TLPC Partners with CU Criminal Immigration Clinic to Prepare Report on Protecting Colorado DMV Photos, ICE, and Facial Recognition Tech

(by Conor May, Colorado Law 2L)

This year the TLPC and Colorado Criminal Immigration clinic looked at ways for the State of Colorado to prevent DMV records from being exploited by federal Immigration & Customs Enforcement (ICE). The clinics prepared a report to the Governor’s Office and Colorado DMV that highlights potential vulnerabilities and proposes policies to address those vulnerabilities.

The clinics’ report was sent to the Governor’s Office in March. On May 20th, Governor Polis issued a guidance document to all Colorado executive branch departments and agencies. This guidance on data privacy goes a long way toward addressing the vulernabilities raised in the clinics’ report, by placing restrictions on when state agencies can respond to requests for Personal Identifying Information (PII), which includes licenses and other DMV information.

Recent reporting has revealed that state motor vehicle authorities in several states have assisted federal immigration authorities, including ICE, in the identification and removal of undocumented immigrants from the U.S. This reporting is particularly concerning because it has come from states that have passed specific legislation encouraging undocumented immigrants to obtain driver licenses. The expanding use of facial recognition software by state and federal agencies, including immigration authorities, makes DMV photo databases particularly prone to misuse. ICE reports that it uses state information that “may assist in case completion and subsequent prosecution,” but numerous observers have expressed concern that using facial recognition software to scan Division of Motor Vehicles (DMV) databases gives agents access to the faces of drivers who have not been charged with a crime or implicated in an ongoing investigation.

As a state that both encourages undocumented residents to obtain driver licenses, Colorado is at the center of this issue. DMV data sharing is a serious concern for clients of the University of Colorado’s legal clinics, which offer pro bono services in immigration proceedings. Accordingly, the Samuelson-Glushko Technology Law & Policy Clinic prepared a Report with assistance from the CU Law’s Immigration Defense Clinic. The report surveys best practices for protecting undocumented immigrants’ records in the present political climate.

The clinics’ report compared these best practices with the current policies and practices of the Colorado DMV and recommends changes that could make these records more secure. The Report also considers relevant statutes and finds nothing in state or federal law preventing the DMV from implementing these safeguards. By putting protections in place, Colorado can support immigrant communities, improve road and highway safety, and respect the privacy of residents.

Under the newly released guidance, any request for PII must pertain to an active criminal investigation, come with a court order or subpoena, or be necessary to perform agency functions and not solely related to federal immigration enforcement. The guidance also requires state agencies to inform law enforcement partners, including local law enforcement offices that may be cooperating with ICE, that state information may only be used for criminal investigations, not immigration enforcement.

The new guidance also includes a series of provisions that require reporting of information sharing. The guidance requires state employees to notify their supervisors prior to sharing information, and requires all agencies to maintain and submit detailed written logs of all requests for PII. The clinics’ report emphasizes the importance of oversight and auditing, and these reporting requirements will provide a valuable tool to ensure that state information is not being misused.

The guidance did not directly address every concern raised in the clinics’ report. For instance, while the document limits responses to requests for PII, the report also raised concerns that ICE may be able to access state information via digital law enforcement databases, without making direct requests to state employees. The guidance document also does not speak to the larger issue of facial recognition technologies. Going forward, Colorado should carefully review the information made available to immigration enforcers through digital databases, and should proactively limit the use of facial recognition technology by state employees without explicit legislative approval.

The guidance document also makes exceptions for PII requests that are required by state or federal law. However, there is some controversy about the specific level of cooperation that states are required to provide to ICE. This issue is discussed in more detail in the report, but suffice it to say that how broadly state employees interpret their obligations under federal law will have a major impact on how this guidance is implemented. Nonetheless, this guidance is a clear statement of Colorado’s intentions, and a good first step toward fully securing the privacy of Colorado residents.

The CU Law Clinics’ report is available here:

The May 20th Guidance Document from the Governor’s Office is available here: