Maryland Program on Sharing Driver’s License Data With ICE Is Most Invasive, Critics Say

By Madison Vialpando

Maryland is among four states that allow the U.S. Immigration and Customs Enforcement (ICE) to comb through its database of registered drivers for undocumented immigrants without state or court approval — but the program is by far the most invasive, experts told Digital Privacy News. 

“We’ve gotten to this place because of an overzealous federal agency that’s been using basically all the tools at its disposal, even when it’s contrary to state policy to use that information for immigration enforcement purposes,” said Saira Hussain, staff attorney for the Electronic Frontier Foundation (EFF).

Maryland law enforcement has access to millions of facial images, including the images of undocumented immigrants who have obtained “federally non-compliant” state driver’s licenses and identification cards. 

The facial-recognition system has no universal policy, has not been audited since 2011 — and it allows access to any federal or state law-enforcement officer with credentials from the FBI’s National Crime and Information Center, making the repository one of the most invasive in the country, critics said. 

“Every single person in the United States, regardless of their immigration status, has the exact same Fourth Amendment protections,” said Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project (STOP) in New York.

“When we legalize and normalize these sort of Orwellian tactics for undocumented Americans, we’re creating precedent to target every single American.” 

State Official Responds

A representative of Maryland’s Department of Transportation and Motor Vehicle Administration told Digital Privacy News: “In 2011, MDOT MVA began sharing all driver’s license and identification-card images with the Maryland Image Repository System (MIRS) and continues to do so.” 

ICE has claimed that facial recognition is valuable in investigating child exploitation and other cybercrimes by undocumented individuals. 

An ICE spokesperson said: “U.S. Immigration and Customs Enforcement’s use of facial-recognition technology is primarily used by Homeland Security Investigations (HSI) special agents investigating child exploitation and other cybercrime cases.

“HSI’s Child Exploitation Investigations Unit (CEIU) employs the latest technology to collect evidence and track the activities of individuals and organized groups who sexually exploit children using websites, chat rooms, peer-to-peer trading and other internet-based platforms.

“To that extent, special agents at CEIU may review open-source information during the course of a criminal investigation to support the agency’s investigative authorities,” the representative said.

“This is an established procedure that is consistent with other law-enforcement agencies.”

Process Began in 2013

In 2013, Maryland became one of the first Eastern states to give undocumented immigrants a path to obtaining a driver’s license. Instead of providing proof of citizenship, applicants are asked for verification of income-tax payments on pay stubs.

Fifteen states — including California, Delaware, New Jersey, Oregon and Washington — now issue driver’s licenses to undocumented immigrants. 

These states also require alternative documentation, including a foreign birth certificate, foreign passport or evidence of current state residency.

But federal law-enforcement agencies can access the license information and the facial images of U.S. citizens and undocumented immigrants. 

“It’s about civil immigration enforcement.”

Saira Hussain, Electronic Frontier Foundation.

In addition, Maryland is among 21 states that opted into sharing facial-recognition databases with the FBI, according to a Government Accountability Office report last year.

Of the 21 states that share facial-recognition databases with the FBI and the 15 states that distribute federally “non-compliant” driver’s licenses, four grant non-compliant licenses and allow federal agencies access to their facial-recognition databases, which includes the states’ DMV information.

FBI Login Credentials

But ICE also has access to Maryland’s database, as its officials have the login credentials from the FBI’s National Crime Information Center (NCIC).

The system is meant to be used for criminal enforcement, but the agency has used its access to comb through the license-plate images of undocumented individuals, according to a 2016 report by the National Immigration Law Center (NILC). 

ICE has maintained that the agency does not use facial-recognition information for civil immigration enforcement. 

However, emails uncovered by NILC in 2016 disclosed ICE agents asking state agencies to run searches through their systems to identify and obtain data for immigration enforcement. 

“They have been given the latitude of other law-enforcement agencies,” EFF’s Hussain told Digital Privacy News, “except for when ICE is conducting law enforcement in most of these cases, it’s not actually related to any sort of criminal charge.

“But rather, it’s about civil immigration enforcement,” she said.  

Maryland’s Program 

More specifically, Maryland’s state agencies came under scrutiny earlier this year after news reports disclosed that ICE was using the state’s MIRS facial-recognition database to search for undocumented immigrants, despite the state providing “federally non-compliant” licenses to immigrants.

MIRS is a digitized image repository of more than seven million driver’s license photos from the state MVA and over three million mug shots deposited from the Maryland State Department of Public Safety and Correctional Services (DPSCS). 

In December 2011, DPSCS signed an agreement with the FBI to give Maryland access to that agency’s known-offender database. In 2013, the MIRS repository was updated to search the MVA and FBI databases on a single request, according to information published in 2015 about the system. 

“Maryland’s system is one of the most expansive in the country.”

Albert Fox Cahn, Surveillance Technology Oversight Project.

Users who log into MIRS, automatically have access to the FBI’s system, which contains more than 36 million photos.

Any user with the login credentials of the National Crime Information Center (NCIC) to gain access to the FBI’s database also can access Maryland’s database, according to a document obtained through a state Public Information Act (PIA) request in 2016 by the Georgetown University Center on Privacy and Technology.

“Maryland’s system is one of the most expansive in the country,” STOP’s Cahn told Digital Privacy News.

“In many jurisdictions, police will have access to past mug shots or other arrest photos, but they won’t have the sort of full access that Maryland allows.

“Maryland grants access to DMV records — and that’s really important,” Cahn added. “This means that millions of people will potentially be subject to the risk of false arrest and police encounters because of an inexact facialrecognition match.”

No ICE Disclosures

When the proposal for non-compliant licenses and identification cards was passed in 2013, immigrants believed that they had been given a chance to assimilate and legally drive, advocates said.  

But undocumented immigrants who obtained licenses were not informed that their data could be disclosed to ICE, nor has the MVA and Maryland’s official website disclosed that they feed the driver data into the MIRS system. 

“This isn’t just about people who are undocumented, but also the wider population,” EFF’s Hussain told Digital Privacy News. “Nobody is really informed ahead of time that their driver’s license images could be used in such a way.

“We want to inform people of exactly what the risks are without creating panic,” Hussain continued.

“The panic part happens when people don’t know exactly what the risks are — and are only informed of part of them because the government either changes its tactics, or just makes it very unclear about exactly what they’re allowed to access and what they’re not allowed to.”

Madison Vialpando is a staff writer for Digital Privacy News.

Immigration Enforcement

Several states now have provisions to limit disclosure of motor-vehicle information to ICE after reports in Washington and Vermont by The Seattle Times and Vermont’s Human Rights Commission disclosing that immigration arrests were made based on DMV information, said Siara Hussain of the Electronic Frontier Foundation. 

“Many states had not taken the precautions necessary to ensure that ICE wasn’t requesting DMV information related to people just because they were in the U.S. without authorization,” she told Digital Privacy News.

“Some states started passing policies at the statewide level and others had their attorneys general direct the DMV not to disclose this information.” 

Maryland lacks such a provision.

ICE can search the repository without oversight from the state because they only need credentials from NCIC.

Immigration officials also can search the system while in a different state, according to a 2016 report by the National Immigration Law Center. 

The Maryland Department of Public Safety and Correctional Services (DPSCS) also lacks any way of knowing who is accessing the database, because the Maryland Image Repository System (MIRS) does not maintain data on users with NCIC credentials, according to a 2017 Maryland Image Repository System Oversight Report.

In the same document, DPSCS disclosed that local agencies were responsible for establishing a policy regarding the use of the MIRS system, deciding “when, where and how it is used.”

“Police are often basically allowed to create their own rules for this technology without any public accountability, which is why they can go around for years using facial-recognition technology before evaluating potential bias,” said Albert Fox Cahn of the Surveillance Technology Oversight Project (STOP) in New York.

Last year, the Georgetown University Center on Privacy and Technology reported that law-enforcement agencies often used composite sketches or modified images in their facial technology to identify matches in their systems. 

But in 2015, Maryland Republican Gov. Larry Hogan disclosed that face-recognition technology in the MIRS system produced false results more often for images of people of color, particularly women of color. 

“Even if an image of a white male is scanned into the system, the photos of females and African Americans could be returned as possible matches,” Hogan said in a fact sheet on the system.

Despite known inaccuracies, a document obtained through a state Public Information Act (PIA) request in 2016 by the Georgetown Center revealed that DPSCS had not audited its system since 2011.

The agency also had no way to identify if the MIRS system was producing accurate results, the document obtained by the PIA said.

“We see really fly-by-night pseudoscience being used across the country by local police departments,” said STOP’s Cahn, “which are arresting people on the basis of supposed facial-recognition matches that are completely baseless.”

— Madison Vialpando

Sources (all external links):