Groups: Calif. DMV snuck in biometrics for driver's licenses

Consumer rights groups in California are protesting what they claim is an attempt by the state Department of Motor Vehicles to sneak in via the backdoor a fingerprint and facial recognition system for issuing driver's licenses in the state.

The groups claim the use of such biometric technology has been opposed by state legislators in the past, and that the DMV was trying to do an end-run around opposition by hiding its plans in a seemingly innocuous vendor contract.

If unchallenged, the contract would allow the DMV to establish a new government biometric database containing facial and fingerprint information on more than 25 million Californians over the age of 16, without first giving legislators and technology experts a chance to vet the proposal.

The DMV did not respond to a request for comment.

Among the groups trying to stop the DMV from going ahead with its plans are the California chapter of the American Civil Liberties Union (ACLU), the Consumer Federation of California, the World Privacy Forum and the Electronic Frontier Foundation (EFF) . The groups are calling on state legislators to quickly stop the planned vendor contract from moving ahead.

The DMV's proposal to introduce new biometric technologies was contained in an application for a new vendor contract for the production of state driver's licenses and ID cards starting in June. The application, a copy of which was obtained by Computerworld , was forwarded to the state's Joint Legislative Budget Committee via the California Department of Finance on Jan. 14.

The application detailed the DMV's plans to implement thumbprint and facial recognition technology for verifying the identity of applicants for new driver's licenses and state ID cards. During the process of obtaining a license, a driver's thumbprint would be taken at the DMV office to verify the identity of the applicant, the document says.

In addition, "the facial recognition software has the ability to compare an individual's new photo against the latest photo for all other records on the database and identify those records that may be the same individual," the DMV application stated.

The automated image-verification process will reduce errors and the number of fraudulent driver's licenses issued by the state, it said. The application noted that more than 1,200 files are matched to the wrong individual every year.

The DMV said that its plan would cost the state roughly US$63 million over the next five years. It also noted that several other states, including Texas, New Mexico, Oregon and Georgia, had implemented facial recognition technology and were reporting success with it.

Plan raises privacy, security issues

The problem is that the DMV's plan has not been vetted by anyone and no analysis has been made of the potential security and privacy implications, said Richard Holober, executive director of the Consumer Federation of California.

"We believe that important policy changes should be determined by elected officials, but that's not what is happening here," Holober said. "This is an attempt to slip something through that really should have been vetted in a hearing process in the legislature," with the public and technologists given a chance to comment on it, he said.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.