News Releases
Media > News Releases > August 2019 > Review of Facial-Recognition Database Finds No Evidence of Misuse

News Releases

Review of Facial-Recognition Database Finds No Evidence of Misuse

8/14/2019

(COLUMBUS, Ohio) — The state database containing photos from Ohio driver’s licenses and law enforcement sources has not been used by federal, state or local law enforcement to conduct mass surveillance, broad dragnets, political targeting or other illegitimate uses, a review by Ohio Attorney General Dave Yost’s office has concluded.

But given concerns about the technology, Yost announced that he will appoint a panel to advise him on how to maintain Ohio’s facial-recognition system as an effective tool for law enforcement while protecting privacy and civil liberties.

Yost also announced that he is ordering training requirements for law enforcement officers who use Ohio’s facial-recognition database.

Until new training requirements are met, law enforcement will submit facial-recognition requests to the Bureau of Criminal Identification (BCI) and BCI staff will conduct the searches.

A report released today by Yost found that federal agencies using Ohio’s facial-recognition database made up just 3.8% of all facial-recognition searches from Jan. 1, 2017, to July 31, 2019. The vast majority of the searches were conducted by state and local criminal justice organizations, he noted.

The attorney general reported that access to Ohio’s facial-recognition database is strictly controlled and limited to legitimate law enforcement purposes, such as combating identity theft and aiding in crime scene investigations and missing-person cases.

He also noted that, even though the facial-recognition database is a tool that law enforcement can use in investigations, the evidence it provides is just one piece of the investigative puzzle and typically does not stand alone in building a case.

Yost ordered a 30-day review of Ohio’s facial-recognition system after an article in The Washington Post noted the potential for federal agencies to use state databases of driver’s license photos as a surveillance tool.

“I share the privacy and civil-liberty concerns of those who fear misuse of this powerful identification technology,” Yost said. “Ohio’s database is protected by limited access, regular auditing and strict rules about the kind of searches that can be conducted. That applies to state and local law enforcement as well as federal law enforcement.”

The report points out that, during the period of review, local, state and federal law enforcement agencies ran 11,070 searches in Ohio’s facial-recognition database. Of those, just 418 were conducted by federal agencies, including the U.S. Border Patrol, U.S. Department of State/Bureau of Diplomatic Security, Immigration and Customs Enforcement, FBI, Federal Reserve Bank of Cleveland, Drug Enforcement Administration, U.S. Marshals Service and the NASA Glenn Research Center.

The rest – 10,652 searches – were conducted by state or local law enforcement agencies, courts or other criminal justice agencies.

The attorney general said it’s important to remember that driver’s license photos are expressly required and intended to be a means for government to identify people. Anyone who applies for a driver’s license understands that he or she will be photographed and that the government will use that photo for identification purposes, he said.

“Not only is the license photo used to identify you in traffic stops by police officers, it is routinely used for identification by other government agencies, and also by businesses and other private-sector institutions,” Yost said. “It also is a safeguard for the licensee, since use of photo IDs makes it harder for a criminal to impersonate someone else.”

Yost also noted that in the private sector, Big Tech is on the cutting edge of facial recognition, with services such as Google, Facebook and Apple rapidly improving the technology and expanding their photo collections, often without the knowledge of those whose images are being appropriated.

“They are doing this with far less scrutiny and regulation than my agency imposes on law enforcement users of Ohio’s facial-recognition system,” Yost said. “This raises concerns about facial-recognition technology, and I am ready to work with all those interested in improving rules, transparency and safeguards to prevent abuses.”

“But I want to emphasize that the OHLEG facial-recognition system is being used lawfully, carefully and within strict limits,” Yost said.

Ohio’s facial-recognition database is maintained by BCI, which is part of the Ohio Attorney General’s Office. It is just one of 22 applications and data sets that make up the Ohio Law Enforcement Gateway, an online search system known as OHLEG. This electronic information network allows law enforcement entities and other criminal justice agencies to share crime data efficiently and securely.

Those with access include local and state law enforcement agencies, federal law enforcement agencies, courts and government agencies that include divisions with investigative powers, such as an inspector general. All users of the facial-recognition portion of OHLEG are Ohio-based or, in the case of federal agencies, have offices in Ohio. And although there are some out-of-state users of other parts of the OHLEG system, no out-of-state agencies have access to the facial-recognition system, the review found.
 
Access to the facial-recognition database is more restricted than that for other OHLEG databases and is available only to law enforcement officers who submit a separate, additional application to OHLEG. OHLEG currently has 25,558 active users, Yost said, but just 4,549 have facial-recognition access.

To control access, every user of the facial-recognition system must obtain approval from his or her agency head before being assigned a unique log-on, the report noted, and all searches must be conducted for a legitimate law enforcement purpose under strict guidelines. Each search is recorded for review. OHLEG use, including the facial-recognition database, is audited by auditors from the Ohio Attorney General’s Office and by independent outside auditors to detect abuse.
 
The OHLEG facial-recognition database currently has 24 million images, Yost reported. More than 21 million of these were supplied by the Ohio Bureau of Motor Vehicles in 2013, and all of those images date from 2011 or earlier. An additional 2.4 million images were supplied by the Ohio Supreme Court. The remainder came from various Ohio law enforcement agencies and from the Ohio Department of Rehabilitation and Correction. The use of photos from the Ohio Bureau of Motor Vehicles for law-enforcement purposes is authorized under state and federal law, Yost said.

The full report is available online.

MEDIA CONTACT:
Steve Irwin: 614-728-5417

–30–