NSA facial recognition: combining national ID cards, Internet intercepts, and commercial facial databases for millions of people


A newly released set of slides from the Snowden leaks reveals that the NSA is harvesting millions of facial images from the Web for use in facial recognition algorithms through a program called "Identity Intelligence." James Risen and Laura Poitras's NYT piece shows that the NSA is linking these facial images with other biometrics, identity data, and "behavioral" data including "travel, financial, behaviors, social network."

The NSA's goal — in which it has been moderately successful — is to match images from disparate databases, including databases of intercepted videoconferences (in February 2014, another Snowden publication revealed that NSA partner GCHQ had intercepted millions of Yahoo video chat stills), images captured by airports of fliers, and hacked national identity card databases from other countries. According to the article, the NSA is trying to hack the national ID card databases of "Pakistan, Saudi Arabia and Iran."

This news is likely to be rhetorically useful to campaigners against national ID cards in countries like the UK, where the issue has been hotly debated for years (my own Member of Parliament, Meg Hillier, was the architect of one such programme, and she, along with other advocates for national ID cards, dismissed fears of this sort of use as paranoid ravings).

The development of the's NSA facial recognition technology has been accompanied by a mounting imperative to hack into, or otherwise gain access to, other databases of facial images. For example, the NSA buys facial images from Google's Pittpatt division, while another program scours mass email interceptions for images that appear to be passport photos.

An interesting coda to the piece is that the NSA has developed the capability to infer location by comparing scenery in terrestrial photos to satellite images, which sounds like a pretty gnarly computer-vision problem.

The agency has developed sophisticated ways to integrate facial recognition programs with a wide range of other databases. It intercepts video teleconferences to obtain facial imagery, gathers airline passenger data and collects photographs from national identity card databases created by foreign countries, the documents show. They also note that the N.S.A. was attempting to gain access to such databases in Pakistan, Saudi Arabia and Iran.


The documents suggest that the agency has considered getting access to iris scans through its phone and email surveillance programs. But asked whether the agency is now doing so, officials declined to comment. The documents also indicate that the N.S.A. collects iris scans of foreigners through other means.


In addition, the agency was working with the C.I.A. and the State Department on a program called Pisces, collecting biometric data on border crossings from a wide range of countries.


One of the N.S.A.’s broadest efforts to obtain facial images is a program called Wellspring, which strips out images from emails and other communications, and displays those that might contain passport images. In addition to in-house programs, the N.S.A. relies in part on commercially available facial recognition technology, including from PittPatt, a small company owned by Google, the documents show.

N.S.A. Collecting Millions of Faces From Web Images [James Risen and Laura Poitras/NYT]