On July 1st, Governor Jay Nixon, signed into law, SB 252, legislation designed to eliminate operations within the Department of Revenue which included the collection of personal data on Missouri citizens. Senator Will Kraus filed the bill in January, with a senate substitute added on April 9, 2013. It was passed, by the legislature, and delivered to the Governor’s desk on May 22, 2013.
Early in March of this year, it was discovered that the Missouri Department of Revenue was collecting data, of those renewing their Missouri driver’s licenses and conceal and carry permits, and sharing the data with the Department of Homeland Security. The revelation became public when Russ Oliver, the Prosecuting Attorney for Stoddard County, filed a lawsuit on behalf of Erin Griffin, as Griffin’s private attorney on March 4, 2013.
In 2011, the Department of Homeland Security awarded grants, of nearly $45 million dollars, to states to:
1. Begin or continue State-specific process, security, infrastructure and IT improvements consistent with the Federal law and DHS regulations; and
2. Develop and implement policies, procedures, and protocols, following the uniform set of standards established by the States to capture, manage, and verify applicant data under the provisions of Federal law.
Data collected by the DoR is forwarded to MorphoTrust, which is a non-governmental agency, which partners with government agencies in providing secure identification information.
After repeated requests for the Attorney General of Missouri, Kris Koster, to appoint an independent investigative committee, House Speaker, Tim Jones appointed an independent committee to investigate privacy invasion on May 6th. To date, two days of hearings were conducted, at the capitol, to question Department of Revenue officials. (Watch streaming of Day 1, Day 2 as reported by The Missouri Torch)
While investigations continue, and citizens go on to renew licenses, questions remain regarding the security of their personal information. As the legislation, which contained an emergency clause to put the bill into effect as soon as the governor signed it, all scanning of personal documents and the capture of biometric facial data via photography ceased on the first of July, and data collected after September 1, 2012 is to be destroyed. However, the legislation contained no reporting requirements to assure the previously collected data would be or will be destroyed. Loose ends remain.
Senator Will Kraus and House Speaker Tim Jones failed to respond to the following questions, submitted prior to the Independence Day holiday.
Will there be follow-up legislation, in the next session, to require reporting that previously acquired scanned document data and biometric photo data will be destroyed? Will software, which enables biometric facial scanning, be disabled? Will the state require the cessation of the use of outside agencies, such as MorphoTrust or any other, and to bring the issuance of licenses back to local offices? Will there be specific penalties for violating the privacy laws enacted in this, previous and future sessions?
Since the collection of data, which aligns with federal Real ID initiatives, is illegal in Missouri, further investigations will focus on whether, or not, the governor was working with the federal government to supply information in opposition of the law. As Nixon continues to deny any compliance with Real ID, documents obtained by investigative committees suggest otherwise. A March 17, 2010 letter from the Department of Homeland Security’s, Janet Napolitano, thanks the governor for his efforts in complying with Real ID.
Jones’ investigative committee is expected to report findings, to the legislature, in September.