After Ohio Attorney General Mike DeWine quietly added a facial recognition capability to the Ohio Law Enforcement Gateway, which gives government officials unified access to databases for their browsing pleasure, state residents became a tad creeped out that they'd been conscripted into an ongoing police line-up. As a result, DeWine hastily called together an advisory group to tell him what he should do about his somewhat controversial adoption of intrusive technology. Maybe you shouldn't let half the friggin' world go trawling through the photos, his picked advisors told him, and you should keep an eye on the people who do use it.
Well…Words to that effect, anyway.
Wrote the members of the OHLEG Advisory Group (PDF):
(1) General OHLEG Access: The current project to tailor OHLEG access as determined by the chief executive officer of an organization should continue. OHLEG users should only access the information they need for their job responsibilities. This includes access to information gained through facial recognition searches. Guidelines and procedures for immediately removing access and for reporting to OHLEG when an individual user is terminated, retires, or otherwise becomes ineligible to access OHLEG have been developed and should be implemented as soon as possible.
(2) Facial Recognition: Although the general OHLEG access recommendation above is sufficient for law enforcement agencies, non?law enforcement agencies require stricter access to this technology. Non?law enforcement agencies should not have access to OHLEG facial recognition technology without the express written permission of the Superintendent of the Bureau of Criminal Investigation (BCI).
Errr…Yeah. Those seem like good ideas. You mean these controls aren't in place already? Because implementing "guidelines and procedures for immediately removing access and for reporting to OHLEG when an individual user is terminated, retires, or otherwise becomes ineligible to access OHLEG" and otherwise limiting access to databases hooked up to facial recognition software would seem to be a good idea for a controlling use of an rather intrusive information system that wasn't originally intended as a stand-in for Ashley Madison (Ohio has been relatively scandal free, but Minnesota is awash in controversy over the misuse of its databases by police and other government employees).
The recommendations also include "random audits" of users to ensure compliance with Ohio law and OHLEG policies.
The recommendations don't mention this point, but the Cincinnati Enquirer reported last month that upwards of 30,000 people have access to OHLEG and the new facial recognition capability. By contrast, neighboring Kentucky allows 34 people the ability to run facial recognition searches. The need to somewhat constrain that sort of wide access has been a driving force behind the advisory group's work.