State photo-ID databases become troves for police
The Washington Post
by Craig Timberg
by Ellen Nakashima
June 16, 2013
The Pinellas County Sheriff’s Office in Florida has built one of the country’s most advanced facial-recognition programs. (Edward Linsmier/For The Washington Post)
The faces of more than 120 million people are in searchable photo databases that state officials assembled to prevent driver’s-license fraud but that increasingly are used by police to identify suspects, accomplices and even innocent bystanders in a wide range of criminal investigations.
The facial databases have grown rapidly in recent years and generally operate with few legal safeguards beyond the requirement that searches are conducted for “law enforcement purposes.” Amid rising concern about the National Security Agency’s high-tech surveillance aimed at foreigners, it is these state-level facial-recognition programs that more typically involve American citizens.
The most widely used systems were honed on the battlefields of Afghanistan and Iraq as soldiers sought to identify insurgents. The increasingly widespread deployment of the technology in the United States has helped police find murderers, bank robbers and drug dealers, many of whom leave behind images on surveillance videos or social-media sites that can be compared against official photo databases.
But law enforcement use of such facial searches is blurring the traditional boundaries between criminal and non-criminal databases, putting images of people never arrested in what amount to perpetual digital lineups. The most advanced systems allow police to run searches from laptop computers in their patrol cars and offer access to the FBI and other federal authorities.
Such open access has caused a backlash in some of the few states where there has been a public debate. As the databases grow larger and increasingly connected across jurisdictional boundaries, critics warn that authorities are developing what amounts to a national identification system — based on the distinct geography of each human face.
“Where is government going to go with that years from now?” said Louisiana state Rep. Brett Geymann, a conservative Republican who has fought the creation of such systems there. “Here your driver’s license essentially becomes a national ID card.”
Facial-recognition technology is part of a new generation of biometric tools that once were the stuff of science fiction but are increasingly used by authorities around the nation and the world. Though not yet as reliable as fingerprints, these technologies can help determine identity through individual variations in irises, skin textures, vein patterns, palm prints and a person’s gait while walking.
The Supreme Court’s approval this month of DNA collection during arrests coincides with rising use of that technology as well, with suspects in some cases submitting to tests that put their genetic details in official databases, even if they are never convicted of a crime.
Facial-recognition systems are more pervasive and can be deployed remotely, without subjects knowing that their faces have been captured. Today’s driver’s-
license databases, which also include millions of images of people who get non-driver ID cards to open bank accounts or board airplanes, typically were made available for police searches with little public notice.
Where police can search driver’s license photos
Have facial-recognition systems, let police search or request searches. 26 states
Have facial-recognition systems, generally do not allow law enforcement searches. 11 states and D.C.
Do not have facial-recognition systems for driver’s license photos. 13 states
SOURCE: State drivers’ license registries. The Washington Post
Thirty-seven states now use facial-recognition technology in their driver’s-license registries, a Washington Post review found. At least 26 of those allow state, local or federal law enforcement agencies to search — or request searches — of photo databases in an attempt to learn the identities of people considered relevant to investigations.
“This is a tool to benefit law enforcement, not to violate your privacy rights,” said Scott McCallum, head of the facial-recognition unit in Pinellas County, Fla., which has built one of the nation’s most advanced systems.
The technology produces investigative leads, not definitive identifications. But research efforts are focused on pushing the software to the point where it can reliably produce the names of people in the time it takes them to walk by a video camera. This already works in controlled, well-lit settings when the database of potential matches is relatively small. Most experts expect those limitations to be surmounted over the next few years.
That prospect has sparked fears that the databases authorities are building could someday be used for monitoring political rallies, sporting events or even busy downtown areas. Whatever the security benefits — especially at a time when terrorism remains a serious threat — the mass accumulation of location data on individuals could chill free speech or the right to assemble, civil libertarians say.
“As a society, do we want to have total surveillance? Do we want to give the government the ability to identify individuals wherever they are . . . without any immediate probable cause?” asked Laura Donohue, a Georgetown University law professor who has studied government facial databases. “A police state is exactly what this turns into if everybody who drives has to lodge their information with the police.”
A facial ‘template’
Facial-recognition systems analyze a person’s features — such as the shape of eyes, the curl of earlobes, the width of noses — to produce a digital “template” that can be quickly compared with other faces in a database.
The images must be reasonably clear, though newer software allows technicians to sharpen blurry images, bolster faint lighting or make a three-dimensional model of a face that can be rotated to ease comparisons against pictures taken from odd angles.
For the state officials issuing driver’s licenses, the technology has been effective at detecting fraud. As millions of images are compared, the software typically reveals the identities of hundreds or thousands of people who may have more than one driver’s license.
When searches are made for criminal investigations, typically a photo called a “probe” is compared against existing images in a database. The analytical software returns a selection of potential matches, though their accuracy can vary dramatically. A probe image of a middle-aged white man, for example, could produce a possible match with a 20-something African American woman with similarly shaped eyes and lips. Many systems include filters that allow searchers to specify race, sex and a range of possible ages for a suspect.
“It’s a fine line where you need to protect the rights of the citizens, but you also are protecting the right of citizens when you ferret out crime,” said Anthony J. Silva, administrator of Rhode Island’s Division of Motor Vehicles and a former town police chief.
Establishing identity, Silva said, is essential to effective police work: “I can’t tell you how many times I was handed fraudulent documents. And when you are on the street at 3 a.m., who do you call?”
Pennsylvania’s Justice Network, which has allowed police anywhere in the state to compare a facial image with mug-shot databases, has become a key investigative tool, officials said, and last month it added access to 34 million driver’s-license photos. (Some residents have several images, taken over years.)
A detective in Carlisle, Pa., attempting to learn the real name of a suspect known on the street as “Buddha the Shoota” compared a Facebook page picturing the man with the mug-shot database and got a promising lead.
“Facebook is a great source for us,” said Detective Daniel Freedman, who can do facial searches from his department-issued smartphone. “He was surprised when we walked in and said, ‘How you doin’, Buddha?’ ”
He said the suspect responded, “How you know that?” — to which Freedman replied simply, “We’re the police.”
Safeguards and trends
There typically is little concern when facial-recognition systems relying on criminal databases help identify suspects in narrowly targeted investigations. But searches against images of citizens from driver’s licenses or passports, as opposed to mug shots of prisoners, raise more complex legal questions.
Police typically need only to assert a law enforcement purpose for facial searches, whether they be of suspects or potential witnesses to crimes. Civil libertarians worry that this can lead to broadly defined identity sweeps. Already many common but technically illegal activities — blocking a sidewalk, cycling at night without a light or walking a dog without a leash — can trigger police stops and requests for identification, they say.
“The potential for abuse of this technology is such that we have to make sure we put in place the right safeguards to prevent misuse,” Sen. Al Franken (D-Minn.) said in a statement. “We also need to make sure the government is as transparent as possible in order to give the American people confidence it’s using this technology appropriately.”
A few states, including Washington, Oregon and Minnesota, have legal barriers to police accessing facial-recognition technology in driver’s-license registries. New Hampshire’s legislature passed a law prohibiting motor vehicle officials from collecting any biometric data.
But the broader trend is toward more sophisticated databases with more expansive access. The current version of the Senate’s immigration bill would dramatically expand an electronic photo-verification system, probably relying on access to driver’s-license registries.
Montana has a facial-recognition system to help prevent fraud in its driver’s-license registry, but officials are still debating whether to allow police any kind of access.
“I can see it’s an amazingly powerful tool. It has a lot of possibilities,” said Brenda Nordlund, the administrator of the Motor Vehicle Division there. “I don’t know if that’s what citizens expect when they come in and get their driver’s-license pictures taken.”
There are substantial variations in how states allow police searches of their driver’s-license databases. Some allow only licensing-agency officials to conduct the actual searches. Others let police do searches themselves, but only from a headquarters office. And still others have made the technology available to almost any officer willing to get trained.
The District of Columbia has facial-recognition technology for its driver’s-license registry but does not permit law enforcement searches, spokeswoman Vanessa Newton said. Virginia motor vehicle officials have run a pilot program experimenting with facial-recognition technology but have not made a decision on whether police will have access to such a system if it is eventually installed, spokeswoman Sunni Brown said. Maryland does not use such technology in its driver’s-license registry.
Police long have had access to some driver’s-license information — including photographs — when they are investigating criminal suspects whose names they know. But facial-recognition technology has allowed police working from a photo of an unknown person to search for a name.
Las Vegas police, for example, called on authorities two states away in Nebraska for help solving a homicide. Based on a tip, investigators had a page from a social-media site featuring the image of an unknown suspect; the tipster said the woman in the photo had lived in Nebraska. The facial-recognition software produced a hit on a driver’s license there, cracking open the case.
“That picture hung on our wall for a long time,” said Betty Johnson, vehicle services administrator in Nebraska. “We are pretty darn proud of that one.”
Who has the databases?
A single private contractor, MorphoTrust USA, which is based in a suburban Boston office park but is owned by French industrial conglomerate Safran, dominates the field of government facial-
recognition technology systems. Its software operates in systems for the State Department, the FBI and the Defense Department. Most facial-recognition systems installed in driver’s-license registries use the company’s technology, it says.
The largest facial database belongs to the State Department and includes about 230 million searchable images, split almost equally between foreigners who apply for visas and U.S. citizens who hold passports. Access for police investigations, though, is more limited than with state driver’s-license databases.
Police often can find out who you are based on your facial image, even if you’ve never been arrested for any crime.
Find out who could have your photo.
Size of existing photo databases
Have facial-recognition systems, let police search or request searches. 26 states
Have facial-recognition systems, generally do not allow law enforcement searches. 11 states and D.C.
Do not have facial-recognition systems for driver’s license photos. 13 states
The State Department has about 230 million photos from passports and visas
The FBI has about 15 million photos of people who have been arrested or convicted of crimes
The Department of Defense has about 6 million photos, mainly of Iraqis and Afghans
At least 107 million photos in 26 states
At least 38 million photos in 11 states and the District of Columbia
At least 65 million photos in 13 states
Federal agencies with facial-recognition systems
*Numbers do not include non-driver ID cards. There are at least 13 million people with non-driver ID cards in the 26 states that allow police access to their facial-recognition systems.
SOURCES: State driver’s-license registries, FBI, State Department and Defense Department.
GRAPHIC: Darla Cameron and Craig Timberg – The Washington Post. Published June 14, 2013.
The FBI’s own facial-recognition database has about 15 million criminal mug shots. Bureau officials are pushing to expand that by tens of millions more by encouraging states to upload their criminal justice photos into the national system. The FBI does not collect driver’s-license images, but the bureau has developed access to state systems that do.
That effort began with“Project Facemask,” which compared images of federal suspects and fugitives against photos in North Carolina’s driver’s-license registry, helping identify a double-homicide suspect who had changed his name and moved to that state from California. The FBI now has agreements giving access to driver’s-license databases in 10 states for investigative purposes. Many motor vehicle officials say they also run searches for federal agents who request them, typically through “fusion centers” that ease the sharing of information among state, local and federal authorities.
Depending on the importance of the case, federal agents can potentially tap facial databases held by driver’s-license registries, state criminal justice systems, the FBI, the State Department and the Defense Department, which has several million searchable faces, mostly Afghans and Iraqi men. Together these amount to an estimated 400 million facial images in government hands, though the rules on access to each database vary. (Often an individual is pictured in more than one database, or even more than once in a single one.)
Federal investigators searched several facial databases in the aftermath of the Boston Marathon bombing in April, officials said, speaking on the condition of anonymity to discuss an ongoing investigation. But the images were not clear enough to produce hits, even though both of the alleged bombers had driver’s licenses in Massachusetts, a state that uses facial-recognition technology.
Yet as facial databases grow and video cameras become more prevalent and powerful, such searches will become more effective, experts say.
“More and more, what you’re going to see is criminals and other people whose images were taken over the years are digitized, [and] put into these databases, and incidents like Boston will be easier to solve,” said James Albers, senior vice president for government operations for MorphoTrust USA.
Pinellas County Sheriff’s Deputy Jeremy Dressback has been using facial-recognition software for more than six years. (Edward Linsmier/For The Washington Post)
Pinellas County
The Pinellas County Sheriff’s Office says its facial-recognition unit conducts 5,000 searches a month and has assisted in nearly 1,000 arrests since 2004. A bulletin board in the office is lined with success stories: A teenage boy who was sending lewd messages to young girls through multiple Facebook accounts was identified, as was a suicide victim and an alleged bank robber — whose scowling image was captured by the branch’s surveillance camera.
In another case, a man reported a stolen computer but then noticed that an online photo album he long had maintained was automatically uploading new snapshots of a couple he did not recognize. When the sheriff’s office ran a search, the pictures matched faces in both the mug-shot and driver’s-license databases. The couple soon fingered an acquaintance who was arrested for stealing the computer and then selling it to them.
The sheriff’s office, whose jurisdiction includes St. Petersburg and its suburbs, built its facial-recognition system over more than a decade, relying for most of that time on mug shots collected at prisons and police booking centers across the state.
The system now has partnerships with the sheriff’s offices in more than half of Florida’s counties and many other government agencies. This year the unit added the ability to search more than 20 million driver’s-license records, bringing the number of facial images in the database to 30 million, officials say.
The Pinellas County system also has access to 250,000 mug shots — though not driver’s-license images — from the Northern Virginia Regional Identification System, a joint project of Washington area jurisdictions, including some Maryland counties.
Pinellas Deputy Jeremy Dressback, a community policing officer, uses access from the laptop in his patrol car to keep track of the people he encounters on a dingy country stretch notorious for prostitution, drugs and seedy motels.
On a recent patrol, when a scruffy-looking man he did not recognize walked up to one of the motels, Dressback stopped him on suspicion of trespassing and asked for identification. The man did not have a driver’s license but gave his name — James A. Shepherd, age 33, from Kentucky — and said he was staying at the motel with his girlfriend.
Dressback pulled out a digital camera, asked permission to take a picture and then snapped a shot. When the image did not match anyone in the facial-recognition system, Dressback downloaded the picture to his laptop computer and attached it to a field report on Shepherd as a “suspicious person.”
Shepherd, who said he was a roofer returning from work, grumbled at the intrusion, even though he had agreed to have his picture taken. “I’m not a criminal, so there’s really no reason for me to be in a criminal database,” Shepherd said before adding, “But I have been arrested quite a few times.”
When his girlfriend walked by moments later — they were indeed staying at the motel — Shepherd directed her toward their room.
“Get out of here,” he said. “You’ll be in his database in 10 seconds.”
Brook Silva-Braga contributed to this report.
Direct Link: http://www.washingtonpost.com/business/technology/state-photo-id-databases-become-troves-for-police/2013/06/16/6f014bd4-ced5-11e2-8845-d970ccb04497_story.html?tid=ts_carousel
, Lil Wayne, 30, is doing his rap thing in front of the American flag, which is then dropped to the ground as he continues to perform the song, which includes lyrics like “My country ‘his of thee / Sweet land of kill ‘em all and let ‘em die / God bless Amerika / This ole’ godless Amerika.”