The U.S. Government Accountability Office (GAO) recently examined the approaches of 24 federal agencies under the Chief Financial Officers (CFO) Act of 1990 and found that the increasing reliance on technology and data-driven processes across federal agencies raises profound challenges to protecting civil rights and civil liberties.
GAO was blunt in its assessment. It said federal “agencies lack government-wide laws and guidance that identify how civil rights and civil liberties are to be considered and protected as they relate to data collection, sharing, and use,” and that they “reported varying protections for the public’s civil rights and civil liberties in the areas of establishing dedicated offices, appointing designated officials, and developing standalone policies and procedures for collecting, sharing, and using data.”
The GAO’s analysis underscores the urgent need for uniform, government-wide guidance to address the evolving challenges at the intersection of technology and civil rights.
As federal agencies implement tools like AI and facial recognition, questions about privacy and the handling of personal information have become more urgent than ever, GAO said in its report to congressional requesters, Information Technology: Government-Wide Guidance on Handling Data Could Improve Civil Rights and Civil Liberties Protections.
GAO found that while emerging technologies hold the potential to transform public administration, their rapid adoption has also exposed critical vulnerabilities. Biases in AI systems, for example, have led to misidentifications and disproportionately negative outcomes for marginalized groups, GAO said. And facial recognition, while useful in security contexts, has introduced errors that may infringe on individuals’ privacy.
Such technologies, GAO found, often operate in a vacuum of regulatory clarity, leaving agencies to navigate these challenges without consistent guidance. Current federal laws, such as the Privacy Act of 1974, focus narrowly on privacy considerations and fail to address broader issues like informed consent, equitable use, and the mitigation of systemic biases.
“Agencies reported challenges in protecting the public’s civil rights and civil liberties while using personal information that include handling issues that arise from new and emerging technologies,” GAO said.
“Beyond privacy protections, there is currently no specific government-wide federal guidance on how to address civil rights and civil liberties issues associated with agency collection, sharing, and use of sensitive data,” GAO said, noting that “while there are existing federal laws and guidance [that] focus[es] on civil rights, they primarily address the civil rights complaint process and compliance efforts.”
GAO said “the governing statutes and federal guidance do not comprehensively address the use of large volumes of data by emerging technologies, particularly those with the potential to misidentify individuals and to introduce bias against people with certain racial and ethnic backgrounds. The need to mitigate those types of systemic risks is not addressed.”
GAO said it found that across the government, AI and facial recognition systems often perpetuate existing biases, misidentifying individuals and disproportionately affecting marginalized communities, and that the lack of standardized regulations exacerbates the potential for systemic inequities, particularly in areas like law enforcement and public resource allocation.
In addition, GAO reported, “laws and guidance that govern civil liberties primarily focus on privacy. However, other broader civil liberties considerations include due process, informed consent, and data protection related to the use of publicly available information. These broader issues are not addressed in the federal guidance that outline privacy protections, which only apply to data stored in systems of records and therefore may not be addressed by agencies’ privacy programs.”
“Further,” GAO said, “existing federal guidance that addresses civil rights and civil liberties considerations applies only in specific circumstances in which agencies use AI, such as when the technology may impact rights or safety. The guidance does not apply to other technologies, such as facial recognition, that an agency may use to collect or share personal data, which present similar risks to the public’s civil rights and civil liberties.”
“Similarly,” GAO stated, “the existing guidance does not specify when federal agencies may use publicly available or commercially provided information and, what obligations, if any, apply to those data sets.”
Compounding the technological risks are workforce shortages and a “lack of qualified and dedicated personnel,” GAO added.
Congress’ investigative arm said many agencies lack staff with the expertise to address the dual complexities of civil rights and advanced technology. Consequently, many critical functions, such as assessing the impact of AI on civil liberties, are handled on an ad-hoc basis or delayed entirely. And agencies that do prioritize these concerns often report difficulties finding personnel with the necessary blend of technical and legal knowledge, GAO said.
Despite these challenges, however, GAO noted that federal agencies have taken steps to protect civil rights and liberties. Every CFO Act agency, for example, has established a civil rights office, and a select few, including the Departments of Defense, Homeland Security, and Justice, have dedicated offices for civil liberties. Some also have integrated these considerations into their existing privacy compliance activities. For instance, the Department of Homeland Security has developed a civil liberties impact assessment tool to evaluate risks posed by departmental programs and technologies. The Department of Justice, meanwhile, has formed working groups to address privacy and civil liberties issues arising from the adoption of new tools.
Nevertheless, GAO reported finding that these efforts are inconsistent across agencies and often lack the scope needed to address emerging risks. While some agencies have implemented standalone policies, others rely on outdated frameworks or have no dedicated processes in place. Many agencies informed GAO that they are challenged to keep policies aligned with technological advancements, leaving potential gaps in protections.
GAO emphasized the need for government-wide guidance to bridge these disparities. Such guidance, it said, should establish clear standards for how agencies assess the civil rights and liberties implications of technologies like AI and data analytics. Guidance should also address broader issues, including the ethical use of publicly available data and protections against systemic discrimination. Uniform regulations would also reduce the patchwork approach currently in place, ensuring greater consistency and accountability across the federal enterprise.
In addition to regulatory improvements, GAO said federal agencies need resources to build capacity. It said comprehensive training programs are essential to equip employees with the skills to address technological and legal complexities. Moreover, targeted investments in recruitment and retention are critical to closing the skills gap that has left many agencies struggling to protect civil rights in the digital age.
GAO said none of the agencies it examined agreed or disagreed with its report. Three agencies provided written comments, ten provided only technical comments, and the remaining twelve, including the Office of Management and Budget, had no comments.
Congress, meanwhile, has a vital role to play in addressing these gaps, GAO said.
“To assist federal agencies with consistently implementing civil rights and civil liberties protections when collecting, sharing, and using data, we suggest that Congress direct an appropriate federal entity to issue government-wide guidance or regulations addressing this matter,” GAO proffered. “Congress should [also] consider delegating to such entity the explicit authority to make needed technical and policy choices or explicitly stating Congress’s own choices.”
The challenges posed by emerging technologies are significant, but they are not insurmountable, GAO concluded. With cohesive policies, strategic investments, and unified oversight, it says, federal agencies can navigate these complexities while ensuring the protection of civil rights and liberties. But without comprehensive guidance, GAO warned, inconsistencies in policies and practices will persist, leaving individuals vulnerable to discrimination and misuse of personal information.
Article Topics
biometrics | data privacy | data protection | facial recognition | GAO (Government Accountability Office) | U.S. Government
