FBI and ICE use DMV photos as ‘gold mine’ for facial recognition data
Cities and companies might be turning away from facial recognition, but federal agents are embracing it — whether or not the public is fully aware of what’s happening. Georgetown Law researchers and the Washington Post have discovered that FBI and ICE investigators have been using state DMVs as a “gold mine” for facial recognition data, scanning hundreds of millions of photos to create an unofficial surveillance infrastructure. Officers routinely use the info to help track down suspects in “low-level” crimes like petty theft, and they use it frequently — the FBI by itself conducts 4,000 facial recognition searches per month.
A total of 21 states allow the practice, including Pennsylvania and Texas. They frequently have rules for requests (such as the need to link them to active investigations), but they don’t always have strict requirements. Washington state is a notable standout with its requirement for court orders.
As a result, there isn’t much consent or accountability for these searches. It’s not clear who’s being targeted or how many searches lead to false hits, let alone that agents are using facial data responsibly. Some searches have been conducted using little more than email to a state contact, for that matter. These lapses create serious concerns for the privacy-conscious. Georgetown’s Clare Garvie called it a particularl “insane breach of trust” for undocumented immigrants in states where they’re allowed to drive, as these people are being encouraged to submit info that could promptly be used against them.
ICE wouldn’t discuss how it used facial recognition. The FBI, however, pointed to testimony from Deputy Assistant Director Kimberly Del Greco in June. She defended the technology, claiming that it helped “preserve” both freedoms and security. However, that’s not necessarily true. False positives and abuses of power could lead to arrests of innocent people. And without a legal framework that ensures consistent and transparent data requests, there’s no strong way to prevent misuses going forward.
(27)