In 2014, Victor Manuel Torres, a civil rights attorney in San Diego, began receiving complaint—about one a day over the course of a few months. Each caller had been stopped by the police for a different reason, but after that each story was the same: Sometime during questioning, the officer had pulled out a tablet and taken their photo, without asking for consent or providing an explanation. The callers were indignant and confused. Why would the police need my photo? How were they going to use it? Was this even legal?239
Police in San Diego County, California, began using face recognition to identify subjects in the field in 2012. Two years later, there were over 800 officers using the mobile systems from 28 different law enforcement agencies in the region.240 Yet it wasn’t until three years after it was deployed, in April 2015, that a face recognition use policy was put in place. Once that policy was made public, Torres noted, the complaints virtually stopped.
What’s unusual about the San Diego case is not the police’s use of face recognition without consent or notice—it’s that a use policy was eventually approved by an advisory board and then made available to the public.
Most law enforcement agencies have deployed face recognition with minimum levels of transparency and internal accountability. Four of the 52 responsive agencies—or less than 8%—have a face recognition use policy that is publicly available. For 24 jurisdictions that use or formerly used face recognition, no use policy whatsoever was provided in response to our survey. Just one jurisdiction received legislative approval for their policy, and one policy received formal review by an outside privacy or civil liberties organization. Compounding this lack of oversight, almost none of the jurisdictions we surveyed—including the FBI—have a functional internal audit regime to prevent misuse or document when it occurs.