NSA Collects "Millions Of Images" Each Day For Its Facial Recognition Database

With the NSA already reigning supreme when it comes to the capture of virtually every form of instantaneous electronic communication and interchange, aka the "flow" of data, there is one final threshold that the US superspy agency needed to cross before the biggest brother of all would have full control over not only the flow of information, but its stock too: a photographic database of virtually everyone. And courtesy of not only programs like Facebook, but also its access to government photographic data, the NSA is focusing on just that. As the NYT reports, the agency is "harvesting huge numbers of images of people from communications that it intercepts through its global surveillance operations for use in sophisticated facial recognition programs, according to top-secret documents."

When we say "focusing", we mean just that, at a pace that is simply unprecedented:

"The agency intercepts “millions of images per day” — including about 55,000 “facial recognition quality images” — which translate into “tremendous untapped potential,” according to 2011 documents obtained from the former agency contractor Edward J. Snowden. While once focused on written and oral communications, the N.S.A. now considers facial images, fingerprints and other identifiers just as important to its mission of tracking suspected terrorists and other intelligence targets, the documents show."

The NSA is not shy about its intentions:

“It’s not just the traditional communications we’re after: It’s taking a full-arsenal approach that digitally exploits the clues a target leaves behind in their regular activities on the net to compile biographic and biometric information” that can help “implement precision targeting,” noted a 2010 document.

In addition to its traditionally favorite method of collecting data, namely unauthorized intercepts of emails and other electronic communications, the NSA has a cornucopia of prepared data it can parse.

State and local law enforcement agencies are relying on a wide range of databases of facial imagery, including driver’s licenses and Facebook, to identify suspects. The F.B.I. is developing what it calls its “next generation identification” project to combine its automated fingerprint identification system with facial imagery and other biometric data.

While it is the US State Department that has "what several outside experts say could be the largest facial imagery database in the federal government, storing hundreds of millions of photographs of American passport holders and foreign visa applicants", what sets the NSA apart, aside from having unchecked access to virtually all electronic data located anywhere in the world, is its ability to match images with huge troves of private communications.

The agency has developed sophisticated ways to integrate facial recognition programs with a wide range of other databases. It intercepts video teleconferences to obtain facial imagery, gathers airline passenger data and collects photographs from national identity card databases created by foreign countries, the documents show. They also note that the N.S.A. was attempting to gain access to such databases in Pakistan, Saudi Arabia and Iran.


One of the N.S.A.’s broadest efforts to obtain facial images is a program called Wellspring, which strips out images from emails and other communications, and displays those that might contain passport images. In addition to in-house programs, the N.S.A. relies in part on commercially available facial recognition technology, including from PittPatt, a small company owned by Google, the documents show.

When asked for comment, an N.S.A. spokesman said the agency did not have access to photographs in state databases of driver’s licenses or to passport photos of Americans, while declining to say whether the agency had access to the State Department database of photos of foreign visa applicants. She also declined to say whether the N.S.A. collected facial imagery of Americans from Facebook and other social media through means other than communications intercepts. Which is a yes.

Ironically, while the NYT reports of several instances of false positives when using the database, the NSA's, and the administration's response has been one comparable to what Edward Snowden lamented yesterday when discussing 9/11: instead of focusing on improving the accuracy of its pinpoint matches, the NSA is simply expanding its database making it more unwieldy, and violating even more privacy statutes in the process.

And before someone says it was all Bush's fault, it appears Obama has taken a keen interest in boosting the NSA's photo database:

The N.S.A. has accelerated its use of facial recognition technology under the Obama administration, the documents show, intensifying its efforts after two intended attacks on Americans that jarred the White House. The first was the case of the so-called underwear bomber, in which Umar Farouk Abdulmutallab, a Nigerian, tried to trigger a bomb hidden in his underwear while flying to Detroit on Christmas in 2009. Just a few months later, in May 2010, Faisal Shahzad, a Pakistani-American, attempted a car bombing in Times Square.

Finally, while faces can and do lead to false positive results, with the use of disguises or other reasons, the final frontier that the NSA appears to be gunning for are iris scans, which like fingerprints, are unique to an individual and as such won't lead to a false identification.

... the agency has considered getting access to iris scans through its phone and email surveillance programs. But asked whether the agency is now doing so, officials declined to comment. The documents also indicate that the N.S.A. collects iris scans of foreigners through other means.  In addition, the agency was working with the C.I.A. and the State Department on a program called Pisces, collecting biometric data on border crossings from a wide range of countries.

And putting it all in context, here is the complete private data architecture which the NSA needs in order to feel complete:

  • Biometric/Biologic data: showing individual's physical traits: face, iris, fingerprints, voice, gait. More examples of this data include:
    • Familial
    • Volitional
    • Individual
    • Sex
    • Height
    • Heat signature
    • Genetic Markers
    • Voiceprint
    • Blood group
    • Language
    • Ritual scarification
    • Recreational drug
    • Medical devices
    • Footprint
    • Hair chemical profile
    • Race
    • Motile
    • Handwriting
    • Typing
    • Gait
    • Limp
  • Biographic: data that documents an individual's life history: name, DOB, address, school, military. More examples of this data include:
    • Core Personal
    • Addresses
    • Educational
    • Employment
    • Judicial
    • Military Service
    • Family
    • Acquired Traits
    • Spouse
    • Children
    • Cohabitants
    • Employees
    • Servants
    • Guests
  • Contextual/Behavioral: data that captures an individual's interactions with the external world: travel, financial behaviors, social network.
    • Financial
    • Public Records
    • Licenses
    • Personal Pattern
    • Commercial Transaction
    • Media Consumption/Production
    • Associates
    • Political Donations
    • Property
    • License Plates
    • Vehicle VINs
    • Tastes/Preferences
    • Accounts records
    • ATM Usage/Transactions
    • Tax Records
    • Credit Ratings

And much more. A full breakdown of the NSA's comprehensive ambition is outlined in this formerly confidential slide:


The full NSA slideshow, courtesy of the NYT: