FCRA Compliance - Biometrica Systems, Inc.

Is Biometrica a CRA?

No, Biometrica is not a CRA. Biometrica is a data provider, more specifically, of real-time data-as-a-service (DaaS). Why are we not a consumer reporting agency? Because while our automated systems and algorithms provide what’s called “pointer data” to authorized clients with a subscription license in real-time (our data is updated from every jurisdiction every hour), for privacy reasons, Biometrica’s staff or contractors do not have any insight into or access to consumer data, i.e., the data of individual consumers being background checked by any organization, including their names or images.

Because of this, Biometrica staff and contractors also have no ability to conduct a background check or search on any individual consumer on behalf of a client, make a determination of a match (or not) to any criminal record, or make a recommendation on pre-adverse or adverse action. We provide that ability to our clients, once they are authorized and receive license keys.

We do provide information on FCRA compliance because it is important to our users, and because some of our users are CRAs. In the case of employee checks, we do not provide license keys until the employer signs an Employer Certification Agreement for FCRA Compliance, certifying they have complied with FCRA requirements. The Agreement details employee (this includes contractor, provider or volunteer) rights under the FCRA and requirements adhered to in order for employees to be background checked.

With privacy as a foundational philosophy, we do not access any biometric templates generated during a search and allow clients to set up their systems to delete and purge biometric templates based on their requirements. If storage is mandated by law, the biometric template is stored in a black box environment and Biometrica staffers have no access to that stored data. Every event in the system has an immutable audit trail, to ensure accountability.

What does eMotive stand for?

Employee Monitoring & Tracking Informational Virtual Ecosystem
What exactly does that mean?
‍– Employee related or employee specific
– Monitoring and tracking for arrests and notification of the same when it crops up on the system
– Informational; we are neither suggesting nor defining what employers should do with this information, all we’re doing is providing information that may relate to their human assets.
– Virtual is self-explanatory but it conveys that it can be accessed anytime, anywhere and is platform agnostic.
– Ecosystem, self-explanatory again, but because it is a community of interconnected elements, in this case, a system that has human and non-human (machine/algorithm/software) elements interacting with each other and inter-dependent within the system.
‍
What is UMbRA?
‍UMbRA is a new product Biometrica released at the Missing & Unidentified Persons Conference in Atlanta on Sept. 20, 2017. It is a product built specifically for law enforcement of all stripes, intelligence agencies, private investigators, process servers, and other private sector security and surveillance professionals. We believe UMbRA will eventually have more than 100 million people in its database. That number currently stands at just over twenty-one million records.

Why do we believe we will eventually have access to 100 million people in our database?
‍We are in the process of going county by county in the US, and ingesting law enforcement data on arrests, convictions and wanted lists. We are beginning this process with arrest data entered by law enforcement personnel. We believe this number to have been the reasonable theoretical maximum in the US based off of the Department of Justice April 2014 Special Report (based on 2012 data).

A few statistics from this report:
– 1 out of 3 Americans will be arrested within their lifetime (110 million Americans)
— 40% of that 110 million will be arrested an additional 4 times before they die (44 million)
— 20% of that 110 million Americans will be arrested at least an additional 10+ more times.
– When you factor in data from a similar US DOJ 2018 report, Survey of State Criminal History Information Systems, 2016, that number is actually higher. Fifty states, Guam and Puerto Rico report the total number of persons in the criminal history files to be 110,235,200 of which 105,927,700 (an individual offender may have a file in more than one state). However, irrespective of the dispensation of the case, the arrest remains a matter of fact and record, unless it is expunged and that is updated by the law enforcement body concerned as all our data is taken directly from law enforcement and is not manipulated in any form to maintain data integrity. Please see detailed notes below on this.
‍
Our goal is to build the largest repository of 100% law enforcement-verified data and provide fast and accurate search tools that would allow you to run searches on any individual in near-operational real time. While we are starting with arrest records, we will also be including city, county, state, tribal and federal sex offender lists, wanted lists and other law enforcement lists from around the world. These include INTERPOL and EUROPOL.
‍
Where did UMbRA come from?
‍We conceptualized UMbRA after speaking to various law enforcement professionals and realizing that one of the major problems they had was the lack of easy access to multi- jurisdictional data on criminals in real time, or on the go. Crime and criminals travel but access to information on criminals doesn’t travel as easily. UMbRA is designed to provide this access in about 30 seconds or so, including on mobile devices. You have all the information in one place.
‍
How long does a search take?
‍Between 10 to 60 seconds typically, depending on whether you’re doing a text or facial recognition (you’ve uploaded a photo for a match) search. Because it is available on mobile devices, while it allows a security professional to protect people from any perceived threat on the go, it also allows a security professional or law enforcement officer to run a check on someone and know, within 30 seconds or so, that they do not have a criminal record in our database.
‍
What does “UMbRA” stand for?
‍UMbRA stands for Unique Mission to Build Records and Arrests and it is a search engine connected to a 100% law-enforcement-sourced and verified database of people that have been arrested, convicted of a crime, or are wanted by law enforcement in connection with one. We’ve begun by building an arrest database but as someone goes through the system, it will eventually update the status of cases, when law enforcement bodies update those statuses. It will also include other lists later, including sex offender registries.
‍
Importantly, this database is also integrated with the same facial recognition system currently used by the US Department of Defense. We are currently one of the only private companies that is licensed to use this system for private use and distribution.
‍
You said this is 100% law enforcement-sourced. Do you touch or change the data in any way?
No, we do not, except for collecting and amalgamating the data at the back end. As all of the data is sourced 100% from law enforcement public record, we don’t touch it in any way, in order to not compromise data integrity, which is why you’ll see some inconsistencies in how the data is entered from state to state or even county to county.
‍
What does that mean — in terms of inconsistencies?
‍That means we don’t correct inputting errors either. For instance, we found a record recently of a man arrested by the Maricopa Co. Sheriff’s Office in Arizona on Oct 26. His details included his being entered as having “blue” hair. We didn’t change that, as that is what was entered by law enforcement and we don’t ever want to manipulate that data.
‍
That is one of the reasons we allow unlimited searches, and we don’t charge by the search, because that allows you to try different options on spelling, details etc. You can search for “W” instead of “White” or “Caucasian,” or “Blk” instead of “Black” to find all possible results, depending on how the data is entered. You can check for different spellings of a name or try combinations.
‍
What does merge data at the back end mean and why is it relevant?
‍We have an example in one of our demos of someone who’s had 37 arrests across five or six Kentucky counties, dating back to 1995. We’ve merged that data at the back end, so an investigator looking at it can quickly see all his arrests in the database and multi-jurisdictional data in one place very quickly — it saves an immense amount of time and it establishes a pattern.
‍
How does UMbRA work?
‍Any subscriber with access (and do remember that this access is controlled — this is not a public database, you have to have a login and password provided by us and we have IP addresses, actual addresses and credit card information) can run unlimited searches, and it’s as simple as running a Google search, by typing in a name or by uploading a face against a multi-jurisdictional database that gives you results in about 10-60 seconds. You can search for arrest history across jurisdictions, you can search by name, you can upload any photograph and do a Facial Recognition search — we’ve found people by uploading their Facebook public profile photograph and running it against the system.
‍
What is the error rate on UMbRA’s FR, given a good scan of the face?
It’s the same Facial Recognition used by the US Department of Defense. It would probably help you to see the YouTube demo link here https://www.youtube.com/watch?v=yLq- c3o8I3k&feature=youtu.beto see how Facial Recognition actually works.

How do biometrics and FR work?
‍All biometrics, including and not limited to facial recognition, DNA and fingerprint scans, are based on a graduated scale of confidence and are a mix of human and machine intelligence. The more points of similarity, the more confident you become, that is, the higher the score, the higher the confidence.
‍
When it comes to matching two faces, the accuracy of facial recognition depends on several things: The age of the subject in the photo, the angle, the lighting, etc. Then you look at the size of the database you’re comparing your photo against: Is it a 1:1 comparison or a 1:1,000,000 or 1:N?
If you are doing a 1:1 match, say a picture of the person standing in front of you and his driver’s license, or the photo inside the chip in his passport, this kind of match recognition and confidence rating will be fairly high: over 90% depending on the time between the initial photo and the current one. If you are doing a 1:Many or 1:N search, the accuracy rate drops but is still a key factor in improving your match ability. This also depends on how many photos of an individual the gallery or database has and over what time period.
‍
Computers look at faces differently from humans. They look at points in a facial template; we look at the whole. If in the case of a sex offender, the system has a photo of an individual every year (for the worst sex offenders this is a requirement of Megan’s Law) and the system is presented with a photo or video of a person on that list, it is likely the person would be found within the first 10 results. You’re still going to need the human looking at the matches presented by the algorithm to give you the best option. But our system runs a search against millions in the UMbRA database in mere seconds. A human cannot do that.
‍
Do have a look at this piece please, when you have the time, it would give you more information on Biometrics. https://www.biometrica.com/biometrics-the-whats-the-whens-the-hows-and-the- whodunnits/

‍What is the connection between UMbRA and eMotive and why are we talking about UMbRA when we have an eMotive release coming up?
‍We’ve been beta-testing our new product, called eMotive, which will, to put it simply, allow you, as an organization, to create your own private database, of your employees or staffers, which will sit “below” UMbRA. You will, with permission from your employees, upload their images and relevant demographic information to that private database (this private database is visible to no one but your organization’s HR or specific authorized personnel), and our algorithms will then run continuous comparisons against the larger UMbRA database in the background.
‍
To what purpose?
‍To let your HR person know, in real time, when someone that the algorithm thinks is a possible match to your employee, based on several demographic parameters, is arrested anywhere in the United States.
‍
Again, what does eMotive do?
‍It is a product that provides an organization with the ability to enter all its employees into a database, and be notified in near real-time, through an encrypted alert (to its HR department) when one of its employees has potentially been arrested.
‍
This would allow any company that has a requirement to do an annual background check (typically costing between $50-$250 or more per employee) to cut costs, improve notification systems, share information to protect their human and other assets. eMotive would allow continuous monitoring, which would be a dramatic improvement over a single annual background check.
‍
Got it, but I’m still a bit confused. Could you elaborate on the continuous monitoring aspect and the product itself?
‍This is a new product and is specifically focused on continuous monitoring.
‍
– It would work by you uploading a list of your employees (or any other list of people) into a completely separate silo that sits beneath UMbRA’s arrest database.
– Because that siloed data contains personal information, it would not be accessible to other UMbRA users, and even within your organization it would only be available to authorized personnel from the organization. We have security in place to ensure that only you/your authorized personnel have access to the data in your silo.
– How it would work is that there would be comparisons run against UMbRA on a constant basis. UMbRA data is updated between every hour to 24 hours, depending on a jurisdiction or more specifically, when law enforcement within that jurisdiction updates its data and how often it makes that updated data available.
– So if someone called John Smith is arrested and you have a John Smith on your list, eMotive at the backend would automatically run a search against several parameters to see if the John Smith arrested is a possible match to the John Smith on your record. Age, other demographic characteristics, Facial Recognition etc. would be matched. If all of those are a potential match in the check against UMbRA, the eMotive system would send your authorized personnel an encrypted alert, asking you to log into eMotive because you have a notification. Once your HR person logs into the system and is authenticated, it is then up to that HR person to look at the information and make a final determination as to whether there is a match.

How many records do you currently have?
‍As of May of 2023, we have more than twenty-one million arrest records from more than 248 U.S. jurisdictions in UMbRA, but that number is constantly changing as we add more counties. Data is updated every hour to 24 hours wherever possible, so it’s pretty current once a county has come into our intake pipeline, allowing us to follow someone as they go through the system, depending on when the law enforcement body concerned updates their records.
‍
What happens if someone is arrested and not convicted?
‍Unlike court processing, our data does not become inaccurate because of future events. You were arrested, that is a matter of fact. The fact of your having once been arrested doesn’t change. It is a matter of record.
‍
‍1. Your arrest record and your prosecution record effectively live in two separate baskets. So you might be booked, released, charges dropped, found not guilty, whatever, but that arrest is a matter of record until the prosecutorial body updates the law enforcement agency with the status, and the law enforcement agency, in turn, takes the trouble to update its own record to reflect that status.

‍2. It’s time-consuming and complicated, even in cases that were dismissed, for a record to be sealed or expunged or annulled or have what’s called “records restricted” (Georgia), a “Declaration of Factual Innocence” (California), such that an individual can lawfully deny the arrest — it depends on the state, the type of offense (violent offenders and sexual offenders are generally excluded), the outcome of the case, the age of the defendant, and procedures vary very widely. For more, take a look at this excellent site, The Restoration of Rights Project.
‍
From our perspective, if the law enforcement body updates it, we could. If someone let’s us know, we could. We already have a system in place for consumer rights.
‍
Who makes the determination on whether Employee A is a match to Arrested Mr. A?
‍It is always the employee authorized by the company. All we do is offer information based on law enforcement data. Please note, despite what I wrote in the email to you last week, about the options, after further discussion with the tech team, I realized it has to be Option A. We cannot directly inform the individual concerned because the determination on whether it is the individual concerned or not is not made by us under any circumstance. It is made always by the employer (HR) after that HR person or administrator, once notified as having an alert, has signed into eMotive, clicked on the alert and made a determination on whether it is Individual A or not.
‍
However, we would always keep what I mentioned as Option B as part of the on-boarding process of eMotive in the handbook, over and above what is included in the certification from employer/employees:— Have a virtual demo of eMotive, showing what happens with a possible arrest. Say it only happens with a possible arrest.– Include it in the employee handbook– Show that in the case of an HR person making a final determination of a match, Individual A should receive a notification saying there is a public record that someone with your likeness may have been arrested, you may want to check if this is you. (Note: Despite systemic inconsistencies, it’s unlikely that a wrong person will get a notification: You’re going to have to get a number of things exactly the same and that will be unusual). A false positive is rare.
‍
This is how it would actually work
Step 1
HR Person receives an alert notification in the email asking them to check eMotive (The link has an embedded tracking no. & is a uniquely targeted notification.

The email contains this language (see below).
‍Note: As the authorized person for your employer, you have received this report on a match candidate based on several algorithmically generated demographic parameters. These have been based on comparisons run between individuals in the data set you have entered into the system with their permission, and real time law enforcement-sourced arrest data. However, the final determination of a possible match is your decision. If you determine that the individual is a match and you take action with respect to this individual based on this determination, the individual has a right to be informed of this determination and this record should be made available to them. Please refer to the statement of individual rights for more information.

‍Step 2
‍HR person clicks on the link. Taken to the eMotive login page. He/she still has to log in as it an encrypted and authenticated portal.
‍

‍
‍

‍Step 3
‍If the login information is authenticated, this screen appears directly (based on that unique link you had clicked in the email), essentially the notification report. Please look at the three screenshots below: They display the uploaded photograph (in the employee’s case it’s a black & white picture) of the employee in question v. an actual law enforcement-sourced arrest record. Do note that at each stage — the email, the notification page (under notification detail) when you see the employee photo, the side-by-side comparison page, and then at the end (screenshot 4), you are reminded of your obligations in language that is very clear and unambiguous.
‍

[Language used here – above ]
‍As the authorized person for your employer, you have received this report on a match candidate based on several algorithmically generated demographic parameters. These have been based on comparisons run between individuals in the data set you have entered into the system with their permission, and real time law enforcement-sourced arrest data. However, the final determination of a possible match is your decision. If you determine that the individual is a match, and you take action with respect to this individual based on this determination, the individual has a right to be informed of this determination and this record should be made available to them. Please refer to the statement of individual rights for more information.
‍

(Above: Criminal record from UMbRA; someone with access to eMotive can click on this record and access UMbRA to look at it. They will be able to look at current arrest data on the same page but will not be able to see historic arrest data for that individual or run a text or FR search).
‍

Above: The Side by side comparison between the employee (in black and white) and the arrested individual algorithmically generated as a possible match.
‍

[Language at the bottom of the report]
‍These are law enforcement-sourced records in our system that are each a potential match to an individual in your database, pending a final determination by you. These notifications should be used for informational purposes only. You should follow up with the law enforcement body or court in that jurisdiction for further details. If you determine that the individual is a match, and you take action with respect to this individual based on this determination, the individual has a right to be informed of this determination and this record should be made available to them. Please refer to the statement of individual rights for more information.
‍

‍
‍

Do note that they are tracked at every stage: every email, when they log in with their unique credentials, etc., so it can all be fully audited. They have to acknowledge notifications and view them.
[Note: If you look at either screen shot under “Notification Detail” you have the Print Notification option, which allows the HR admin to print this notification and hand it over to the individual concerned once a determination is made that there is a match. It is that simple. We are in the process of building a template that would allow them to print the data of the record too, in addition to printing the notification itself, which, we believe, would go above and beyond our own FCRA compliance requirements under FCRA when it comes to material sourced from public record — even though we do NOT make the final determination as to whether an individual arrested is the employee the algorithm believes is a potential match. The HR or security administrator appointed by the organization makes that final determination].

In addition, to reiterate what I’d mentioned above about the eMotive-UMbRA relationship
1. If you have an eMotive log in, and you don’t have an UMbRA log in, that is you’re not paying for UMbRA, you can view UMbRA stuff, because you have to be able to view the reports and at the moment, we can’t segregate permissions to be able to stop you scrolling and viewing other most recent UMbRA entries, but you cannot perform ad hoc UMbRA text or FR searches of any kind. You can only view.
2. If you have an UMbRA log in, you have access to eMotive, in the sense, you can log into eMotive.biometrica.com, but all you’ll get is a restricted permissions page. You do NOT have any access to eMotive data. You are unauthorized.
3. As we can segregate permissions based on properties in eMotive, and as eMotive databases are bound to properties, any eMotive employer can only see an eMotive set of data that is tied to their database and would be restricted if they tried to access any other property’s eMotive data.
4. eMotive.biometrica.com is not a separate website, but it would sit “below” UMbRA in a separate silo, with each employer sitting in a separate property with restricted permissions, requiring unique and authenticated credentials to gain access, with every step being logged, digitally tracked, allowing for a legally viable audit trail.
‍
Just a quick look at what the eMotive enrollment database would look like.

‍