In June 2013, The Ohio Attorney General’s office flipped the switch on a new facial recognition program that allows the government to compare anonymous snapshots to the state’s existing database of license photos and mug shots in order to look for a match.

Update 11/6/2013: Find out how many people have access to your facial recognition data at Ohio law enforcement agencies

This technology gives law enforcement officials a great deal more power. In the past, they had to have at least a name or address to start a search. Now they can get all the information they need from a simple photo. The problem is that no one bothered to tell the public about this new system. We didn’t find out until the Cincinnati Enquirer informed us on August 26. Though to be fair, nobody told Attorney General Mike DeWine either, at least not at first.

Listen to ACLU of Ohio Executive Director Christine Link on WCPN’s Sound of Ideas, discussing how facial recognition and other new technologies impact civil liberties.

The same newspaper article that exposed the system also discovered that new security protocols were not developed or even seriously considered until after the program went live, leaving the information it captured vulnerable to attacks from hackers. After the Enquirer broke the story, DeWine formally announced the facial recognition program, conceding that he should have told Ohioans about it earlier. He also announced the formation of a commission to review the system’s protocols and make recommendations for improvement. We asked to be part of this commission. We were denied. Like many Ohioans, we think this entire process was done backwards. The Attorney General’s office should have developed the rules, told the public, and only then started using this new technology, not the other way around. With this in mind, we have asked DeWine to shut down this system and do things the way they should have been done from the start. It’s important to note here that our concerns about this system are not based on irrational fears or paranoia. They are based on the fact that the government has been finding new ways to abuse and misuse new technology since the late 19th century. Our recent crop of federal spying scandals are just the latest reminder that without very clear rules telling the government what it can and can’t do with technology, abuse is a foregone conclusion. It doesn’t take rogue cops with nefarious agendas. It doesn’t take evil masterminds. It only takes time and ambiguous rules that do not keep up with the pace of technology. Make no mistake; without clear guidelines that prevent them from doing so, law enforcement agencies will eventually use this technology against innocent people. Maybe they’ll target protestors, fishing for a little dirt to shut them up. Maybe they’ll target journalists, digging for information about their confidential sources. Or maybe they’ll just want to learn a little bit more about people who attend the local Mosque. Whoever they choose to target, it won’t be the first time; and it is certainly not a question of “if.” It’s a question of when. Having said all of this, it’s understandable that law enforcement wants this technology. In fact, it could serve many useful purposes. Unfortunately, the government tends to look only at the potential benefits of these advances, ignoring the many opportunities for misuse. That’s a recipe for trouble. But the trouble is preventable. Whether we’re talking about facial recognition, drones, or cell phone location tracking, it is entirely possible to develop strong guidelines to govern the use of new technology. These guidelines should include three basic ideas:

  • A warrant, or some type of demonstrable probable cause, for subjecting someone to new surveillance technology. Pro-tip; “I don’t like the way he looks,” is not a good example of probable cause. Neither is “I don’t like what’s coming out of her mouth, pen, or keyboard.”
  • A plan for how all of the data generated by this new technology will be managed, how long it will be retained, and how it will be kept from all the hackers who just love getting their hands on it.
  • An audit system to look for abuse, stop it, and make recommendations for preventing it in the future.

As you can see, these are neither extreme requests, nor do they hamstring the government’s efforts to keep us safe. These guidelines simply balance the very important duties of law enforcement officials with the equally important privacy rights of those they swear to protect and serve. In the coming weeks, The ACLU of Ohio will be learning everything we can about Ohio’s facial recognition system. We will also be attending the commission’s meetings as concerned citizens, hoping to remind them how important it is to have meaningful, proactive guidelines to keep this kind of technology from being abused. Stay tuned.