Government access to biometric data is rapidly expanding, with millions of Americans already in the system. These growing databases, primarily driven by federal policy, pose significant privacy issues.

With simple snap of a photo from a police officer using an iPhone app can search through driver’s license to identify you. Now, facial recognition technology has gone mobile, and it is cross-referenced with other databases. In Sacramento County, the Sheriff’s Department is using an iPhone app built by the same company that makes the department’s license plate reader technology. In a recently released video, an officer was able to find a suspects real identity within seconds with a simple still picture from a phone camera.

The facial recognition program has expanded from four to 500 officers. While there are legitimate reasons for an officer to have access to biometric data to identify suspects, there are serious privacy implications, along with the potential for abuse. As we saw in the video,  within seconds the app was able to identify a subject. That means whoever holds this technology must have access to a plethora of databases. Information is hard to compartmentalized when it has already been freely accessed by whoever holds the app. Access to a multitude of databases can lead to abuse and unwarranted surveillance. We currently do not know what databases they have access to, but a recent report suggests it is more than just mug shots and driver’s license photos.

We do know facial recognition software sorts through searchable databases of biometric information that can cross state lines, jurisdictions, and national boundaries. And one of the primary sources of this database may be your state government agency that issues driver’s licenses.

A few years ago, Tenth Amendment Center helped sponsor legislation to stop REAL-ID in your state. Some feared that a national database was being constructed while some simply maintained that this was just a conspiracy theory. REAL ID, a was signed into law by George W. Bush in 2005. The legislation mandates standards each state must follow when producing identification cards, including driver’s license. REAL ID also facilitates information sharing between local, state, and federal agencies.The feds compel compliance by threatening to refuse people with non- compliant IDs access to federal areas, including TSA airport checkpoints.

Beyond, the minimum standards, REAL-ID also requires sharing of all biometric data collected. To receive grant money from the federal government to implement REAL-ID, the state has to join a compact called the Driver’s License Agreement. This is similar to a former compact called the Driver’s License Compact but includes biometric data.

So under REAL ID, that facial digital photograph that was snapped at your local DMV/BMV/DPS must meet the following requirements. It is retained electronically in a transferable format. This transferable format allows it to be searchable between a multitude of agencies. The photo is entered in a database where facial recognition software (click here and here) is then used to determine if any fraud has occurred. While there may not be a single, centralized database, there is a sharing program among the states and different jurisdictions. But, this isn’t limited to inside your local DMV/BMV/DPS.

With the proliferation of cameras on virtually every street corner in many cities, these biometric databases create the potential to track people virtually everyplace they go. An article in Scientific American paint a picture that would make Big Brother drool.

“Biometrics could turn existing surveillance systems into something categorically new—something more powerful and much more invasive. Consider the so-called Domain Awareness System, a network of 3,000 surveillance cameras in New York City. Currently if someone commits a crime, cops can go back and review sections of video. Equip the system with facial-recognition technology, however, and the people behind the controls can actively track you throughout your daily life. “A person who lives and works in lower Manhattan would be under constant surveillance,” says Jennifer Lynch, an attorney at the Electronic Frontier Foundation, a nonprofit group. Face-in-a-crowd detection is a formidable technical problem, but researchers working on projects such as the Department of Homeland Security’s Biometric Optical Surveillance System (BOSS) are making rapid progress.”

While biometric data is stored in a databases accessible and shared between a number of agencies, the FBI has access to one of the largest databases out there. And they want to be exempt from telling citizens about the biometric data they have access to and on who. The Intercept recently reported,

“Specifically, the FBI’s proposal would exempt the database from the provisions in the Privacy Act that require federal agencies to share with individuals the information they collect about them and that give people the legal right to determine the accuracy and fairness of how their personal information is collected and used. The exemption could render millions of records unavailable to subjects. As of December 2015, the NGI system contained 70,783,318 criminal records and 38,514,954 civil records.

“As the coalition notes with alarm, the database stores millions of unique identifiers for U.S. citizens who have not been convicted of a crime alongside those who have. Fingerprints taken for an employer’s background checks, for instance, can be stored and searched in the NGI’s system along with those taken for criminal investigations.”

Another problem with facial recognition is false positives. The Electronic Privacy Information Center EPIC reported in a document, that the software “shall return an incorrect candidate a maximum of 20% of the time, as a result of facial recognition search in support of photo investigation services.”

The effects of REAL-ID are now being seen. Facial recognition technology is currently being used by a variety of agencies.

Michael Maharrey contributed to this report.

Kelli Sladick