As we start the year of the once-a-decade US Census, it’s an appropriate time to start looking at some of the ways and the purposes for which data — including drivers license data — is used and shared by the Bureau of the Census.
State agencies that issue drivers’ licenses want us not to object to their demands for more and more personal information about matters unrelated to driving — digital photos, scans of birth certificates and social security cards, etc. — in order to obtain drivers’ licenses that comply with the Federal REAL-ID Act.
State driver licensing agencies say we shouldn’t worry — notwithstanding the requirement of the REAL-ID Act that drivers’ license and state ID data be made available electronically to all other states — because this data will only be shared “as permitted by law”.
But what does that mean? What sharing of this data does the law permit?
Recent reports show that drivers’ license data can be, and is, widely shared with both commercial entities and Federal agencies — including the Bureau of the Census, which will be conducting the decennial census in 2020 — for purposes unrelated to motor vehicle operation or drivers’ licenses. Both Federal and state agencies say that all of this is permitted by the Drivers Privacy Protection Act (DPPA).
According to reports by Vice.com based on responses to requests for state public records, selling drivers’ license data to for-profit businesses, mainly private investigators and debt collectors, is a major profit center for state driver licensing agencies. In California alone, the state Department of Motor Vehicles is making $50 million dollars a year selling drivers’ personal information to businesses for their private, commercial uses. There’s nothing illegal about this, says the DMV.
Meanwhile, those same state agencies are using automated facial recognition software to search their databases of digital photos of drivers for persons of interest to Federal agencies including Immigration and Customs Enforcement (ICE) and other components of the Department of Homeland Security (DHS). This too is legal, they say.
Data about drivers licenses issued to undocumented California residents — who might wrongly think they had opted out of, or been excluded from, REAL-ID Act data sharing — has been used by Immigration and Customs Enforcement (ICE) to identify, track down, and deport immigrants.
And now the Bureau of the Census has asked all state driver licensing agencies to “voluntarily” share data about all drivers and holders of state ID cards including their citizenship status and race. This is the same Bureau of the Census that used its records to create house-by-house and person-by-person lists of Japanese-Americans (most of whom were US citizens) to be rounded up and shipped to concentration camps in 1943.
Maine has said, “no” to the Census Bureau. Some other states including Texas are still considering how to respond. But Nebraska and possibly other states have already agreed to give the Census Bureau everything it has asked for. It’s not clear whether the Census Bureau will pay these states for their collaboration, or whether these states are themselves bearing the costs of helping the Feds track people by race and nationality.
The only real impediment to commercial or Federal use of drivers’ license data is that it has to be obtained separately from each state. That’s why uploading this data to the SPEXS national ID database, as will eventually be required for any state that wants to comply with the REAL-ID act, is so significant.
Because SPEXS is an aggregated national ID database, commercial requesters or Federal agencies can get whatever data is included in SPEXS without having to make separate requests to each state.
Because SPEXS is outsourced to a contractor for a nominally non-governmental entity, AAMVA, law enforcement agencies can obtain information from AAMVA and/or the contractor while ordering AAMVA and the contractor not to tell the states of this data about the request.
And because AAMVA isn’t subject to any of the laws governing government agencies, and has no meaningful privacy policies of its own, individuals whose data is passed on via SPEXS to other commercial or government entities have no meaningful recourse.
States should not share drivers’ license or ID data with businesses, Federal agencies, or SPEXS.