‘Very troubling’: FBI confirms collecting 430,000 iris scans in alleged pilot program

Documents show three California sheriff’s departments have been collecting iris data from arrestees over the last two and a half years under an alleged FBI pilot program. The nationwide trove includes over 430,000 iris scans.

“The fact these systems have gone forward without any public debate or oversight that we’ve been able to find is very troubling,” Nicole Ozer, Technology and Civil Liberties Director at the California chapter of the American Civil Liberties Union, told the Verge, which obtained the documents through a public records request.

An Inmate Identification and Recognition (IRIS) scan takes a detailed image of the ridges in the colored part of the eye, usually through infrared photography. The ridges are considered more detailed than a fingerprint and can be scanned much faster. The scans can also be retrieved much faster.  

The FBI argues the program is necessary to easily track criminals, promptly catch repeat offenders and suspects who try to hide their identities.

The documents, or “operations reports,” show collaboration through information-sharing agreements between sheriff’s departments and other agencies, including US Border Patrol and the Pentagon. They further show that three counties, Los Angeles, San Bernardino and Riverside, have contributed more than quarter-million “enrollments” in the database from the California Department of Justice. In both 2014 and 2015, more than 100,000 documents were added to the system.

Specifically, one document showed the San Bernardino Sheriff’s Department had become the most productive in IRIS data collection from at least 200,000 arrestees over the last two and a half years. They also found that in the early months of 2016, the department was collecting an average of 189 iris scans a day.

An FBI spokesperson confirmed to the Verge that since the launch of the program in 2013, they have “stockpiled IRIS scans from 434,000 arrestees,” for the new national biometric databases.

The IRIS scan program falls under the FBI’s multi-year $1 billion program, the Next-Generation Identification system, that will expand the bureau’s old fingerprinting database to allow for rapid matching of additional physical identifiers, including facial images and palm prints.

The bureau is trying to shield the biometric database from Privacy Act rules that require a person be notified if they are in a government system, as well as a rule that lets people ensure that the information the government is holding about them is accurate.

"If you're ever arrested for any crime – even for blocking a street as part of a First Amendment-protected protest – your non-criminal photographs will be combined with your criminal record and will become fair game for the same criminal database searches as any mug shot photo,” the Electronic Frontier Foundation, a group that advocates against privacy infringements, said in June.

The average IRIS recognition time from when an image is captured to when an officer receives a response is 7.8 seconds, according to Sean Mullin, president and Chief Executive Officer of B12 Technologies.

In 2012, Nextgov reported that B12 Technologies was the private company that was managing the nationwide database. Mullin said at that time that local agencies in 47 states were participating in the program, which had been operating for six years.

Little more is known about the experimental program that is amassing “vast quantities of personally identifiable data from US citizens.”

“You imagine 58 counties in California, and all the other places this might be around the country,” ACLU’s Ozer told the Verge. “If hundreds of thousands of people are being added to the system on a yearly basis, what are those implications?”