Skip to content

Illustration by Security Management

Watchdog Finds U.S. Government Agencies in the Dark about Facial Recognition Use

Whose facial recognition technology are your employees using? A U.S. Government Accountability Office (GAO) report released this week found that more than a dozen U.S. federal agencies are in the dark.

Twenty of the federal agencies the GAO surveyed either own a system with facial recognition technology or use a system owned by other entities, such as other federal, state, local, or non-government entities. But while 14 use non-federal systems to support criminal investigations, only one agency reported awareness of which non-federal systems are used by employees. When polled, several agencies had to conduct in-house surveys to determine which systems were in use.

According to the report, Facial Recognition Technology: Federal Law Enforcement Agencies Should Better Assess Privacy and Other Risks, the U.S. Secret Service, Customs and Border Protection (CBP), and the FBI are among the agencies that don’t track the type of facial recognition technologies being used.

There is a breathtaking breadth of imagery available to facial recognition databases used by federal agencies, too. While some government databases are small, such as the Federal Bureau of Prisons’ collection of 8,000 employee and contractor photos, others are massive. The GAO report found that the Office of Biometric and Identity Management has a trove of 836 million passport, mugshot, and visa application pictures. Private companies used by federal agencies can have even more—Clearview AI, used by multiple agencies cited in the report, claims its system has 3 billion images scraped from the Internet, The Washington Post reported.

The report found a lack of accountability in these systems’ use that could result in increased privacy risks for the public. Facial recognition technologies—which are unregulated by the federal government—can lead to privacy and civil rights violations, particularly because these systems misidentify people of color at higher rates than white people.

The GAO also warned that government agencies put themselves at legal risk when they fail to audit the technology they use for accuracy and privacy. The Detroit Police Department, for example, used facial recognition technology to identify a suspect in a robbery, but the technology made the wrong match—leading to a false arrest and subsequent lawsuit. In the face of accuracy and privacy challenges, multiple cities and municipalities in the United States have banned the use of facial recognition technology by law enforcement.

According to CyberScoop, agencies cited in the GAO report have collectively run hundreds of millions of facial recognition searches between 2018 and 2020, including during 2020 protests after the murder of George Floyd and investigations into the riot at the U.S. Capitol on 6 January 2021.  

The GAO made two recommendations in the report to each of the 13 federal agencies that use facial recognition for law enforcement purposes but do not own their system or audit which programs are used: implement a mechanism to track which non-federal systems are in use by employees and assess the risks of using these systems.