Oversight Report Finds Several Federal Agencies Are Still Using Clearview’s Facial Recognition Tech
Two years ago, the Government Accountability Office (GAO) released its initial review of federal use of facial recognition tech. That report found that at least half of the 20 agencies examined were using Clearview's controversial facial recognition tech.
A follow-up released two months later found even more bad news. In addition to widespread use of Clearview's still-unvetted tech, multiple DHS components were bypassing internal restrictions by asking state and local agencies to perform facial recognition searches for them.
On top of that, there was very little oversight of this use at any level. Some agencies, which first claimed they did not use the tech, updated their answer to more than 1,000 searches" when asked again during the GAO's follow-up.
While more guidelines have been put in place since this first review, it's not clear those policies are being followed. What's more, it appears some federal agencies aren't ensuring investigators are properly trained before setting them loose on, say, Clearview's 30+ billion image database.
That's from the most recent report [PDF] by the GAO, which says there's still a whole lot of work to be done before US residents can consider the government trustworthy as far as facial recognition tech is concerned.
For instance, here's the FBI's lack of responsibility, which gets highlighted on the opening page of the GAO report.
FBI officials told key internal stakeholders that certain staff must take training to use one facial recognition service. However, in practice, FBI has only recommended it as a best practice. GAO found that few of these staff completed the training, and across the FBI, only 10 staff completed facial recognition training of 196 staff that accessed the service.
The FBI told the GAO it intends" to implement a training requirement. But that's pretty much what it said it would do more than a year ago. Right now, it apparently has a training program. But that doesn't mean much when hardly anyone is obligated to go through it.
This audit may not have found much in the way of policies or requirements, but it did find the agencies it surveyed prefer to use the service offered by an industry pariah than spend taxpayers' money on services less likely to make them throw up in their mouths.
Yep. Six out of seven federal agencies prefer Clearview. The only outlier is Customs and Border Protection, although that doesn't necessarily mean this DHS component isn't considering adding itself to a list that already includes (but is not limited to) the FBI, ATF, DEA, US Marshals Service, Homeland Security Investigations, and the US Secret Service.
We also don't know how often this tech is used. And we don't know this because these federal agencies don't know this.
Six agencies with available data reported conducting approximately 63,000 searches using facial recognition services from October 2019 through March 2022 in aggregate-an average of 69 searches per day. We refer to the number of searches as approximately 63,000 because the aggregate number of searches that the six agencies reported is an undercount. Specifically, the FBI could not fully account for searches it conducted using two services, Marinus Analytics and Thorn. Additionally, the seventh agency (CBP) did not have available data on the number of searches it performed using either of two services staff used.
In most cases, neither the agency nor the tech provider tabulated searches. Thorn only tracked the last time a source photo was searched against, not every time that photo had been searched. And, as the GAO notes, its 2021 report found some agencies couldn't even be bothered to track which facial recognition tech services were being used by employees, much less how often they were accessed.
Most of the (undercounted) 63,000 searches ran through Clearview. Almost every one of these searches was performed without adequate training.
[W]e found that cumulatively, agencies with available data reported conducting about 60,000 searches-nearly all of the roughly 63,000 total searches-without requiring that staff take training on facial recognition technology to use these services.
All of the surveyed agencies have been using facial recognition tech since 2018. And here's how they're doing when it comes to handling things like mandated privacy impact assessments and other privacy-focused prerequisites that are supposed to be in place prior to the tech's deployment. In this case, green means ok [agency addressed requirement, but not fully"], baby blue means completed fully, and everything else means incomplete.
If there's any good news to come out of this, it's that the US Secret Service, DEA, and ATF have all halted use of Clearview. But just because Clearview is the most infamous and most ethically dubious provider of this tech doesn't mean the other options are so pristine and trustworthy, these agencies should be allowed to continue blowing off their training and privacy impact mandates. These agencies have had two years to get better at this. But it appears they've spent most of that time treading water, rather than moving forward.