear that numerous factors impact the accuracy of the many algorithms relied on by DHS, including lighting, photo quality, camera quality, distance or angle of the subject, facial expressions, aging and accessories like glasses, hats or facial hair.

Doctor Nicol Turner Lee, a fellow at the Center for Technology Innovation at the Brookings Institute who studies algorithmic integrity, said some of the guardrails outlined in the assessment — like emphasizing trainings and accountability measures — are a step in the right direction. However, she said the agency’s continued reliance on open source image collection and coordination with other major databases still leave significant concerns around accuracy, privacy and civil liberty.

“I think what they’re doing [here] is good but we still have a host of other challenges to address and remedy for the full-scale deployment of facial recognition,” Lee said in a phone interview. “We still need a better accounting of the types of training data that is being used, we still need a conversation on the technical specifications and its ability to fairly identify – particularly — people of color that are not sufficiently found in certain facial recognition systems.”

Lee also said there remain concerns about biases embedded in facial recognition system and “within the context of ICE, the likelihood of certain populations being more violently subjected to this over-profiling and overrepresentation in certain databases.”

https://fcw.com/articles/2020/05/27/ice-facial-recognition-privacy.aspx

Amazon’s “Ring” On The Congressional Privacy Hot Seat

Standard

“FCW:

The House Oversight and Reform Subcommittee on Economic and Consumer Policy, asked for a range of information, including copies of all agreements the company has reached with local governments going back to 2013, details on integration of any facial recognition tools and instances where law enforcement has requested video footage from Ring.

Click to access 2020-02-19.RK%20to%20Huseman-Amazon%20re%20Ring%20%281%29.pdf

COMMITTEE ON OVERSIGHT AND REFORM


“The Subcommittee on Economic and Consumer Policy is writing to request documents and information about Ring’s partnerships with city governments and local police departments, along with the company’s policies governing the data it collects,” Krishnamoorthi wrote.  “The Subcommittee is examining traditional constitutional protections against surveilling Americans and the balancing of civil liberties and security interests.”

Ring reportedly works closely with local governments and police departments to promote its surveillance tools and has entered into agreements with cities to provide discounts on Ring products to their residents in exchange for city subsidies.  Reports also indicate that Ring has entered into agreements with police departments to provide free Ring products for giveaways to the public.

Ring reportedly tightly controls what cities and law enforcement agencies can say about Ring, requiring any public statement to be approved in advance.   In one instance, Ring is reported to have edited a police department’s press release to remove the word “surveillance.”

“The Subcommittee is seeking more information regarding why cities and law enforcement agencies enter into these agreements,” wrote Krishnamoorthi.  “The answer appears to be that Ring gives them access to a much wider system of surveillance than they could build themselves, and Ring allows law enforcement access to a network of surveillance cameras on private property without the expense to taxpayers of having to purchase, install, and monitor those cameras.”

The Subcommittee demands Amazon provide information about these partnerships dating back to January 1, 2013.”

https://oversight.house.gov/news/press-releases/oversight-subcommittee-seeks-information-about-ring-s-agreements-with-police-and

ACLU “Freedom Of Information Act” Filing Demands Records Of Government Facial Recognition Technology

Standard
Image: “Techcrunch.com”

“FEDSCOOP’

“The American Civil Liberties Union has filed a Freedom of Information Act (FOIA) request with the Department of Justice demanding any records on the agency’s use of facial recognition technology.

“The request seeks records from the DOJ as a whole, as well as component agencies the FBI and Drug Enforcement Administration.”

______________________________________________________________________________

“The request is extensive. The organization is asking for 20 distinct sets of records ranging from any policy direction on the use facial recognition to “records relating to inquiries to companies, solicitations from companies, or meetings with companies about the purchase, piloting, or testing of face recognition, gait recognition, or voice recognition technology” and beyond. The group additionally wants any records showing the accuracy rates of the systems employed and records showing what audit work has been done to determine or assess the accuracy rate.

This news is just the latest in the ACLU’s strong ongoing opposition to the use of facial recognition technology by government entities.

The ACLU filed a similar request with the Department of Homeland Security in October 2018. In contrast to this most recent FOIA, though, which seeks information regardless of the vendor of the technology, the DHS FOIA focused on learning more about the agency’s work with Amazon’s Rekognition software.

Just last week, the ACLU and a coalition of other civil rights groups wrote letters to the three big purveyors of facial recognition technology — Amazon, Microsoft and Google — demanding in no uncertain terms that they cease doing business with government customers.

And over the summer, the group put members of Congress in the facial recognition crosshairs to see how they’d react.

While this last action — a study in which 28 sitting members of Congress were falsely identified as individuals who have been arrested for a crime — prompted some action from lawmakers, federal agencies have remained pretty quiet.

The companies developing the technology have also reacted to public criticism differently. Google, notably, has backed down from some government work, citing its new AI principles, and Microsoft has argued for proactive regulation.

Amazon, meanwhile, a company that is often the target of the ACLU’s opposition, has maintained that facial recognition is a positive and powerful tool for government. “There have always been and will always be risks with new technology capabilities,” Dr. Matt Wood, head of AI at AWS, wrote in a blog post this summer. “But we believe it is the wrong approach to impose a ban on promising new technologies because they might be used by bad actors for nefarious purposes in the future.”

The NSA Has No Idea How Many Americans It’s Spying On

Standard

 

Surveillance sttpml dot org

“DEFENSE ONE”

“How many Americans are caught up in the government’s digital dragnets?

The answer, says National Intelligence Director James Clapper, is that we have no idea.

“We’re looking at several options right now, none of which are optimal,” said Clapper at a press briefing in Washington DC on April 25. Security officials argue that analyzing the dataset would mean even more intrusions upon Americans’ privacy. “Many people find that unsatisfactory, but that is a fact,” says Clapper.

Members of Congress are definitely not satisfied. Four years  of prompting by US senators Ron Wyden and Mark Udall to nail down the number of Americans whose phone calls and emails are being collected has produced little. The senators, along with colleagues, wrote an exasperated letter  to Clapper on April 22 stating, “We are not asking you for an exact count. Today, our request is simply for a rough estimate.”

Fueling the controversy, the NSA says it wants to start sharing raw communications data it collects with domestic law enforcement such as the FBI. That conflicts with intelligence agencies’ assertions that its programs are strictly to target foreigners. “Our employees are trained to not look for US persons,” NSA privacy and civil liberties officer Rebecca Richards told The Hill in March. “We’re not interested in those US persons. We’re trying to look away from those.”

Yet a secret 2015 court ruling  unsealed this week shows that warrantless spying has already been formally approved by the Foreign Intelligence Surveillance Courts for general criminal investigations in the US, says the Electronic Frontier Foundation. These revelations have prompted dozens of advocacy groups to write intelligence officials that they are (again) circumventing constitutional protections and “pose new threats to the privacy and civil liberties of ordinary Americans”.

See also Intelligence Chief: We Don’t Know If North Korea Has a ‘Boosted Bomb’

The worries focus on two core programs first revealed publicly by former CIA contractor Edward Snowden: PRISM and Upstream. These vast electronic listening programs—authorized by Section 702 of the Foreign Intelligence Surveillance Act—collect, sift and deposit much of the world’s electronic telecommunications in US government databases. Nominally targeting non-US citizens, the system pulls data from hundreds of millions of people’s internet communications, many of whom, the NSA admits (pdf), are Americans.

Each program works differently, which adds to the difficulty of figuring out how many people are being caught up in the surveillance. PRISM allows the NSA to retrieve data directly from U.S. companies like Google, Facebook, and Microsoft through negotiated data-sharing contracts. Security analyst Ashkan Soltani mapped out how the system might work based on available information. The NSA sends a request for data, employees pull target emails, text and video chats, photographs, and other data, and then pass it along to the NSA for analysis. “Upstream” is a program that taps even more data by intercepting undersea fiber-optic cables that carry “about 80%” of the world’s traffic. This allows the US government to eavesdrop on foreign communications over U.S. networks and detect suspicious patterns in the metadata.

Yet the political enthusiasm for this type of surveillance is waning. Last year, Congress passed the USA Freedom Act in a overwhelming bipartisan vote that halted the NSA’s bulk collection of phone metadata of US citizens, such as phone numbers, call length and time. The vote marked the first time Congress has restricted government surveillance since the September 11 attacks in 2001.”

http://www.defenseone.com/threats/2016/04/nsa-has-no-idea-how-many-americans-its-spying/127873/?oref=defenseone_today_nl