The Electronic Frontier Foundation (EFF) is calling attention to potential ethical violations related to the NIST’s Tattoo Recognition Challenge. The NIST issued the Tatt-C challenge in 2014 in an effort to spur the development of automatic tattoo recognition tools, giving interested parties access to an “open tattoo database” that contained more than 15,000 images.
That database is the source of many of the EFF’s concerns. After filing a Freedom of Information lawsuit, the privacy watchdog learned that most of the images in the database were collected from prisoners, many of whom did not know that their images were being used in such a database and were consequently unable to provide the proper consent. To make matters worse, the EFF argues that the NIST did not adequately scrub people’s personal information, especially when dealing with tattoos that included identifiers like names, faces, and birth dates.
The EFF also criticized the way that the database was handled, noting that the NIST had no control over the images after shipping them to participants on a CD-ROM. The EFF ultimately followed up with every organization it could find in the Tatt-C records to ask whether or not the tattoo images had been deleted, and to request that the organization review its policies for the ethical use of biometric data generated without consent.
Many of those organizations confirmed that they had deleted the images. However, many participants did not respond (including MITRE, Neurotechnology, and the Bureau of Prisons), and one – Brazil’s University of Campinas School of Engineering – indicated that it would continue to conduct research with the database through the end of the year. The school also claimed that it did not need to seek an ethical review since the data was not collected in Brazil, which emphasizes the NIST’s lack of oversight for data sent to institutions outside the US.
March 18, 2020 – by Eric Weiss