Defense Biometrics: DOD Can Better Conform to Standards and Share Biometric Information with Federal Agencies
Highlights
Biometrics technologies that collect and facilitate the sharing of fingerprint records, and other identity data, are important to national security and federal agencies recognize the need to share such information. The Department of Defense (DOD) plans to spend $3.5 billion for fiscal years 2007 to 2015 on biometrics. GAO was asked to examine the extent to which DOD has (1) adopted standards and taken actions to facilitate the collection of biometrics that are interoperable with other key federal agencies, and (2) shares biometric information across key federal agencies. To address these objectives, GAO reviewed documents including those related to standards for collection, storage, and sharing of biometrics; visited selected facilities that analyze and store such information; and interviewed key federal officials.
Recommendations
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Department of Defense | To improve DOD's ability to collect and help ensure that federal agencies are sharing biometric information on individuals who pose a threat to national security to the fullest extent possible, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology, and Logistics, as the Principal Staff Assistant responsible for the oversight of DOD biometrics, in collaboration with other key federal agencies and internal DOD stakeholders, including DOD's Biometric Identity Management Agency (BIMA), U.S. Army, U.S. Navy, U.S. Marines, and U.S. Air Force, to implement a process for updating collection devices to adopted standards to help ensure that all DOD systems related to biometrics, including collection devices, conform to adopted standards. |
In August 2015, the Defense Forensics and Biometrics Agency (DFBA) told GAO that in order to address system conformance, it has enacted the procedure of requiring systems to complete independent standards conformance testing, and present documentation to DFBA before DFBA authorizes that system to submit records to the DOD Automated Biometric Identification System (ABIS). This ensures that all new collection systems conform to a common biometric standard and maintain biometric interoperability. U.S. Special Operations Command's BioSled platform is the most recent example of this type of testing. DOD officials added that the DOD authoritative database, and all enduring biometric collection devices in operation today, meet a common biometric standard for interoperability: Electronic Biometric Transmission Specification 1.2. This includes the DOD Automated Biometric Identification System (ABIS 1.2); the Navy/Marine Corps Identity Dominance System (IDS); the Special Operations Command current (SEEK II) and future (BioSled) devices; and, the Army's SEEK II. DOD officials said that legacy systems that did not satisfactorily meet the common biometric data standard have been retired, in large part due to their lack of interoperability. DOD officials believe that the elimination of non-compliant systems from the DOD inventory, and the DFBA process to enforce a common biometric data standard at the collection device and database levels, should enable improved interoperability through a common data standard. We believe these efforts show substantial progress on the part of DOD and address the intent of our recommendation.
|
Department of Defense | To improve DOD's ability to collect and help ensure that federal agencies are sharing biometric information on individuals who pose a threat to national security to the fullest extent possible, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology, and Logistics, as the Principal Staff Assistant responsible for the oversight of DOD biometrics, in collaboration with other key federal agencies and internal DOD stakeholders, including BIMA, U.S. Army, U.S. Navy, U.S. Marines, and U.S. Air Force, to implement a process for testing collection devices at a sufficiently detailed level to help ensure that all DOD systems related to biometrics, including collection devices, conform to adopted standards. |
In response to GAO's report, the Defense Forensics and Biometrics Agency, as the Executive Manager for DOD Biometrics, now requires the Services to provide documentation of independent biometric standards conformance testing before allowing the devices to submit records to the DOD Automated Biometric Identification System (ABIS). DOD provided GAO with documentation regarding the recent conformance testing of the SOCOM BioSled, performed by the U.S. Army Armament Research, Development and Engineering Center (ARDEC), as well as a copy of the Electronic Biometric Transmission Specification Conformance Evaluation Procedure, and the test results/approvals for the Navy and Marine Corps Identity Dominance System and the SEEK II. We believe these efforts show substantial progress on the part of DOD and address the intent of the recommendation.
|
Department of Defense | To improve DOD's ability to collect and help ensure that federal agencies are sharing biometric information on individuals who pose a threat to national security to the fullest extent possible, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology, and Logistics, as the Principal Staff Assistant responsible for the oversight of DOD biometrics, in collaboration with other key federal agencies and internal DOD stakeholders, including BIMA, U.S. Army, U.S. Navy, U.S. Marines, and U.S. Air Force, to more fully define and further clarify the roles and responsibilities needed to achieve DOD's biometric program and objectives for all stakeholders that include ensuring collection devices conform to adopted standards. |
In response to GAO's recommendation, DOD is updating DOD Directive 8521.01E "Defense Biometrics," which will establish policy, assign responsibilities, and describe procedures for DOD biometrics. The draft is complete, and the department anticipates the directive will be signed in the fall of 2015. This addresses the intent of the recommendation.
|
Department of Defense | To improve DOD's ability to collect and help ensure that federal agencies are sharing biometric information on individuals who pose a threat to national security to the fullest extent possible, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology, and Logistics, as the Principal Staff Assistant responsible for the oversight of DOD biometrics, in collaboration with other key federal agencies and internal DOD stakeholders, including BIMA, U.S. Army, U.S. Navy, U.S. Marines, and U.S. Air Force, to complete the memorandum of agreement with the Department of Homeland Security regarding the sharing of biometric information as appropriate and consistent with U.S. laws and regulations and international agreements, as well as information-sharing environment efforts. |
On February 14, 2011, we provided DOD a draft of this report and comment. In response to our draft recommendation, and while the report was under review, DOD finalized an agreement with DHS regarding biometric sharing on March 2, 2011.
|
Department of Defense | To improve DOD's ability to collect and help ensure that federal agencies are sharing biometric information on individuals who pose a threat to national security to the fullest extent possible, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology, and Logistics, as the Principal Staff Assistant responsible for the oversight of DOD biometrics, in collaboration with other key federal agencies and internal DOD stakeholders, including BIMA, U.S. Army, U.S. Navy, U.S. Marines, and U.S. Air Force, to identify its long-term biometric system capability needs, including the technological capacity and associated costs needed to support both the warfighter and to facilitate sharing of biometric information across federal agencies, and take steps to meet those capability needs, as appropriate and consistent with U.S. laws and regulations, international agreements, and available resources. |
In response to GAO's recommendation, DOD officials stated in August 2015 that DOD's Automated Biometric Identification System (ABIS) and the Department of Homeland Security's (DHS) IDENT have nearly reached the point of maximum integration, given fiscal limitations. DOD updates and provides the biometrically enabled watch list (BEWL) daily and supports full searches from high-priority probes from DHS. DOD believes these two steps provide a reasonable level of coverage for recognizing known malign agents, or discovering those most likely to be malign. DOD officials also stated that the department has recently developed prototype software tools to improve data sharing, such as the BEWL Dissemination and Management System (BDMS) to automate watch list development. DOD reported that this greatly improves the speed at which customized BEWLs can be created. DOD also deployed the Best Biometric Image (BBI) tool, which improves the quality of images and records. DOD believes these software tools have greatly improved the quality and speed of watch list dissemination, and therefore, data sharing between the two departments. Further, DOD officials said that DOD and DHS have coordinated an updated Memorandum of Agreement on biometric data sharing. Once signed, this document will permit the bulk transfer of data between the two systems. One outcome of this is to place almost all DOD data in DHS IDENT, making DOD data matchable to DHS encounters. DOD officials believe that this will greatly increase interoperability with only modest cost increases. DOD officials expect the MOA to be signed into action around October. Finally, DOD officials anticipate that the DOD Analysis of Alternatives will be complete by September 30, 2015, and an initial, internal report will be provided to the Army by October 30, 2015. Taken together, we believe these actions represent significant DOD steps to share biometrics data with other federal agencies, specifically the Department of Homeland Security and address the intent of the recommendation.
|