The chapters in this module have documented how algorithmic systems enter criminal proceedings: COMPAS at sentencing, the PSA at bail, Clearview AI at identification, predictive policing in patrol, mass surveillance in the investigative data stream, and algorithmic outputs at the evidentiary threshold. Each of those systems has one feature in common: they all generate outputs that, once in the case file, acquire an institutional persistence that is difficult to dislodge. A risk score cited in a presentence report, a facial recognition candidate treated as the identified suspect, a ShotSpotter alert that drove an arrest — these outputs do not expire when an officer moves on to the next case. They propagate forward through the proceedings, and they can harden into judicial truth.
Rectification is the legal strategy for interrupting that propagation before it completes. This chapter examines the specific tools available in both the US and European frameworks, the landmark case that has defined what Brady disclosure means in the algorithmic context, and the post-conviction remedies available when algorithmic error is discovered after a sentence has been imposed.
I. The structural risk: garbage in, garbage in everywhere
Brady v. Maryland, 373 U.S. 83 (1963) U.S. Constitution, Amendment V — Due Process Clause
Machine-learning systems inherit the errors in their training data and amplify the errors in their inputs. That principle, familiar from earlier chapters, has a specific consequence in criminal proceedings: when inaccurate data enters a case at the investigation stage, it does not remain isolated there. It propagates through every decision the data informs — investigative targeting, arrest, charging, bail assessment, risk scoring at sentencing — acquiring at each stage a layer of institutional endorsement that makes it progressively harder to challenge.
The practical pattern is this. An officer runs a probe image against a facial recognition system and receives a candidate match. That candidate is treated as the identified suspect. A warrant is issued, an arrest made, charges filed. At bail, the defendant’s arrest — which was itself generated by the erroneous identification — appears as a new entry in the criminal history that feeds the PSA. At sentencing, COMPAS may read the same history. The original biometric error has by then traveled through three separate algorithmic systems, each of which has treated it as an established fact.
Rectification as a defense strategy is the recognition that each of those stages creates a separate intervention point — and that intervention is most effective, and least costly to the defendant, when it happens earliest.
II. Brady and algorithmic disclosure: Johnson v. State
Brady v. Maryland, 373 U.S. 83 (1963) Johnson v. State, 2025 WL 2237582 (Appellate Court of Maryland, August 6, 2025) (unreported)
As established in Chapter 29, Brady v. Maryland, 373 U.S. 83 (1963), requires prosecutors to disclose evidence favorable to the accused that is material to guilt or punishment. The obligation extends beyond eyewitness statements and physical evidence to encompass any information that would allow the defense to challenge the reliability of the state’s evidence — including the reliability of the investigative tools through which the evidence was developed.
The most significant recent judicial statement on what Brady requires in the facial recognition context is Johnson v. State, 2025 WL 2237582, decided by the Appellate Court of Maryland on August 6, 2025. The decision is unreported and therefore not precedentially binding beyond Maryland’s intermediate appellate courts, but its factual and legal analysis is the most direct application of Brady to facial recognition evidence in any reported or unreported appellate decision to date.
Craig Donnell Johnson was convicted of robbery following a one-day trial in the Circuit Court for Montgomery County. The prosecution had used facial recognition technology to develop him as a suspect. Defense counsel submitted discovery demands, but the State did not disclose its use of facial recognition technology until February 12, 2024 — nearly a year after the discovery requests were filed and only days before trial. Even then, the disclosure was materially incomplete: the State produced a three-page email containing the surveillance photograph, Johnson’s motor vehicle and mugshot photographs, and some identifying information — but no identification of the specific software used to conduct the search, no information about whether the search produced other candidate matches, and no disclosure of the confidence or similarity scores associated with the results. The State later acknowledged that it did not, and still did not, know which facial recognition program the police had used.
Johnson moved to dismiss on Brady grounds. The trial court, while acknowledging concern about the late disclosure, offered a continuance and denied dismissal. Johnson declined the continuance — he had been detained for a year and had recently been acquitted on unrelated charges — and proceeded to trial, where he was convicted. He appealed.
The Appellate Court of Maryland reversed the conviction. The court held that the trial court had abused its discretion in denying the motion to dismiss, and established that the State’s Brady and discovery obligations include timely disclosure of the use of facial recognition technology — disclosure sufficient to allow the defense to test the reliability of the identification. The State’s failure to identify the software, its failure to produce the full candidate list generated by the search, its failure to disclose the confidence scores associated with the match, and its concession that it did not know which program had been used were each independently significant. Together, they left the defense without the information necessary to mount any meaningful challenge to the primary identification evidence against Johnson.
For defense lawyers, Johnson establishes three operational requirements. First, disclosure of facial recognition use must be timely — early enough in the proceeding to permit meaningful investigation, not days before trial. Second, the disclosure must be substantively sufficient: the name of the software, the full ranked output including all candidate matches generated, and the confidence or similarity score for each. Third, where the State cannot satisfy those requirements because it has failed to document its own investigative process, that failure is itself a Brady problem, not an excuse for reduced disclosure obligations.
III. US rectification tools: Privacy Act, Brady, and expungement
Privacy Act of 1974, 5 U.S.C. § 552a Brady v. Maryland, 373 U.S. 83 (1963) Mathews v. Eldridge, 424 U.S. 319 (1976)
As established in Chapter 22’s analysis of the immigration context, the Privacy Act of 1974, 5 U.S.C. § 552a, provides a right of access to and amendment of records maintained about an individual in systems of records operated by federal agencies. The same framework applies in the criminal justice context for records held by federal agencies — FBI fingerprint and biometric records, DHS watchlisting databases, federal criminal history files. An individual may request access to their records under § 552a(d)(1), identify inaccurate entries, and submit a request for amendment under § 552a(d)(2). Where the agency refuses to amend, the individual may request review and, ultimately, pursue judicial relief under § 552a(g). Law enforcement exemptions under § 552a(j)(2) and (k)(2) can limit access to records compiled for law enforcement purposes, but those exemptions do not eliminate the constitutional claim — they merely require that the due process argument be pressed through the case record rather than through administrative amendment alone.
At the state level, the rectification tools are more fragmented. Most states provide expungement or record sealing for arrests that did not result in conviction, and for convictions that meet statutory eligibility criteria. Where an arrest was predicated on a false biometric identification, the arrest record may be eligible for expungement on the ground that the legal basis for the arrest did not exist. Defense counsel should initiate that process as soon as the identification error is established — even before the case is dismissed — to prevent the arrest record from propagating forward into future risk assessment instruments.
The Brady rectification strategy, illustrated by Johnson, operates differently from the amendment framework. It does not correct the underlying data. It ensures that the defense has access to information about the data’s limitations in time to challenge the evidence built on it. For criminal defense purposes, those two tools are complementary: the Privacy Act amendment process targets the record that fed the algorithm; the Brady disclosure obligation targets the defendant’s right to challenge the algorithmic output before it becomes a conviction.
IV. European rectification tools: GDPR, the Law Enforcement Directive, and the AI Act
GDPR, Regulation (EU) 2016/679, Articles 15, 16, and 17 Law Enforcement Directive, Directive (EU) 2016/680, Articles 16 and 17 EU AI Act, Regulation (EU) 2024/1689, Articles 13 and 14
In the European framework, rectification of data used in criminal justice proceedings operates under a specific instrument — Directive (EU) 2016/680 (the Law Enforcement Directive), which governs personal data processed by competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties. The LED is the lex specialis for criminal justice data; the GDPR does not apply directly to processing in this domain. This distinction matters: a lawyer seeking rectification of police database records in an EU member state must work within the LED framework, not the GDPR, though the LED’s substantive requirements track the GDPR’s structure closely.
Under LED Article 16, data subjects have the right to rectification of inaccurate personal data without undue delay. Under LED Article 17, they have the right to erasure where data is no longer necessary for the purpose for which it was collected, where it was collected unlawfully, or where erasure is required by law. Both rights are subject to restrictions where necessary to avoid prejudicing a criminal investigation or endangering public security — but those restrictions must be specified in member state law and cannot serve as a general override of the data subject’s rights in all circumstances.
For defense lawyers operating in EU member states, the LED creates a procedural mechanism parallel to the US Brady strategy but rooted in data rights rather than prosecutorial obligation: a formal request for access to the records that informed the investigation, identification of inaccuracies, a rectification request, and if refused, judicial challenge. Where the LED framework is combined with AI Act transparency obligations — Article 13’s requirement that deployers receive information sufficient to interpret high-risk system outputs, and Article 14’s human oversight requirements — the defense can build a case that the data underlying an algorithmic identification is both factually inaccurate and procedurally unreliable.
V. Post-conviction rectification: Schlup and algorithmic newly discovered evidence
Schlup v. Delo, 513 U.S. 298 (1995) 28 U.S.C. § 2255 — federal habeas corpus
Algorithmic error is not always apparent before conviction. A facial recognition system’s false positive rate, a COMPAS score’s training data deficiency, a ShotSpotter alert’s misclassification — these flaws may come to light only through subsequent litigation, academic research, or investigative journalism. When that happens after a conviction has been entered, the rectification strategy shifts from pretrial correction to post-conviction relief.
Schlup v. Delo, 513 U.S. 298 (1995), established the standard for using newly discovered evidence to open otherwise procedurally barred post-conviction claims. Under Schlup, a petitioner must demonstrate that in light of the new evidence, it is more likely than not that no reasonable juror would have convicted the defendant. That standard — the actual innocence gateway — does not create a standalone ground for relief. It is a procedural mechanism that allows a court to consider otherwise defaulted constitutional claims — ineffective assistance, Brady violations, due process errors — where a sufficient showing of actual innocence has been made.
The application of Schlup to algorithmic error is emerging but not yet settled. The strongest case arises where the algorithmic identification was the primary or sole link between the defendant and the charged conduct — the circumstance that appears in every documented wrongful arrest case examined in Chapter 27. If the facial recognition system that generated the identification has subsequently been shown to have a documented false-positive rate in the demographic category of the defendant, and if the identification methodology was flawed in the ways the probe image quality, threshold settings, and human review record reflect, that combination of evidence may satisfy Schlup‘s probability standard. The argument requires not merely that the algorithm is generically unreliable, but that it was unreliable in the specific conditions of this identification in ways that, if the jury had known them, would have undermined the verdict.
Several states have enacted conviction review statutes that permit post-conviction relief when scientific developments undermine previously accepted forensic evidence — modeled in part on the developments in hair comparison analysis and bite mark evidence that produced exonerations in the 2000s and 2010s. Those statutes may extend to algorithmic evidence depending on how “scientific” is defined in the governing text. Defense lawyers in jurisdictions with such statutes should assess whether documented deficiencies in the specific algorithmic system used at trial qualify the case for statutory post-conviction review independent of the Schlup gateway.
VI. Strategic sequence: when to act and in what order
Rectification is most powerful when pursued earliest. The strategic sequence that follows reflects the operational reality that pretrial intervention has lower evidentiary and procedural costs than post-conviction review, and that data errors are most contestable before they acquire judicial endorsement.
Before or at arraignment, defense counsel should identify every algorithmic system that may have contributed to the investigation or arrest, obtain the underlying records through discovery and Privacy Act or LED access requests, and identify every factual input that can be independently verified. Any input that is inaccurate — a miscoded prior conviction, an incorrectly included dismissed arrest, an identity database error, a facial recognition match with undisclosed competing candidates — should be challenged immediately and formally, creating a record of the error and the rectification request before the case proceeds to the bail hearing or preliminary proceeding where that error will next be used.
At the bail stage, as established in Chapter 26, PSA inputs drawn from a contaminated arrest record can be challenged directly using the scoring worksheet. If the arrest itself was the product of a false biometric identification, the argument is not merely that an input is wrong — it is that the entire investigative chain that led to the arrest is unreliable, and the pretrial detention being imposed on that basis is constitutionally suspect under Mathews v. Eldridge, 424 U.S. 319 (1976), as established in Chapter 12.
At trial, the Brady disclosure demand established by Johnson is the central vehicle. Every algorithmic system used in the investigation — not just those directly introduced as evidence — should be the subject of a specific disclosure request: the name of the system, the version, the full output, the confidence scores, and the human review documentation. Where that disclosure is refused or is materially incomplete, the suppression argument and the dismissal argument are both available, and the record should be built for both.
Next: Chapter 32 — Challenging algorithmic evidence: the criminal defense toolkit.
Leave a Reply