How do you know when a pilot program is over? Depending on who you are, the answer may vary. In some cases, the answer is, “When the funding runs out.” Other times a pilot ends after a pre-set number of trials, a specified length of time, or when declared a success or failure. It looks like when the Federal Bureau of Investigation is involved, at least with its iris scanning project, the pilot is over when they say it’s over, according to The Verge.
Since 2013 when the FBI began collecting iris scans to test the technology available at the time, the government organization has continued collecting scans from federal and state agencies. The U.S. Border Patrol, the Pentagon, and agencies from Texas and Missouri have all contributed and agreed to share information with the FBI, which confirmed it has scans from 430,000 arrestees.
The greatest number of scans have come from California — specifically Los Angeles, San Bernardino, and Riverside counties. Most of the scans come from jails and detention centers. San Bernadino is by far the largest source of scans. The San Bernadino Sheriff’s Department in the first months of 2016 has been capturing an average of 189 iris scans each day, totaling almost 200,000 scans from arrestees from one county in the last two and a half years.
There are two related concerns over the seemingly endless pilot program: privacy issues and program accountability. Privacy mandates are generally required for biometric data-gathering, with a privacy impact assessment (PIA). PIA’s are plans to anticipate and handle misuse or overreach of private data.
No PIA has yet been submitted by the FBI for the iris scanning pilot. An FBI spokesperson informed The Verge that a PIA wasn’t considered necessary in 2014 “because the pilot was conducted with very limited participation for a limited period of time in order to evaluate iris technology.” The pilot program has now been extended each year since it started.
Time has passed and most of the 430,000 iris scans have been collected since the initial decision not to create a PIA. The FBI said it’s working on one now, but there’s no set timetable for delivery. Earlier this year the Government Accountability Office (GAO) called the FBI on not submitting PIAs for a database of hundreds of millions of facial scans, many from driver’s license photos.
One of the concerns is that, while justification for gathering information is usually linked to criminal, terrorist, and intelligence investigations, the presence of tens of millions of faces from every driver holding a license in certain states subjects everyone to scrutiny and possibly being put in a pool of potential matches — with no oversight on how the data is used. So if your facial bone structure scored many identical points to someone of interest to one of the many agencies involved, your file could be flagged and even if nothing else happened, the flag could stay on your file indefinitely. That sounds like a valid concern.
The iris scan program, like the facial scans, is part of the FBI’s Next Generation Identification (NGI) database. The NGI database has a broad purview including employment background checks and identifying unknown corpses as wall as use in criminal, terrorist, and intelligence investigations. The Verge reports that the FBI wants to exempt the NGI database from parts of the Privacy Act — if exempted, updated public records of the programs wouldn’t be required.