Photographs of nearly half of all U.S. adults -- 117 million people -- are collected in police facial recognition databases across the country with little regulation over how the networks are searched and used, according to a new study.
Along with a lack of regulation, critics question the accuracy of facial recognition algorithms. Meanwhile, state, city, and federal facial recognition databases include 48 percent of U.S. adults, said the report from the Center on Privacy & Technology at Georgetown Law.
The search of facial recognition databases is largely unregulated, the report said. "A few agencies have instituted meaningful protections to prevent the misuse of the technology," its authors wrote. "In many more cases, it is out of control."
About 20 states, including Texas, Florida, Illinois, Ohio, and Pennsylvania allow police to search drivers license photo databases. Police in a handful of other states and cities San Fransisco, Los Angeles, San Diego, and Chicago can search criminal mug shots, the report said.
Police agencies don't need a search warrant to search facial recognition databases, the report said. "We are not aware of any agency that requires warrants for searches or limits them to serious crimes," the authors wrote. "This has consequences."
The Maricopa County Sheriff's Office in Arizona has enrolled all of Honduras' driver's licenses and mug shots into its database. This was presumably related to the tough stance on immigration taken by County Sheriff Joe Arpaio, who just this week was indicted for defying a judge's orders to stop targeting Latinos. Meanwhile, the Pinellas County Sheriff's Office in Florida runs 8,000 monthly searches on 7 million Florida drivers, without requiring that officers have "even a reasonable suspicion," the report said.
In addition to concerns about racial profiling, the growing use of facial recognition by police raises several other potential problems, said Clare Garvie, a co-author of the report and an associate at the Georgetown center.
The facial recognition algorithms used to search the photo databases, sold by a handful of vendors, aren't perfect, she said by email. "The algorithms make mistakes," she added. "These mistakes happen at a higher rate when the systems are used to try and identify people in lower quality images," including surveillance camera images, or smartphone photos, and social media pictures.
Most police facial recognition systems use pre-trained algorithms that identify distinct nodal points on the face for each person, then match those blueprints to known images. A second type of facial recognition technology uses neural networks to learn and update itself over time, but the report's authors aren't aware of any police agencies that use "this type of deep learning algorithm at the moment," Garvie said.
The main companies that sell facial-recognition technology to U.S. law enforcement agencies are Cognitec, NEC, and MorphoTrust, Garvie said. These companies also license their face recognition algorithms to other value-added resellers, such as FaceFirst and Dynamic Imaging Systems.
Limited testing has suggested that facial recognition technology makes more errors on African Americans, women, and young people, Garvie said.
The search systems are also set up to return results, "regardless of whether the suspect being searched for is in the database," Garvie added. "This means that a system may return a list of 10 or 40 completely innocent people."
With many police systems using drivers license photos, the list "may be of people who have never had any interaction with the police before," she added. "But if the algorithm says it has a high confidence that one or more of these people is a 'match,' the police may investigate. They may arrest a completely innocent person because the algorithm pointed them in that person's direction."
Representatives of the FBI and the National Association of Police Organizations didn't immediately respond to requests for comments on the report.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.