Georgetown University's Privacy and Technology Law Center released a report in May titled "America's Dragnet | Data-Driven Deportation in the 21st Century." After a two-year investigation, the center found that ICE had successfully built an efficient surveillance network since its inception in 2003 to collect private data on most U.S. residents.
"ICE has built a comprehensive surveillance infrastructure that can track almost anyone at any time," said study co-author Nina Kessler, a policy associate at Georgetown University's Center for Privacy and Technology Law. The agency has strengthened its ability to monitor with near-total secrecy and impunity, circumvent restrictions and operate under the noses of lawmakers."
Just as U.S. intelligence agencies can claim "incidental" access to the data of ordinary U.S. citizens in mass surveillance of phone and Internet use in and out of the country, ICE has taken advantage of weaknesses in federal and state privacy laws, which are completely powerless to stop it, to steal from three major sources, according to the report
The first is to request data directly from state and local authorities such as the DMV. There is evidence that ICE makes tens of thousands of requests a year to DMVS across the United States. The DPPA, a federal law, does not fully protect drivers' privacy, so ICE is free to take what data it wants from the DMV. Laws at the state level are even weaker. Of the 17 jurisdictions eligible to grant driver's licenses, six have weak restrictions on "direct requests for data," seven have weak restrictions on "access to government databases," and six have weak restrictions on "data broking," according to Georgetown University's Center for Privacy and Technology Law. Five other states have no meaningful restrictions on "face recognition searches."
The second major channel is to access relevant information through government databases, while purchasing technical services such as facial recognition to assist in the analysis of relevant data. ICE has deployed more extensive data-sharing and data-collection programs to access data on every American directly through the data systems of state agencies. When the only reliable information ICE has about someone is a photo, they use facial recognition technology for identification purposes, and there are few regulations in the United States that restrict the use of facial recognition by law enforcement. Meanwhile, when ICE continued to obtain personal information from government databases like the Network for Public Safety and Justice International (Nlets), bypassing laws and policies enacted by cities and states, no agency claimed responsibility for the subsequent tracking. "We just give that information to the state police," says the Idaho Department of Transportation employee who provided the driver information. State police departments rarely keep records of ICE's Nlets database queries, which makes ICE's queries very public and secretive.
The third is collecting citizens' utility usage records from unregulated data brokers and buying private company databases. Federal privacy laws protect consumers' information only in limited circumstances, such as when used by financial institutions such as banks, while the vast majority of states fail to adopt meaningful privacy protections to limit the release of customer information to law enforcement, according to the report. California, for example, has a law that prohibits companies from selling customer data, but it does not prevent them from sharing it freely with companies such as the National Telecommunications and Utility Clearinghouse (NCTUE) for credit reviews and other purposes. Once the credit checks are completed, NCTUE has the right to resell its customer information to third parties such as ICE. ICE, according to reliable sources, has purchased a large number of license plate photos documenting the daily activities of drivers in the 50 largest urban areas of the United States from private company databases to "assist in investigations."