How drivers license photos are aggregated and shared
During a press conference yesterday, President Trump announced a postponement of the “deadline” previously announced by the Department of Homeland Security for “enforcement” of the REAL-ID Act of 2005 at TSA checkpoints:
I’m also announcing that we’re postponing the deadline for compliance with REAL ID requirements…. We will be announcing the new deadline very soon. It’s going to be announced in a very short moment.
The REAL-ID Act “deadline” was set by DHS press release, not by law or regulation. It’s unclear if a new date will be announced by decree of the Secretary of Homeland Security, or by promulgation of regulations. There has been no further announcement by the DHS, and there is no notice of rulemaking in the Federal Register today.
As we noted yesterday, neither a postponement nor any of the other proposed amendments to the REAL-ID Act would address the central problems in this law: the requirement for states that want to be deemed “compliant” to share their drivers’ license and state-ID databases with all other states.
Compliance is optional, but the DHS has been threatening to have the TSA and its contractors harass residents of noncompliant states when they try to fly. In practice, states that want to comply with the REAL-ID Act have to upload information about all holders of state-issued licenses and IDs to the SPEXS national ID database operated by the American Association of Motor Vehicle Administrators (AAMVA).
As of now, AAMVA only requires certain “pointer” data elements in each SPEXS record. As of now, those “pointer” data fields uploaded by states to the national ID database don’t include facial images or templates.
But SPEXS participation isn’t all that’s required if a state wants to comply with the REAL-ID Act. To be compliant with the REAL-ID Act, a state must “Provide electronic access to all other States to information contained in the motor vehicle database of the State.”
So even if photos aren’t (yet) included in pointer records uploaded to SPEXS, if they are included in a compliant state’s own database, those photos must be made available electronically, on request, to all other states.
It doesn’t appear that this is happening yet. But this needs to be recognized as part of what is implied for a state, and its residents, if it agrees to comply with the REAL-ID Act.
We expect that eventually AAMVA will add digital photos and/or templates to the “pointer” fields that are mandatory for SPEXS participation (and REAL-ID Act compliance). If that happens, a state that refuses to add photos of its residents to SPEXS will no longer be allowed to participate in SPEXS, and will become noncompliant with the REAL-ID Act.
In the meantime, state agencies are finding a variety of other ways to share and aggregate drivers license photos for interstate searches using automated facial recognition. New research reports by the Just Futures Law Group (report ; summary; webinar), the Electronic Frontier Foundation (“Who Has Your Face?”), and NBC News (“Georgia’s Department of Driver’s Services has shared information with immigration authorities, including facial recognition searches”), document some of the ways that this is being done, from bilateral and multilateral data-sharing agreements to state participation in multi-jurisdiction and multi-agency task forces, fusion centers, and databases.
AAMVA told EFF that the State-To-State (S2S) system that includes the SPEXS national ID database still didn’t include photos, at least as of February 2020. Some states (see the “participants” tab here) participate in a separate AAMVA system for Digital Image Access and Exchange (DIA). But none of the recent reports on digital photo sharing shed any light on whether, or how, states that have committed to REAL-ID Act compliance, but that aren’t yet participants in DIA, will satisfy their REAL-ID Act data-sharing obligations.
The real solution to the problems of the REAL-ID Act remains its repeal.
More than likely Fusion Centers will play a role.
It is always stated that the controllers have made mistakes and do not have the technology, yet and perhaps they act stupid,,,,,But they are not stupid; they lack morals but they are very smart and focused on their aims and they have all the technology in place that they need, More than likely the applications and programs have been rolled out and running before the public is aware.
Probably a National or Global ID is to come.
With the Virus situation a second shot will be a gel that assembles in the body and attaches to tissue, so no removal….this will connect the person to a 5G wifi Internet database….full time surveillance inside and out.
The first shot will contain humanized animal and plant tissue.