Facial Recognition Services: Federal Law Enforcement Agencies Should Take Actions to Implement Training, and Policies for Civil Liberties

What GAO Found

Seven law enforcement agencies in the Departments of Homeland Security (DHS) and Justice (DOJ) reported using facial recognition services provided by commercial and nonprofit entities. The agencies reported using four services in total from October 2019 through March 2022 to support criminal investigations. All seven agencies initially used these services without requiring staff take facial recognition training. GAO found that six agencies had available data and cumulatively conducted about 60,000 searches when they did not have training requirements in place. As of April 2023, two agencies began to require training.

Facial Recognition Services, Use and Training for Selected Agencies, April 2023

Note: The figure shows when agencies used the four services covered by this review (services used from October 2019 through March 2022), and when, if at all, agencies implemented training requirements for facial recognition services. The figure provides use and training information as of April 2023. See figure 6 of the report for more detail.

FBI officials told key internal stakeholders that certain staff must take training to use one facial recognition service. However, in practice, FBI has only recommended it as a best practice. GAO found that few of these staff completed the training, and across the FBI, only 10 staff completed facial recognition training of 196 staff that accessed the service. FBI said they intend to implement a training requirement for all staff, but have not yet done so. Such a requirement would help FBI ensure its staff understand how to use these services. Also, clarifying the status of FBI's training requirement would allow stakeholders to fully evaluate use of the service against FBI ethical and privacy standards.

GAO also found that three of the seven agencies had policies or guidance specific to facial recognition technology that address civil rights and civil liberties. The other four agencies—three in DOJ and one in DHS—did not have such policies or guidance. DHS has plans to finalize a department-wide policy by December 2023. DOJ has taken steps to issue a department-wide policy, but has faced delays. Developing a plan with time frames and milestones would help DOJ ensure it issues a policy to support staff in safeguarding civil rights and civil liberties.

Why GAO Did This Study

Law enforcement may use facial recognition services provided by commercial and nonprofit entities to help solve crimes. For example, these services allow users to quickly search through billions of photos to help identify an unknown suspect in a crime scene photo.

GAO was asked to review federal law enforcement's use of facial recognition technology. This report examines, among other issues, the extent to which selected DHS and DOJ law enforcement agencies used facial recognition services to support criminal investigations; required staff to take training on facial recognition technology to use such services; and developed policies and guidance specific to facial recognition technology to help protect civil rights and civil liberties.

GAO selected seven law enforcement agencies within DHS and DOJ based on various factors, including the number of facial recognition technology systems used. GAO reviewed documents, such as training requirements and policies for using facial recognition services. GAO also analyzed training records and interviewed agency officials.