Last week, reports emerged that Immigration and Customs Enforcement officials have used facial recognition software to mine data from state and national driver’s license databases and target undocumented immigrants. It’s one more example of the brave new digital world society has entered — one in which legislation and legal judgements have yet to catch up to technological advances.
Researchers at Georgetown Law obtained ICE search records that documented agents using facial recognition technology to scan millions of licenses between 2014 to 2017. These records were shared first with The Washington Post, which published the news. While there are conflicting reports as to the role Utah state agencies played in sharing data with ICE officials, what is known is the scenario is a dangerous exploitation of available data by government officials for the sake of law enforcement.
Amid criticisms over the state’s involvement, Marissa Cotes, a spokeswoman for Utah’s Department of Public Safety, made a point of distinguishing the Utah Statewide Information and Analysis Center from the Driver License Division and affirmed, "Federal agencies or agents don't have free roam of our database. They don't have access to it at all. They have to go through us to get information they are searching.”
And Gov. Gary Herbert and Lt. Gov. Spencer Cox expressed their concern and spoke out against the practice while calling for clarity and more stringent protections.
That may be comforting, but it doesn’t address the implications of a largely hidden surveillance infrastructure.
Utah is one of 12 states that offers all its residents, regardless of citizenship, pathways to obtaining a driver's license. As Rep. Mark Wheatley, D-Murray, a leader in the Utah Hispanic Legislative Caucus, noted, no one “registers for a driver's license or state identification card with the belief that this information could be used against them.”
Given the rate of technological development, crafting privacy protection legislation to keep pace feels like a losing battle. But it needs to be done.
Utah in the past has made important strides on this front. Before the landmark Carpenter decision by the Supreme Court that ruled third parties, such as cellphone companies, could not sell or share location-based data from electronic devices without user permission, Utah passed a law protecting location information and electronic communications content, regardless of age, from government access.9 comments on this story
Such laws represent good foresight and ought to continue. For the rest of the country, it would be wrong to play whack-a-mole with something as serious as residents’ privacy and livelihoods. Officials cannot simply respond to breaches as they become known, acting only when sufficient public outcry from whistleblowers prompts a response.
Instead, proactive legislation should consider how the government transacts with citizens and their privacy and what foreseeable protections need shoring up. From accessing information or registering for a driver’s license, Americans are seemingly unable to exist in society — both virtually and materially — without having their privacy continuously monitored and sometimes compromised. That’s not the society we want to live in.