The soon to be seated 119th Congress will face a number of issues regarding the regulation and oversight of biometrics that it eventually is going to have to address, according to a new report by the Congressional Research Service (CRS), Congress’ investigative arm.
Among the issues the new Congress will need to tackle is the use of facial recognition by law enforcement, the collection of biometrics by travelers into and out of the US, social media, and consumer data privacy, CRS said.
“There are currently no federal laws specifically governing law enforcement’s use of facial recognition technology (FRT).” Consequently, law enforcement’s use of facial recognition continues to be a subject of ongoing congressional attention, The CRS issues brief says.
CRS also said there are “several broad concerns related to AI spanning multiple sectors” that “could be considered” by the upcoming new session of Congress. And, CRS noted, that “there is no specific legislative framework at the federal level that governs law enforcement use of social media,” a matter of growing concern and contention that most certainly will have to be addressed.
Indeed. Dozens of bills were introduced in the current 118th Congress that addressed scores of privacy and related matters having to do with the use of biometrics that went nowhere, but which will eventually have to be addressed. But until the new Congress is sworn in come January, it’s unclear how these issues will be treated given the potential political shifts and alliances that will occur.
CRS said the “rapid advancements in information technologies present several issues for congressional policymakers, including those related to artificial intelligence, cybersecurity, Big Tech and online platforms, social media, consumer data privacy, children on the internet, quantum information science and technology, law enforcement use of information technologies and social media, and biometric technologies.”
With regard to facial recognition, the CRS policy issues brief says “law enforcement use of FRT has been the subject of ongoing congressional attention,” and that “some of the concerns raised revolve around the accuracy of the technology, including potential race-, gender-, and age-related biases; the process of collecting, retaining, and securing facial images; public notification of the use of facial recognition and other image-capturing technology; and policies or standards governing law enforcement agencies’ use of the technology.”
CRS said “some of these concerns have manifested in actions such as federal, state, and city efforts to prohibit or restrict law enforcement agencies’ use of FRT. In addition, some companies producing facial recognition software have placed new barriers to law enforcement using their technologies.”
While there are no federal laws that govern law enforcement’s use of FRT, CRS said “guidelines and recommendations regarding law enforcement’s use of FRT have been produced by the Facial Identification Scientific Working Group (FISWG).
FISWG is one of the various scientific working groups that support the Organization of Scientific Area Committees for Forensic Science administered by the National Institute of Standards and Technology, which facilitates standards development, including for FRT.
FISWG has published a number of FRT-related guidelines and recommendations for forensic science practitioners. In addition, the FBI maintains a Policy and Implementation Guide for the use of the Next Generation Identification–Interstate Photo System (NGI-IPS). Authorized users of NGI-IPS are required to follow these policies as well as certain FISWG standards, CRS said.
The Federal Bureau of Investigations (FBI) launched FISWG in 2009. Initially overseen by the FBI, its mission is to develop consensus standards, guidelines, and best practices for the discipline of image-based comparisons of human facial features, provides recommendations for research development activities, and advances the state of the science in an ethical manner.
In addition to NGI-IPS, which largely supports state and local law enforcement, the FBI also manages the Facial Analysis, Comparison, and Evaluation (FACE) Services Unit, which supports FBI investigations.
The use of biometrics by CBP is another issue of concern for Congress. CRS said, “border enforcement officials use FRT for identity verification purposes, citing as an example CBP’s use of FRT to confirm travelers’ identities as part of its biometric entry and exit control system for noncitizen travelers into and out of the country.”
CRS said while Congress “has long been interested in the completion of the exit component” of the Department of Homeland Security’s Biometric Entry-Exit System … some policymakers have expressed concern” over how opting out of biometric data collection at ports of entry (POE) is communicated to US citizens.
CBP collects facial images from all travelers departing the United States which it uses to verify each traveler’s identity. CBP is authorized to collect this information by the 2002 Enhanced Border Security and Visa Entry Reform Act. However, US citizens who do not wish to participate in this biometric collection have the right to ask a CBP officer or an airline or airport representative that they wish to be provided with an alternative means of verifying their identity and documents. CBP discards all photos of US citizens, once their identities have been verified.
The CRS report noted that “some policymakers are concerned about the accuracy of FRT and the security of biometric data, including data storage and the auditing of private partners and contractors who collect these data.”
As for AI, while it “holds potential benefits and opportunities, such as through augmenting human decision-making and optimizing performance for complex tasks,” CRS pointed out that “it also presents challenges and pitfalls, such as through perpetuating or amplifying bias and failing in unexpected ways.”
CRS said there are “several broad concerns [that] include questions regarding … the development of standards and testing protocols and algorithmic auditing capabilities for AI systems” and “the incorporation of ethics, privacy, security, transparency, and accountability considerations in AI systems, including such applications as facial recognition technologies.”
“Congress may address additional national security concerns about the potential use of AI technologies, such as the potential for deepfakes to influence elections and erode public trust, the balance of human and automated decision-making in military operations, and concerns about the dissemination of US-developed AI technologies and federally funded AI research results to potential competitors or adversaries,” CRS said.
Law enforcement’s use of social media and how social medial companies treat privacy and related matters will also be on the plates of the new Congress.
CRS said “there are no federal laws that specifically govern law enforcement agencies’ use of information obtained from social media sites, but their ability to obtain or use certain information may be influenced by social media companies’ policies, law enforcement agencies’ own social media policies, and the rules of criminal procedure. Law enforcement may require social media platforms to provide access to certain restricted information through a warrant, subpoena, or other court order.”
“While some have suggested that social media can provide a wealth of information for law enforcement and intelligence analysts, some observers have suggested that agencies may be reluctant to regularly analyze public social media posts for various reasons, including that it could be viewed as spying on the American public and could subsequently chill free speech protected under the First Amendment,” the CRS policy brief noted.
In addition, CRS said “some observers have [also] questioned whether the nature of social media may place it in a qualitatively different category than law enforcement’s use of other investigative tools and have suggested that there should be enhanced boundaries regarding law enforcement operations that utilize social media.”
“For instance,” CRS said, “some have suggested that law enforcement agencies should have written, publicly available policies on their use of social media; they should obtain local government approval before using these online spaces; they should obtain judicial approval for conducting undercover operations using social media; there should be restrictions on law enforcement contacting minors via social media; and law enforcement’s use of social media should be audited.”
These are all “types of proposals” that “could be a subject of discussion” in Congress.
CRS said how the big social media companies like Alphabet, Amazon, Apple, Meta, “and at times Microsoft … collect and use consumer data and whether to implement additional protections for content accessed by minors” are all issues that haven’t been settled with regards to federal regulation.
“Some Members of Congress have also expressed interest in other aspects of social media platforms,” CRS said, and which “include the use of algorithms to amplify or remove content, and the national security, data privacy, and foreign influence risks posed by TikTok.”
Finally, CRS said consumer data privacy remains an issue for Congress.
“Some companies collect, process, and analyze large amounts of consumer data, such as users’ behavior on the platform and personally identifiable information, through online platforms. These data can be used for various purposes, including providing services for customers and obtaining revenue from sending targeted advertisements to specific individuals. The collection of consumer data has raised concerns about consumer data privacy, and whether existing data privacy laws are sufficient.”
CRS noted that the 118th Congress enacted legislation prohibiting data brokers from selling, licensing, or otherwise making available personally identifiable sensitive data of an individual residing in the United States to a foreign adversary or an entity controlled by a foreign adversary, and that some bills were introduced “that would create a comprehensive data privacy law” while “several states … enacted comprehensive data privacy laws. Some of these federal bills and state laws would provide consumers with certain rights, such as the right to access and delete their data, and create requirements for companies, such as providing notice about their data collection practices.”
These are all issues that the new Congress will be met with in a few short months. How the new Congress will act is another matter.
Article Topics
biometrics | data privacy | facial recognition | legislation | regulation | U.S. Government
