State and federal lawmakers are calling for new rules and investigations surrounding the use of facial-recognition scans of driver’s license databases by Immigration and Customs Enforcement and other agencies, fueling a debate over the technology some on Capitol Hill have said represents a “massive breach of privacy and trust.”
Public records obtained by Georgetown Law’s Center on Privacy and Technology and first reported Sunday by The Washington Post revealed how ICE, the FBI and other agencies had worked for years with state officials to search through millions of license photos without drivers’ knowledge or consent.
The House Homeland Security Committee is expected to discuss possible guardrails on Wednesday during the third congressional hearing in as many months over the largely unregulated technology, which has faced bipartisan resistance due to concerns over false arrests, public surveillance and government misuse.
In a sign of further scrutiny to come, the House Judiciary Committee has asked ICE for a briefing on its use of state license databases and plans to ask the same of the FBI, a spokeswoman for the panel, which oversees law enforcement, said Tuesday.
The documents underscore “the urgent need for substantive federal safeguards on the use of facial recognition technology by law enforcement agencies,” Rep. Jimmy Gomez (D-Calif.) said in a statement to The Post. “With concern over the use of this technology striking chords with both House Democrats and Republicans, I think it’s safe to assume you’ll be seeing action on the issue in the near future.”
Officials from U.S. Customs and Border Protection, the Transportation Security Administration and the Secret Service, all of which use facial-recognition software, and the National Institute of Standards and Technology, which assesses facial-recognition algorithms, are expected to attend the Wednesday hearing. ICE and FBI officials are not.
Twenty-one states and the District of Columbia allow federal investigators to scan driver’s license photos, and the FBI has access to more than 641 million face photos across local, state and federal databases, including those containing Americans’ driver’s license photos, Government Accountability Office records show.
It’s unclear how many facial-recognition scans have been performed nationwide. But the records reveal investigators’ growing reliance on the databases for finding the identities of possible criminal suspects or other people of interest, including more than 1,000 facial searches from outside law enforcement agencies between 2015 and 2017 in Utah alone.
Revelations about the scale of federally requested face scans have sparked anger in Congress, with Rep. Zoe Lofgren (D-Calif.) saying in a statement to The Post that the facial-recognition searches marked “a massive, unwarranted intrusion into the privacy rights of Americans by the federal government, done secretly and without authorization by law.”
“Americans don’t expect — and certainly don’t consent — to be surveilled just because they get a license or ID card,” Sen. Patrick J. Leahy (D-Vt.) said in a tweet Monday. “This has to stop.”
But some in the law enforcement and tech communities have defended facial-recognition technology as too important a tool for investigators to ignore. Rep. Mike D. Rogers (Ala.), the top Republican on the Homeland Security committee, said in a statement to The Post that Department of Motor Vehicles photos should remain available to law enforcement and “should be used in our fight against terrorists, criminals and violent international cartels.”
Congress, Rogers added, “should focus on making sure [the Department of Homeland Security] and other departments are using the most accurate and effective facial recognition technology available.”
A coalition of more than 30 civil rights and tech advocacy groups, led by the Electronic Privacy Information Center, wrote a letter to the Homeland Security Committee on Tuesday calling for DHS to suspend the use of facial-recognition technology on the public, saying it “poses a unique threat to constitutional rights” and is an “especially dangerous technology in need of strict limits on its use.”
The group also cited the recent cyberattack and breach of a Customs and Border Protection contractor as an example of the privacy and security risks from “face recognition programs that collect massive amounts of sensitive data.” Information from that hack was made freely available on the Internet and included images of travelers’ faces and license plates, sensitive internal documents and detailed schematics for surveillance systems used along the U.S. border, The Post first revealed last month.
Officials in Utah and other states argued that they don’t provide full or direct database access to law enforcement. Washington state said it limits facial-recognition access to “very few specially trained” staff members who don’t release records to law enforcement without a court order or subpoena.
But investigators can provide photos in connection with specific criminal cases to state officials, who will then search the databases for them and respond with the results, the records show.
The searches have sparked debates in statehouses across the country, including in Utah, where House Democrats are calling for an investigation and possible hearings into the facial-recognition scans.
Gov. Gary R. Herbert (R) said in a statement that he “is committed to ensuring that Utah’s facial recognition system will only be used for law enforcement purposes and never against law-abiding Utahns.”
Tony Romm and Cat Zakrzewski contributed to this report.