On the evening of May 29, New Yorkers went out by the thousands for the first big day of protests following the murder of George Floyd. If they were checking Twitter as they headed out the door, they may have seen a surprising warning issued by Terri Rosenblatt, supervising attorney of the DNA Unit at The Legal Aid Society in New York City:
Then, when a Twitter follower asked her about the vulnerability of protesters’ face masks, Rosenblatt answered yes, “a full profile could be detected from the inside of a face mask. Hold on to your PPE, people….”
Police “stealing” your DNA from your face mask? This wasn’t a bit of dystopian sci-fi; it was a reminder of the myriad types of data that local law enforcement continuously collects from us and about us, both out in the world and during interactions with officers. And when thousands of protesters are out on the street, the opportunity is ripe for law enforcement to not only surveil the scene but to collect personal information that it can then hold on to for a long time.
[Read: 7 ways to keep your personal information safe during protests]
There are about 18,000 police agencies across the country, each with their own surveillance gadgets and data-collection and -retention policies. So your experience will depend on where you are. But there’s a good chance, if you join a protest, that you’ll leave some personal information behind. And if you’re questioned or arrested by police, consider that possibility a given.
Just showing up can be enough to get you into the system
After the commissioner of the Minnesota Department of Public Safety made the mistake of saying that police would be contact tracing people arrested during protests, the department later clarified that, no, it isn’t using newly developed public health resources to monitor the lives of people attending protests—that was merely a “metaphor.”
But police and sheriffs’ departments who want to surveil protests in their area do have a mind-boggling array of resources at their disposal in the year 2020. They have easy access to social media messages, as well as social media photo and video footage and its associated metadata, and data downloaded from confiscated phones. They also have surveillance towers, drones, body cameras, security cameras, Nest and Ring cameras, “neighborhood watch” app data, automated license plate readers, cell-site simulators like “Stingrays” or “dirtboxes” to intercept phone conversations and texts, X-ray vans, ShotSpotters, geofence warrants, and probably lots more things we don’t know about yet.
All of the information police can harvest from these tools is immensely valuable when they are investigating crimes that might have taken place during protests, like property damage, looting, or violence. It also creates a living record of any potential abuse by police officers themselves. But this data can also take on a life of its own.
“We’re just collecting, in electronic and retrievable form, so much more information than even 10 years ago,” said Jonathan Smith, executive director of the Washington Lawyers’ Committee for Civil Rights and Urban Affairs in Washington, D.C. “All that footage, all those records—and none of that goes away.”
With paper records of the past, he added, at least everything was relatively difficult to find. Now, all the data that local law enforcement collects is not only searchable, but potentially actionable, if the department feeds it into its predictive policing programs and then uses it toward future criminal investigations.
“What impact will that ultimately have on the way that departments are guiding their decisions, or enforcement practices, based on information that may have been gathered at a First Amendment activity event?” Smith asked.
Mugshots, tattoos, and ever-growing law enforcement databases
Being at the scene is one thing, but getting arrested triggers another level of data harvesting by police.
Mugshots, for instance, can really overstay their welcome—both in decontextualized Google searches and in facial recognition tools used by law enforcement. For instance, in New York State, mugshots of juveniles are supposed to be eventually destroyed in many circumstances. But as The New York Times reported last year, photos of kids as young as 11 are living on in the New York Police Department’s facial recognition database, which police use to identify crime suspects.
Tattoo databases are also a growing concern, said Dave Maass, senior investigative researcher at the Electronic Frontier Foundation. Police departments may rely on tattoo images if they want to identify people in crowds where faces happen to be obscured by masks.
Law enforcement agencies have always collected images and information about people’s tattoos. But in recent years they’ve also started to employ automated tattoo-recognition software that can match and categorize similar-looking tattoos, thereby linking and sorting the people who have them.
“It’s one thing to identify someone based on their tattoos,” said Maass. “But what they’ve also proposed doing is connecting gang members based on them all having similar tattoos, or being able to discern people’s affiliations, their political beliefs, their ideologies and religions—those kinds of things that connect them—through automated tattoo-recognition software.”
Speaking of which, having a particular tattoo is also a very good way to end up in your local law enforcement agency’s gang database, said Maass. (Other ways include wearing clothes of a certain color, hanging out on certain street corners, living in certain neighborhoods, or appearing in certain photos on Facebook.)
Gang databases contain information about people who haven’t necessarily committed a crime but who police have reason to believe may be connected to other people who may commit a crime. Police continue to increase the size of their gang databases even as crime is dropping. However, inspector generals and investigative reporters have examined these gang databases in California, Chicago, and New York City at least, finding outrageous errors and questionable entries, including octogenarians and even babies being labeled gang members.
Civil rights advocates are concerned that police may use the current protests—whose organizers and participants are particularly young, and whose participants the FBI and the president have occasionally labeled extremists or terrorists—as an opportunity to add people to its gang databases.
“Where this becomes very dangerous is that it ends up being used in other subsequent proceedings,” said Smith of the Washington Lawyers’ Committee. “We’ve seen examples here in the D.C. region where the gang database has been used in immigration proceedings—where someone doesn’t know they’re in a gang database, they get picked up for something, and then it’s used as a justification for deportation.”
The long life of DNA
Terri Rosenblatt, the New York City Legal Aid attorney who cautioned against accidentally giving DNA away in a police precinct, said in a later interview that it’s too soon to know whether police have taken any recent protesters’ DNA without their consent. But she said her warning was based on what she and her colleagues have seen happen in the past, including to children—like police extracting samples from water bottles they provided to suspects.
“We know what happens when kids get arrested; we have video recordings of kids being manipulated into providing DNA samples,” said Shomari Ward, staff attorney in The Legal Aid Society’s Juvenile Rights Practice’s Special Litigation and Law Reform Unit. “If kids are going to be out protesting, they need to be aware that this is a thing that can happen.”
The NYPD did not respond to a request for a comment about its data-collection practices during the current protests. But this February, an NYPD deputy chief testified to the City Council that the city crime lab’s local suspect DNA index included profiles from approximately 32,000 people, a quarter of whom never ended up being convicted of any crime. He also testified that about half of the people in the database had given their DNA with consent, while the other half had their DNA collected without their knowing it.
Like digital data, DNA has a way of sticking around. Just last September, North Dakota officials identified and arrested a Standing Rock pipeline protester from three years earlier based on DNA collected during an arrest relating to another protest. They matched his DNA from their database to DNA extracted from a cigarette butt he left at the scene of the protest in 2016.
Now that you’re in the system, how do you get out?
In short, it’s not easy and often not possible.
When it comes to DNA databases and gang databases and other investigative tools, the challenge is knowing that your information is in them in the first place. And there are only very rare examples of people successfully petitioning to get out of them.
Arrest records and court records are a bit more straightforward because people who have had run-ins with the police will at least be aware of them. But expunging those records can be difficult, too, because they have a tendency to travel.
One misconception a lot of people have, said Joshua Esmay, an attorney with the Legal Rights Center in Minneapolis, is that there’s such a thing as “a” criminal record—that if you’ve been arrested before, all of your information exists in one, central place.
“Records get generated at each point of contact within the criminal justice system, and each of the different places that generate the records will keep them in an electronic database,” Esmay explained. “Even before we get anything involving a prosecutor or the court, your record can already go statewide.”
Local intel about protesters can also easily go from the city or state level to federal agencies.
For instance, George Joseph and Jessica Pishko have reported for The Appeal on how Immigration and Customs Enforcement has direct access to local police data, including records about day-to-day interactions between people and officers. This interconnectivity means that an arrest or even a traffic vaiolation could trigger a process that leads to someone’s deportation. “In some cases, witnesses and victims of crimes, too, are run through biometric databases or asked their immigration status,” wrote Pishko.
Because records exist in so many different places, they’re also pretty difficult to get rid of. Credit reporting agencies and background screening companies will often buy arrest, court, and jail and prison data and sell it to employers and landlords. That information (if it’s even about the right person, and not a mixup) can make potential employees or tenants look worse on paper than they should, especially if the screening companies don’t keep their records up to date with the cases’ ultimate outcomes.
Esmay helps run expungement clinics in Minneapolis, and he says he works to persuade judges to not only sealold court records but also to seal all of the related database entries in a checklist of about 10 interconnected agencies
He also said he’s seen a growing awareness of the collateral consequences of criminal records. “I’ve been helping put on different walk-in free legal clinics going back to 2012,” said Esmay, “and just in the last year, turnout at those has been the highest that we’ve ever seen.”
If all of this makes you wary about going out to exercise your First Amendment rights, just remember: Every time you use a phone, get in a car, or walk down a city street, you are generating data points that police potentially have access to. This is just one more.
This article was originally published on The Markup by Lauren Kirchner and was republished under the Creative Commons Attribution-NonCommercial-NoDerivatives license.
Get the TNW newsletter
Get the most important tech news in your inbox each week.