State AG Says It's OK Ohio Implemented Facial Recognition Program Without Notifying Public Because Everyone Else Is Doing It

from the the-fundamental-disconnect-between-public-and-public-servants dept

Facial recognition software is controversial, to say the least. The privacy implications run deep even when deployed in very public areas, as it basically allows for suspicionless searches of anyone whose face is visible to cameras. The feet-on-the-ground equivalent would be having officers canvass a public area, grabbing IDs from anyone it wishes and running their records. Pretty much unacceptable, even considering the potential upside of the software to catch suspected criminals or stumble upon people with outstanding warrants.



These issues haven't prevented more than half of our nation's states from rolling out some version of facial recognition databases. That doesn't make what Ohio law enforcement did right, although its main defender actually uses that exact justification to answer criticism of the roll out.

Without informing the public and without first reviewing security rules for the system, Ohio law enforcement officers started using facial recognition technology more than two months ago, scanning databases of driver's license photos and police mug shots to identify crime suspects, The Enquirer has learned.

Ohio's new facial recognition system launched June 6, without the knowledge of the attorney general or his chief operating officer. Upon learning about it two weeks later, after it had already been used for 900 facial recognition searches, top officials debated turning it off.



On June 20, during a meeting with DeWine, Chief Operating Officer Kimberly Murnieks sent an urgent e-mail to DeWine's chief information officer and top deputies: "First question: Can we turn this off for now? I am told it has been 'live' for two weeks. Who approved that go live?"

In the June 20 briefing with DeWine, officials quickly adopted a practice of calling the launch a "test" although some continued to be nervous about whether the system should have been launched before new policies were created.

Before June 20, "I didn't know it was up live, but I wasn't concerned that it was up live," DeWine said. "Whether you call it a test phase or don't call it a test phase, if we find something (wrong), we would change it, and if we find something alarming, we would shut it down. ...



"The fact that over half of states use (facial recognition technology), the fact that the FBI has used it, the fact that we have controls in (the online database) that work in the sense that we could prosecute people ... all of those indicate to me that what we have is adequate."

...the fact that we have controls in (the online database) that work in the sense that we could prosecute people..

He said the system is still in a trial phase, but said its scope or use isn't expected to change after the trial period ends.

"Should we have talked about it the day it went live?" DeWine said of the facial recognition system. "You could argue that."

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

This is fairly common with controversial measures like these: deploy first, ask for permission/set guidelines later. We've seen the same thing happen repeatedly, whether its domestic drone use or the deployment of quasi-legal technology like Stingray devices that mimic cell phone towers. This isn't purely a local phenomenon. National agencies are just as prone to rolling out new methods and devices , and only begin to consider privacy implications or the need to establish guidelinesa public outcry, much as (almost) happened here.No approval. No period for public comment. No notification to the top cop in the state, or any other top official for that matter. Ohio's law enforcement agencies simply decided to go autonomous, claiming that it was an "almost IT-driven thing." Yep. Completely unstoppable. IT informed the heads of Ohio's Bureau of Criminal Investigation that the system was ready to go live -- and that was all the top Bureau officials needed to hear. The "on" button was pushed and a briefing with the state AG was set up… for two weeks later -- after 900 searches had already been performed.COO Murnieks suggested the system be taken offline until policies updated, but apparently, the "off" button was nowhere to be found. The system stayed online. While the COO seemed suitably concerned that facial recognition technology was being deployed without public notification or pertinent policies in place, AG DeWine was more blasé about the whole experience, deflecting criticism using the elementary-school-level "well, everyone else is doing it" argument.Of all the poor logic contained in these statements,of it stands out as being particularly idiotic. Every single bit. DeWine may believewrongs don't make a right, but apparently aof wrongs adds up just fine.DeWine feels it's perfectly acceptable to make mistakes that could affect seriously members of the public. Not only that, but he seems to feel it's perfectly acceptable to use the public as a testing ground without even providing them a safety net of applicable data policies, safeguards or scope limitations. Pointing to other states, many of whom rolled out their programs more responsibly, is nothing more than verbal sleight-of-hand designed to diffuse outrage. (Notice I didn't say "defuse." What he's doing is spreading the blame, not placating the masses.)And I have absolutely no idea what this phrase is supposed to mean, other than the prosecution side is always right:Because it can be used to catch "bad guys," all else is negligible? Really? If so, when you're done with screwing over your own constituents, there's probably a prime spot in the NYPD for you. They like people who prize crime statistics above all else, even the Constitution.Plus, he's happy with everything being "adequate." That's a government official for you -- never strive for more than you can obtain via stasis.DeWine led off the previous statement by saying the program simultaneously is and isn't a "test phase," and followed it up by telling everyone why it really doesn't matter what "phase" the program's currently in.Great. So the minimal nod towards stress-testing the system meant nothing. Good to know. DeWine caps this all off by throwing a chewed-almost-beyond-recognition bone to the public's concerns.Wearguing that, you dolt. The problem is you, and many others like you (say, the heads of the Ohio's law enforcement agencies), can't be bothered to check with the public until it's thrusting microphones in your face or calling at all hours demanding an explanation. You and many others like you (say, the heads of the state's law enforcement agencies) are. Apparently, the COO of the state is the only one actually looking out for the people she's serving. The rest of you all figure you know better and can roll out controversial programs without so much as obligatory "here's what we're doing: deal with it" press release. Because crime.Is it any wonder no one trusts the government?

Filed Under: face recognition, facial recognition, law enforcement, mike dewine, ohio, privacy, transparency