July 9, 2014 by Hilary Hudson
An expired driver’s license typically demands a routine trip to the tag agency and the accompanying annoyances - waiting in line, paying renewal fees, and posing awkwardly for a picture. Most Oklahomans, however, do not know just how much personal information they are sharing when they smile for the digital camera. The high-resolution photographs taken for Oklahoma driver’s licenses and identification cards actually contain biometric data: unique information that can be used to identify you based on your facial features. The information gathered includes physical signatures like iris recognition data containing color or texture patterns, and a digital image that is compatible with facial recognition programs used by law enforcement.
In response, a Cleveland County resident filed a lawsuit against the Oklahoma Department of Public Safety objecting to the collection and storage of this biometric data as a condition to drive a car in Oklahoma. According to the petition, a DPS agent denied the plaintiff’s application for a driver’s license renewal when the plaintiff refused, on religious grounds, to allow a high-resolution biometric facial photograph to be taken of her. The plaintiff now asserts a violation of the Oklahoma Religious Freedom Act, which forbids government entities from substantially burdening a person’s free exercise of religion, unless that burden is essential to a compelling governmental interest. The reasons the State of Oklahoma has produced to justify the mandatory collection of biometric data fall considerably short of this standard.
Initially, the DPS claimed that it was complying with a federal law requiring the collection of biometric data, but the department has since admitted that no such law exists. Then DPS asserted generally that biometric images verify the identity of a person applying for a driver’s license. There is no apparent justification, however, for refusing to accept a birth certificate, along with some acceptable form of secondary identification, as sufficient to identify an applicant. Furthermore, a lower-resolution photograph would serve the same photographic identification purposes on a driver’s license, without collecting the data that raises privacy and religious freedom concerns.
Perhaps the most troubling aspect of this is the lack of notice to citizens that the government is collecting personal biometric data at local tag agencies. Most Oklahomans have no idea that they are turning over sensitive information to be stored in a database when they pose for their drivers’ license picture, let alone told how that data may be used in the future. MorphoTrustUSA, a United States corporation owned by a French aerospace and security conglomerate, provides biometric data-collecting services to Oklahoma and forty other states, as well as to the State Department, the FBI, and the Department of Defense. The information available about just who has access to the personal data stored in biometric databases is murky. Republicans and Democrats alike have expressed opposition to the idea of a national identification system. Yet, the potential accessibility and interoperability of biometric data systems, with one company providing services to numerous state and federal agencies, raises concerns that broad data sharing may already be occurring.
This makes it possible for a law abiding citizen to have a picture of themselves on Facebook to be crosschecked against this massive database, thereby revealing personal information to any number of government and private sector entities. With alternatives available to meet the State of Oklahoma’s need to have a photo on a drivers’ license that don’t require Oklahoma drivers to surrender their privacy, there is no reason the state should make Oklahomans choose between privacy and driving; let alone not even giving them notice to make that untenable choice in the first place.
Hilary Hudson is a second-year student at the University of Oklahoma College of Law and an intern at the American Civil Liberties Union of Oklahoma.