Attorney General Baker Declares Transfer of Driver Information to MATRIX Database Illegal
Marty Horne, Acting Commissioner Georgia Department of Motor Vehicle Safety Post Office Box 80447 2206 East View Parkway Conyers, Georgia 30013
RE: Use of DMVS database in MATRIX program
Dear Commissioner Horne:
On Thursday of last week, my office was asked several legal questions related to the possible participation of DMVS in the Multistate Antiterrorism Information Exchange (“MATRIX”) program. For the reasons set forth below, I believe clarifying legislation would be necessary to authorize such participation with respect to driver operating records and personal information maintained by DMVS.
The MATRIX program was developed as a result of a partnership between the Florida Department of Law Enforcement (“FDLE”) and a private company called Seisint. As I understand it, Seisint maintains a proprietary database collection, supported by supercomputer technology, which it uses to provide various services to private concerns. After the terrorist attacks on September 11, 2001, Seisint approached FDLE about using this same technology for law enforcement purposes. The result is the MATRIX program. Under the program, FDLE “dumps” all the criminal history, driver license, vehicle registration and sex offender registry information at its disposal into a computer database at Seisint. The database, although housed at Seisint, remains under FDLE control and access to it is strictly limited by the terms of the agreement between FDLE and Seisint.
The laudable purpose of the MATRIX program is to assist law enforcement officials at the federal, state and local level in the investigation of crimes. The use of computer technology to search databases containing both public information and restricted government data no doubt has the potential to be an invaluable law enforcement tool. A review of the agreements between FDLE and Seisint, as well as those proposed to be entered into between FDLE and other state law enforcement jurisdictions, demonstrates that careful and responsible measures have been taken to protect against the improper use of sensitive data. The questions presented to me, however, do not require a balancing of the policy considerations between legitimate law enforcement efforts and concerns for personal privacy. Instead, my review is limited to the legality of a proposed agreement whereby DMVS will transfer, on a regular basis, all of the driver license, tag, title and vehicle registration information under its custody or control to FDLE for use in the MATRIX program.
The maintenance of driver operating records and personal information is governed by O.C.G.A. § 40-5-2. With some limited exceptions, “[t]he records maintained by the department on individual drivers are exempt from any law of this state requiring that such records be open for public inspection” and “[t]he department shall not make records or personal information available on any driver except as otherwise provided in this code section or as otherwise specifically required by 18 U.S.C. Section 2721.” O.C.G.A. §§ 40-5-2(b). Code Section 40-5-2(c)(1) also provides that:
[t]he department shall furnish a driver’s operating record or personal information from a driver’s record under the following circumstances:
(D) To a judge, prosecuting official, or law enforcement agency for use in investigations or prosecutions of alleged criminal or unlawful activity, or to the driver’s license agency of another state; provided however that notwithstanding the definition of personal information under Code Section 40-5-1, personal information furnished to the driver’s license agency of another state shall be limited to name address, driver identification number, and medical or disability information;
With this code section in mind, you have asked whether the statute would authorize DMVS to disseminate its entire driver information database where there is no particular investigation or active prosecution pending for which the information is sought. I conclude that it does not. The statute was plainly intended to permit the release of information in response to a specific allegation of criminal conduct or unlawful activity. Although it could legislatively permit the bulk transfer of data envisioned by the MATRIX program, the General Assembly, under current law, has determined that DMVS, not FDLE or Seisent, should maintain its records and furnish the requested information, under appropriate circumstances in a specific case, to judges, prosecuting officials or law enforcement agencies. Compare O.C.G.A. §§ 40-5-2(c)(1)(D) with 40-5-2(f) (specified DMVS data “compilations” may be transferred to other government agencies, such as the US Selective Service System, the U.S. Department of Defense and the Georgia Department of Human Resources, for specified purposes).
In light of my response to this first question, the other questions posed regarding the transfer of the driver’s license and record information are moot.
You have also asked whether vehicle registration and tag/title information could be released to the MATRIX program. Generally, motor vehicle registration records maintained by the department are not public records, but the records of any particular motor vehicle may be made available for inspection by law enforcement officials under very limited circumstances. See O.C.G.A. §§ 40-2-130(c)(1). Similarly, title records maintained by the department are also exempted from public disclosure, and may be released to law enforcement officers only for specific purposes. Effective October 1, 2003, however, the commissioner of DMVS was authorized, in his or her discretion, to release registration or title records “to any appropriate governmental official, entity or agency for the purposes of carrying out official governmental functions or legitimate governmental duties.” O.C.G.A. §§ 40-2-130(d) and 40-3-23(e). This broad grant of authority would allow the release of registration and tag/title information if the commissioner, in his discretion, determines that such records are being released to an “appropriate” governmental official, entity or agency, and that the release meets the “official governmental function” or “legitimate governmental duties” criteria set forth in the statute.
I trust the foregoing adequately responds to your request for legal advice regarding DMVS’s participation in the MATRIX program. If you have any further questions, please do not hesitate to contact me.
THURBERT E. BAKER Attorney General
cc: Vernon Keenan, Director Georgia Bureau of Investigation