Artificial Intelligence & Machine Learning
,
Governance & Risk Management
,
Government
Privacy Advocates Warn of Risks from Expanding DHS Use of AI and Facial Recognition
The U.S. Department of Homeland Security is neglecting key privacy safeguards while expanding its use of warrantless surveillance technologies, including drones and pole-mounted cameras – a trend experts warn threatens privacy rights.
See Also: Maximizing data utility in mission delivery, citizen services, and education
The department additionally lacks policies to assess bias risks for most surveillance technologies, the Government Accountability Office reported Tuesday. While DHS plans to evaluate AI-enabled tools for bias, it has yet to address risks in over 20 other systems, including facial recognition and license plate readers.
DHS is unaware of all the technologies being used by its agencies, the report said, while Customs and Border Protection, Immigration and Customs Enforcement and the Secret Service increasingly rely on third-party analytical software and deploy drones, surveillance vehicles and 24-hour public cameras, often without requiring warrants. The government’s lack of privacy protections for facial recognition and AI-driven surveillance systems could have a “chilling effect” on privacy rights nationwide, according to Paul Bischoff, a consumer privacy advocate for Comparitech.
DHS “should be required to meet a high level of accuracy for facial recognition AI,” Bischoff told Information Security Media Group, stating that mismatches in law enforcement’s use of the technology disproportionately impact minorities and the elderly. “The threshold for law enforcement use is high, but law enforcement agencies often lower the threshold to find more suspects.”
“Surveillance technologies and the data collected through them should only be accessible to trained, assigned staff and not shared with third parties,” he added.
The three DHS law enforcement agencies reviewed by GAO access data from third-party surveillance tools, including automated license plate readers and technologies provided by private vendors and state or local law enforcement. CBP also reported plans to enter into agreements with third-party vendors to begin collecting information from aircraft tail number readers, automated license plate readers, pole cameras, vehicles with detection and more.
A key challenge in law enforcement’s use of facial recognition and other emerging technologies is data minimization, which involves collecting only the essential data needed for a specific purpose, a principle often overlooked, according to Michael Hughes, chief business officer at privacy software firm Duality Technologies.
Hughes told ISMG most law enforcement queries involve the use of “haystacking,” a tactic where agencies request far more data than necessary to obscure their specific focus, “to prevent adversaries from knowing what the agency is looking at or for, by requesting far more information than is necessary or relevant to the investigation or mission itself.”
“Rather than relying upon expensive and time-intensive haystacking, agencies can simply keep their queries and analyses confidential from the data owner,” Hughes suggested, adding that the approach would enable law enforcement to uphold operational security while moving at the necessary speed for their mission.
GAO urged the department to develop new policies to assess the risks associated with bias in emerging technologies and implement privacy protections through improved technology policies. The report also called on DHS’ law enforcement agencies to apply current privacy policies to all detection, observation and monitoring technologies currently in use.
DHS did not respond to requests for comment.