FBI, ICE Plunder DMV Driver Database For Facial Recognition Scans

New North Korea-linked malware strain puts FBI and DHS under alert Electricfish malware is used to forge covert pathways out of infected Windows PCs.

The Federal Bureau of Investigation (FBI) and Immigration and Customs Enforcement (ICE) are exploiting state DMV records for facial recognition data without the knowledge or permission of drivers. 

Georgetown Law researchers, together with the Washington Post, have obtained facial recognition requests, documents, and emails which have revealed a project that uses vehicle ownership and driver license databases for surveillance purposes.

According to the publication, millions of US citizens have had their faces and photos scanned, creating a "gold mine" for the FBI and ICE's facial recognition pursuits. 

No state or Congress decision has authorized the creation of a facial recognition system based on information harvested from state driving databases and license holders have not been asked to sign any form of waiver permitting such searches. 

The FBI conducts 4,000 facial recognition searches per month alone, and when "low-level" crimes are reported, DMV scans can be used to track down suspects in cases of criminal activity including petty theft.  

The Post says that a request to search a DMV database can be as informal as sending an email to a DMV contact. In total, 21 states permit the FBI to scan driver license photos. 

See also: San Francisco bans police from using facial recognition tech on residents

When it comes to ICE and the search for undocumented immigrants, the agency runs DMV searches in over a dozen states where these individuals are allowed permits as long as they pass in-state residency requirements and proficiency tests. As a result, information submitted by the undocumented and presumed safe in the hands of DMV can be turned against them.

Washington state is an exception to searches, as local officials require a court order before law enforcement agencies are allowed to submit facial recognition data requests. 

Project on Government Oversight counsel Jake Laperruque told the publication that the system could be considered "surveillance-first, ask-permission-later." 

CNET: You can finally delete (most of) your Amazon Echo transcripts. Here's how

When there appears to be a lack of consent, individual permission, waivers, and regulatory oversight in FBI and ICE facial recognition requests, casual plundering of state databases designed for other purposes are sending the US down a slippery slope in how facial recognition technology is applied. 

Consent is key for facial recognition applications, and without it, there is a serious breach of trust in a time where consumers are becoming protective of their privacy. It seems that lessons have not been learned, even considering the fallout and global outcry caused by whistleblower Edward Snowden's revelations concerning the US National Security Agency's mass surveillance and data collection. 

TechRepublic: DevOps will fail unless security and developer teams communicate better

ICE declined to comment on the situation given the "sensitive" nature of investigations, whereas the FBI pointed towards comments made last month by Deputy Assistant Director Kimberly Del Greco, who said facial recognition technology is necessary to "preserve our nation's freedoms, ensure our liberties are protected, and preserve our security."

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0