No warrant is needed to search the face databases; there's no privacy in the perpetual line-up. Half of all American adults are in a face recognition database, and not one law enforcement agency requires a warrant before tapping into that tech to identify someone.While you might be binge-watching Netflix, cooking, working or sleeping—in other words, minding your own business and doing nothing illegal—law enforcement may be running your photo through a face recognition network, using your face in a virtual line-up to find a person suspected of committing a crime.How did you end up in this digital manhunt? It could be because you have a driver’s license or state-issued ID, since 26 states “enroll their residents in a virtual-line up.” That covers more than 117 million American adults, an investigation found, but since not all drivers are adults, then the total number of drivers in face recognition networks is more than 131 million.When you got your driver’s license, did you also give the police permission to put your photo in face recognition networks? A Georgetown Law Center on Privacy and Technology report titled “The Perpetual Line-up: Unregulated Police Face Recognition in America” (pdf) presents an even worse scenario. Your photo might be used to identify you for no specific reason. “Not one agency required warrants, and many agencies did not even require an officer to suspect someone of committing a crime before using face recognition to identify her,” according to the report.Maybe a cop is just curious, or maybe you exercised your First Amendment rights and ticked off a cop who wants to find out who you are. How would that be possible if they don’t know your name? At least five major police departments either run real-time face recognition off of street cameras or have looked into buying tech so they can run face recognition against live-feed video. “Innocent people don’t belong in criminal databases,” said co-author Alvaro Bedoya. “By using face recognition to scan the faces on 26 states’ driver’s license and ID photos, police and the FBI have basically enrolled half of all adults in a massive virtual line-up. This has never been done for fingerprints or DNA. It’s uncharted and frankly dangerous territory.”Innocent people can be wrongly identifiedOn top of driver’s licenses and ID photos, some agencies include mug shots in databases—even if the person was found innocent or charges were dropped—and allow the FBI to search for suspected criminals. But not an actual agent. The report states, “In this line-up, it’s not a human that points to the suspect—it’s an algorithm.” Algorithms can be created from biased information, and innocent people can wrongly be identified.The FBI has about 30 million photos in its database and can search driver’s license photos in 16 states. A Government Accountability Office report previously found that the FBI has access to about 411.9 million photos in its facial recognition database.Clare Garvie, who worked on the Georgetown Law Center investigation and report, said, “A face recognition system usually returns a list of possible candidates, not just the most likely suspect. So, even if the right person is in that list, there could be 40 or 50 other completely innocent people.”The authors of the report asked, “Are we comfortable with a world where anyone with a driver’s license is automatically enrolled in a virtual, perpetual line-up? Are we comfortable with a world where the government can find anyone, at any time, by scanning the faces of people on the sidewalk?”The answer is a resounding no, and 52 civil liberties group sent a letter to the Justice Department calling for an investigation. “At least one in four state or local police departments can run facial recognition searches through their own network or the network of another agency,” they said. “Safeguards to ensure this technology is being used fairly and responsibly appear to be virtually nonexistent.”The authors of the report said, “Face recognition is too powerful to be secret” and came up with 30 recommendations. “Face recognition can and should be used to respond to serious crimes and public emergencies. It should not be used to scan the face of any person, at any time, for any crime. The regulatory scheme that we propose will allow communities to enforce that difference.”“It is time to enact 21st Century privacy protections for a 21st Century surveillance technology,” they said. Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe