The Washington Post this week published a piece on how the Federal Bureau of Investigation and Immigration and Customs Enforcement are using state DMV databases as mugshot libraries for facial-recognition software. Access to your driver's license photo isn't the problem necessarily, it's the lack of knowledge and consent on the part of the populace, and the lax controls — or no controls — governing the exchanges between the government agencies and state DMV bureaus. The Government Accountability Office (GAO) said the FBI has conducted more than 390,000 facial-recognition searches of national and state databases since 2011, those databases containing more than 641 million photos.
In Utah alone, the state DMV answered nearly 2,000 requests for facial-recognition searches from law-enforcement bodies between 2015 and 2017, almost 1,000 of those requests from the FBI. A Utah government agency has even distributed pointers on how to take photos that would work better with the face ID software. The searches don't reveal license-holder names or details, but the FBI hasn't explained its methods for making requests nor how it uses the information. The agency would only point to the words of FBI Deputy Assistant Director Kimberly Del Greco, who said during congressional testimony that the agency needed the tech "to preserve our nation’s freedoms, ensure our liberties are protected, and preserve our security."
While 21 states have agreements to allow law-enforcement agencies access to local databases, the condition is generally that any search needs to be "relevant to a criminal investigation." Yet many politicians and privacy advocates find it troubling that drivers who haven't committed a crime are being run through unproven technology in the hunt for criminals, criminal associates, witnesses, bystanders, and body identification. And the requests aren't solely focused on major criminal acts; Facial scans have been run to find those suspected of cashing stolen checks and "brazenly stealing."
One Democratic politician told WaPo, "Law enforcement's access of state databases ... is often done in the shadows with no consent." A Republican member of Congress said during a hearing that driver's license applicants "didn't sign any waiver saying, 'Oh, it's OK to turn my information, my photo, over to the FBI.' No elected officials voted for that to happen."
That's not exactly true. In the small print that no one reads, states explain how they use your license information. In California, a line on the DMV website says "the federal Driver’s Privacy Protection Act (DPPA) requires all States to protect the privacy of personal information contained in a person’s motor vehicle record." But after that, the same page makes numerous references to the circumstances in which the DMV will provide access to some or all of a resident's information to "any law enforcement or other governmental agency."
Some states and cities, such as Vermont and San Francisco, forbid their local authorities from running facial-recognition scans. But the technology can't be put back in the bottle, and the accessible databases still contain around twice the population of the United States. An ICE spokesperson told WaPo the agency's "investigative techniques are generally considered law-enforcement sensitive." But an attorney with the Project on Government Oversight said, "The FBI alone does 4,000 searches every month, and a lot of them go through state DMVs," and the process has turned into a "surveillance-first, ask-permission-later system." Check out the full article at the Washington Post.