Tony Webster +1 612-255-5905 tony@tonywebster.com VIA EMAIL AND FAX Kristi Lahti-Johnson Hennepin County Sheriff s Office Hennepin County carrie.hill@hennepin.us, tracey.martin@hennepin.us, hcdatarequest@hennepin.us tim.stout@co.hennepin.mn.us Fax: 612-348-8486 Fax: 612-348-4208 Re: Request for Access to Data (Minn. Stat. 13.03, subd. 3) Law Enforcement Mobile Biometric Technologies Dear Data Practices Act Responsible Authority: I am collaborating with the Electronic Frontier Foundation, a non-profit public interest group, and the media organization MuckRock to conduct non-commercial news gathering and research into how law enforcement agencies use and deploy mobile biometric technologies. Please consider this a request to inspect data collected, created, received, maintained, or disseminated by Hennepin County, and the Hennepin County Sheriff s Office, and all of its other departments, employees, and contractors ( County ) pursuant to the Minnesota Government Data Practices Act, Minn. Stat. Ch. 13. This request applies to all data, regardless of its physical form, storage media, or conditions of use, and I would like to inspect any responsive data in its original form. In the case of responsive data stored or maintained electronically or in a computer storage medium, I would like to inspect such data in its original electronic form. The charging of fees for inspection of data is prohibited by Minn. Stat. 13.03, subd. 3(a). Definitions Data means any and all government data, as that term is defined pursuant to Minn. Stat. 13.02, subd. 7. Data includes, but is not limited to: communications, emails, email attachments, papers, memorandums, contractual agreements, letters, presentations, plans, documents, meeting agendas and minutes, text, text messages, phone messages, voicemails, phone logs, video recordings, audio recordings, photos and images, invoices, bills, logs, law enforcement data,
Hennepin County Page 2! of! 4 databases, data in databases, database queries, logs of queries performed, files, and electronically stored information; and all metadata, pointer, reference, or supplementary data thereof. Biometric data means physical or biological characteristics such as fingerprints, thumbprints, handprints, faceprints or facial recognition data, scans of the iris or data relating to other elements of the human eye, DNA data or any subset or any subsequence or derivation thereof, tattoo recognition data, voiceprints or voice recognition data, or similar. Mobile biometric technology means any portable or mobile device or app used by government or law enforcement agencies to scan, capture, analyze, store, or recognize biometric data or any physical or biological characteristic of a subject. This includes, but is not necessarily limited to mobile or portable technology capable of performing fingerprint, thumbprint, or handprint scans, iris or eye scans, facial recognition technology, DNA or RapidDNA technology, tattoo recognition systems or technology, and voice recognition or analysis technology. Scope of Data Request The data I wish to inspect is as follows: 1. All purchasing and procurement documents for or pertaining to mobile biometric technology, including but not limited to: purchase orders, RFPs, responses to RFPs, invoices, contracts, agreements, and orders; 2. All policy, procedural, and training data for or pertaining to mobile biometric technology, including but not limited to: use policies, standard operating procedures, training materials, reports, presentations, privacy assessments, data retention policies, and other guidelines; 3. All programming documents or data for or pertaining to mobile biometric technology, including but not limited to: funding opportunity announcements, grant applications and grantor status or progress reports, reports to legislative bodies, annual reports or similar; 4. All audit documents and data for or pertaining to mobile biometric technology, including but not limited to: audits of the system, misuse reports, and reports to oversight bodies; 5. The total number of individuals whose biometric data has been collected by the County since January 1, 2012;
Hennepin County Page 3! of! 4 6. The total number of biometric data points contained in the County s databases or any databases the County accesses or uses; 7. The retention period for biometric data; 8. The number of mobile biometric technology devices purchased and in use, and identification of the brands and models of such devices; 9. The total number of authorized users of the mobile biometric technology devices; 10. Which external agencies and entities have access to biometric data in the database and under what conditions; 11. Whether biometric data is combined with biographic data such as name, subject identifiers, and address in any databases; 12. The process by which biometric data is entered into any databases; 13. Use of mugshots and driver s license images for facial recognition technology; 14. Any and all data since January 1, 2013, including emails, which reference biometric data or mobile biometric technology. This includes, but is not necessarily limited to emails containing the following keywords, which I request the County conduct both manual individual searches and IT file and email store searches for: a. biometric OR biometrics b. Rapid DNA c. facial recognition OR face recognition OR face scan OR face scanner d. iris scan OR iris scanner OR eye scan OR eye scanner e. tattoo recognition OR tattoo scan OR tattoo scanner f. DataWorks g. Morphotrust h. L1ID or L-1 Identity i. Cognitec j. FaceFirst
Hennepin County Page 4! of! 4 In your response, I would appreciate if you would individually address each of the above categories of documents individually. SEARCH PROCEDURES: I request that the County ensure its searching and gathering of records to be comprehensive and thorough. To that end, I respectfully suggest the County s responsible authority gather data by requesting individuals with data to collect it for inspection, and also that the County conduct searches in central databases, email stores, and file servers to ensure that individual employees do not inadvertently miss responsive data due to not understanding the scope of the request, the County s responsibilities under the Data Practices Act, or the technical aspects of collecting responsive data. REQUEST FOR DENIAL CERTIFICATION: Pursuant to Minn. Stat. 13.03, subd. 3(f), if the responsible authority or designee determines that any portion of the requested data is classified so as to deny me access, I request certification in writing that the request has been denied, along with citation of the specific statutory section, temporary classification, or specific provision of federal law upon which the denial was based, for each and every individual element or portion of redacted or withheld data. REQUEST FOR PRESERVATION AND RETENTION: Please preserve and maintain any and all data likely to be responsive to this request until the data has been fully inspected. If any portion of my request is denied in a manner inconsistent with statute, I request preservation and retention of responsive data until disposition of any dispute. If any part of this request could be clarified, modified, or prioritized to better facilitate the process of this request and use of staff time, please notify me. If you have any questions regarding my request, please don t hesitate to email or call. I appreciate the time and assistance of the County and any County staff working on this request. Sincerely, Enclosures: request forms Tony Webster 20150812-HC-BIOM-001