ADOT limits fed access to Arizona driver’s license photos

A screengrab, edited by the Arizona Mirror, of a license plate scanned by Perceptics’ who had a database of license plates and other information leaked.

Recent reports by the New York Times and the Washington Post of documents obtained by the Georgetown Center on Privacy and Technology laid bare how U.S. Immigration and Customs Enforcement uses statewide driver’s license databases for facial recognition, but in Arizona the state’s Department of Transportation limits federal access to that information.

The Arizona Department of Transportation has in the past provided driver’s license photos to the Arizona Department of Public Safety and U.S. Department of Homeland Security for facial recognition, something ADOT says it no longer does. 

“Law enforcement agencies do not have direct access to Arizona’s driver license database or facial recognition system,” ADOT said in a written statement to the Arizona Mirror. “Enforcement personnel run the searches and provide results of the search, if any, to the requesting agency.”

DPS did not say if they share data they historically have gotten from previous agreements with federal authorities. 

ADOT said that only “certified agencies” can obtain information from ADOT’s database of faces for facial recognition purposes, such as for use in an active investigation, court proceeding or court order. 

The agency said that the system helps prevent identity theft and fraud.

ADOT has said it does not provide federal agencies with access to the database unless it’s required by a court order, and DPS did not respond to questions about whether it has shared its data with agencies like ICE.

Previously released public records show that starting in 2006, DPS entered into an agreement with ADOT and the U.S. Department of Homeland Security to “coordinate data exchange in instances where there are homeland security implications.”

The Department of Homeland Security oversees Immigration and Customs Enforcement. 

The 2006 agreement, which was later re-upped in 2009, stipulates that ADOT and the state’s Motor Vehicle Division will provide downloads of MVD data, including stored images, documents, driver’s license records, vehicle registration documents and more. DPS did not say whether the 2009 agreement is still active.

“Parties understand and agree that while DOT has the final exclusive right to control access and dissemination of DOT data, (the Arizona Department of Public Safety) will act as the central state repository of this data,” the agreement states, adding that the data is to be used solely for homeland security and public safety purposes. 

The Department of Public Safety can share the information though with other law enforcement agencies through the Arizona Counter Terrorism Information Center, also known as ACTIC. However, the records obtained in the New York Times and Washington Post stories contain the first known instances in which ICE has used facial recognition technology on statewide driver’s licenses. 

The documents obtained by Georgetown University only cover Vermont, Utah and Washington, but it says it anticipates releasing more documents related to border states such as Arizona. 

A screengrab of emails released to the Arizona Mirror from the Maricopa County Sheriff’s Office on their use of facial recognition technology.

DPS did not respond to questions posed by the Mirror related to its use of facial recognition data and cooperation with federal authorities. 

Other agencies in the state, mainly the Maricopa County Sheriff’s Office, have also been known to use  facial recognition technology, and have given very little information on how it has been used. 

However, Arizona residents may be more concerned about a different group of data taken from the border which has been making waves. 

Perceptics, a Tennessee based license plate reader company that contracts with border agencies, was recently hacked and information on people who have passed through their systems, which use similar technology, was exposed. 

The federal government recently stopped working with the company in light of the hacks and other revelations that it brought forward. Images of traveler’s faces, license plates and much more were leaked onto the internet by an unknown hacker, and CBP later admitted after the attack that it discovered the company had transferred data onto its own servers, which is in violation of federal policy. 

Perceptics has told other media that they “stand ready to meet to discuss this with the government in any setting” and have an “unblemished record.” 

According to the leaked powerpoint presentations and other documents that the Mirror has examined, Perceptics does have installations along the Arizona border. The Mirror has yet to find any clearly identifiable information on Arizona residents other than some license plate examples. However, the leak is massive in scope. 

The Mirror did find a folder within the leak which appears to show “example” photographs of Arizona’s various license plates as taken by the company’s software. Some appear to be stock photos to show the different types of plates in the state, while others appear to be taken from real drivers. 

The Mirror was so far unable to identify any Arizona drivers in any of the released documents, but other news organizations, such as Motherboard, were able to find photos from Perceptics’ presentations that clearly show the faces of motorists in New Jersey. 

This disclosure of people’s information is part of why groups like the American Civil Liberties Union’s Arizona chapter has been so cautious around license plate reader and facial recognition technology. 

“They’re terrible at protecting our data,” Alessandra Soler, executive director for ACLU-AZ told the Mirror, adding that identity fraud from unscrupulous agents or large scale data breaches is a major concern for the group. 

Soler said the public has a right to be left alone, adding that information on how this type of equipment is used is hard to come by and often forces the ACLU to go to court for answers. 

“You shouldn’t be subjected to very powerful surveillance systems when you’ve done nothing wrong,” Soler said.

Despite some safeguards of how data is meant to be stored by government contractors, Perceptics was found, due in part to the data breach, to have violated existing policies. Whether CBP would have discovered the discrepancy on its own is unknown. 

For more information on license plate reader technology in Arizona, read the Arizona Mirror’s special reporting on the issue which includes thousands of pages of public records as well as explainers on how law enforcement across the state use the technology.

Jerod MacDonald-Evoy
Reporter Jerod MacDonald-Evoy joins the Arizona Mirror from the Arizona Republic, where he spent 4 years covering everything from dark money in politics to Catholic priest sexual abuse scandals. Jerod has also won awards for his documentary films which have covered issues such as religious tolerance and surveillance technology used by police. He brings strong watchdog sensibilities and creative storytelling skills to the Arizona Mirror.


Please enter your comment!
Please enter your name here