American Dragnet

On Nov. 19, 2002, the bill to create the DHS came up for a final vote in the U.S. Senate. It had so far received little opposition. In the words of its leading opponent, the Homeland Security Act was “barrelling through Congress like a Mack truck, threatening to run over anyone who dares stand in its way.”1

That critic was not the liberal lion Ted Kennedy, nor was it Russ Feingold of Wisconsin, the senator who cast the sole vote against the USA PATRIOT Act upon its passage, 98-1, a year earlier.2 Rather, the voice of opposition belonged to Senator Robert Byrd of West Virginia, a man who had devoted decades of his career in Congress to building precisely the kind of federal bureaucracy that the bill would create.3

• 1. 148 Cong. Rec. S8046 (daily ed. Sept. 3, 2002) (remarks of Sen. Robert Byrd). Parts of this introduction draw from Alvaro Bedoya, Watching Immigrants, Harv. Nat'l Sec. J. (forthcoming 2022). Professor Bedoya has not reviewed or approved this report.
• 2. 147 Cong. Rec. S11059 (daily ed. Oct. 25, 2001) (Sen. Feingold as sole “nay” in 98-1 final vote).
• 3. See John Tierney, THREATS AND RESPONSES: THE SENATE; Byrd, at 85, Fills the Forum With Romans and Wrath, New York Times (Nov. 20, 2002) (describing Sen. Byrd as opposing the bill “virtually alone”); Pork or Progress? Sen. Byrd Leaves Legacy, CBS News & Associated Press, June 28, 2010 (on Sen. Byrd’s legacy of appropriations for West Virginia).

Perhaps the senator was worried that the sudden reorganization of dozens of federal agencies and over 150,000 employees under one new department would loosen his grip on those bureaucracies and the jobs they brought to his state. Across a half-century in Congress, Byrd had systematically steered federal facilities to his home state, including military training centers and the FBI fingerprint lab. In the coming years, he would eventually move the Coast Guard’s National Maritime Center to landlocked Martinsburg, West Virginia.4

Yet, that’s not what Byrd talked about when he savaged the bill on the floor of the Senate.5 Instead, he dismissed out of hand the primary rhetorical justification for the bill—that is, the idea that the bill was responding to an urgent national security need. The law enforcement officials charged with defending the country were already “out there … right now, right today,” he explained.6 He also rejected the suggestion that the bill was necessary to pay for domestic security, pointing out that Congress had approved $5.1 billion in emergency spending earlier that year, which President George W. Bush had declined to sign into law.7

Instead, Byrd issued a warning: The Homeland Security Act was an “enormous grant of power to the executive branch.”8 The DHS would function as “a massive chamber of secrets” immune to transparency, internal auditing and external oversight.9 The bill would empower the president “without any real mechanism to ensure those powers are not abused.”10

• 4. Id. See also Temporary Relocation of the Coast Guard National Maritime Center (NMC), 72 Fed. Reg. 58,865 (Oct. 17, 2007) (move from Arlington, Va. to Kearneysville, W.Va.); Permanent Relocation of the Coast Guard National Maritime Center (NMC), 73 Fed. Reg. 12,747 (March 10, 2008) (move to Martinsburg, W.Va.).
• 5. See generally 148 Cong. Rec. S11358-113560 (daily ed. Nov. 19, 2002) (remarks of Sen. Byrd in opposition to the Homeland Security Act of 2002).
• 6. Id at S11359.
• 7. Id.
• 8. 148 Cong. Rec. S8045 (daily ed. Sept. 3, 2002).
• 9. See 148 Cong. Rec. S11359 (daily ed. Nov. 19, 2002) (“massive chamber of secrets”). See also 148 Cong. Rec. S8047-8048 (daily ed. Sept. 3, 2002) (discussing exemptions to the Federal Advisory Committee Act and the Freedom of Information Act, the lack of independence of the DHS Inspector General, and describing DHS privacy and civil rights officers as “advisers with no real investigative or enforcement power”).
• 10. 148 Cong. Rec. S11359 (daily ed. Nov. 19, 2002).

In his darkest admonition, Byrd said that the result of this secrecy and impunity would be dragnet surveillance.11 He had previously cautioned that the bill gave the Secretary of DHS “almost unlimited access to intelligence ... without adequate protections against misuse” of that data.12 On Nov. 19, he put it bluntly: “The [White House] told us it is not planning to create a new domestic spy agency in the United States,” and yet the bill would authorize a Pentagon program that would “peer into the daily transactions and private lives of every American.”13

That afternoon, Byrd’s colleagues voted 90 to 9 in favor of the Homeland Security Act.14 When asked why he had so fervently opposed a bill he knew would pass, Byrd answered: “[T]he matter is there for a thousand years in the record. I stood for the Constitution. I stood for the institution. If it isn't heard today, there’ll be some future member who will come through and ... comb these tomes.”15

• 11. That dragnet surveillance was a foreseeable consequence of the Homeland Security Act does not mean that the HSA should be read as authorizing the surveillance practices that this report describes. See generally Anil Kalhan, Immigration Surveillance, 74 Md. L. Rev. 1 (2014).
• 12. 148 Cong. Rec. S8046 (daily ed. Sept. 3, 2002).
• 13. 148 Cong. Rec. S11360 (daily ed. Nov. 19, 2002).
• 14. Id. at S11462.
• 15. See Tierney, supra note 3.

*  *  *

José Santos Quintero Hernandez and Maribel Cortez have been married for 22 years. They met in the U.S. after emigrating separately from El Salvador, fleeing violence and what Hernandez described as certain death.16 The couple had led a quiet life, raising five children in Rockville, Maryland, a suburb less than one-hour’s drive from the U.S. Capitol.17

• 16. Personal Information, State and Local Agencies, Restrictions on Access: Hearing on H.B. 23 Before the Md. H. of Delegates Judiciary Committee (Jan. 27, 2021) (statement of Alex Vazquez of CASA), https://mgaleg.maryland.gov/mgawebsite/Committees/Media/false?cmte=jud&ys=2021RS&clip=JUD_1_27_2021_meeting_2 (at 46:33, “certain death”).
• 17. Erin Cox, Gov. Hogan opposed to ending ICE’s warrantless access to driver’s license database, Washington Post (Feb. 27, 2020), https://www.washingtonpost.com/local/md-politics/hogan-opposes-blocking-ice-from-drivers-licenses/2020/02/27/3e23bbcc-5903-11ea-9000-f3cffee23036_story.html.

One morning in early February 2020, a little over 17 years after Byrd’s remarks, the Hernandez family got a knock at their door. One of the children opened it. The kids watched as ICE agents entered the house, arrested their father and took him away. 

There are millions of undocumented people in the U.S. How did ICE come to arrest Hernandez? Had he just arrived and missed a court date? No, he had been living here for decades. Had he come to ICE’s attention through local law enforcement? No, neither Hernandez nor Cortez had ever had any encounters with the police or immigration enforcement. 

No, the agents explained to Hernandez as they walked him to their car. They found him because he had recently obtained a Maryland driver’s license. They used the information he gave to the Maryland Motor Vehicle Administration to find him, arrest him, lock him up in an immigration detention center and start deportation proceedings against him.18

Later that month, The Washington Post and The Baltimore Sun revealed that, in addition to searching through Maryland drivers’ personal information – their names, addresses and dates of birth – ICE had also been scanning Maryland drivers’ faces and conducting face recognition searches on their license photos. Those warrantless searches were not restricted to undocumented immigrants or other applicants for what are called “standard” licenses; ICE had been logging into a state face recognition database and scanning the faces of the state’s drivers, which totaled more than 4 million people.19

• 18. See id.
• 19. See Drew Harwell, ICE has run facial recognition searches on millions of Maryland drivers, Washington Post (Feb. 26, 2020), https://www.washingtonpost.com/technology/2020/02/26/ice-has-run-facial-recognition-searches-millions-maryland-drivers; Kevin Rector, ICE has access to Maryland driver’s license records. State lawmakers want to limit it, Baltimore Sun (Feb. 26, 2020), https://www.baltimoresun.com/politics/bs-md-pol-ice-mva-bill-20200227-rsgqqajmwne4hollsz4svgpa6m-story.html. The term “standard” license is used in Maryland to differentiate these identity documents from licenses that comply with the requirements of the federal REAL ID Act, which requires verification of immigration status. Maryland’s face recognition repository, the Maryland Image Recognition System, or MIRS, includes all driver photos regardless of the kind of license. Bureau of Transp. Stat., U.S. Dep’t of Transp., Maryland: Transportation by the Numbers 2 (2020), https://www.bts.gov/sites/bts.dot.gov/files/states2020/Maryland.pdf (4.4 million licensed drivers in 2018).

Maryland lawmakers were shocked—particularly those who had led the effort in 2013 to allow undocumented residents to apply for licenses. Delegate Joseline Peña-Melnyk of Prince George’s County was distraught to learn ICE was tracking down Maryland immigrants using a program she had supported. “It breaks your heart,” she told The Washington Post. “We didn’t know. We could have gotten it right in the beginning if we knew.”20 To this day, state officials seem to have no idea how many times ICE has scanned the faces of Maryland drivers.21

• 20. See Cox, supra note 17.
• 21. See Letter from Kevin Combs, Md. Dep’t of Public Safety and Corr. Servs. to Sen. Susan C. Lee et al., Nov. 21, 2019 (explaining, in response to a query from legislators regarding the number of such searches, that Maryland does not have access to users’ search results and instead offering the number of “sessions [that] were saved” by ICE users in 2018 and 2019).

*  *  *

What happened to Hernandez—and what happened in Maryland—is not unique. These discoveries are part of a common pattern. ICE quietly runs face recognition scans not just on Marylanders and not just on immigrants but on millions of drivers across the country.22 ICE has also paid a data broker to gain access to a trove of license plate photos logging the daily movements of drivers in the 50 largest metropolitan areas in the U.S.23 ICE also paid a separate data broker for the ability to search address records held by water, gas, electric, phone and cable companies, such that the moment a family, immigrant or native-born, moves into a new home and connects the water or turns on the lights, ICE can track them down.24 When children arrived alone at the border, ICE even used information from interviews with these children to find, arrest and deport their family members.25

ICE consistently paints itself as an agency whose efforts are “focused” and “targeted” against specific individuals or limited groups of people, but those discoveries uncover a much different story.26 When ICE uses bulk data from sources like driver’s license records and utility customer information or engages in regular monitoring of a vast majority of people in the U.S., the relationship between ICE’s supposed law enforcement purpose and its actual law enforcement practices begins to seem quite attenuated. Rather than being tailored or limited in any meaningful way, present-day ICE surveillance is a sweeping dragnet.

The full reach of ICE’s surveillance dragnet still remains secret. Press coverage offers snapshots of specific initiatives, often with little distinction between programs run by Customs and Border Protection (CBP) and those ICE operates. Few privacy advocates think of immigration enforcement as a site of large-scale surveillance, while immigrant rights advocates and organizers, overwhelmed with the work of resisting mass deportation themselves, often lack the resources to investigate the surveillance programs that are fueling the system. For its part, Congress has yet to devote a full oversight hearing to ICE surveillance. As a result, basic questions about ICE’s surveillance arsenal have gone unanswered:

• How often does ICE search through driver information held by state DMVs?
• How many people have had their faces scanned by ICE? 
• How many people have had their addresses sold to ICE as a result of connecting their water, electricity, gas, telephone or cable, and how exactly did ICE obtain that data?
• Why did ICE suddenly amass this arsenal, when its predecessor, the Immigration and Naturalization Service (INS), made few major technology investments?
• Does the law allow this surveillance, and if so, why? 

This report, the product of a two-year investigation involving over 200 Freedom of Information requests, a review of over 100,000 ICE procurement transactions and a series of comprehensive legal surveys, fills many of those gaps. It explains the historical and legal context that has allowed ICE to create its dragnet and offers policymakers and advocates a frame through which to understand it. The report also illustrates the reach of ICE surveillance through case studies on ICE’s use of: (1) DMV data and photos; (2) utilities data; and (3) interview data from unaccompanied children detained at the border. 

The results of our investigation paint a stark picture of dragnet surveillance, indicating that ICE has used face recognition technology to scan the driver’s license photographs of 1 in 3 adults, has access to the driver’s license data of 3 in 4 adults, is able to track the movements of drivers in cities home to 3 in 4 adults and could locate 3 in 4 adults through their utility records. Secrecy, impunity, dragnet surveillance—19 years after Byrd stood in the well of the U.S. Senate and declaimed against the Homeland Security Act, his warning has come to pass.27

• 22. See generally infra Finding 2.
• 23. See Vasudha Talla, Documents Reveal ICE Using Driver Location Data from Local Police Departments, ACLU NorCal (March 13, 2019), https://www.aclu.org/blog/immigrants-rights/ice-and-border-patrol-abuses/documents-reveal-ice-using-driver-location-data (“Vigilant draws its license plate information from the ‘most populous 5 metropolitan areas’ in the country, corresponding to almost 60 percent of the U.S. population.”).
• 24. See generally infra Finding 3.
• 25. See generally infra Finding 4.
• 26. See, e.g., U.S. Immigration and Customs Enforcement, ICE announces results of latest operations targeting criminal aliens (Sept. 1, 2020), https://www.ice.gov/news/releases/ice-announces-results-latest-operations-targeting-criminal-aliens (“[b]y focusing our efforts on perpetrators of crimes against people, we’re able to remove these threats from our communities and prevent future victimization from occurring. Through our targeted enforcement efforts, we are eliminating the threat posed by these criminals, many of whom are repeat offenders.”).
• 27. As a young man, Robert Byrd organized a chapter of the Ku Klux Klan. As a young senator, he made his name opposing civil rights laws. As an older Senator, however, he was deeply embarrassed by this and became a staunch proponent of the Voting Rights Act and other key civil rights laws. This grace, unfortunately, never extended to people like Mr. Hernandez. In fact, Senator Byrd spoke heatedly against efforts to give undocumented people a path to citizenship. In remarks on the floor of the Senate during an immigration debate, he warned that “any one” of the “undocumented, unchecked aliens… could be a potential terrorist.” Regardless of his history or his motives, however, Senator Byrd’s warning has proved frighteningly accurate. 109 Cong. Rec. S2794 (daily ed. Apr. 4, 2006) (statement of Sen. Robert Byrd).

This report is not the first to describe ICE’s surveillance dragnet. For years, organizations like CASA, the Immigrant Defense Project, Just Futures Law, the Legal Aid Justice Center, Make the Road, Mijente, the NILC, the National Immigrant Justice Center (NIJC), the ACLU, Project South and dozens of others have warned of, and advocated against, ICE surveillance. This report is the first, however, that attempts to quantify the reach of ICE surveillance into “the daily transactions and private lives of every American,” as Byrd predicted. Based on this new research and analysis, the report calls upon Congress to investigate and conduct oversight into ICE surveillance, and it offers policymakers and communities a set of concrete suggestions for taking apart this American dragnet.

A. Scope and Methodology

1. Scope

Almost all of DHS’s immigration control and enforcement operations have gone high tech, not just those run by ICE. Those systems are complex and interconnected, making it difficult to get a clear picture of any one agency’s surveillance capacity.28 This report focuses specifically on ICE, the agency charged with enforcing immigration law within the interior of the U.S. It does not touch upon, for example, the surveillance capacities of CBP, whose responsibilities include vetting travelers arriving from abroad and interdicting people entering the country without inspection at the border. The report is concerned with ICE’s technical and legal ability to identify and target people inside the country for deportation, explaining how interior immigration enforcement has undergone profound yet often little-noticed transformations in the 21st century.

• 28. See generally Anil Kalhan, Immigration Surveillance, 74 Md. L. Rev. 1 (2014).

The report begins by offering a framework to understand the transformation of ICE surveillance. It then presents three case studies on different ICE surveillance initiatives. Two of those case studies—ICE’s accessing of state DMV databases and private utility customer records—illustrate ICE’s reach beyond state and local law enforcement systems into records created by a much wider range of state and local government agencies. Those records encompass the majority of a state’s adult population and do not distinguish (in some cases because law or policy prohibits distinguishing) between people on the basis of immigration status. The third case study, which describes ICE’s use of information collected from unaccompanied immigrant children arriving at the border, underscores ICE’s brazen refusal to observe basic legal and ethical norms and how contemporary understandings of chilling effects fail to capture to full scope of the harms of surveillance.

2. Methodology

To place ICE surveillance within a legal and historical context, the authors and approximately a dozen supporting researchers, including Center staff and fellows, Georgetown Law students and Georgetown University undergraduates, employed a range of research methods. 

First, we filed over 200 Freedom of Information requests with state and local entities. Those requests fell into three categories:

• 51 requests to the DMVs for all 50 states plus Washington, D.C., focusing on the DMVs’ use of face recognition systems and their disclosure of driver information to data brokers;
• 60 requests to the nation’s largest municipal gas, water and electric utilities, focusing on their disclosure of customer information to ICE and to data brokers; and
• 102 requests to the DMVs and lead state law enforcement agencies in all 50 states plus the district focusing on ICE’s queries to their employees and via direct access to those entities’ databases.

Those requests resulted in more than 9,000 pages of responsive documents. Our Appendix includes the model language for each of those requests. We informed our review of those responses with a separate survey of agency, congressional, and other reports and regulatory filings regarding INS’ and ICE’s approaches to interior enforcement. 

Second, we conducted three separate legal surveys to understand the existing landscape of state and federal laws reining in ICE access to different kinds of data. These included:

• a survey of privacy laws applicable to gas, water, electric, cable and phone companies in all 50 states plus the district; 
• a survey of state privacy laws for driver data held in the 17 jurisdictions (16 states plus the district) that offer driver’s licenses or privilege cards to undocumented residents; and
• a survey of federal privacy laws, including the DPPA and federal privacy laws applying to cable and phone providers.

Third, to estimate ICE’s surveillance capacities and investments, we reviewed every publicly available ICE procurement transaction listed on USAspending from 2008 to 2021, which totaled over 100,000 transactions. That involved an initial review to manually identify surveillance, data collection and data-sharing investments, followed by a second review aided by an algorithm trained on those known surveillance-related transactions. For more information on our use of process to identify ICE surveillance transactions and a detailed overview of our procurement review methodology, see the Appendix. 

Fourth, we conducted a public source survey of all information regarding the Thomson Reuters CLEAR database, the LexisNexis Accurint database and the data broker Equifax to better understand how those entities secured access to customer address information held by utilities companies. Our research revealed that those companies were likely tapping into data held by a little-known trade group, the National Consumer Telecom & Utilities Exchange (NCTUE)—likely unbeknownst to millions of people whose data that organization held. We felt ethically bound to disclose that information as soon as possible and so released the information to The Washington Post in February 2021.29 The publication of our findings, combined with the advocacy of Just Futures Law and Mijente, led Senator Ron Wyden of Oregon to push NCTUE to cease the sale of over 170 million utility customers’ names, addresses and other personal information.30 As a result of these efforts, NCTUE instructed Equifax in October 2021 to end the sale of this data.31
 
Fifth, to understand the harms this surveillance caused, we reviewed sociological and other scholarly literature on the impact of modern, data-driven immigration enforcement on the everyday lives of immigrants: their willingness to go to the doctor, to take their kids to school or to allow them to play on a public playground. That evidence-based and peer-reviewed research offers critical insight into the impact of surveillance and is not often taken into account in modern policy making around surveillance.

Finally, before and throughout this two-year period, we engaged in two advocacy initiatives that have given us a much clearer picture of the federal and state authorities that can limit ICE’s surveillance activities and conduct oversight to rein the agency in. We worked with the Brennan Center for Justice, NIJC and several other civil society organizations to mobilize a coalition of national immigrant rights and privacy organizations to press Congress to block ICE’s use of data from detained, unaccompanied children to target their sponsors for arrest and deportation.32 That effort succeeded in the passage of a 2018 appropriations rider that cut off ICE’s use of the data in many, but not all, instances.33 DHS Secretary Alejandro Mayorkas finally ended the program in 2021.34

We also partnered with CASA, the mid-Atlantic region’s leading immigrant rights organization, in conjunction with Georgetown Law’s Federal Legislation Clinic to pass privacy laws in Maryland protecting utility customer records, driver records and other state-held data against warrantless disclosure to ICE or other immigration authorities. Those efforts succeeded in the passage of the Maryland Driver Privacy Act (HB 23, SB 234).35

This report was peer-reviewed by 10 experts, a group of scholars, advocates and former government officials, including individuals previously employed by DHS. While some of our peer reviewers chose to remain anonymous, others are named in our Acknowledgments.

• 29. Drew Harwell, ICE investigators used a private utility database covering millions to pursue immigration violations, Washington Post (Feb. 26, 2021), https://www.washingtonpost.com/technology/2021/02/26/ice-private-utility-data.
• 30. See Drew Harwell, Utility giants agree to no longer allow sensitive records to be shared with ICE, Washington Post (Dec. 8, 2021), https://www.washingtonpost.com/technology/2021/12/08/utility-data-government-tracking/; Letter from Ron Wyden, U.S. Senator to The Hon. Rohit Chopra, Director, Consumer Financial Protection Bureau 1 (Dec. 8, 2021), https://www.washingtonpost.com/context/sen-wyden-letter-to-cfpb-on-sale-of-americans-utility-data/20df9dd1-bab1-4b2d-96f3-3b288c6d1905/;  @JustFuturesLaw, Twitter (Dec. 8, 2021), https://twitter.com/JustFuturesLaw/status/1468590605668425729.
• 31. See Letter from Ron Wyden, U.S. Senator to The Hon. Rohit Chopra, Director, Consumer Financial Protection Bureau 2 (Dec. 8, 2021), https://www.washingtonpost.com/context/sen-wyden-letter-to-cfpb-on-sale-of-americans-utility-data/20df9dd1-bab1-4b2d-96f3-3b288c6d1905/.
• 32. Frank Bajak, Groups demand end to info-sharing on asylum-seeking children, Associated Press (Nov. 28, 2018), https://apnews.com/article/immigration-north-america-us-news-ap-top-news-international-news-81787a5897704a0cae82a9ceb0eea271.
• 33. Consolidated Appropriations Act of 2019, H.J.Res.31, 116th Cong. § 224 (2019), https://www.congress.gov/bill/116th-congress/house-joint-resolution/31/text.
• 34. U.S. Department of Homeland Security, HHS and DHS Joint Statement on Termination of 2018 Agreement (Mar. 12, 2021), https://www.dhs.gov/news/2021/03/12/hhs-and-dhs-joint-statement-termination-2018-agreement.
• 35. Although Maryland Governor Larry Hogan vetoed the bills in May 2021, the Maryland General Assembly overrode the veto in December of that year. Clara Garcia, Maryland General Assembly Overrides Hogan’s Vetoes of Immigration Bills, NBC Washington (Dec. 8, 2021), https://www.nbcwashington.com/news/local/maryland-general-assembly-overrides-hogans-vetoes-of-immigration-bills/2904771/.