Two months ago, the state government in Ohio secretly implemented a face recognition program using the drivers’ license database to check against mug shots and images of suspects, a local newspaper has learned. Using public records law to obtain documents from the state AG’s office, the Cincinnati Enquirer found that

Since June, police officers have performed 2,600 searches using the new database feature, which is designed to analyze a snapshot or, in some cases, security camera image, and identify the person by matching the photo with his or her driver’s license photo or police mug shot.

The AG, Mike DeWine, didn’t bother informing the public about the plan to use the drivers’ license database as a face recognition fishing pond because, he told the newspaper, 26 other states already do the same thing. That’s probably news to people in those 26 states, although there has been some national reporting on the issue.

The Cincinnati newspaper also found that the AG himself wasn’t aware that the system had been “turned on” until two weeks after police started using it, and had already queried it some 900 times.

What’s the big deal about a system like this? Haven’t police always had access to the images in the drivers’ license database? Sort of. The Enquirer explains:

People with access to the new system – Ohio’s law enforcement officers and civilian employees of police departments – could match any photo of people on the street to photos in the database and gain access to personal information.



Law enforcement officers have long been able to look up suspects’ driver’s license photos and mug shots, with laws outlining harsh penalties for misusing the records. But the facial recognition system opens up new avenues for misuse, even as it offers new opportunities for solving crimes.



Before the facial recognition system’s development, officers had to know a person’s name or address to find a photo. Now, with facial recognition, people with access to the Ohio Law Enforcement Gateway can potentially identify any stranger they see or encounter, as long as they have a photo.

That's a pretty powerful tool, so how could the police and government officials simply decide to implement it without any public debate?

Ohio appears to have the same problem with ‘procedural policy-making’ that is driving the expansion of the surveillance state at the local level, nationwide. The emails show that the decision to turn the system on came from the IT department at the state crime lab, not an elected official or even an attorney.

All too often in the post-9/11 United States, there is no democratic process nor public debate about law enforcement policies and technologies that will profoundly change the character of our society. Decisions are simply made behind closed doors, and in some cases the right hand of government doesn’t even know what the left hand is doing.

The emails obtained by the Enquirer show that Ohio officials were aware that the public might not like the plan, once people heard about it. Unfortunately, they appear to be more concerned with selling the face recognition program to Ohio than they are with developing reasonable policies to guide its deployment -- or, heaven forbid, asking the public if it wants to head down this road in the first place!

“Should we have talked about it the day it went live?” DeWine said of the facial recognition system. “You could argue that.”



Communications between top officials refer to “concern” and “controversy,” citing the sensitivity of privacy issues after news broke of the federal National Security Agency’s secret spying efforts on cell phone calls, e-mails and Internet browsing.



“Given recent disclosures about the NSA review of consumer telephone data, this is a time of particular sensitivity to the potential intrusion of governmental snooping into private activities,” said an early-July memo drafted for BCI head Stickrath to send to DeWine. “It is important that we emphasize what this technology is and what it is not.”

Like the NSA all the way at the top of the surveillance state food-chain, the Ohio AG seems more concerned about earning 'the public trust' than he does with running a system that comports with democratic values like openness and accountability.

The accountability measures officials suggest are also reminiscent of the unserious proposals offered by officials in the wake of the NSA scandals. The Ohio government proposes creating a pop-up screen to remind system users that they should only use the face recognition technology “for official purposes.” That would be funny if it were a joke about NSA oversight; sadly, it is not.

The ACLU in Ohio, meanwhile, is calling for the system to be shut down until the public can fully engage in debate and deliberation over the merits and details of such a program.

The rest of us should pay close attention to what goes on in Ohio. The story about Ohio's bad romance with face recognition software raises pertinent and timely questions for the entire nation, as law enforcement increasingly obtains access to powerful, expensive, high-tech surveillance tools.

Is the drivers’ license database in your state being used as a face recognition fishing pond for police and FBI agents? How could it be that officials are making decisions like this behind closed doors, without any public debate?

If local and state police are using face recognition tied into the nearly ubiquitous surveillance cameras throughout our cities and towns, it could spell the end of privacy in public as we know it. Shouldn't we think about that -- and debate it -- before plunging head-first into a futuristic dystopia, where the government knows all and yet we know virtually nothing about what its 'security' agents do behind computer screens, in dark rooms?

These are difficult issues, but the first steps are clear. We need to shine more and brighter lights in all the shadowy corners of state surveillance. We probably won’t like what we find, but we can't fix a problem we don't know exists.

Crossposted from Privacy SOS