Whenever you upload a photo of yourself or your friends to Facebook, the social network uses a facial-recognition algorithm to identify who's in the picture — and then suggests that you tag them. This might strike some as a little creepy, but at least it's relatively transparent.

The same may not be true of a massive facial-recognition setup used by the FBI, which not only combs through pictures of criminals but also allows law enforcement to search the faces of millions of other law-abiding citizens without their knowledge. And now a top federal watchdog says the program risks putting countless Americans under needless suspicion because of the system's lack of safeguards.

The FBI has access to more than 410 million photographs of people's faces. In addition to its own database, known as NGI-IPS, the agency can query the State Department for passport photos, the Defense Department and as many as 16 state governments for driver's license photos. And it's negotiating with 18 other states for access to their facial-recognition records, according to the report from the Government Accountability Office.

Since 2011, law enforcement officials have run tens of thousands of searches on the state driver's license databases alone, in an effort to hunt down suspects. But the FBI hasn't done enough testing to ensure that the system works appropriately, the GAO said.

In its 10-page reply to the GAO, the FBI said it "fully recognizes that the automated nature of face recognition technology and the sheer number of photos now available for searching raise important privacy and civil liberties considerations."

It added: "For that reason, the FBI has made privacy and civil liberties integral to every decision … regarding its use of face recognition technology."

Both the FBI and the Justice Department declined to comment further.

In general, feeding a suspect's face into NGI-IPS is supposed to return a match. That's the whole point of the technology. But it turns out that agents can ask the system to return a batch of possible matches to a given photo, which lets them better compare results. You can set the batch size to be as large as 50, or as low as two. The problem is that while batches of, say, 50 possibilities may often contain a match, or what the system thinks is a match, the FBI has no idea how often the search function produces false positives. So the database may wind up matching the suspect's photo with a completely different person. Detection problems may get even worse when the batch sizes are smaller, but the FBI has not done testing to disprove that either, the report said.

The accuracy and testing issues extend to the non-FBI databases that law enforcement officers rely on, such as those from state governments.

"The FBI has entered into agreements to search and access external databases," the report reads, "including millions of U.S. citizens’ drivers’ license and passport photos — but until FBI officials can assure themselves that the data they receive from external partners are reasonably accurate and reliable, it is unclear whether such agreements are beneficial to the FBI and do not unnecessarily include photos of innocent people as investigative leads."

Civil liberties advocates say they are alarmed by the news.

"When people go to the DMV to take their driver’s license photos, they don’t expect that their faces will be scanned and searched tens of thousands of times by the FBI," said Alvaro Bedoya, executive director of Georgetown University's Center on Privacy and Technology. "They don’t expect that their faces will become part of a permanent, digital line-up. What the FBI is doing may be legal, but it isn’t right."