California Cops and the FBI Want to Keep Their Facial Recognition Tech Secret

A California proposal requiring law enforcement agencies to disclose all surveillance equipment to the public took the first steps towards becoming law this week, while a congressional committee gave the side-eye to FBI officials who declined to give specifics about some of the bureau’s own surveillance tech.

First, California. A bill sponsored by State Sen. Jerry Hill (D-San Mateo) would require police and sheriff’s departments to explain to local officials how they use surveillance technology like facial recognition programs and social media trackers. The disclosures would have to be made at a hearing that is open to the public.

Hill’s proposal builds on two laws that took affect last year in California, the Los Angeles Times notes, requiring law enforcement to disclose when they use license plate scanners to track vehicles, and when they use so-called “Stingrays”—suitcase-sized devices that mimic cellphone towers and can be used to track or collect information from mobile phones.

“We want to be able to protect our civil liberties, defend and protect our Constitution and make sure law enforcement will have the tools available that will enable them to fight crime in our communities. We just have to find that [right] spot,” Hill told the Senate Public Safety Committee during a hearing this week, according to the Times.

That committee voted 4-2 on Tuesday to approve the bill. It is now awaiting another vote in the Senate Judiciary Committee.

There’s really no good reason to oppose this sort of transparency. The bill does not jeopardize ongoing investigations and does not limit what law enforcement agencies can do — provided that they first obtain permission from lawmakers. It’s about transparency, yes, but also about restoring the proper order to the relationship between law enforcement and duly elected officials who are supposed to oversee and approve how law enforcement operates. Keeping surveillance tech secret prevents city councils and state legislatures from being able to preform that vital duty.

Keeping those secrets also jeopardizes the outcomes of investigations to a greater degree. We know that the FBI has ordered local prosecutors to drop cases rather than risk the public exposure of secret surveillance technology that helped track suspects. We have no idea how often this happens, but it’s clear that potential criminals have gotten off Scott-free because law enforcement inverted its priorities to value secrecy over keeping the public safe.

There’s one key element missing from the bill: an outline of how law enforcement agencies would be punished for violating the mandatory disclosures.

That matters, as we saw this week in Washington, D.C., when officials from the FBI were in front of the House Oversight and Government Reform Committee to answer questions about how the bureau secretly uses facial recognition software and other surveillance technology.

The hearing was sparked by a Government Accountability Office report last year that revealed the FBI had been using facial recognition technology for years without first publishing a report on how it would impact Americans’ privacy, as required by law.

The FBI has agreements with 18 states to share photos from state-level drivers’ license databases, and that report from the GAO revealed that as many as 64 million Americans might be entered into the FBI’s facial recognition database without knowing it. When you include similar databases maintained by the state and local law enforcement agencies around the country, one in every two American adults is included in a facial recognition network, the Center on Privacy and Technology at Georgetown Law concluded in a recent report.

“So here’s the problem – you’re required by law to put out a privacy statement and you didn’t,” said Rep. Jason Chaffetz (R-Utah). “And now we’re supposed to trust you with hundreds of millions of people’s faces in a system?”

Kimberly Del Greco, deputy assistant director for the FBI, told the committee that a privacy report was filed with the Department of Justice but never made public, for reasons that she seemed unwilling or unable to fully articulate at the hearing.

“Yeah, well, we don’t believe you,” Chaffetz said. “You’re supposed to make that public.”

Chaffetz argued that the facial recognition program was akin to collecting fingerprints and DNA from all Americans to build a database that could be abused for a wide range of reasons.

The entire exchange between Chaffetz and Del Greco is worth watching:

Often, we at Reason tend to point to California as an example of what other states ought not to do. There’s no such derision here. Other states, and Congress, would do well to require similar transparency from local, state, and federal law enforcement agencies—and to hold those law enforcement agencies accountable for failing to make public disclosures when required by law.