A simmering row between EFF and the FBI is developing over a rolling plan to store biometric (facial, iris, palm and/or fingerprint) templates on at least third of all American citizens by the end of next year.
After filing a Freedom of Information (FOI) request, the Foundation – a privacy and advocacy organisation set up back in 1990 – discovered that the NGI (Next Generation Identification) programme is a lot more advanced than many people realised.
The NGI seeks to build on the FBI's existing fingerprint database - which is thought to have data on 100 million people - almost a third of the 318 million population of the US - adding facial recognition to the biometric mix.
Perhaps more importantly from a privacy perspective, the plans call for the NGI database to incorporate both criminal and non-criminal records together under a single master system, with each person allocated a UCC (Universal Control Number) that is used across multiple government and allied agency databases.
The EFF says that NGI database has been expanding rapidly over the last two years - and may reach 52 million facial templates by the end of next year.
In 2012, the privacy organisation says that the NGI system held 13.6 million templates on between 7 million and 8 million people - a figure that doubled to 16 million by the end of last year, driven mainly by the fact that the system can process 55,000 photo images every day.
According to the EFF, the NGI actively combines facial, iris, palm and/or fingerprint biometric data - and links personal and biographic data such as name, home address, ID number, immigration status, age, race and so on.
"This immense database is shared with other federal agencies and with the approximately 18,000 tribal, state and local law enforcement agencies across the US," says the Foundation, adding that its primary concern is that the database will include non-criminal as well as criminal face images.
"Currently, if you apply for any type of job that requires fingerprinting or a background check, your prints are sent to and stored by the FBI in its civil print database. However, the FBI has never before collected a photograph along with those prints. This is changing with NGI. Now an employer could require you to provide a `mug shot' photo along with your fingerprints. If that's the case, then the FBI will store both your face print and your fingerprints along with your biographic data," the Foundation's analysis of the situation adds.
The problem here - as the EFF says - is that, even if you have never been arrested for a crime, if your employer requires you to submit a photo as part of your background check, your facial image could be searched — "and you could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file."
The big question is whether such a database is feasible in the UK, as the technology is obviously already here today.
For the answer to this question, SCMagazineUK.com turned to digital forensics specialist Professor Peter Sommer - a visiting professor with de Montfort University - who said we also have a similar issue here in the UK.
The challenge, he explained, is that data of all kinds is collected - including from CCTV Automatic Number Plate Recognition and communications data - on an initial individual from a worthy scenario, but is then retained and used for other reasons.
This process, he says, is carried without the tests of necessity and proportionality - and competent independent oversight.
"Several different streams of data are then aggregated to make the intrusion even greater. Data aggregation has a very important role in modern investigative practice, but the oversight mechanisms to limit abuse and collateral intrusion into the lives of the wholly innocent are largely weak or absent altogether," he said.
"Very soon we will have to worry that a combination of high resolution cameras and improved facial recognition techniques may be adding to his toxic mix," he warned.