NSA facial recognition: combining national ID cards, Internet intercepts, and commercial facial databases for millions of people

A newly released set of slides from the Snowden leaks reveals that the NSA is harvesting millions of facial images from the Web for use in facial recognition algorithms through a program called "Identity Intelligence." James Risen and Laura Poitras's NYT piece shows that the NSA is linking these facial images with other biometrics, identity data, and "behavioral" data including "travel, financial, behaviors, social network."

The NSA's goal -- in which it has been moderately successful -- is to match images from disparate databases, including databases of intercepted videoconferences (in February 2014, another Snowden publication revealed that NSA partner GCHQ had intercepted millions of Yahoo video chat stills), images captured by airports of fliers, and hacked national identity card databases from other countries. According to the article, the NSA is trying to hack the national ID card databases of "Pakistan, Saudi Arabia and Iran."

This news is likely to be rhetorically useful to campaigners against national ID cards in countries like the UK, where the issue has been hotly debated for years (my own Member of Parliament, Meg Hillier, was the architect of one such programme, and she, along with other advocates for national ID cards, dismissed fears of this sort of use as paranoid ravings).

The development of the's NSA facial recognition technology has been accompanied by a mounting imperative to hack into, or otherwise gain access to, other databases of facial images. For example, the NSA buys facial images from Google's Pittpatt division, while another program scours mass email interceptions for images that appear to be passport photos.

An interesting coda to the piece is that the NSA has developed the capability to infer location by comparing scenery in terrestrial photos to satellite images, which sounds like a pretty gnarly computer-vision problem.

The agency has developed sophisticated ways to integrate facial recognition programs with a wide range of other databases. It intercepts video teleconferences to obtain facial imagery, gathers airline passenger data and collects photographs from national identity card databases created by foreign countries, the documents show. They also note that the N.S.A. was attempting to gain access to such databases in Pakistan, Saudi Arabia and Iran.

The documents suggest that the agency has considered getting access to iris scans through its phone and email surveillance programs. But asked whether the agency is now doing so, officials declined to comment. The documents also indicate that the N.S.A. collects iris scans of foreigners through other means.

In addition, the agency was working with the C.I.A. and the State Department on a program called Pisces, collecting biometric data on border crossings from a wide range of countries.

One of the N.S.A.’s broadest efforts to obtain facial images is a program called Wellspring, which strips out images from emails and other communications, and displays those that might contain passport images. In addition to in-house programs, the N.S.A. relies in part on commercially available facial recognition technology, including from PittPatt, a small company owned by Google, the documents show.

N.S.A. Collecting Millions of Faces From Web Images [James Risen and Laura Poitras/NYT]

Notable Replies

  1. An interesting coda to the piece is that the NSA has developed the capability to infer location by comparing scenery in terrestrial photos to satellite images, which sounds like a pretty gnarly computer-vision problem.

    I am going to have to start wearing one of those fake photo fore grounds that have a hole for a face. Maybe I will become a mermaid under the sea.

  2. The problem with people like Hillier is not that they dismiss the idea that the technology to do these things exists as paranoid ramblings, it's thinking that the government would misuse the tech that supposedly makes you paranoid.

    "If you've done nothing wrong, you've got nothing to fear" is palpably horseshit but it's still a surprisingly pervasive mentality.

  3. But hey, you can still post your murderous rants and plans for slaughter on Youtube with your name and face visible for the world to see and get away with it! Over and over again, too!

    The only people this is meant to terrorize are law-abiding citizens whose taxes fund this dreck. Criminals seem to go on as happily as they did before...

  4. Last year I saw an advertisement on a bus stop for a site that lets you upload your photo and then, using facial recognition, pairs you with your "twin." And my very first thought was, who the hell is collecting all those faces, and why?

    And my second thought was, who can afford outdoor advertising all over the country, for a free website?

  5. pittpatt? really?

Continue the discussion bbs.boingboing.net

8 more replies