By Nick Harmon
This past February,the Supreme Court heard oral argument on the constitutionality of warrantless DNA collection from arrestees. When Maryland v. King is eventually decided, it will form yet another brick in a makeshift wall that the Court has been forced to construct in light of the rapid advances law enforcement agencies have made in the area of data collection, aggregation, and analysis. When it decided another data case, United States v. Jones, 132 S. Ct. 945 (2012), last year,the Court had to decide whether a difference existed between tailing a suspect in a car, and monitoring his movements remotely for a month using a GPS tracker. The Court decided there was, but had a difficult time agreeing on the reasons why. In this case as in other cases, the status and power of data has troubled the Court, and it seems likely that the questions will only grow tougher going forward.
The goal of building newer and better and larger databases has been a goal of government efforts in the law enforcement and defense arena for many years. From Total Information Awareness in the last decade, to NGI today, data aggregation and analysis will be central to the question of where and to what extent the government may collect and store data. TIA, once it became subjected to public scrutiny, met a great deal of hostility from the public and from congress. Publicly, the government renounced its goal of pursuing TIA (at least under that name). The political opposition demonstrates how much the power of data aggregation is accepted by the American public. As NYU Law Professor Helen Nissenbaum noted in her book Privacy in Context: Technology, Policy, and the Integrity of Social Life:
Data subjects and third-party harvesters alike are keenly aware of qualitative differences that can occur when bits of data are combined into collages. This is, surely, one of the most alluring transformations yielded by information sciences and technologies. It is anything but the case that an assemblage of bland bits yields a bland assemblage. The isolated bits may not be particularly revealing, but the assemblage may expose people quite profoundly.
In September of last year, the Electronic Privacy Information Center (EPIC) requested documents from the Federal Bureau of Investigation (FBI) which might tell us more about a new FBI data aggregation system, known as the Next Generation Identification Program.
According to the FBI’s website, NGI “will offer state-of-the-art biometric identification services and provide a flexible framework of core capabilities that will serve as a platform for multimodal functionality.” In short, NGI is a system designed to link a variety of widely-used biometric indicators, including fingerprints and DNA profiles. However, the system goes further than just joining in one place systems already in wide use. The development of NGI will include a mandate to “explore the capability of facial recognition technology.” NGI will thus allow for the linking of otherwise disparate profiles, and the incorporation of facial recognition software to supplement those profiles, a powerful shift at a time when surveillance cameras are becoming increasingly ubiquitous. Moreover, as the National Journal has reported that NGI “enables police officers to use a handheld fingerprint reader to send prints through a squad car’s radio to the FBI’s database and learn almost instantly whether there is a match.” However, NGI will also incorporate a “Repository for Individuals of Special Concern (RISC)” to “[provide] law enforcement and partnering agencies with rapid/mobile identification services to quickly assess the level of threat that an encountered individual poses.” In short, it will generate meaningful analytical profiles as well. Finally, as the FBI has acknowledged, the program is being developed not solely by the government itself but in collaboration with private companies, a troubling fact from a privacy standpoint.
Without public knowledge of government efforts to compile new databases, public oversight is impossible, and the political process justification for courts’ refraining from stepping in becomes more difficult to accept. On April 8, 2013, EPIC filed a lawsuit against the FBI under the Freedom of Information Act (FOIA), challenging its failure to provide information on NGI. (Their complaint can be found here). It states:
In 2012, EPIC filed two Freedom of Information Act (FOIA) requests for documents related to the FBI’s NGI system. One request sought technical specifications related to the roll out of the NGI system. The other sought contracts between the FBI and the private entities developing the system. The FBI did not promptly comply with the law’s requirements and has so far failed to give EPIC any responsive documents. After the agency failed to comply with the Freedom of Information Act, EPIC filed a lawsuit in federal district court.
The FBI notes that “A full and open competition was used to award the NGI contract to Lockheed Martin Transportation and Security Solutions” to develop this technology, but it remains to be seen whether similar public scrutiny will be possible regarding the operations of the database itself.