Democratic Lawmakers Send Warning to Governors on Sharing Drivers

When you hand your information to the DMV, you expect it to help you drive legallynot to become an all-you-can-query buffet for agencies you’ve never met.

That’s the fear behind a recent warning from Democratic lawmakers to Democratic governors: states may be inadvertently sharing drivers’ license and vehicle registration data with federal immigration authorities through a little-known (but hugely influential) law-enforcement data-sharing network. The lawmakers’ message is simple: if your state promises residents their DMV data won’t be used to fuel immigration enforcement without strict safeguards, then your systems should match your speeches.

The letters, led by Sen. Ron Wyden and Rep. Adriano Espaillat and signed by dozens of House and Senate Democrats, urge governors to block U.S. Immigration and Customs Enforcement (ICE)and potentially other federal components now involved in immigration workfrom “self-service” access to DMV databases routed through Nlets, a nonprofit network that helps agencies exchange information quickly.

What the warning actually says (and why it landed with a thud)

The lawmakers’ concern isn’t that states share any information with law enforcement. It’s that the sharing can happen quietly, at scale, and with limited visibilityeven in states that have passed “sanctuary” policies or other rules meant to restrict cooperation with immigration enforcement.

In plain English: a state can say “we require a court order for ICE to get DMV data,” and still end up enabling access through a technical pathway that doesn’t feel like a front-desk request. The lawmakers describe this as an “information gap”a mismatch between what policymakers think is happening and what the plumbing of interagency systems actually allows.

Meet Nlets: the back-end switchboard most people never hear about

Nlets (short for a long history of law-enforcement telecommunications) functions like a high-speed routing system for justice and public-safety data. It connects thousands of agencies so they can exchange messages and query certain databases in real time. States, the District of Columbia, and territories participate, and the network also supports information exchange with Canadian agencies in approved contexts.

Here’s the key detail lawmakers want governors to focus on: states choose what they make available and to whom. That means a governor’s office (and state IT and public-safety leadership) can set rulesif they understand the rules exist, where the levers are, and what “available” means in practice.

Think of it like a group chat you joined years ago. You may not remember who’s still in it, what permissions you granted, or whether your old photos are still visible. Except this group chat can include thousands of agencies and the “photos” might be drivers’ license images.

What “drivers’ data” can include

The phrase “drivers’ data” sounds vague until you translate it into the everyday details that make up a person’s identity and routine. Depending on the state, the dataset accessible through a law-enforcement exchange can include items such as:

• Driver identification details (name, date of birth, physical descriptors)
• License and registration information (license number, status, vehicle registration and plate data)
• Address information (current and sometimes prior addresses associated with DMV records)
• Drivers’ license photos (in many states, images are shared through the network)

Lawmakers highlighted that drivers’ license photos are a particularly sensitive category. A photo can be used for identification, investigation, andwhen paired with other toolspotentially broader surveillance or tracking. Even if a state has good reasons to share photos for certain criminal investigations, lawmakers argue it shouldn’t be a default setting for agencies running immigration enforcement.

The numbers behind the concern: it’s not a trickle

The warning wasn’t driven by a handful of requests. It was driven by scale.

According to figures cited by the lawmakers, in the year leading up to October 1, 2025, Nlets facilitated hundreds of millions of DMV-related queries overall, including hundreds of thousands of queries from ICE and from Homeland Security Investigations (HSI). Importantly, these query totals reflect federal and out-of-state requeststhe kinds of lookups that can slip under the radar when oversight is fragmented across agencies and jurisdictions.

That matters because governors can’t manage what they can’t see. A high volume of queries doesn’t automatically mean misuse, but it does mean governors should treat DMV data access like a major policy surfacebecause it is one.

Why Democratic lawmakers are pushing governors now

This warning sits at the intersection of three political realities:

1. States have expanded driver’s license access in many places. A number of states now allow some residents without traditional immigration documentation to obtain driver’s licenses, partly as a road-safety measure. Lawmakers worry that if DMV data becomes a backdoor for immigration enforcement, people may avoid licensingmaking roads less safe for everyone.
2. “Sanctuary” rules can be undermined by technical pathways. Even if local law enforcement is instructed not to help with routine immigration enforcement, DMV data can still travel through interagency networks unless the state’s settings and agreements match its stated policy.
3. Data governance is lagging behind data plumbing. The systems that move information between agencies were built for speed and interoperability. Modern expectationsprivacy-by-design, strict purpose limitation, robust auditingoften arrived later.

In other words: today’s fight isn’t only about ideology. It’s also about whether state government can keep up with the complexity of its own information systems.

The “public safety” argument that both sides claimjust in different ways

Lawmakers frame their request as “commonsense” and pro–public safety, arguing that blocking routine immigration access protects communities and encourages cooperation with police. The logic goes like this: if residents fear a traffic stop or a DMV application could cascade into immigration consequences, they may be less likely to report crimes, serve as witnesses, or engage with public services.

On the other hand, federal agencies argue that data access supports enforcement priorities and investigations. And plenty of state officials will tell yousometimes quietly, sometimes loudlythat they want the ability to share information in serious cases.

The most realistic policy outcome is not a cartoonish “share everything” or “share nothing.” It’s governed sharing: tighter access controls, clearer rules, strong auditing, and mechanisms for case-by-case cooperation when warranted.

What governors can do immediately (without waiting for a legislative session)

The lawmakers’ core ask is straightforward: cut off or sharply restrict ICE access to DMV data routed through Nlets. But governors don’t have to treat this as a single on/off switch. A practical response typically involves layers:

1) Get a real briefing from the people who actually touch the system

Governors should request a detailed briefing from the state’s Nlets coordinator and relevant IT/security teams: what datasets are connected, what agencies can query them, what logs exist, and what restrictions are already in place.

2) Inventory what is sharedespecially photos

It’s easy for “DMV data” to become a bucket where everything goes. States can separate categories (registration vs. license status vs. photos) and apply different rules to each.

3) Implement technical blocks and least-privilege access

If states can block specific agencies or limit query types, governors can direct agencies to apply those controls. Least-privilege rulesonly what is needed, only for approved purposesare a standard best practice in cybersecurity for a reason.

4) Add auditing that is actually reviewed (not just stored somewhere)

Logging isn’t oversight if nobody looks at the logs. Governors can require routine reporting on query volumes, agency access, and anomaly detectionespecially for high-risk datasets.

5) Align policy language with system behavior

If a state’s public promises say “court order required,” then the state should verify whether any pathway allows something functionally equivalent to warrantless accessand close that pathway or narrow it.

6) Communicate clearly to residents

Residents don’t need a 40-page technical memo. They need an honest explanation: what data is shared, why, with whom, and what is being changed. Trust is a public-safety asset; treat it like one.

Specific examples governors are weighing right now

Reports on the letters indicate that multiple Democratic-led states were contacted, including states such as Arizona, California, Colorado, Maryland, Michigan, New Jersey, Wisconsin, and others. A handful of states have already moved to block ICE access through the network, while others are described as working through the technical and policy steps to do so.

These examples highlight a recurring theme: it’s not always about passing a new law. It’s about making sure the machinery follows the law you already have.

The bigger picture: this is also about modern data governance

Even if you ignore the politics (good luck doing that for more than three minutes), the underlying lesson is relevant to any state government:

• Data-sharing systems accumulate permissions over time.
• Oversight can be fragmented across agencies and vendors.
• “Inadvertent” sharing is still sharingand it still has consequences.

So the warning to governors is, in a sense, a warning to every large organization: if you don’t regularly audit who can access sensitive data, you may eventually discover that your policies are more aspirational than operational.

FAQ

Is this the same as “sanctuary city” policy?

Not exactly. Sanctuary policies often focus on local law enforcement cooperation with immigration enforcement. This dispute centers on DMV data access routed through a separate interagency network that can bypass the day-to-day decisions of local departments.

Does blocking ICE mean blocking all federal law enforcement?

No. The lawmakers argue states can block or limit certain agencies while preserving collaboration on serious crimes. States may also choose case-by-case sharing after reviewing specific requests.

Why are drivers’ license photos such a big deal?

Photos are durable identifiers. Combined with other systems, they can be used to confirm identity quickly. That can be helpful in investigationsbut it also raises higher privacy risks, especially if access is broad and auditing is weak.

What should residents do if they’re worried?

Residents can monitor official state statements, ask state lawmakers about DMV data-sharing rules, and look for transparent reporting on access controls. (And yes, it’s fair to ask why you should need a cybersecurity degree to understand where your data goes.)

Experiences related to the warning (real-world moments that make this debate feel less abstract)

Policy letters can feel like paper airplanes tossed between government buildingsuntil you look at how DMV data touches everyday life. Advocates, local officials, and privacy specialists often describe experiences like these when talking about DMV data sharing and immigration enforcement.

1) The “should I even get licensed?” dilemma. In states that expanded access to driver’s licenses, one of the biggest selling points was public safety: more trained, tested, and insured drivers. But when people hear that immigration authorities may be able to query DMV data through an interagency network, some start weighing risk differently. The experience isn’t dramatic; it’s quiet. A parent debates whether to renew a license. A neighbor decides to keep driving without one. The result is the opposite of what most states intendedless compliance, less insurance coverage, and more fear around routine civic processes.

2) The “I thought my address was protected” shock. Many peopleimmigrants and citizens alikehave reasons to keep addresses from traveling too widely: survivors of domestic violence, judges, journalists, and others who face harassment. When DMV systems are connected to broad query networks, the fear is that an address can travel farther than a resident ever expected. The experience here is about trust: once someone believes their personal information can be pulled “self-service,” they may avoid updating records, which creates its own safety issues (think: missed notices, outdated registration, and the mess that follows).

3) The IT team’s “wait… who has access?” week. On the government side, one of the most common experiences described in modern data-sharing controversies is the moment an IT or security team is asked a simple questionwho can access this dataset?and the honest answer takes days to assemble. Not because anyone is hiding the ball, but because permissions live across systems, contracts, coordinators, and decades of “we’ve always done it this way.” The lawmakers’ “information gap” point lands here: governors may sincerely believe access is restricted, while the technical reality is more complicated.

4) Law enforcement’s “we use this for real emergencies” perspective. Many officers and investigators rely on rapid access to DMV and registration data for legitimate public-safety reasons: locating missing persons, identifying unknown individuals, or connecting vehicles to incidents. From this vantage point, the experience is frustrationworry that broad restrictions could slow urgent work. That’s why many policy proposals focus on targeted blocks (for specific agencies or purposes) and on preserving pathways for serious crimes while narrowing routine access for immigration enforcement.

5) The governor’s balancing act: values, law, and infrastructure. Governors face a uniquely modern problem: they can be held accountable for what their state “shares,” even when the sharing happens through a complex network that doesn’t behave like a traditional records request. The experience becomes a crash course in data governancealigning statutes, agency policies, vendor configurations, interagency agreements, and public messaging. The states that have already moved to block ICE access show this is doable, but it often requires coordination that feels more like incident response than politics-as-usual.

Taken together, these experiences point to a shared conclusion: the debate isn’t only about immigration politics. It’s also about how states control sensitive identity data in a world built on interconnected systems.

Conclusion

Democratic lawmakers’ warning to governors is ultimately a data-governance wake-up call: if states want residents to trust the DMV, they must ensure DMV data isn’t silently routed into immigration enforcement through technical backchannels. The path forward doesn’t require pretending data-sharing is never useful. It requires tight access controls, clear purpose limits, real auditing, and transparent public communicationso public safety doesn’t come at the expense of privacy and trust.

SEO Tags