American Dragnet | Data-Driven Deportation in the 21st Century (original) (raw)
I. Executive Summary
When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But unless you or someone you love has been targeted for deportation, you probably don’t immediately think of Immigration and Customs Enforcement (ICE).
This report argues that you should. Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contracting and procurement records, reveals that ICE now operates as a domestic surveillance agency. Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government’s larger push to amass as much information as possible about all of our lives. By reaching into the digital records of state and local governments and buying databases with billions of data points from private companies, ICE has created a surveillance infrastructure that enables it to pull detailed dossiers on nearly anyone, seemingly at any time. In its efforts to arrest and deport, ICE has – without any judicial, legislative or public oversight – reached into datasets containing personal information about the vast majority of people living in the U.S., whose records can end up in the hands of immigration enforcement simply because they apply for driver’s licenses; drive on the roads; or sign up with their local utilities to get access to heat, water and electricity.
ICE has built its dragnet surveillance system by crossing legal and ethical lines, leveraging the trust that people place in state agencies and essential service providers, and exploiting the vulnerability of people who volunteer their information to reunite with their families. Despite the incredible scope and evident civil rights implications of ICE’s surveillance practices, the agency has managed to shroud those practices in near-total secrecy, evading enforcement of even the handful of laws and policies that could be invoked to impose limitations. Federal and state lawmakers, for the most part, have yet to confront this reality.
This report synthesizes what is already known about ICE surveillance with new information from thousands of previously unseen and unanalyzed records, illustrating the on-the-ground impact of ICE surveillance through three case studies – ICE access to driver data, utility customer data and data collected about the families of unaccompanied children. The report builds on, and would not have been possible without, the powerful research, organizing and advocacy of immigrant rights organizations like CASA, the Immigrant Defense Project, Just Futures Law, Mijente, the National Immigration Law Center (NILC), Project South and the American Civil Liberties Union (ACLU) of Northern California (among many others), which have been leading the effort to expose and dissever ICE’s American dragnet.
A. Key Findings
- ICE surveillance is broader than people realize. It is a dragnet.
Most Americans probably do not imagine that their information is captured by ICE’s surveillance networks. In fact, ICE has used face recognition technology to search through the driver’s license photographs of around 1 in 3 (32%) of all adults in the U.S. The agency has access to the driver’s license data of 3 in 4 (74%) adults and tracks the movements of cars in cities home to nearly 3 in 4 (70%) adults. When 3 in 4 (74%) adults in the U.S. connected the gas, electricity, phone or internet in a new home, ICE was able to automatically learn their new address. Almost all of that has been done warrantlessly and in secret.
- ICE built its surveillance dragnet by tapping data from private companies and state and local bureaucracies.
For most of its history, immigration enforcement in the United States was a small data affair, relying primarily on ad hoc tips and information sharing agreements with state and local law enforcement agencies. After 9/11, ICE paired those programs with much broader initiatives, tapping vast databases held by private data brokers as well as state and local bureaucracies historically uninvolved with law enforcement. Through those initiatives, ICE now uses information streams that are far more expansive and updated far more frequently, including Department of Motor Vehicle (DMV) records and utility customer information, as well as call records, child welfare records, credit headers, employment records, geolocation information, health care records, housing records and social media posts. Access to those new data sets, combined with the power of algorithmic tools for sorting, matching, searching and analysis has dramatically expanded the scope and regularity of ICE surveillance.
ICE has scanned the driver’s license photos of 1 in 3 adults.
ICE has access to the driver’s license data of 3 in 4 adults.
ICE tracks the movements of drivers in cities home to 3 in 4 adults.
ICE could locate 3 in 4 adults through their utility records.
- ICE has invested heavily in surveillance and has acquired advanced surveillance technology far earlier than people realize.
A review of over 100,000 spending transactions by ICE reveals that the agency spent approximately $2.8 billion between 2008 and 2021 on new surveillance, data collection and data-sharing initiatives. Those transactions also reveal that ICE was building up advanced surveillance capacities roughly half a decade earlier than previously known. Until now, the earliest records obtained by the Center on Privacy & Technology suggested that ICE began requesting and using face recognition searches on state and local data sets in 2013. However, our research uncovered a contract from 2008 between ICE and the biometrics contractor L-1 Identity Solutions. The contract enabled ICE to access the Rhode Island motor vehicle department’s face recognition database to “recognize criminal aliens.” That places the first known ICE face recognition searches during the waning days of the George W. Bush administration.
- ICE exploits people’s vulnerability and trust in institutions to get its hands on more data.
To locate its targets, ICE takes data that people give to state and local agencies and institutions in exchange for essential services. ICE often accesses that data without the permission or even awareness of the entity that originally collected the information. ICE has also taken advantage of the vulnerability of unaccompanied children seeking to reunite with their families.
- ICE leverages people’s trust in state DMVs to target deportations.
Across the country, 16 states and Washington, D.C. have allowed undocumented people to apply for driver’s licenses, provided that they volunteer a range of personal information including their legal names, dates of birth and addresses. Hundreds of thousands of undocumented people have trusted state DMVs with that information to apply for driver’s privileges. However, in at least five of those 17 jurisdictions, ICE can warrantlessly search through state driver records for the purpose of civil immigration enforcement. In at least six of those 17 jurisdictions, ICE has used face recognition to scan drivers’ license photographs to carry out deportations. When undocumented drivers apply for licenses, they place a significant amount of trust in the state that their information will not be used against them. Allowing ICE to use driver records for immigration enforcement purposes is a profound betrayal of that trust.
- ICE leverages people’s need for water, gas, electricity, phone and internet to target deportations.
In addition to pulling DMV data, ICE also buys and searches customer records from utility companies to locate people for deportation. The agency has been able to access information from utility records by contracting with Thomson Reuters, a private data broker. While undocumented people may avoid sharing their information with entities like DMVs, it creates extreme hardship when people cannot connect their homes with water, gas, electricity, phone and internet. “For people who are not easily traceable via traditional sources,” a Thomson Reuters marketing letter reads, “locator information from utility hookup records may provide the only current and accurate address and phone number data available.” By contracting with private data brokers, ICE has been able to access utility record information belonging to over 218 million utility customers across all 50 states and the district.
- ICE used interviews with unaccompanied children to find and arrest their family members.
In the last two decades, the number of unaccompanied children fleeing violence and poverty by crossing the U.S. border has risen by an order of magnitude. When children arrive at the border, they are suffering physical and emotional trauma. Congress has tried to protect those children by enacting bipartisan legislation to transfer the responsibility for their care away from law enforcement and to the U.S. Department of Health and Human Services (HHS). To find proper placements for the children, HHS interviews them about any potential family members in the U.S. who could care for them. But in perhaps the starkest example of ICE exploiting the trust of vulnerable people, the agency entered into an information-sharing agreement with HHS to use the information these children and their family members shared to find and arrest at least 400 of those family members. While Congress later used an appropriations rider to partly end the program and U.S. Department of Homeland Security (DHS) Secretary Alejandro Mayorkas has since formally rescinded it, this arrangement illustrates the lengths that ICE has been willing to go to find information on potential targets.
ICE exploits people's trust and vulnerability to get its hands on more data.
- ICE surveillance has evaded congressional oversight.
Most congressional leaders did not learn about ICE face recognition scans of DMV photos until The Washington Post ran an exposé on the practice, reporting on records obtained by the Center on Privacy & Technology. This exposé ran in 2019, over a decade after ICE penned its first known face recognition contract in 2008 for access to the Rhode Island driver database. The fact that ICE was conducting face recognition scans on driver’s license photos came as a shock to senior lawmakers – even those with the greatest insight into DHS activities. On learning of the face scans, Rep. Zoe Lofgren, the longtime chair of the House Judiciary Subcommittee on Immigration and Citizenship, denounced the practice as “a massive, unwarranted intrusion into the privacy rights of Americans by the federal government, done secretly and without authorization by law.” ICE’s surveillance initiatives have regularly flown under Congress’ radar. While a few political leaders have pressed ICE in oversight letters and used appropriations riders to end the most aggressive of ICE’s actions, to date there has not been one full congressional hearing or Government Accountability Office (GAO) report focused on ICE surveillance.
- State authorities are largely unaware of ICE’s surveillance of residents.
State lawmakers are almost always entirely unaware of ICE surveillance in their states and typically learn about the agency’s actions from the news. When Rep. Angela Romero of Utah learned that ICE and the FBI had searched through driver’s records in her state, she responded as many lawmakers do when information about ICE surveillance comes to light: “[T]his has never been shared with us before and the Legislature hasn’t approved it.” The lack of awareness from political leaders is compounded by state agencies’ failure to control or track ICE access to residents’ data. In Maryland, for example, when lawmakers asked two state agencies – the Maryland State Police and the Maryland Motor Vehicle Administration – for information about ICE searches of Maryland driver’s license data, the agencies each disclaimed responsibility and referred to the other as the ultimate custodians of information about ICE’s access.
- ICE has evaded state laws and lawmakers’ efforts to rein in its surveillance capabilities.
When state officials enact laws and policies to cut off their states’ data sharing with ICE, ICE regularly evades those restrictions – often by using alternative points of access within the complex web of systems connecting state and federal databases. In Washington, Governor Jay Inslee enacted a statewide policy to limit state agency cooperation with ICE only to discover that state licensing officials were routinely violating that policy. When state officials cut off ICE’s access to a state-run driver database, previously unseen records show that DHS searches of a separate network of driver data – one not operated by the state – nearly doubled. In Oregon, soon after lawmakers passed a law cutting off state data disclosures to ICE, the Oregon DMV signed agreements to sell its driver’s license records to Thomson Reuters and LexisNexis Risk Solutions, the two primary data brokers that sell ICE access to driver information.
- ICE surveillance deters people from accessing essential services.
Historically, the “chilling effects” of government surveillance refer to the way in which surveillance deters individuals from engaging in activities that the First Amendment protects, such as freedom of speech and assembly. But a growing body of research suggests that fear of ICE surveillance also deters immigrants and their families from participating in a broad range of activities necessary for health and well-being not only of individuals, but of the communities of which they are part. Concern about ICE surveillance often leads individuals to avoid placing their information in government systems, even if those systems are unrelated to law enforcement. That fear inhibits people from enrolling in services critical for their own health and the health of their children. It also deters people from engaging with the legal system, such as by reporting crimes or testifying in court.
B. Recommendations
Congress
1. Congress should reform U.S. immigration laws to radically reduce the number of people who can be subjected to deportation.
The best and ultimately perhaps the only way to take apart ICE’s dragnet is to take apart the laws on the basis of which the executive branch targets hundreds of thousands of people for deportation every year. Congress could significantly reduce the number of people subject to deportation by—for example—creating a pathway to citizenship for undocumented people, dramatically reducing the grounds of removability that are based on criminal legal involvement, and by enacting a statute of limitations on deportations. While those reforms do not address surveillance itself, they are the most direct way to undercut ICE surveillance authority.
2. Congress should protect people who trust the federal government with their data.
The federal government runs a range of programs that effectively ask undocumented people to out themselves and entrust the federal government with their personal information. A few examples of those programs include the Deferred Action for Childhood Arrivals (DACA) program, the IRS’s use of individual taxpayer identification numbers and the U and T visas available to victims of certain crimes. It is unethical and arguably a violation of due process to use those programs as honeytraps for the undocumented. Congress could easily create a wraparound statute protecting that kind of data. Congress could model the wraparound statute on the federal laws protecting the confidentiality of census data, which prohibit the use of census data for nonstatistical purposes and broadly mandate that “[i]n no case shall information furnished [to the Census Bureau] be used to the detriment of any respondent or other person to whom such information relates.”
Congress could model a law to protect data volunteered by undocumented immigrants after Census confidentiality statutes.
Until the passage of such a wraparound statute, Congress could protect information held in specific programs via piecemeal amendments to relevant statutes or appropriations riders. For its part, DHS could enact those protections as a matter of policy.
3. Congress should stop ICE’s use of DMV data as a deportation gold mine.
Congress passed the Driver’s Privacy Protection Act (DPPA) years before the modern era of mass deportation. ICE has not hesitated to use the broad carve-outs for government access in the DPPA to warrantlessly scan the driver’s license photographs belonging to millions of Americans and to search through the address information of most U.S. residents provided on their driver’s records. Congress should update the DPPA to prohibit (or require a warrant or court order for) any use of DMV data for immigration enforcement purposes.
4. Congress should conduct aggressive oversight of ICE surveillance.
Committee and subcommittee chairs do not need a majority or supermajority vote to compel ICE to answer for the massive expansion of its surveillance initiatives and the vast secrecy that surrounds them. ICE surveillance raises a wide range of fundamental constitutional concerns about everything from commerce to federalism, and each chamber of Congress has multiple committees and subcommittees that could lead aggressive oversight of the agency. Potential subjects for hearings or a GAO report include: (1) how and why ICE evades state laws protecting the data of drivers and other residents; (2) how ICE’s reliance on data brokers limits public scrutiny and helps the agency evade statutory and constitutional privacy protections; and (3) how ICE currently uses biometrics, including face recognition, fingerprints and DNA, and how it plans to use them in the future. A more complete list can be found in the Recommendations section.
DHS & ICE
1. ICE should end all dragnet surveillance programs, including the use of face recognition on DMV data for immigration enforcement.
All of ICE’s surveillance programs should be subjected to piercing scrutiny. However, ICE should immediately terminate all dragnet surveillance programs—both ICE led and obtained from data brokers—which indiscriminately collect data on as many people in the U.S. as possible. Programs that ought to be characterized as this type of especially problematic dragnet surveillance include at least (1) the practice of scanning driver’s license photos for immigration enforcement purposes; (2) the bulk collection of address information and other records from DMVs and utility companies; (3) the bulk collection of license plate photos capturing the movement of drivers in major U.S. metropolitan areas; and (4) the purchase of large datasets from private data brokers.
2. ICE should stop using water, heat, light, phone and internet records to carry out deportations.
People need heat, water and electricity to survive. They require phone lines for emergencies and internet access to work and attend school. DHS should not wait until immigrants begin cutting off those services for fear of deportation before issuing a clear prohibition against the use of utility records for immigration enforcement.
States
1. States should protect people who trust state and local governments with their data.
Of the 17 jurisdictions that offer undocumented residents the ability to apply for driver’s licenses, seven have passed laws seeking to protect against warrantless ICE searches and face scans of drivers’ data and photos. Unfortunately, few states have enacted truly comprehensive restrictions on ICE access to driver data. These statutes should: (1) focus on the data, not the custodian of that data; (2) focus on the purpose of the sharing, not the recipient; (3) protect against all forms of information sharing; (4) not distinguish between “civil” and “criminal” immigration enforcement; (5) ensure that face recognition is clearly encompassed in these restrictions; and (6) eliminate blanket exceptions for “law enforcement” access to state or locally held data.
State lawmakers have a major role to play in protecting their constituents against warrantless ICE surveillance.
2. States should prohibit the use of water, gas, electricity, phone and internet records for immigration enforcement.
State and local authorities should prohibit the disclosure, sale or resale of this data for immigration purposes. Again, while a few states have good standards that apply to a specific utility (e.g., gas or electricity), not one has enacted meaningful wraparound privacy protections for customers of all utility services. In enacting these protections, state and local authorities should: (1) restrict disclosure to data brokers, not just the government; (2) avoid blanket carve-outs for credit reporting and evaluation; (3) protect against all forms of disclosure; and (4) be sure to protect customer addresses. Of all laws available, Connecticut laws governing the privacy of information held by gas companies likely represent the most protective standard to date.
3. States should structure their systems to track ICE access and closely audit that access.
Any state database administrator must be able to answer two questions: Does ICE have access to this database? If so, how and why has ICE accessed it? In the third decade of the 21st century, there is no excuse for a state or local government to build a database containing sensitive data without ensuring that the system carefully logs the times and frequency of user logins, as well as their searches and search results. State and local authorities should regularly audit these databases to determine whether, how and how often ICE is accessing them. If authorities do not run those audits on their own, legislators should send oversight letters to state agencies and hold oversight hearings to compel agency officials to do so.
C. About This Report
Nina Wang, Allison McDonald, Daniel Bateyko and Emily Tucker are the authors of this report. Harrison Rudolph led the underlying research.
Suggested citation: Nina Wang, Allison McDonald, Daniel Bateyko & Emily Tucker, American Dragnet: Data-Driven Deportation in the 21st Century, Center on Privacy & Technology at Georgetown Law (2022).
D. Acknowledgements
This report would not be possible without the powerful research and advocacy of our friends and allies working to expose ICE’s surveillance dragnet. We are deeply grateful for the work of organizations like CASA, the Immigrant Defense Project, Just Futures Law, the Legal Aid Justice Center, Make the Road, Mijente, the National Immigration Law Center, the National Immigrant Justice Center, the American Civil Liberties Union, Project South, Stop LAPD Spying Coalition, and dozens of others.
Critical guidance and close reading of this report were provided by Professor David Vladeck, who serves as a faculty director for the Center. We also thank our outside reviewers, including Heidi Altman, Tanya Broder, Joan Friedland, McKenzie Funk, Anil Kalhan, Sarah Kim Pak, Julie Mao, Jack Poulson, Vasudha Talla, and others who will remain anonymous, for lending valuable expertise throughout the drafting process. Reviewers do not necessarily agree with the subject matter of the report.
Furthermore, this report would not be possible without the entire team at the Center, who helped in countless ways: Katie Evans, Clare Garvie, Cynthia Khoo, Laura Moy, Korica Simon, Jameson Spivack, Emily Tucker, and Serena Zets. We are also grateful to the Center’s research assistants, practicum students and summer fellows, including Daniel Barabander and Romina Montellano Morales; Ashley Burke, Augusto Cividini, Dana Holmstrand, Jeremy Penn, Jesús Rodríguez and Natalie Tverdynin; our copy editor, Joy Metcalf; our design and web development firm, Rootid; and our report translator, María Ítaka of Sirena Peligro.
The Center on Privacy & Technology at Georgetown Law is supported by the Ford Foundation, the Open Society Foundations, the MacArthur Foundation, Luminate, the Media Democracy Fund, the Seldin/Haring-Smith Foundation, the Kresge Foundation, and Georgetown University Law Center.