Courtesy Ellen Nakashima
CLARKSBURG, W.Va. â€” The FBI is embarking on a $1 billion effort to build the worldâ€™s largest computer database of peopleâ€™s physical characteristics, a project that would give the government unprecedented abilities to identify individuals in the United States and abroad.
Digital images of faces, fingerprints and palm patterns are flowing into FBI systems in a climate-controlled, secure basement in Clarksburg. Next month, the FBI intends to award a 10-year contract that would significantly expand the amount and kinds of biometric information it receives.
In coming years, law-enforcement authorities around the world may be able to use iris patterns, face-shape data, scars and perhaps the unique ways people walk and talk to solve crimes and identify criminals and terrorists.
The FBI also will retain, upon request by employers, the fingerprints of employees who have undergone criminal background checks so the employers can be notified if employees have brushes with the law.
â€œBigger. Faster. Better. Thatâ€™s the bottom line,â€ said Thomas Bush III, assistant director of the FBIâ€™s Criminal Justice Information Services Division (CJIS), which operates the growing database from its headquarters in the Appalachian foothills.
The increasing use of biometrics for identification is raising questions about the ability of Americans to avoid unwanted scrutiny. It also is drawing criticism from those who worry that peopleâ€™s bodies will become de facto national-identification cards. Critics said such government initiatives should not proceed without proof the technology can pick a criminal out of a crowd.
The use of biometric data is increasing throughout the government. For the past two years, the Defense Department has been storing in a database images of fingerprints, irises and faces of more than 1.5 million Iraqi and Afghan detainees, Iraqi citizens and foreigners who need access to U.S. military bases. The Pentagon also collects DNA samples from some Iraqi detainees that are stored separately.
The Department of Homeland Security (DHS) has been using iris scans at some airports to verify the identity of travelers who have passed background checks and who want to move through lines quickly. The department also is looking to apply iris- and face-recognition techniques to other programs.
The DHS has a database of millions of sets of fingerprints that include records collected from U.S. and foreign travelers stopped at borders for criminal violations, from U.S. citizens adopting children overseas and from visa applicants abroad.
â€œItâ€™s going to be an essential component of tracking,â€ said Barry Steinhardt, director of the Technology and Liberty Project of the American Civil Liberties Union. â€œItâ€™s enabling the always-on-surveillance society.â€
If successful, the FBI system, Next Generation Identification, will collect a wide variety of biometric information in one place for identification and forensic purposes.
In an underground facility the size of two football fields, a request reaches an FBI server every second from somewhere in the United States or Canada, comparing a set of digital fingerprints against the FBIâ€™s database of 55 million sets of electronic fingerprints. A possible match is made â€” or ruled out â€” up to 100,000 times a day.
Soon, the server at CJIS headquarters also will compare palm prints and, eventually, iris images and face-shape data, such as the shape of an earlobe.
If all goes as planned, a police officer making a traffic stop or a border agent at the airport could run a 10-fingerprint check on a suspect and within seconds know if the person is on a database of the most-wanted criminals and terrorists. An analyst could take palm prints lifted from a crime scene and run them against the expanded database. Intelligence agents could exchange biometric information worldwide.
More than 55 percent of the search requests now are made for background checks on civilians in sensitive positions in the federal government and jobs that involve children and the elderly, Bush said. Those prints are destroyed or returned when the checks are completed.
But the FBI is planning a â€œrap-backâ€ service, under which employers could ask the FBI to keep employeesâ€™ fingerprints in the database, subject to state privacy laws, so that if employees are arrested or charged with a crime, the employers would be notified.
Advocates said bringing together information from a wide variety of sources and making it available to multiple agencies increases the chances of catching criminals. The Pentagon has matched several Iraqi suspects against the FBIâ€™s criminal-fingerprint database. The FBI intends to make criminal and civilian data available to authorized users, officials said. There are 900,000 federal, state and local law-enforcement officers who can query the fingerprint database today, they said.
The FBIâ€™s biometric database, which includes criminal-history records, communicates with the Terrorist Screening Centerâ€™s database of suspects and the National Crime Information Center database, which is the FBIâ€™s master criminal database of felons, fugitives and terrorism suspects.
The FBI is building its system according to standards shared by Britain, Canada, Australia and New Zealand.
At the West Virginia University Center for Identification Technology Research, 45 minutes north of the FBIâ€™s biometric facility in Clarksburg, researchers are working on capturing images of peopleâ€™s irises at distances of up to 15 feet, and of faces from as far away as 200 yards. Soon, those researchers will do biometric research for the FBI.
Covert iris- and face-image capture is several years away, but it is of great interest to government agencies.
Skeptics said such projects are proceeding before there is evidence they reliably match suspects against a huge database.
In the worldâ€™s first large-scale study on how well face recognition works in a crowd, the German government this year found that the technology, while promising, was not effective enough to allow its use by police.
The study was conducted from October 2006 through January at a train station in Mainz, Germany, which draws 23,000 passengers daily. The study found that the technology was able to match travelersâ€™ faces against a database of volunteers more than 60 percent of the time during the day, when the lighting was best. But the rate fell to 10 to 20 percent at night.
To achieve those rates, the German police agency said it would tolerate a false positive rate of 0.1 percent, or the erroneous identification of 23 people a day. In real life, those 23 people would be subjected to further screening, the report said.
Accuracy improves as techniques are combined, said Kimberly Del Greco, the FBIâ€™s biometric-services section chief. The Next Generation database is intended to â€œfuseâ€ fingerprint-, face-, iris- and palm-matching capabilities by 2013, she said.
To safeguard privacy, audit trails are kept on everyone who has access to a record in the fingerprint database, Del Greco said. People may request copies of their records, and the FBI audits all agencies that have access to the database every three years, she said.
Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), said the ability to share data across systems is problematic. â€œYouâ€™re giving the federal government access to an extraordinary amount of information linked to biometric identifiers that is becoming increasingly inaccurate,â€ he said.
In 2004, EPIC objected to the FBIâ€™s exemption of the National Crime Information Center database from the Privacy Act requirement that records be accurate. The group noted that the Bureau of Justice Statistics in 2001 found that information in the system was â€œnot fully reliableâ€ and that files â€œmay be incomplete or inaccurate.â€
FBI officials justified that exemption by claiming that in law-enforcement data collection, â€œit is impossible to determine in advance what information is accurate, relevant, timely and complete.â€
Privacy advocates worry about the ability of people to correct false information.
â€œUnlike say, a credit-card number, biometric data is forever,â€ said Paul Saffo, a Silicon Valley technology forecaster. He said he feared the FBI, whose computer-technology record has been marred by expensive failures, could not guarantee the dataâ€™s security.
â€œIf someone steals and spoofs your iris image, you canâ€™t just get a new eyeball,â€ Saffo said.
In the future, said Center for Identification Technology Research Director Lawrence Hornak, devices will be able to â€œrecognize us and adapt to us.â€
â€œThe long-term goal is ubiquitous use of biometrics,â€ Hornak said. A traveler may walk down an airport corridor and allow his face and iris images to be captured without stepping up to a kiosk and looking into a camera, he said.
â€œThatâ€™s the key,â€ he said. â€œYouâ€™ve chosen it. You have chosen to say, â€˜Yeah, I want this place to recognize me.â€™ â€œ
Washington Post staff researcher Richard Drezen contributed to this report.