Danielle Citron writes:
The new $1 billion Next Generation Identification (NGI) system is now in its roll out phase. NGI–a joint project of federal, state, and local law enforcement and other agencies — is a nationwide network of databases containing images of the body’s characteristics, such as fingerprints, iris, retina, voice, and face.
Several privacy concerns are clear. NGI may be capable of searching systems that do not, and need not, comply with the Privacy Act (which includes data minimization requirements, such as purpose limits), or 28 C.F.R. pt. 23 (which requires reasonable suspicion that a person committed a crime before collecting information–a regulation passed post-COINTELPRO). NGI could access privately-generated biometric databases (e.g., from private security cameras feeds from stores to large commercial biometric providers) to find matches, even though those private systems lack the procedural protections of federal law. So, too, NGI could (and surely will) access federal/state/local cooperatives known as fusion centers.
Read more on Concurring Opinions.