SAN FRANCISCO—California’s top digital cop told an assembled crowd of law enforcement, civil libertarians, and concerned citizens that the “possibilities are limitless” when it comes to using facial recognition to solve crimes.

“It doesn’t require a front face shot,” Robert Morgester, the senior assistant attorney general and the head of the state’s eCrime Unit, said on Wednesday. “The software has become so robust that you can do a side shot. If mugshots are in use—each region has their own database of mugshots—and agents can query pictures of a known suspect.”

That was just one of a handful of surveillance technologies that Morgester ran through—he explored the law enforcement benefits of not only facial recognition, but also mobile DNA testing, license plate readers, and drones. He faced off with an attorney from the Electronic Frontier Foundation, Jennifer Lynch, who eloquently articulated counter-arguments and raised privacy concerns.

The two of them spoke during a forum on Wednesday called “Protecting Our Communities, Respecting Our Liberties,” which was organized by the California Attorney General’s Office.

While facial recognition is hardly perfect (after all, it famously missed catching the Boston Marathon bombing suspects), state law enforcement will likely begin using the technology against social media networks like Facebook, Morgester said, citing 2011 research from Carnegie Mellon University

Anil Jain, a professor of computer science and facial recognition expert at Michigan State University, told Ars last year that "great advances" in the field in recent years have made mugshot database searches possible.

"However, the performance of face recognition systems depend on the ‘quality’ (pose, illumination, resolution, expression) of the acquired image," he said by e-mail in November 2014.

Jain pointed to a 2014 study by the National Institute for Standards and Technology that found that facial recognition was 95.9 percent accurate while searching a mugshot database of 1.6 million people.

But he warned that when taking an unknown image of questionable quality or one that is not taken under ideal conditions, recognition capability can drop to as low as 60 percent.

Say cheese

Still, Morgester pressed his case.

“You could theoretically use it to identify missing or at risk children,” he added. “If you had a parent abduction and you have a picture of a child, the extreme case is that you theoretically could run that photo against school district pictures, social media, with the idea of: can you narrow down the list of places that you're looking for that individual? Currently the tech is not robust enough, but the possibilities are limitless, it's just having the dataset and having the photo in hand.”

Lynch countered that facial recognition images "can be collected from a distance without a person's knowledge."

“This impacts free speech—we could have a protest and people could use facial recognition to identify people in the protest," Lynch added. "We have a long tradition of anonymous speech in the US. We've seen some of the tech that's coming out of binoculars that can recognize people at a distance (PDF).”

Lynch was referring to a 2013 Navy contract with a private firm to develop such binoculars that can see at a distance of 100 meters. That military technology is rapidly gaining ground in domestic law enforcement, too. In fact, less than four months ago, the FBI announced that its Next Generation Identification facial recognition database is at “full operational capacity.”

“What's to stop [a law enforcement official] from stopping somebody on the street for no reason and taking their picture and putting it in the database?” Lynch asked.

Morgester and Lynch provided the most interesting moments of the forum—but their respectful back-and-forth volleys mostly flew past one another rather than direct conversation with one another.

Another panel later in the morning touched on local examples from Los Angeles and Oakland, exploring how well-intentioned surveillance programs sometimes spawn local outcry.

In the case of Oakland, many community members were outraged when in July 2013, the city accepted federal funds to build a vast, controversial program known as the Domain Awareness Center (DAC) that was originally designed to cover the Port of Oakland, the country’s fifth largest port, and the city as well.

In the face of protests, the city eventually backed off and limited it to just the Port of Oakland. As a result, the Ad Hoc DAC Committee was formed, which resulted in a forthcoming draft privacy policy that is set to be presented to the City Council next month. The Oakland case study was presented largely as of what not to do, despite its eventual good outcome.

DNA testing, license plate readers, and drones…oh my!

When Morgester presented his case for the benefits of license plate reader (LPR) technology , he strongly argued that the scanners “can give valuable information to an investigation.”

In recent years, use of the high-speed cameras that can capture, in bulk, passing license plate data has rapidly expanded across the United States.

Over three years ago, the FBI reported that its Criminal Justice Information Services Advisory Policy Board (CJIS APB) had approved the use of LPRs years earlier through a pilot project conducted by the Ohio State Highway Patrol. That pilot has since expanded to "46 states, the District of Columbia, 33 local agencies, and one federal agency," which have "formal agreements with the FBI to receive the [National Crime Information Center] information for the purpose of using LPRs."

The FBI also added that a survey of its pilot partners "reported a total of 1,102 stolen vehicles recovered with a value of more than $6.5 million, as well as contraband recovered that included stolen license plates, stolen property, vehicles, drugs, weapons, larceny proceeds, suspended registrations, credit cards, and a police badge. Also as a result of the LPR technology, participating agencies located 818 subjects listed in the Wanted Persons File and 19 listed in the Missing Persons File. Another 2,611 persons were apprehended."

Lynch, meanwhile, argued that while she agreed that LPRs were extremely useful in finding stolen cars: “the thing is that you don’t need to hold on to the data to find stolen vehicles.”

She pointed out that data retention policies by various law enforcement agencies across the Golden State are all over the map. The wealthy City of Menlo Park (home to Facebook) retains for just 30 days, while the Los Angeles Police Department (LAPD) retains for two years. Oakland, just across the bay from San Francisco, has no retention limit.

“The LA Sheriff’s Department (LASD) said they would retain indefinitely if they could,” Lynch said, reminding the audience that the EFF and the American Civil Liberties Union of Northern California have a pending appeal in state court, in an attempt to get one week’s worth of LPR data released by both the LASD and the LAPD. The lawsuit lost at the superior court level in September 2014.

Also on Wednesday, the EFF released its conclusions of a week’s worth of LPR data from July 2014.

An audience member, Mike Katz-Lacabe, a well-known privacy activist and former school board member from neighboring San Leandro, asked Morgester what the justification was for retaining such data at all.

The Senior Assistant Attorney General cited the case of Laci Peterson, who along with her unborn son, was murdered in 2002 at the hands of her husband. Their bodies were discovered near Berkeley in 2003.

“It took weeks or months to figure out what was going on—[we could have gone] back to find the license plate,” he said.

Lynch dismissed the example out of hand.

“It’s easy to come up with one-off examples, but the problem is that's a one-off example,” she said. “I don't think you can justify the mass collection of this type of data.”