The quality of information or introducing statistical noise so that the biometric data is less usable. A technique called template protection can ensure that one system biometric information is encrypted such that it cannot be read by another system for example. Someones image obtained from system at a doctor or Psychiatrist Office cannot be linked to the workplace Identity Verification system. Authorities are already working to improve Privacy Protection technologies. The american competes act contains a number of provisions that will future proof the governments definitions and standards for biometric Identification Systems and invest in privacy enhancing technologies. I look forward to hearing from our witnesses as biometrics become more prevalent in our daily lives. The timing of our discussion today is notable. The Supreme Court recently substantially weakened the right to privacy in their overturning of roe v. Wade. Third parties may try to access biometric information to collect the bounties now being offered by some states to enforce their new laws. I watch observed that some of our witnesses testimony came late for this hearing and i apologize to the other members of the subcommittee that we didnt have the usual amount of time that we would usually like to have had to prepare. The chair will now recognize the Ranking Member for a statement. Good morning, everyone. I am excited about our hearing this morning. The benefits and risks of Biometric Technologies and exploring Research Opportunities in these technologies. I was hoping that this hearing turned into a productive discussion. I was reflecting this morning on the fact that biometric knowledge he had changed the way we live our lives. This morning, i used a shall recognition to open my phone. I used the fingerprint reader to open my computer. My car this morning recognized my face to set the seat settings. And used facial recognition to make sure i was paying attention to the road. Its amazing to think this was once the world of Science Fiction and now, we take it completely for granted. Biometrics bring a lot of benefits to our daily lives. Were going to make sure that we are able to continue to allow those benefits while protecting the privacy of the people who rely on biometrics. I am particularly glad that the doctor from the National Institute of standards and technologies is here today to talk about the work they are doing in this space. Nist has been working in Biometrics Technology for over 60 years. They have had an incredible role to play in developing standards for biometrics and i am hoping that in the same way they have helped the fbi establish standards for Fingerprint Technology in the 1960s, they will be able to take a leadership role in establishing standards at the national and International Level for biometrics today. The standards will be critical to enable the exchange of biometric data between agencies and their systems as well as providing guidance for how those biometric systems are tested and help performance is measured and how assurances are made that data is shared securely and privacy is protected. Its important because biometrics are no different than any other advanced technology in that they have an official uses, but also misuse can harm individuals and our society in this case, by compromising the privacy of individuals or the security of their information. As policymakers, we need to be acutely aware of not only the benefits that these biometrics have to our society but also the risks associated with the technology especially in my opinion when it comes to the covert collection and the issue of individual consent to have information stored and used. I think as policymakers, we have to balance that awareness against the potential benefits that biometrics bring to society. You could easily imagine us taking a drug coney and approach to regulating biometrics that effectively prevents the development and use of biometrics which would lose all the benefits that we enjoy from ill metrics. Im not just talking about unlocking our phones or setting seats in our cars. Biometrics have helped helpful applications. In ukraine, the Defense Ministry is using facial Recognition Technology to recognize russian assailants. If we were to take an overly heavyhanded approach to regulating biometrics, we would lose out on lifesaving applications. Before serving in congress, i was a member of the California State Legislature and i served on the committee or privacy and Consumer Protection in the early days of shall recognition before the risks and benefits of the Tech Knowledge he were well understood. We saw a lot of bills that were misguided proposals that could have effectively banned the use of facial Recognition Technology altogether. Its a lot easier for us to push for legislation to Outlaw Technology entirely and it is to do diligence of balancing the benefits and risks. A better understanding of technology and carefully developed safeguards and standards will help us develop biometrics and a way that provides safety for peoples privacy without stifling the innovation that is going to lead to future breakthroughs and benefits to society. Im looking forward to learning about their work today and to hearing from our witnesses. Thank you for convening the hearing. I look forward to the discussion and yield back. I am very much envious of the car you must be driving with all of those features. I wager you arent driving around in a 10yearold ford focus. That technology is amazing. If there are other members who wish to submit additional opening statements, your statements will be added to the record at this point. I would like to introduce our witnesses. Ms. Candice wright, director, science, technology assessment, and analytics, u. S. Government Accountability Office she oversees the work on federally funded research and intellectual Property Protection and management and federal efforts to help virtualize Innovative Technologies and advanced economic competitiveness. She has led reviews on a wide variety of policy issues including federal contracting, risks to the Defense Supplier base, military sales and homeland security. After her is dr. Charles h. Romine, director, Information Technology laboratory, National Institute of standards and technology itl is one of six Research Laboratories within the National Institute of standards and technology. He oversees a Research Program that cultivates trust and Information Technology by developing and disseminating standards measurements and testing for interoperability security usability and reliability of Information Systems. Our final witness is dr. Arun ross, professor, department of Computer Science and engineering, Michigan State university; site director, nsf center for Identification Technology research. His experience is in biometrics, Computer Vision and Machine Learning. He has advocated for the responsible use of biometrics in multiple forms including the nato advanced Research Workshop on identity and security. Each witness will have five minutes for your open testimony. Your written testimony will be included in the record of the hearing. When you have completed your spoken testimony, we will begin with questions. Each ember will have five minutes to question the panel and we may have two rounds of questions. We will start with ms. Wright. Ms. Wright thank you. Thank you for the opportunity to discuss the gao work on federal agency use of Biometric Technology particularly for facial recognition. The technology is used to compare facial images from a photo or video for identification and verification. As it has continued to advance, its use has expanded in commercial and government sectors. Today i will share highlights from our work on how agencies are using facial recognition and to mitigate privacy risk. Last year, we reported on our agencies use of the technology. 18 agencies reported the use and the most common use was a mocking. Other uses included Law Enforcement to generate leads for criminal investigation as well as monitoring or controlling access to a building or facility to identify someone on a watchlist attempting to gain access. This can greatly reduce the ban on the burden on security personnel to myspace is. Two recognize faces. Multiple agencies reported accessing systems owned by commercial vendors. Clearview aia to identify victims and perpetrators in child abuse cases. Agencies are investing in research and development understand application of the Tech Knowledge he. Examples include the dhs sponsor challenges to develop systems. Nsf has awarded grants to Research Methods to prevent dental finding an individual from facial images used in research. There are concerns about the accuracy of the tech elegy, Data Security risk, the transparency in usage, and the protection of privacy and civil liberties. Some agencies did not have complete information on what nonfederal systems were being used by their employees. Multiple agencies had told their employees pulled their employees and found that they were using nongovernment systems. Using facial Recognition Systems without assessing the privacy implications can put agencies at risk of running afoul of privacy related guidance. They are also at risk that data sets could be compromised in a data breach. Unlike a password that can be changed, a breach involving data derived from a face may have more serious consequences. We recommend that agencies assess the risk of such systems. Agencies are in various stages of recommended implementing our recommendations. We found that tsa had incorporated Privacy Protections for the Pilot Program to test the use of the technology for traveler Identity Verification at Airport Security checkpoints. Cbp privacy notices to inform the public of the use were not always correct or complete. Cbp did not conduct surveys of airlines and workers to ensure compliance. Fully implementing our recommendations will be an important step to protect travelers information. Facial Recognition Technology is not going away and demands for it will likely continue to grow. As agencies continue to find utility in the technology, balancing the use of technology, requirements, and Privacy Protection will be continued importance. This concludes my remarks. I will be happy to answer any questions you may have. Next is dr. Romines. I dr. Charles h. Romine, am director, Information Technology laboratory, National Institute of standards and technology thank you for the opportunity to testify today on behalf of nist and our efforts to evaluate the privacy implications of Biometrics Technology. This is home to five nobel prize winners. The mission of nist is to promote innovation and competitiveness by advancing science, standards, and technology in ways that enhance security and improve our quality of life. In the Information Technology laboratory, biased. Nist conducts fundamental and applied research, advances standards to understand and Measure Technology and develops tools to evaluate such measurements. Technology standards and the Foundational Research that enabled their development and use are critical to advancing trust in and promoting and rubber ability between Digital Products and services. Critically, they can provide increased assurance thus enabling more secure, private, and rights preserving technologies with robust collaboration with stakeholders across government, industry, international bodies, and academia. Since its establishment nearly a decade ago, nist privacy Engineering Mission has been to support the development of Information Systems by applying measurement science and System Engineering principles to the creation of frameworks, risk models, guidance, tools, and standards that protect privacy and civil liberties. The ability to conduct thorough privacy risk assessments is essential for organizations to select effective mitigation measures including appropriate privacy enhancing technologies. Modeled after the highly successful security framework, privacy framework is another voluntary tool developed in collaboration with stakeholders through public and transparent process. It is intended to support organizations decisionmaking and product and Service Design and deployment while minimizing adverse consequences for individuals privacy and for society as a whole. Since the 1980s, nist has coordinated the use of a standard data format for the interchange of fingerprint, facial, and other biometric information for interchange of biometric data in Law Enforcement implications. The standard is used globally by Law Enforcement, homeland security, defense, intelligence agencies, and other Identity Management systems to ensure biometric information interchanges are interoperable and maintain system integrity. Since 2002, nist has supported the development of International Standards in civil applications for id cards including passports. Use as authenticators to protect Sensitive Data different degrees of privacy risk. Organizations need to have the means to distinguish between different degrees of risk and implement appropriate mitigation measures. The privacy framework provides the structure for organizations to consider which privacy protected outcomes are suitable to their use cases. The research on privacy enhancing technologies that nist conducts and the guidelines and standards that it publishes helps organizations. Privacy plays a Critical Role in safeguarding fundamental values such as autonomy and dignity as well as people rights and liberties. Nist has prioritized research and the creation of frameworks, guidance, tools, and standards that protect privacy in addition to maintaining the privacy framework, nist provides cybersecurity guidelines as well as the risk framework. I look forward to your questions. Now dr. Ross. Dr. Ross i am grateful for the invitation to testify today. I consider this to be a great privilege and honor to engage with those who serve our nation. Biometrics is a viable technology. Valuable technology. It is necessary to ensure that the privacy of individuals is not unduly compromised when their data are used in certain applications. The purpose of my testimony is to communicate some of the ways in which the privacy of the biometric data of individuals can be enhanced thereby facilitating the responsible use of this powerful technology. Firstly, the benefits of our metrics. The need for reliably determining the identity of a person is critical in a vast number of applications ranging from personal smartphones to border security. From selfdriving vehicles to deporting, tracking child vaccinations, preventing human trafficking. Biometrics is increasingly being used in several such applications. Many smartphones employ automated face or fingerprint recognition when unlocking and for payment authentication purchase purposes. Use of this technology is being driven by significant improvement in recognition accuracy of the systems over the past that gate. The phenomenal rights of the paradigm of deep learning based on Neural Networks has fundamentally changed the landscape of facial recognition and metrics. This brings me to my second point, the privacy concerns associated with the technology. Images of an individual can be linked across different applications using Biometric Technology thereby creating a comprehensive profile of the individual but in some cases, unintentionally divulging the persons identity the privacy was expected. Rapid advances in Machine Learning and ai have led to the development of attribute classifiers that can automatically obstruc