>> next officials testifying on the use of biometrics and its impact on ibc. they are asked about the use of facial recognition technology and agassi risk. the hearing before the house of committee on investigations and oversight. it is just under an hour and a half. >> today our focus will be on how technological solutions can secure our argosy while allowing us to enjoy the benefits of biometric tools. biometric ibc and technologies can and should be implemented along with biometric technologies. so-called be pets and they can be impacted -- implemented at the -- improving the precision of collection to ensure they are not using features that are not necessary for use. they can insert, for example, austro patients on data collected. -- unintended uses. a technique called protection -- can ensure that one system biometric information is encrypted such that it cannot be read by another system. for example, someone's image obtained from the security systems at a doctor or psychiatrist's office, for example, cannot be inked to the workers workplace identity verification system. there'll agencies including -- represented at this hearing today as well as dhs of science and technology director are already working to develop and improve privacy detecting technologies for biometrics. -- future proof the government's standards for biometric application systems and invest in privacy technologies. i look forward to hearing from our panel of how we can further invest in these sections as biometric technologies become more and more prevalent in our daily lives. and the timing of our discussion in today is notable. the supreme court has recently and substantially weekend the constitutional right in their recent decision in overturning rover wade -- roe v. wade. to improve the if biometrics can prove where someone has been and what they did when they were there. and the parties can access biometric information by bounties being offered by some states to enforce their new laws. that makes biomed protecting biometric data more important than ever. finally, i want to observe that some of our witnesses testimony came late for this hearing and i apologize to the other members of the subcommittee that we did not have the usual amount of time as we normally would like to have had. and, the chair will now recognize ranking member of his committee -- subcommittee for an opening statement. >> think you very much chairman, foster. good morning everyone. i am exciting about our hearing this morning. the benefits and risk of biometric technologies and exploring research opportunities in these technologies -- i am hoping that this hearing turns into a productive discussion that helps us earn about ways to improve biometric technology in the future at the same time, protecting people's rights. in privacy. i was reflecting this morning on the fact that biometric technology has changed the way we lived our lives. this morning, use facial recognition to open my phone. i use the fingerprint reader on my computer to open my pack book. when i got my car this morning, to come to the district office, the car recognize my face to set the seat settings and when i was driving, it use facial recognition to make sure i was paying attention to the road. that is in the first couple hours of the day. it is definitely changed our lives and it is amazing to think that this was once the world of science fiction and now, we take it completely for granted. obviously, biometrics a lot of benefits to our daily lives. and, we want to make sure that we are able to continue to allow those benefits while protecting the privacy of the people that rely on the biometrics. for that reason, i am particularly grad -- glad -- that he is here with us today to talk about the work that we are doing in actors. he has been working in research and development in metric since -- for over 60 years. they have had an incredible role to play in developing standards for biometric. and i am hoping the same way that they helped the fbi establish standards for fingerprint technologies in the 1960's that they will continue to take a leadership low -- role in establishing the international and national level of biometrics today. these standards are going to be critical to enabling the change in diet -- biometric data between embassies in their systems as well as providing guidance for how those biometric systems are tested and how performance is measured and how assurances are made that data is shared securely and privacy is protected. that is important because, as we all know, biometrics are no different than any other advanced technology. and that they have beneficial uses also the misuse and harm individuals and harm our society. in this case by compromising the privacy of individuals or the security of their information. so, as policymakers, you need to be acutely aware of not only the benefits that these biometrics have two our society, but also the risks associated to the technology. especially, in my opinion, when it comes to the covert collection and the issue of individual consent to have one's information stored and used. i think, as policymakers, we have to balance that awareness against the potential benefits that biometrics bring to society. you could easily imagine us a different approach to regulating biometrics -- which would lose all the benefits. that we enjoy from biometrics. i am not just talking about locking our phones or setting the seats in our cars, biometric technologies really have extraordinarily helped applications. if give you examples, in ukraine, the defense ministry is using ai recognition and technology to recognize russian assailants and identify combatants. analytics tool and traffic jam using facial recognition in i.t. to detect patterns in trafficking to help law enforcement identify bins and sex trafficking. if we were to take a heavy-handed approach to regulating biometrics we would lose out on those life-saving applications as well. and that is something i have -- first-hand experience about. serving as a -- before is in congress i was in the caliphs -- california state legislature. i was on the board for privacy and consumer regulation. -- i could tell you, we saw a lot of bills that were misguided proposals and they could have effectively had facial recognition technology altogether. -- that it is clear that it easier for us to push legislationnm looking forward tg about their work today and to hearing from our witnesses. thank you for convening the hearing. i look forward to the discussion and yield back. >> i am very much envious of the car you must be driving with all of those features. i -- without stifling the innovation that is going to lead to future benefits of society. looking much forward to learning about their work today and hearing from our witnesses. thinking chairman foster i am very much looking forward to the discussion and i yield back. thank you i have to say i am envious of the car you must be driving, with all those features, it must be, i wager that you are probably not driving around in 18 year old ford focus. >> actually, that technology is coming to inexpensive cars as well. >> that's right. we will accept additional statements to the record of his time. i would like to introduce ms. right. she is the director of science technology and assessment analytics it -- analytics. she oversees federal funded research and federal efforts to commercialize innovative technologies and enhance u.s. economic competitive benefits. since joining us in 2004, she has read -- written reviews on a wide range of policy views. -- after ms. wright, is dr. charles remain. dr. remind is a director of information technology laboratory ideal. it is one of six research laboratories within the national institute of standards and technology and he oversees a research program to cultivate truck by developing standards and testing for operability. securing the reliability of information assistance. our final witness is dr. early ross. it is -- user director and the department of computer science and engineering area he also serves as the director of the -- center for identification technology and research. his ax variance in biometrics, computer vision, and machine learning. he has advocated for responsible use of biometrics in multiple runs. including the nato advanced research workshop -- workshop on -- security. each of you will have five minutes for your spoken testimony, your written testimony will be included in the record of the hearing. when you've completed your spoken testimony, we will begin with more questions. each member will have five minutes to question the panel and if time permits we may have two rounds of questions for our panel. so if we start with ms. wright, -- >> i think you are on mute i'm afraid. >> thank you. chairman foster, ranking member -- of the subcommittee -- the technology which mentored -- is used to compare facial images from a photo and video of identification and verification. as a technology has continued to rapidly advance, its use has expanded in both commercial and government sector. today, i would share highlights on how agencies are using facial recognition and federal efforts to access and mitigate privacy risk. last year we reported on the results of our survey of the 20 largest agencies and their use in facial technology. 18 agencies reported this technology the most common used was in smartphones vied by agencies. there were other embassies that included law enforcement to generate leads for criminal investigations as well as monitoring or controlling access to building a facility to for example identify someone on a watchlist as being -- greatly reducing the burden on security personnel to memorize faces. federal agencies may own their own systems or access systems in dayton and local governments or commercial providers -- or example, dhs reported using ai to identify victim traders and child expectation cases. agencies are investing in research and development to further understand their application of technology. or example, dhs's science and technology directory which offers challenges for the industry to develop systems. one recent challenge was to collect images of individuals wear a mask. -- in fact, during the course -- multiple agencies at the pool their employees and discovered they were using nonfederal systems even though the agency initially told us otherwise. it can put agencies at risk of running without the privacy related -- guidelines. there are -- unlike a password that can be changed according -- -- may have more serious consequences as -- agencies need to improve their process of recognition systems used by their employees and assess their risk of such systems. agencies are in various stages -- tsa and cdp. we've found that tsa had incorporated privacy protections for its pilot program testing the use of the technology for traveler identity verification and airport security checkpoints. however city privacy notices to inform the public of facial recognition can be used and his biometric entry exit program was not always can we. further some had not conducted audits of the commercial airline and airport art nurse to ensure compliance and cdp zone requirements and restrictions for maintaining or reducing traveler photos. fully implementing our recommendations will be in step two protect everyone's information. in closing, facial recognition technology is not going away and the demand for it will likely continue to grow. as agencies continue to find technology to use their mission. -- privacy protections will continue to be important. mr. foster and other members of the subcommittee this concludes my remarks. i would be happy to answer any questions you may have. >> thank you. next is dr. -- >> chairman foster, ranking member, and distinguished members of the subcommittee, i am charles -- national institute of standards and technology known as nist. thank you for the opportunity to testify today on behalf of is gone our efforts to affect the seal indications of biometrics technologies. this is home to five nobel prize members with a focus on national you already such as artificial intelligence, infect -- the digital economy, quantum information and science, biosciences and cybersecurity. the mission of nist is to perform -- promote innovation and -- in our information technology laboratory we work to -- we trust in the digital economy is built on key principles like cyber security privacy, interoperability, equity and avoiding bias in the deployment of technology. nist conducts fundamental and applied research and advances standards to understand and measure technology and develops tools to evaluate its measures. technology standards and its foundational research today enables -- are critical -- with robust collaboration, the stakeholders across the government, industry on the international bodies and academia, this aims to cultivate trust and foster an environment to foster innovation on a local date -- scale. -- the goal has been to develop security by applying engineering principles -- tools and standards that protect privacy and by extension so will liberties. the ability to conduct further -- is essential for organizations to select effective mitigation efforts including -- modeled after our highly successful security framework the privacy framework is another tool -- developed -- it is intended to support organizations decision-making and product and service design and deployment to optimize beneficial uses of data while -- minimizing adverse -- and society as a whole. since 1980, this is core dated the icl standard and data format for the interchange of imprint, facial and other biometric information. for the change in biometric and law enforcement implications. to include face, voice, and dna. the standard is used globally by law enforcement. homeland security, dimmitt -- defense, and other identity management systems and developers to ensure that biometric input information interchanges are in operable and maintain system integrity and efficiency. since 2002, it is also did element of international standards for data and civil app nations including id cards including a passports. different uses of biometrics, for example, authenticators to protect sensitive data or convenient entry solutions for fraud -- consider which privacy protected outcomes are suitable to their uses. the research on privacy enhancing technology that this conducts and the guidelines and standards that is publishes else organizations have effective mitigations of really tailored to mid of -- mitigate risk. -- human autonomy and dignity as well as civil rights and civil liberties. this has prioritized -- standards that protect privacy. in addition to maintaining privacy framework, this also includes ivc considerations in many security guidelines as well as the draft ai risk management remark. thank you for the opportunity to present on this activity and privacy and enhancing technology for biometric applications and i look forward to your questions. thank you. and after dr. will remind us dr. ross. >> chairman foster, the ranking member -- and esteemed members of the subcommittee, i am grateful for the invitation to testify today. consider this to be a great privilege and an honor to gauge in the power that so graciously serves our nation. biometrics is a valuable technology that is brought technologies in a number of different debates, however, it is necessary to ensure that the privacy of individuals is not individually compromised when the biometric data are used in a certain application. the purpose of my testimony is to communicate some of the ways in which the privacy of the biometric data of individuals can be enhanced and thereby physically mitigating the response will use of this powerful technology. first, the benefits of biometrics, the need for determining the identity of a person is critical in a vast number of application. ranging from personal smartphone to border security from self-driving vehicles to -- tracking file child -- the personalization of customer service. biometrics is increasingly being used in such applications. for instance, many smartphones imply automatic face or fingerprint recognition for unlocking and payment purposes. this increased use of biometric technology is being driven by significantly improvement and recognition and accuracy of the system over the past decade. indeed, the phenomenal risk of the paradigm of the learning based on -- this brings me to my second point. privacy concerns associated with the technology. the face images of an individual can be linked across different applications using biometric technology and thereby reading the comprehensive file of that individual and in some cases unintentionally diverging the person's identity of that privacy was expected. another example, rapid advances in the field of sheen learning and ai have led to the develop of so-called attribute classifiers that can automatically extract information pertaining to age, sex, race, and health cues from an image. this can potentially reach the privacy of individual. one more example, a number of -- have been curated for researchers by scraping available facial emissivity -- images. concerns have been expressed about using these images for research buses. in principle, therefore, an anonymous face can be linked to one or more face images in a curated data set thereby potentially revealing the identity of the anonymous face. now, to my final point, how can biometric technology be responsibility -- responsibly -- while keeping private -- firstly, utilizing schemes such as encryption which not only ensures that biometric data is never revealed but that all congregations take place in the corrected domain. secondly, by engaging the pattern -- the distorted data can still be successfully used for recognition purposes. within a certain application. interpretable by a human. such cameras have been used in public spaces to ensure the acquired images are not viable or previously unspecified purposes. i must note that researchers in biometrics are becoming increasingly aware of the privacy and at -- ethical implication of the technology they are developing. the recognition accuracy is not the only metric ring used to evaluate the overall performance of a biometric system rather metrics related to security and privacy are also being increasingly considered. this shift in the culture is remarkable and bodes well for the future of the technology. thank you and i welcome any questions. >> we will begin our first round of questions. first on the prospects for secure and privacy preserving digital id. we are all aware of concerning aspects of biometric technologies, it's important to recognize that there are valuable uses for these technologies that can improve our lives into security. privacy protections must evolve along with capabilities so we can reap the benefits safely. our improving digital -- act and a bipartisan group of colleagues have called upon federal agencies to modernize and harmonize our nations digital identity infrastructure in large part by leveraging the biometric databases that individual states already have in place as part of their programs to support real id. additionally using the standards to make sure these tools are interoperable and can be used for presenting that identity both online and off-line in the privacy preserving weight. how could biometric technologies increase our privacy i making our identities more secure against theft and fraud? dr. romine: i appreciate the concern that you end the ranking member have on this issue. the guidelines that we have put in place for privacy enhancing technologies broadly speaking we have investments in our privacy engineering program related to understanding how we can develop new technology that can enhance priv