For nearly three months, law enforcement in Ohio have had access to an unregulated facial recognition database that includes all statewide driver’s license photos and mug shots, The Cincinnati Enquirer reported Monday.

The system was live for two weeks before Ohio Attorney General Mike DeWine and his chief operating officer found out. At that point, DeWine and other state officials debated in what capacity the database was operating -- in a “testing” phase or as a full launch -- and whether to even tell the public about the database’s existence.



The state’s system, new in early June, has been subject to 2,700 searches by law enforcement thus far. The database matches images, in many cases gleaned from security cameras, to state photos via driver’s licenses, mug shots and other official photos.



The Enquirer reported Cincinnati alone has access to 118 official security cameras around the city, with hopes of pushing that number to 1,000 by 2014. Hundreds more owned by private entities are routinely made available to law enforcement, marking an ever-pervasive surveillance culture with use of enhanced technology like facial recognition software.



Those with access to the system, including Ohio’s law enforcement officers and civilian employees of police departments, could match any image to the more than 21 million photos in the database while gaining access to personal information in the meantime. The system finds the 12 file images most likely to match the snapshot.



DeWine told The Enquirer he didn’t think the public needed to be immediately notified about the launch because dozens of other states have facial recognition photo databases. In addition, he pointed to FBI use of a similar system and supposed safeguards against abuse in Ohio as proof his office was justified in keeping state’s system secret.



“Should we have talked about it the day it went live?” DeWine said according to The Enquirer’s original report. “You could argue that.”



The attorney general changed his tune Monday, saying he should have made the database public in June, though he continued to defend its privacy guidelines.



“I still think the protocol’s adequate,” DeWine said Monday at a press conference when asked about potential abuse of the database thus far. “We’re not aware of any misuse. When you get misuse, someone reports it. ... The best deterrent is putting people in jail, quite frankly.”



DeWine has also announced the creation of an advisory group of judges, prosecutors and law enforcement officials to make recommendations to guide use of the system.



Ohio legislators are calling for proper legislative approval and oversight before the system is used any further.



“We don’t even know if it’s constitutional,” said Sen. Shirley Smith, the top Democrat on the state Senate’s government oversight committee. “We know that it’s an invasion of privacy. I understand that he’s the attorney general, but I think we should have been apprised of it before it hit the street.”

