clock menu more-arrow no yes

Filed under:

How states use facial recognition to sniff out driver's license fraud

New, 5 comments

By the time the law caught up with him, Ronald Carnes had been on the run for 40 years. He’d been moving from state to state after escaping from a North Carolina prison in 1973, finally landing in Waterloo, Iowa, under a pair of assumed names.

He probably could have spent the rest of his life that way if it weren’t for a facial recognition program in the Iowa Department of Motor Vehicles. Scanning through the driver’s license database, the program found Carnes’ face in the system under two different names, tipping police off to the fraud.

Those scans have become one of the most popular uses of facial recognition technology. Deep learning makes it easy and cheap to scan millions of photos for duplicates and fraud, and since it doesn’t involve any extra data collection or access — you just need to find matching entries, not link them to an identity — privacy groups see it as one of the more benign forms of facial scanning. Forty-three of the 50 states have used some form of that technology, with seven of those states adopting the system for driver’s licenses in the last three years. (The holdouts are California, Missouri, Louisiana, Mississippi, Maine, New Hampshire, and Vermont.) But while the scans are still limited, some worry those systems could be the first step toward something more troubling.

"Doing this might pave the way for law enforcement to repurpose those databases for criminal investigations."

One of the driving forces behind the new DMV systems has been a new wave of federal requirements — and newly available federal money to meet those new standards. The RealID Act was passed in 2005 in response to the 9/11 Commission’s identification requirements — including the requirement that driver’s licenses be stored in digital form. States are still in charge of their own licenses, but if licenses don’t meet the new federal requirements, they’ll stop being valid for use in airports as early as 2018.

The act itself doesn’t say anything about facial recognition, but it strongly encourages states to find ways to reduce fraud. Many have seen facial scans as a natural way of doing that, particularly since the act has come with a wave of federal grants for any state that needs money to try out a new fraud detection method.

During the same period, the FBI developed a powerful facial recognition system, which became fully operational in April of 2015. If the FBI needs to put a name to a face, the bureau can now scan through over 411 million photos spread across state and federal databases. Combined with the State Department’s partner countries, that system can catch fugitives as far away as Nepal, as it did in the Neil Stammer case.

Those two systems still aren’t fully integrated and it’s not clear they ever will be. In Carnes’ case, finding the duplicate was just the first lead, and it took a lot of police work to unravel the rest of the scheme. But some legal experts see DMVs new facial scans as a first step toward more aggressive partnership with law enforcement agencies. "Using face recognition to stop identity fraud is less problematic than most uses of the technology," says Alvaro Bedoya, executive director of the Center on Privacy & Technology at Georgetown Law. "But doing this might pave the way for law enforcement to repurpose those databases for criminal investigations."