The FBI loves your eyes so much that it will keep an iris scan of them forever, as long as you get arrested in one of the cities that are running an FBI iris scan program. The program has no privacy oversight and few public details, making it a perfect nightmare for privacy advocates.
According to The Verge, the FBI collected 430,000 iris scans from people who were arrested in Los Angeles, Riverside, and San Bernardino, with many of them (more than 190,000) originating from the latter.
The pilot started in 2013, with police in these counties scanning the irises of all the people who were ever arrested. Iris scans are a lot quicker to capture with current technology than any other biometric readings, including fingerprints, making identification procedures a lot easier in certain situations.
Each iris has a unique fingerprint, which would let the FBI accurately identify something as long as their iris scan is in its database. It also takes a “fraction of a second,” according to The Verge, for the scan to reach the database.
It’s unclear at this time whether the system has actually helped investigators since the pilot started. But what’s disturbing about it, at least to privacy advocates, is that the FBI has no privacy impact assessment for its iris scans collection program. It’s not clear how iris data is handled or what happens to it.
This isn’t the first time the FBI is failing to create privacy assessments on biometric databases. In June, a report revealed the FBI made millions of facial scans under an out-of-date privacy assessment, prompting criticism that it’s failing to disclose details about such practices, as it should be doing, under the Privacy Act.
The Verge notes that the FBI has been trying to exempt some of its NGI databases (that’s short for Next Generation Identification) from certain provisions of the Privacy Act, with privacy groups accusing the agency that it’s trying to obfuscate how these databases will function.