The National Security Agency is harvesting huge numbers of images of people from communications that it intercepts through its global surveillance operations for use in sophisticated facial recognition programs, according to top-secret documents.
The spy agency’s reliance on facial recognition technology has grown significantly over the last four years as the agency has turned to new software to exploit the flood of images included in emails, text messages, social media, videoconferences and other communications, the N.S.A. documents reveal. Agency officials believe that technological advances could revolutionize the way that the N.S.A. finds intelligence targets around the world, the documents show. The agency’s ambitions for this highly sensitive ability and the scale of its effort have not previously been disclosed.
The agency intercepts “millions of images per day” — including about 55,000 “facial recognition quality images” — which translate into “tremendous untapped potential,” according to 2011 documents obtained from the former agency contractor Edward J. Snowden. While once focused on written and oral communications, the N.S.A. now considers facial images, fingerprints and other identifiers just as important to its mission of tracking suspected terrorists and other intelligence targets, the documents show.
“It’s not just the traditional communications we’re after: It’s taking a full-arsenal approach that digitally exploits the clues a target leaves behind in their regular activities on the net to compile biographic and biometric information” that can help “implement precision targeting,” noted a 2010 document.
One N.S.A. PowerPoint presentation from 2011, for example, displays several photographs of an unidentified man — sometimes bearded, other times clean-shaven — in different settings, along with more than two dozen data points about him. These include whether he was on the Transportation Security Administration no-fly list, his passport and visa status, known associates or suspected terrorist ties, and comments made about him by informants to American intelligence agencies.
It is not clear how many people around the world, and how many Americans, might have been caught up in the effort. Neither federal privacy laws nor the nation’s surveillance laws provide specific protections for facial images. Given the N.S.A.’s foreign intelligence mission, much of the imagery would involve people overseas whose data was scooped up through cable taps, Internet hubs and satellite transmissions.
Because the agency considers images a form of communications content, the N.S.A. would be required to get court approval for imagery of Americans collected through its surveillance programs, just as it must to read their emails or eavesdrop on their phone conversations, according to an N.S.A. spokeswoman. Cross-border communications in which an American might be emailing or texting an image to someone targeted by the agency overseas could be excepted.
Civil-liberties advocates and other critics are concerned that the power of the improving technology, used by government and industry, could erode privacy. “Facial recognition can be very invasive,” said Alessandro Acquisti, a researcher on facial recognition technology at Carnegie Mellon University. “There are still technical limitations on it, but the computational power keeps growing, and the databases keep growing, and the algorithms keep improving.”
State and local law enforcement agencies are relying on a wide range of databases of facial imagery, including driver’s licenses and Facebook, to identify suspects. The F.B.I. is developing what it calls its “next generation identification” project to combine its automated fingerprint identification system with facial imagery and other biometric data.
The State Department has what several outside experts say could be the largest facial imagery database in the federal government, storing hundreds of millions of photographs of American passport holders and foreign visa applicants. And the Department of Homeland Security is funding pilot projects at police departments around the country to match suspects against faces in a crowd.
The N.S.A., though, is unique in its ability to match images with huge troves of private communications.
“We would not be doing our job if we didn’t seek ways to continuously improve the precision of signals intelligence activities — aiming to counteract the efforts of valid foreign intelligence targets to disguise themselves or conceal plans to harm the United States and its allies,” said Vanee M. Vines, the agency spokeswoman.
She added that the N.S.A. did not have access to photographs in state databases of driver’s licenses or to passport photos of Americans, while declining to say whether the agency had access to the State Department database of photos of foreign visa applicants. She also declined to say whether the N.S.A. collected facial imagery of Americans from Facebook and other social media through means other than communications intercepts.
“The government and the private sector are both investing billions of dollars into face recognition” research and development, said Jennifer Lynch, a lawyer and expert on facial recognition and privacy at the Electronic Frontier Foundation in San Francisco. “The government leads the way in developing huge face recognition databases, while the private sector leads in accurately identifying people under challenging conditions.”
Ms. Lynch said a handful of recent court decisions could lead to new constitutional protections for the privacy of sensitive face recognition data. But she added that the law was still unclear and that Washington was operating largely in a legal vacuum.
Laura Donohue, the director of the Center on National Security and the Law at Georgetown Law School, agreed. “There are very few limits on this,” she said.