As of March 1, 2009, The MTTLR Blog is migrating to http://www.mttlrblog.org. All new updates will be posted at the new location.

Wednesday, February 27, 2008

FBI's Next Generation Identification System: New Liabilities for Employers?

by: Cari Athens, Associate Editor, MTTLR

Image "Wellcome Collection" by Chris O'Shea.
Used under a Creative Commons BY-NC 2.0 license.
Like Star Trek and Degrassi High before it, the FBI’s fingerprint database has gone “Next Generation.” The FBI recently awarded a 10-year contract for the “design, development, documentation, integration, testing, and deployment of the Next Generation Identification (NGI) System.”1 Over 47 million fingerprint records are contained in the current database, but little else.2 The NGI system, on the other hand, will be multi-modal: it will combine fingerprints with such other biometric information as iris imaging and palm prints.3 This fusion of data, the FBI hopes, will allow for the more accurate identification of criminals and terrorists.4

In response to the announcement, privacy experts - and non-experts - have raised concerns. They worry about the increased use of our bodies as living identification cards; what will we do, they ask, if the NGI system proves susceptible to hacking or spoofing: get a new eyeball? And, if the technology allows the government to pick our faces out of a crowd, they wonder, will this mean we will begin being watched all the time?5 The FBI acknowledged these privacy concerns, but responded in its press release: “It is important to note that the NGI system will not expand the categories of individuals from whom the fingerprints and biometric data may be collected . . . .”6

It is questionable whether that will pacify privacy advocates, but the statement helps introduce another interesting aspect of the NGI system. While it may not change the categories of people from whom fingerprints, eye scans, and palm prints will be collected, the NGI system will still, for the largest of those categories, provide for a change in what happens to the biometric data once itis collected.

Criminal background checks are required by state and federal statutes for individuals applying for jobs in certain specified industries, and the FBI’s biometric database is made available for that purpose. Michigan, for example, requires that public health employees,7 private security guards,8 and horse jockeys,9 among others, submit to a fingerprint check in order to be licensed or employed. In fact, more than half of all the fingerprint searches performed by the FBI are done for these kinds of background checks;10 10 million were done in 2005 alone.11

The FBI currently destroys or returns to employers fingerprints submitted for such non-criminal justice purposes.12 Under the new “rap-back” component of the NGI system, however, the FBI will offer to keep the fingerprint records submitted by job applicants.13 It can then notify an employer of any subsequent criminal record activity of an employee, including arrests and criminal charges, whether or not they result in a conviction.14

Some employers may be unwilling to stick their noses into the off-work activities of their employees and opt not to participate in the rap-back program – particularly in situations that do not result in a conviction.15 Perhaps they will not want to get involved if an employee is questioned by the police for drug possession or arrested for, say, too many unpaid parking tickets. Perhaps they will reason that, if an employee does get caught up in something serious, they will find out anyway. (“Why hasn’t Joe punched since Tuesday?” “He’s in jail.” “Oh.”) But, despite any discomfort they may feel about participating in the program, they may have an incentive to do so: possible tort liability.

Under the negligent hiring doctrine, employers are liable to a third party injured by an employee if the employer knew or should have known that the employee was unfit and the unfitness proximately caused the injury.16 Some jurisdictions additionally require that the risk of injury be reasonably foreseeable.17 Courts are split whether employers have an affirmative duty to conduct background investigations, but it can come down to a comparison between the type of work the employee performs and the reasonableness of the background check.18

Under the related negligent retention doctrine, the employer’s duty to third parties continues even after the employee has been hired. Thus, if an employer learns at some point that an employee is unfit, it can be held liable to a third party if it fails to take action, such as reassignment or termination, and the unfitness proximately causes an injury.19 If the employer had no notice that an employee was unfit, it generally cannot be held liable.20

The rap-back system would provide employers with a no-fuss, little-muss way to monitor the criminal activity of their employees. It will be interesting to see what effect, if any, it will have on negligent retention claims. If an employer has the option to participate in the program, but chooses not to, out of discomfort or respect or for any other reason, will this refusal excuse it in a negligent retention suit? In other words, does an employer have an affirmative duty to check for ongoing criminal activity? A court may look to the type of work the employee performs and the reasonableness of the monitoring, as is often done with negligent hiring cases, but the mere fact that the employee is required to submit to a criminal background check in the first place may indicate that it is the type of work worth monitoring.

One of the many questions the NGI system raises, then, is whether or not the rap-back program will result in a heightened duty for employers to monitor their employees’ brushes with the law. As the FBI continues with the design, development, and deployment of its new technology, other questions are sure to arise.

1 Press Release, Federal Bureau of Investigation, FBI Announces Contract Award for Next Generation Identification System (Feb. 12, 2008). [hereinafter FBI Press Release].
2 Federal Bureau of Investigation, Integrated Automated Fingerprint Identification System or IAFIS: What Is It? (last visited Feb. 13, 2008).
3 FBI Press Release, supra note 1.
4 Id.
5 See, e.g., Ellen Nakashima, FBI Prepares Vast Database of Biometrics, Washington Post, Dec. 22, 2007; Kelli Arena & Carol Cratty, FBI Wants Palm Prints, Eye Scans, Tattoo Mapping, CNN.com, Feb. 4, 2008.
6 FBI Press Release, supra note 1.
7 § 333.16174 (2006).
8 Mich. Comp. Laws § 338.1068 (2002).
9 Mich. Comp. Laws § 431.316 (2005).
10 Nakashima, supra note 5.
11 Department of Justice, Attorney General’s Report on Criminal History Background Checks 3 (2005) [hereinafter DOJ Report]. This report is also noteworthy because it recommends opening up the FBI’s database for use by all private and public employers.
12 Nakashima, supra note 5.
13 DOJ Report, supra note 11, at 14.
14 Under the Privacy Act of 1974, 5 USC 552(a), which protects the use and disclosure of a person’s criminal history, the employer will likely be required to get the employee’s consent. It is also important to note that the rap-back program will be subject to state privacy laws, which can vary widely. See Jennifer Leavitt, Walking a Tightrope: Balancing Competing Public Interests in the Employment of Criminal Offenders, 34 Conn. L. Rev. 1281, 1288-97 (2002) (providing an overview of different statutory approaches).
15 For one employer’s take, see namecritic, Big Brother FBI Database Expanding on Biometrics and Fingerprints, Things That Just Piss Me Off, Dec. 29, 2007.
16 27 Am. Jur. 2d Employment § 392 (1996).
17 Id.
18 See, e.g. Tallahassee Furniture Co. v. Harrison, 583 So. 2d 744, 750 (Fla. Dist. Ct. App. 1991) (“[C]entral to the task of judging the employer's responsibility to investigate an employee's background is consideration of the type of work to be done by the employee.”) (internal quotation marks omitted); Ponticas v. K.M.S. Invs., 331 N.W.2d 907, 913 (Minn. 1983) (finding that the scope of the employer’s investigation into an applicant’s background is “directly related to the severity of risk third parties are subjected to by an incompetent employee” and that “[l]iability of an employer is not to be predicated solely on failure to investigate criminal history of an applicant, but rather, in the totality of the circumstances surrounding the hiring, whether the employer exercised reasonable care.”). See alsoLeavitt, supra note 14, at 1301.
19 27 Am. Jur. 2d Employment § 396 (1996).
20 Id.


Post a Comment

Subscribe to Post Comments [Atom]

<< Home