Sorting Out the Details of Ohio’s Facial Recognition Database

The existence of the Bureau of Motor Vehicles’ long-running facial recognition database was no secret, but recent scrutiny around how it was being accessed by federal law enforcement agencies has raised new questions.

by Jeremy Pelzer, The Plain Dealer / August 2, 2019
Shutterstock/vchal

(TNS) — Ohio’s facial-recognition database has been in operation for more than six years, allowing law-enforcement officials to search millions of Ohio driver’s license photos and other pictures to identify suspects.

While the use of BMV photos in Ohio’s facial-recognition program has been known for years, the system came under scrutiny again last month, after the Washington Post reported that many states, including Ohio, have offered access to driver’s license photos to the FBI and other federal agencies.

But unlike some other states, Ohio has not given the FBI copies of the photos in the state’s facial-recognition database, according to the attorney general’s office. And state officials say they have strict rules about who can access the program and what they can do with it.

Here’s more on what Ohio’s facial-recognition database is, how it’s used, and what officials are and are not allowed to do with it.

What’s in the database?

When the facial-recognition database went live in June 2013, it included more than 24 million photos – including at least 21 million Ohio Bureau of Motor Vehicles photos taken between 1999 and 2011, according to Dan Tierney, a spokesman for Gov. Mike DeWine (who, while serving as Ohio attorney general, oversaw the creation of the database). While Ohio’s estimated population in 2012 was only around 11.5 million people, the database contained people’s updated license photos as well as their original pictures.

Besides license photos, the other 3 million or so pictures in the database included mug shots and other official pictures.

The BMV hasn’t sent any driver’s license pictures taken since 2011, according to Tierney, because the BMV asserted it was “too burdensome and too costly” for it to keep sending new photos on an ongoing basis.

Who can access the facial-recognition program?

The only people allowed to use the facial-recognition program are law-enforcement officials who have been granted access and have a stated reason for using the software. Most of the officials granted access are state or local law enforcement, though some FBI agents and other federal officials also have permission to use the program.

Attorney General Dave Yost’s office hasn’t yet responded to a request for how often the program is being accessed now. But, during the first 8 months of the program, it was used 6,618 times by 504 different agencies, according to a 2014 video posted to YouTube by the AG’s office.

The Ohio Law Enforcement Gateway, the state-run network that contains the facial-recognition program, had 32,008 active users as of last October, according to an Ohio attorney general’s office report. But only a fraction of those users are permitted to log into the facial-recognition part of OHLEG.

And any official working outside of Ohio can’t access the system at all unless they first obtain permission in writing from the director of the state’s Bureau of Criminal Investigation, Tierney stated in an email.

How is the facial-recognition program used, and what limits are in place?

As the 2014 YouTube video explains, a database user starts by uploading a picture to the program. The program then only displays the photos in the database (if any) that match the person shown in the uploaded photo.

As searches are done in this way, users can’t just browse through the full database of photos. Nor are they allowed to – when officials are granted permission to access the facial-recognition database, they must agree to only use it for specific cases.

Under OHLEG rules provided by Tierney, law enforcement may not use facial-recognition technology “to conduct dragnet screening of individuals, nor … to facilitate mass surveillance of places, groups, or activities unless doing so furthers an official law enforcement activity.” (An “official law enforcement activity” is defined as a lawful action done as part of one’s official duties with a reasonable belief that it will result in a lead regarding a specific criminal matter, reduce an imminent threat to health or safety, and/or help identify someone who’s not able to identify himself or herself.)

Anyone who violates that rule could face criminal charges, according to Tierney.

Every law-enforcement agency with access to the facial-recognition database must also keep a log of each time the database is accessed, listing the date, name, case number and type of investigation being conducted.

Dave O’Neil, a spokesman for Yost, previously said that FBI agents have used Ohio’s facial recognition program three times in the past year.

What is facial recognition used for?

In the 2014 YouTube video, Tom Stickrath (then the superintendent of BCI, now the director of the Ohio Department of Public Safety) lists a number of cases in which facial recognition can help law enforcement, including identifying suspects who refuse to identify themselves or give false names, identifying a dead person or a living person with amnesia or Alzheimer’s, or identifying suspects during a covert investigation.

Stickrath offered a couple of “real-world examples” of when facial recognition has been used, including identifying the real name of a confidential informant in a narcotics case and discovering the names of prostitutes posting “sensual massage” ads online.

Under DeWine, who served as AG from 2011 until last January, the software was used by the FBI in cases involving narcotics, homicide, missing persons and fraud, among others, according to Tierney.

What is not yet known about Ohio’s facial-recognition program?

Yost’s office has yet to answer a number of questions from cleveland.com about how facial recognition is being used today, including a current overview of how officials access the program, an update on the limitations placed on officials who use the database, and the reasons given by FBI agents for accessing the database three times in the past year.

In an email, O’Neil noted that Yost’s office is currently conducting a review of facial-recognition practices, which should be completed in the next couple of weeks.

“We will have nothing further to say until our work is complete and we fully know the truth,” O’Neil stated.

©2019 The Plain Dealer, Cleveland. Distributed by Tribune Content Agency, LLC.

Platforms & Programs