Privacy Impact Assessment for the Next Generation Identification (NGI) Palm Print and Latent Fingerprint Files

Issued by: Ernest J. Babcock, Senior Component Official for Privacy, FBI
Approved by:  Erika Brown Lee, Chief Privacy and Civil Liberties Officer, U.S. Department of Justice

Date approved: January 20, 2015

Section 1: Description of the Information System

Introduction

The Criminal Justice Information Services (CJIS) Division has provided state-of-the-art fingerprint identification and criminal history services through its Integrated Automated Fingerprint Identification System (IAFIS) for many years. Reflecting advancements in technology, CJIS is replacing IAFIS fingerprint services and providing new and enhanced services for other biometrics with the incremental implementation of the Next Generation Identification (NGI). Although enhancements have been made, CJIS will continue to provide criminal history services, including rap sheets. This Privacy Impact Assessment (PIA) describes some of the enhancements made to NGI, including the development of a National Palm Print System (NPPS) and enhanced searching of latent fingerprints. These modifications will allow the FBI to better meet the operational demands of national security, law enforcement, and noncriminal justice partners by providing improved identification solutions and investigative leads. 

Palm prints   

Historically, CJIS maintained three different categories of palm prints: (1) approximately two million palm prints received from state and federal partners; (2) hard copy palm print cards from contributors; and (3) palm prints collected by the FBI Laboratory Division. Historically, palm prints were collected for criminal justice and/or national security purposes. These palm prints were of limited utility to the community of users because they were nonsearchable and nonretrievable. To rectify this situation, the hard copy palm prints have been converted to electronic format, and CJIS established the NPPS in NGI. The NPPS provides the capability to accept, store, and retrieve palm print submissions from local, state, and federal agencies nationwide. The FBI will be publishing a subsequent PIA that specifically addresses the retention and subsequent searching of civil fingerprints in NGI. A limited number of authorized civil contributors, including the Department of Defense, will also be able to submit palm prints to NGI, and to request that the palm prints be retained and searched. 

Palm prints are accepted into NGI in the following ways: 

  1. Known palm prints with fingerprints;
  2. Known palm prints without fingerprints, but
    with an identifying number[1]; and
  3. Unknown palm prints. 


Known palm prints, whether with a tenprint[2] card or with an identifying number, will be enrolled in NGI. Known palm prints will be associated with the event or reason for which the prints were taken. As a result, known palm prints will be placed in the corresponding “identity group” (i.e., civil or criminal) within NGI and the identity group designation will determine how the palm prints are retained and searched. Known palm print submissions may contain other personally identifiable information (PII) typically associated with criminal and civil records. Examples of known palm prints are those collected incident to arrest, as a requirement of a sex offender registry, or for civil employment applications. 

Most known palm prints will be submitted to NGI electronically either through electronic capture, or through card scanning at the state level. Palm prints are collected using a method similar to ten rolled fingerprints on a hard copy palm print card or are captured electronically using a livescan device. Combinations may include two writer’s palm prints (the hypothenar and ulnar sides of the hand), full palm prints, and/or upper and lower palm segments from each hand. For criminal submissions, all new known palm prints cascade against the Unsolved Latent File (ULF), which contains both palm prints and fingerprints, for potential candidates; for civil submissions, all new known palm prints cascade against the ULF for potential candidates unless the submitting agency chooses not to participate in the cascaded search.

Unknown palm prints will be accepted into NGI in the form of either latent or partial palm prints. Currently, latent palm prints collected at crime scenes are searched similar to requested latent fingerprint searches. Latent palm prints are palm prints collected from locations or items associated with criminal or national security investigations. Specifically, a list of potential candidates is developed for submission to a latent examiner, who then makes the identification or uses the list for further investigatory purposes. Thus, the searches do not result in a positive identification.  Latent palm prints are retained in the ULF unless the submitting agency notifies NGI that an identification has been made, or opts out of enrollment. Palm prints are searched in the same manner as latent palm prints. Latent palm prints that are not retained in the ULF are deleted, unless specifically requested to be retained by the contributor. 

Palm prints are generally accepted by the forensic science community as positive identification; however, NGI searches result only in investigative leads to latent examiners, who may subsequently determine a positive identification.  In this respect, palm print functionality is analogous to latent functionality in NGI. Certain investigatory information, such as the identifying number, event information, match score, and candidate images, is provided to the submitting agency to enable latent examiners to narrow the candidate list based on their expertise. The latent palm print will not be added to the subject’s identity record in NGI, although a subsequent arrest tenprint, with accompanying palm prints, may be added. 

Latent fingerprints

Latent fingerprints are collected for criminal justice and/or national security purposes.  IAFIS maintains approximately 400,000 latent fingerprints in the ULF, contributed by the FBI Laboratory Division and federal and state partners. Previously, latent fingerprints collected from crime scenes and submitted by authorized users were searched only against the IAFIS Criminal Master File, which contained a single composite set of tenprints, comprising the best set of fingerprints obtained from each individual.  With NGI, latent fingerprints are searched against all submitted fingerprints, to include rolled, flat, and slap impressions. Contributors may also designate certain repositories and identity groups within NGI to be searched. The latent fingerprints also will be searched against civil submissions if permitted and requested by the contributors. 

With NGI, all incoming criminal tenprint submissions cascade against the ULF. Criminal submissions with fewer than ten criminal fingerprints that are not retained (e.g., criminal inquiries) also cascade against the ULF. Incoming retained civil tenprint submissions cascade against the ULF; incoming non-retained civil tenprint submissions cascade against the ULF unless the contributing civil agency chooses not to participate. However, dissemination of results of the ULF cascaded searches will be restricted, with unsolicited notification being provided only to the agency that submitted the unsolved latent record. Finally, “supplemental” fingerprints, a rolled whole finger or a rolled tip of a finger, submitted with either an accompanying tenprint or an identifying number, are retained and cascaded against the ULF.

Due to technological improvements within NGI, the repository for latent fingerprints allows for more searches per day and improved response time to users. An important goal of NGI is to enhance functionality for remote federal, state, and local agency users. In the past, many remote latent examiners prepared a latent fingerprint search against their respective systems and then edited the latent fingerprint again for submission to IAFIS. With NGI, the examiners may submit and manage investigative transactions using NGI-deployed components. All remote users access Electronic Biometric Transmission Specification (EBTS) messages for entry to NGI. The number of latent fingerprints submitted to NGI is expected to grow each year, as the response times improve. 

Section 2: Information in the System

2.1 Indicate below what information is collected, maintained, or disseminated.
(Check all that apply.)

Identifying numbers

Social Security

x

Alien Registration

x

Financial account

 

Taxpayer ID

 

Driver’s license

 

Financial transaction

 

Employee ID

 

Passport

x

Patient ID

 

File/case ID

x

Credit card

 

 

 

Other identifying numbers (specify): Most identifying numbers are optional (e.g., assigned FBI numbers), but may be associated with the latent palm or fingerprints prints by the submitting agency.

 

General personal data

Name

x

Date of birth

x

Financial info

 

Maiden name

x

Place of birth

x

Medical information

 

Alias

x

Home address

x

Military service

x

Gender

x

Telephone number

 

 

 

Age

x

Email address

 

Physical characteristics

x

Race/ethnicity

x

Education

 

Mother’s maiden name

 

Other general personal data (specify): NGI retains PII associated with fingerprint and palm print submissions, including names, addresses, Social Security numbers, telephone numbers, unique identifying numbers, gender, race, dates of birth, geographic indicators, license numbers, photographs, and other descriptors.  Much of this PII is discretionary information that is provided by the submitting agency and is not searchable within the system.   

 

Work-related data

Occupation

x

Telephone number

 

Salary

 

Job title

 

Email address

 

Work history

 

Work address

x

Business associates

 

 

 

Other work-related data (specify): Work-related data may be found associated with some biometric submissions; however, the information is not required and is not searchable by NGI.

 

Distinguishing features/Biometrics

 

Fingerprints

x

Photos

 

DNA profiles

 

Palm prints

x

Scars, marks, tattoos

 

Retina/iris scans

 

Voice recording/signatures

 

Vascular scan

 

Dental profile

 

Other distinguishing features/biometrics (specify):

 

System admin/audit data

User ID

x

Date/time of access

x

ID files accessed

x

IP address

x

Queries run

x

Contents of files

x

Other system/audit data (specify):

 

 

Other information (specify)

         

         

         


2.2  Indicate sources of the information in the system. (Check all that apply.)

Directly from individual about whom the information pertains

In person

 

Hard copy:  mail/fax

 

Online

 

 Telephone

 

Email

 

 

 

Other (specify): Due to the nature of biometric collection, the CJIS Division does not obtain palm prints or latent fingerprints directly from an individual. NGI will be populated with biometric submissions collected by other divisions of the FBI and by law enforcement, homeland security, national security, and authorized civil partners. Many of these agencies collect the biometrics directly from the individual.               

 

Government sources

Within the Component

X

Other DOJ components

x

Other federal entities

x

State, local, tribal

x

Foreign

x

 

 

Other (specify):  The palm prints and latent fingerprints are collected and submitted to the CJIS Division by local, state, federal (including FBI agents), tribal, and some foreign agencies and instrumentalities in accordance with their lawful missions. The latent fingerprints and some of the palm prints will be obtained indirectly, such as from crime scenes. Some palm prints may be obtained directly from the individual by the submitting agencies, such as authorized civil employers. Related biographic and event information may be obtained either directly from the subject by the submitting agencies, or by the submitting agencies from other sources in the course of investigations or other authorized activities.   

 

Non-government sources

Members of the public

 

Public media, internet

 

Private sector

 

Commercial data brokers

 

 

 

 

 

Other (specify):                


2.3 Analysis:  Now that you have identified the information collected and the sources of the information, please identify and evaluate any potential threats to privacy that exist in light of the information collected or the sources from which the information is collected. Please describe the choices that the component made with regard to the type or quantity of information collected and the sources providing the information in order to prevent or mitigate threats to privacy. (For example: If a decision was made to collect less data, include a discussion of this decision; if it is necessary to obtain information from sources other than the individual, explain why.)

The FBI recognizes that any new biometric capability must be carefully assessed and tested prior to implementation to ensure sufficient reliability and minimum error. The enhanced retention, searching, and dissemination of palm prints and latent fingerprints may present a risk of erroneous identification.  Accordingly, NGI was developed and implemented incrementally. Prior to the integration of each new biometric modality, such as palm prints, the best available matching systems for the modality underwent rigorous testing. This testing and the associated statistical analysis of results for accuracy, error rate, and other measures were performed during the biometric trade study for the particular modality. Test results and statistical analysis from independent testing agencies (e.g., National Institute of Standards & Technology (NIST)) were assessed to determine the usefulness and reliability of a particular biometric modality for identification and/or investigative purposes. Further, the successful implementation and use of a particular modality by other federal agencies serves to assist with the integration of the biometric modality into NGI. 

Palm print recognition inherently implements many of the same matching characteristics that have allowed fingerprint recognition to be one of the most well-known biometrics. Both palm and finger biometrics are represented by the information presented in a friction ridge impression. In the case of latent fingerprints and palm prints, the FBI has maintained these biometric modalities for many years. NGI permits greater retention and searching of these biometrics but, notably, these biometrics will serve as only investigative leads. Identification of an individual will not be considered positive unless a tenprint is incorporated into the record.      

Accepting additional biometric data (i.e., palm prints) without accompanying tenprint submissions may pose a risk of misidentification. In the past, accompanying tenprint submissions have served to link fingerprints to a single identity positively confirmed by those fingerprints. Under the new process, however, palm prints may be submitted and accompanied by fewer fingerprints because NGI’s fingerprint technology has sufficiently progressed to permit positive association between fewer than ten fingerprints and tenprint sets on file. 

Additional biometric data may also be submitted along with reference to an existing unique identifying number. However, these submissions could present risks with respect to positive identification. If the submitting agency has made a typographical, clerical, or other mistake as to the correct identifying number for the subject of the submitted biometric, it could result in the submitted biometric being associated with the wrong person. To mitigate this risk, CJIS intends to execute agreements with agencies that submit biometrics without accompanying tenprints. Memoranda of Understanding (MOUs) will require that a submitter verify that a fingerprint or palm print identification was performed at the state or agency level prior to submission of the biometric to CJIS. The FBI intends to further reduce this risk through aggressive training and state and federal audits designed to ensure accuracy. The FBI therefore considers that misidentifications will be rare, and that prior to the taking of any adverse action against a person, any such erroneous association would be discovered and corrected via comparisons with text-based descriptors or positive fingerprint corroboration. Conversely, the use of additional biometrics may assist with eliminating misidentifications, so that those persons not of interest to law enforcement will not be inconvenienced, and those individuals seeking benefits will be assured of receiving them. 

Another privacy risk could be the improper access to the data or misuse of information in the NGI database, such as unauthorized electronic searching of these additional biometrics. This risk is mitigated through training and by the periodic audits conducted by the FBI to ensure that system searches are necessary and relevant to the person’s official duties. CJIS has an established Audit Unit that regularly visits entities that are authorized to collect and submit biometric data to ensure all legislative and agency policy protections are being implemented. Allegations of misuse of CJIS systems are generally referred to the appropriate CJIS Systems Officer (CSO) of the jurisdiction where the misuse occurred. The FBI responds to all such allegations. For those occasions when records maintained in NGI are wrongfully accessed or disseminated, both the CJIS Advisory Policy Board (APB) and the National Crime Prevention and Privacy Compact Council have established Sanction Committees to address the possible misuse.           

The retention of additional biometric data also presents a correspondingly increased risk that the FBI will be maintaining more information that is subject to loss or unauthorized use. In particular, NGI will be maintaining additional civil palm prints and performing additional searches of civil repositories, if permitted by the contributor. The risk of loss/unauthorized use is mitigated by the strong system, user, site, and technical security features present in NGI, which are described in later sections of this PIA. 

Section 3: Purpose and Use of the System

3.1 Indicate why the information in the system is being collected, maintained, or disseminated.  (Check all that apply.)

Purpose

x

For criminal law enforcement activities

 

For civil enforcement activities

 

For intelligence activities

 

For administrative matters

 

To conduct analysis concerning subjects of investigative or other interest

 

To promote information sharing initiatives

 

To conduct analysis to identify previously unknown areas of note, concern, or pattern.

 

For administering human resources programs

 

For litigation

 

 

  x

Other (specify): national security, homeland security, employment and licensing                


3.2 Analysis:  Provide an explanation of how the component specifically will use the information to accomplish the checked purpose(s). Describe why the information that is collected, maintained, or disseminated is necessary to accomplish the checked purpose(s) and to further the c
omponent’s and/or the Department’s mission.

 As listed below, the FBI has statutory authority to collect, preserve, and exchange biographic and biometric information for criminal, civil, and national security purposes. Consistent with that authority, the NGI Program Office’s mission is to reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services. The NGI enhancements will allow CJIS to continue to provide law enforcement, national security, and homeland security agencies with timely identification services relevant to their missions. In addition, the NGI enhancements will improve the accuracy of screening applicants for positions of trust.        

3.3 Indicate the legal authorities, policies, or agreements that authorize collection of the information in the system. (Check all that apply and include citation/reference.)

Authority

                        Citation/Reference

x

Statute

28 U.S.C. §§ 533, 534; 42 U.S.C. § 3771; 44 USC § 3301; USA PATRIOT ACT; Intelligence Reform and Terrorism Prevention Act

x

Executive Order

E.O. 8781, 8914, 10450, 13311, 13356

x

Federal Regulation

28 CFR §§ 0.85, 20.31, 50.12

 

Memorandum of Understanding/agreement

         

x

Other (summarize and provide copy of relevant portion)

HSPD 24   


3.4 Indicate how long the information will be retained to accomplish the intended purpose, and how it will be disposed of at the end of the retention period. (Reference the applicable retention schedule approved by the National Archives and Records Administration, if available.)  

The NGI data will be retained in accordance with the applicable retention schedules approved by the National Archives and Records Administration (NARA). NARA has approved the destruction of fingerprint cards and corresponding indices when criminal and civil subjects attain 110 years of age or seven years after notification of death with biometric confirmation. NARA has determined that automated FBI criminal history record information and NGI transaction logs are to be permanently retained. Biometrics and associated biographic information may nevertheless be removed from the NGI system earlier than the standard NARA retention period pursuant to a request by the submitting agency, or the order of a court of competent jurisdiction.

3.5 Analysis:  Describe any potential threats to privacy as a result of the component’s use of the information, and controls that the component has put into place to ensure that the information is handled, retained, and disposed appropriately. (For example: mandatory training for system users regarding appropriate handling of information, automatic purging of information in accordance with the retention schedule, etc.)              

The initiative described in this PIA will be subject to the same extensive security protections, access limitations, and quality control standards already in existence for IAFIS and further augmented by NGI.  Access to NGI is controlled through extensive, long-standing user identification and authentication procedures. Stringent processes are in place to ensure that only authorized users have access to the system and the information is verified through audit logs detailing an authorized user or agency’s search and retrieval of the biometric data. The CJIS Audit Unit conducts internal and external on‑site audits of user agencies to assess and evaluate compliance with the CJIS Division Security Policy and applicable laws. Agencies requesting and receiving biometric identifications will be trained by the CJIS Systems Agency, which has overall responsibility for the administration and usage of the CJIS programs that operate in a particular state. Records will be purged from the system when removed by the submitting agency or as a result of a court order.  (For analysis regarding the sharing of this information, please see Section 4.2, below; see also Section 2.3, above.)  

Section 4:  Information Sharing

4.1 Indicate with whom the component intends to share the information in the system and how the information will be shared, such as on a case-by-case basis, bulk transfer, or direct access.                      

 

Recipient

How information will be shared

Case-by-case

Bulk transfer

Direct access

Other (specify)

Within the component

 

 

x

 

DOJ components

 

 

x

 

Federal entities

 

 

x

 

State, local, tribal gov’t entities

 

 

x

 

Public

 

 

 

 

Private sector

 

 

 

 

Foreign governments

 

 

x

(Canada)

Foreign entities

x

 

 

 

Other (specify):

 

 

 

 


4.2 Analysis: Disclosure or sharing of information necessarily increases risks to privacy.  Describe controls that the component has put into place in order to prevent or mitigate threats to privacy in connection with the disclosure of information. (For example: measures taken to reduce the risk of unauthorized disclosure, data breach, or receipt by an unauthorized recipient; terms in applicable MOUs, contracts, or agreements that address safeguards to be implemented by the recipient to ensure appropriate use of the information – training, access controls, and security measures; etc.)

All information contained in NGI is available to Department of Justice (DOJ) components for criminal justice and national security purposes when there is a need for the information to perform official duties, pursuant to 28 U.S.C. § 534 and 5 U.S.C.§ 552a(b)(1). Information is disclosed only to DOJ users who have been authorized access to the information in the NGI system. Some of the internal DOJ components with whom FBI shares NGI information include the United States Marshals Service, the Drug Enforcement Administration, the Bureau of Prisons, the Bureau of Alcohol, Tobacco, Firearms, and Explosives, and the National Security Division. 

Biographic and biometric data within NGI will also be shared with local, state, federal, tribal, foreign, international, and joint agencies for criminal justice initiatives and national security matters as permitted by federal and state statutes, federal and state executive orders, and regulations or orders issued by the Attorney General. Information also is shared with authorized noncriminal justice agencies and entities for employment suitability checks, permits, identity verification, and licensing in accordance with applicable laws, regulations and policies. NGI will only maintain data provided by authorized agencies, which are responsible for ensuring that accurate and complete biographic and biometric information is submitted in the first instance, in accordance with CJIS data quality standards and operating policies.    

Additional privacy protections are provided by 28 U.S.C. § 534, which states that the dissemination of information under its authority is subject to cancellation if shared information is disclosed outside the receiving agency or related agencies. Although this is a separate statute from the Privacy Act of 1974, it provides specific controls on the dissemination of criminal information. 28 CFR § 20.33 provides supplemental guidance regarding the dissemination of criminal history record information, including identification of authorized recipients and potential sanctions for unauthorized disclosures. These restrictions are, in turn, reflected in long-standing and extensive system security standards and operating policies applicable to all system users. In addition, authorized users must comply with applicable security and privacy protocols addressed in the CJIS Security Policy. CJIS User Agreements and Outsourcing Standards also define parameters to information sharing. Federal and state audits are performed to ensure compliance. The CSO is responsible for implementing and ensuring compliance with the CJIS Security Policy. 

The primary method for transmission of biometric submissions is electronically, via the CJIS Wide Area Network (WAN), a telecommunications infrastructure that connects authorized agencies to the CJIS host computer systems. The purpose of the CJIS WAN is to provide a secure transport mechanism for CJIS criminal history record information and biometric-related information. The WAN provides direct and indirect electronic access to FBI identification services and data for numerous federal, state, and local law enforcement and authorized non-law enforcement agencies in all fifty states. Agencies transmit and, in turn, CJIS responds via the CJIS WAN. The CJIS WAN transmission hardware is configured by FBI personnel. Transmission of data to and from CJIS is encrypted, and firewalls are mandated and in place. Electronically, the biometrics will be supported through the EBTS, which currently supports fingerprint, palm print, and latent submissions. The EBTS provides proper methods for external users to communicate with the CJIS systems for the transmission of biographic and biometric information for purposes of criminal or civil identification. Other means of transmission for fingerprints and palm prints may include CD-ROM or manual processing, which is rarely utilized.                 

CJIS provides training assistance and up-to-date materials to each CSO and periodically issues informational letters to notify authorized users of administrative changes affecting the system. CSOs at the State and Federal level are responsible for the role-based training, testing, and proficiency affirmation of authorized users within their respective state/federal agency. All users must be trained within six months of employment and biennially retested thereafter. Access to NGI will be granted to the same users who currently have access to IAFIS; this initiative does not change the procedures that are used to determine which users may access the system. 

Authorized users will have the ability to directly input biometrics into or delete biometrics from existing files within NGI based on their roles. The systems are not available to users unless there has been an application for, and assignment of, an Originating Agency Identifier (ORI) unique to each using entity. Each user may only access the types of information for the purposes that have been authorized for its ORI. Such access is strictly controlled and periodically audited by CJIS. State and federal CSOs must apply to the CJIS Division for the assignment of ORIs, and CJIS staff evaluates these requests to ensure the agency or entity meets the criteria for the particular type of ORI requested.  CJIS maintains an index of ORIs and logs all dissemination of identification records to the applicable ORI. Full access ORIs are provided to criminal justice agencies and other agencies as directed by Federal legislation for criminal justice purposes. Limited access ORIs are provided to noncriminal justice agencies requiring access to FBI-maintained records for official and authorized purposes. Most noncriminal justice agencies and entities have been assigned limited access ORIs and are entitled to criminal history information after first submitting fingerprints and identifying the authority for such submissions.

The NGI System Design Document includes requirements to maintain chronological transaction audit logs for authorized purposes. All users are subject to periodic on-site audits conducted by both a user’s own oversight entity and the FBI CJIS Division Audit Unit. The audits assess and evaluate users’ compliance with CJIS technical security policies, regulations, and laws applicable to the criminal identification and criminal history information, and terms of the applicable user agreements or contracts. Deficiencies identified during audits are reported to the CJIS Division APB and Compact Council Sanctions Committees. Access may be terminated for improper access, use, or dissemination of system records. In addition, each Information System Security Officer (ISSO) is responsible for ensuring that operational security is maintained on a day-to-day basis. Adherence to roles and rules is tested as part of the security certification and accreditation process. 

Internal users of the system — all FBI employees and contractor personnel — must complete annual information security and privacy training. The training addresses the roles and responsibilities of the users of FBI systems, and raises awareness of the sensitivity of the information contained therein and how it must be handled to protect privacy and civil liberties. 

Section 5:  Notice, Consent, and Redress 

5.1 Indicate whether individuals will be notified if their information is collected, maintained, or disseminated by the system.  (Check all that apply.)

x

Yes, notice is provided pursuant to a system of records notice published in the Federal Register and discussed in Section 7. Further notice will be provided by this PIA.

x

Yes, notice is provided by other means.    

Specify how:  Civil applicants submitting palm prints will be provided notice.                   

  x

No, notice is not provided.

Specify why not: In criminal and national security investigations, all of the latent fingerprints and the majority of the palm prints are taken without notice

 

5.2 Indicate whether and how individuals have the opportunity to decline to provide information.

x

Yes, individuals have the opportunity to decline to provide information.

Specify how: Civil applicants may decline to submit palm prints.             

x

No, individuals do not have the opportunity to decline to provide information.

Specify why not: In the criminal context, in most instances, the individual will not be able to decline because the latent fingerprint or palm print will be obtained from a crime scene; in addition, the identity associated with the latents and many of the palm prints will be unknown, making notice and consent impossible.


5.3 Indicate whether and how individuals have the opportunity to consent to particular uses of the information.

 X

Yes, individuals have an opportunity to consent to particular uses of the information.

Specify how: Civil applicants provide consent for disclosure incident to the application.                       

  

x

No, individuals do not have the opportunity to consent to particular uses of the information.

Specify why not: See sections 5.1 and 5.2. In most instances, the individual will not be available to consent or his identity will be unknown.

  

 

5.4 Analysis:  Clear and conspicuous notice and the opportunity to consent to the collection and use of individuals’ information provides transparency and allows individuals to understand how their information will be handled.  Describe how notice for the system was crafted with these principles in mind, or if notice is not provided, explain why not.  If individuals are not provided the opportunity to consent to collection or use of the information, explain why not.

 Agencies that contribute criminal biometric information are not required to provide a Privacy Act statement or similar notice to the individual from whom the information pertains. In some cases, the subject of the criminal biometric submission will be aware of the collection incident to his criminal justice processing. However, in most cases, the individual will be unaware that she/he left his latent fingerprints or palm prints at a certain location. 

For civil biometric submissions, specific notice is typically the responsibility of the agency collecting the biometrics. Civil information is often collected on the FBI Applicant Fingerprint Card (FD-258) or the FBI Standard Palm Print Card (FD-884) that are provided to authorized agencies and entities relevant to the particular authority for which the federal criminal history check is being made. The Privacy Act statement on these forms is being revised to provide notice of the retention, searching, and sharing of civil palm prints.           

A person under arrest or the subject of a criminal or national security investigation generally has no opportunity or right to refuse the collection of biometrics. Nevertheless, any criminal or national security uses of the information must be in compliance with the provisions of any applicable law, including the Privacy Act. Civil applicants may be legislatively required to submit fingerprints or palm prints as a condition for employment or licensing; however, the choice to apply for the employment and licensing is voluntary. The privacy risks associated with lack of notice to affected individuals about the collection, maintenance, and use of additional biometrics are partially addressed by general notice to the public via the published System of Record Notice (SORN), PIAs, and other Privacy Act notices.   

Title 28 C.F.R. part 16, subpart A, provides general guidance on access to information in FBI files pursuant to the Freedom of Information Act, and 28 C.F.R. part 16, subpart D, provides general guidance regarding access to, and amendment of, information in FBI files pursuant to the Privacy Act. However, certain NGI records are exempt from access and amendment under the Privacy Act.  (See 28 C.F.R. § 16.96 (e) and (f)). Title 28 C.F.R. §§ 16.30-16.34 and § 20.34 establish alternative procedures for a subject of an FBI criminal identification record to obtain a copy of his record for review and correction. If, upon review, the individual believes any information in her record is incorrect or incomplete in any respect, she may submit a request for corrections, updates, or other changes regarding her record directly to the agency that contributed the questioned information. The individual may also direct his challenge to the FBI CJIS Division. The FBI will then forward the challenge to the agency that submitted the data and ask that agency to verify or correct the challenged entry. 

The opportunity to seek access to or amend information in the source records of a contributing local, state, federal, or tribal agency will be controlled by the laws and procedures applicable to that agency. To the extent that such an agency has a process in place for access to or correction of the contributing agency’s source records, individuals may avail themselves of that process. If the process results in a correction of the source records, the contributing agency should, in turn, make appropriate corrections in the information contributed to NGI.  

Officials making the determination of suitability for licensing or employment must provide the applicants the opportunity to challenge the accuracy of information contained in the FBI identification record. These officials must advise the applicants that procedures for obtaining a change, correction, or updating of an FBI identification record are set forth in Title 28 CFR § 16.34. Officials making such determinations should not deny the license or employment based on information in the record until the applicant has been afforded a reasonable time to correct or complete the record (See 28 CFR §50.12).                                                                                                          

The risk of erroneous information is mitigated because the FBI has a substantial interest in ensuring the accuracy of information in the system, and in taking action to correct any erroneous information. Additionally, the risk is mitigated because the maintenance and dissemination of information must comply with the provisions of any applicable law, regulation, or policy, including the Privacy Act. Among other requirements, the Privacy Act obligates the FBI to make reasonable efforts to ensure the information that it disseminates to non-federal agencies is accurate, complete, timely, and relevant. This risk is further mitigated to the extent that an agency that contributes information to NGI has a process in place for access to or correction of the contributing agency’s source records.

Section 6:  Information Security

6.1 Indicate all that apply.

x

A security risk assessment has been conducted.

A full risk assessment was conducted in January of 2014.   

x

Appropriate security controls have been identified and implemented to protect against risks identified in security risk assessment.  Specify: Controls are documented in the NGI Security Requirements Traceability Matrix (SRTM). 

 

x

Monitoring, testing, or evaluation has been undertaken to safeguard the information and prevent its misuse. Specify: Full testing was conducted in January of 2014.  The system is further evaluated quarterly to ensure safeguards remain in place.              

 

x

The information is secured in accordance with FISMA requirements. Provide date of most recent Certification and Accreditation: April 30, 2014 

x

Auditing procedures are in place to ensure compliance with security standards. Specify, including any auditing of role-based access and measures to prevent misuse of information: As NGI is the replacement system for IAFIS, auditing for NGI is being conducted in the same manner as it was for IAFIS.

x

Contractors that have access to the system are subject to provisions in their contract binding them under the Privacy Act. Contractors provide a variety of general support and development services for NGI and in some cases may have access to system data. The extent of access will vary based on the nature of the contract requirements and will be subject to appropriate non-disclosure and use limitations. Existing contracts contain appropriate security requirements and are subject to extensive privacy protections built into the existing infrastructure and policies, such as limited access, secure location, audits, and Privacy Act clauses provided by the Federal Acquisition Regulation.

 

x

Contractors that have access to the system are subject to information security provisions in their contracts required by DOJ policy.

x

The following training is required for authorized users to access or receive information in the system:

 

X

General information security training

X

Training specific to the system for authorized users within the Department.

X

Training specific to the system for authorized users outside of the component.

 

Other (specify):             

 

6.2 Describe how access and security controls were utilized to protect privacy and reduce the risk of unauthorized access and disclosure.

Please see Section 4.2 for specific access and security control descriptions. In addition, the NGI system NIST 800-53 security control baseline is at the HIGH impact level of assurance. Security controls are continually assessed during the development life cycle for compliance and to ensure appropriate mitigation strategies have been implemented commensurate with the HIGH impact level of assurance.

Section 7:  Privacy Act

7.1 Indicate whether a system of records is being created under the Privacy Act, 5 U.S.C. § 552a.  (Check the applicable block below and add the supplementary information requested.)

  x

Yes, and this system is covered by an existing system of records notice. Provide the system name and number, as well as the Federal Register citation(s) for the most recent complete notice and any subsequent notices reflecting amendment to the system: IAFIS is covered by “Fingerprint Identification Records System” (FIRS) (JUSTICE/FBI-009) (64 Federal Register (FR) 52343, 52347; 66 FR 33558; 70 FR 7513, 7517; 72 FR 3410).              

  x

Yes, and a system of records notice is in development. A new/updated system of records notice is being published in coordination with the final deployment of NGI and will address the increased collection, retention, and uses of biometric records.

 

No, a system of records is not being created.


7.2 Analysis: Describe how information in the system about United States citizens and/or lawfully admitted permanent resident aliens is or will be retrieved.

Information in NGI pertaining to US citizens and permanent resident aliens will be retrieved by biometric and biographic identifiers as explained above in “Description of the Information System.” For purposes of access and retrieval, NGI will make no distinctions based on an individual’s citizenship or residence.

[1] A number previously linked to a person positively identified by fingerprints.

[2] A “tenprint” refers to a set of prints from all ten of a person’s fingers.  NGI accepts either flat or rolled tenprints for positive identification.