In a county jail intake room somewhere in California, a fluorescent ceiling tile flickers above a digital camera bolted to the wall. The person standing on the yellow footprints — call her the Subject, because the law and her dignity both demand we not name her here — has been arrested for a misdemeanor that, three weeks later, the District Attorney will quietly decline to prosecute. She will never see the inside of a courtroom. She will never plead to anything. The case file will close. But the photograph that the camera takes in the next two seconds will not close with it. Within seventy-two hours, that image will be ingested, indexed, fingerprinted, and republished across a constellation of commercial websites that have figured out the most lucrative business model in the privacy underworld: the toll booth between a person and their own name.
For nearly two decades, that toll booth has operated in the legal gray zone between public-records law, the First Amendment, and the absence of any federal data-broker rulebook. The booking photograph is a public record in most American jurisdictions. So is the arrest log. So is the case-management entry. Commercial websites scraped those records, married them to a removal-fee page, and built a business that the Federal Trade Commission has now formally classified, in multiple enforcement actions, as a violation of the Fair Credit Reporting Act [ftc.gov]. The toll booth, in other words, was never legal — it was just unenforced.
That is no longer the case. Between January 2024 and May 2026, the FTC banned four major data brokers from selling sensitive consumer data, the agency issued its first formal reminder under the Protecting Americans' Data from Foreign Adversaries Act, the California Attorney General published the most aggressive booking-photograph guidance any state has issued, and a quiet realignment of EEOC enforcement priorities turned arrest-record screening into a Title VII liability for hundreds of employers. None of these events have been treated as connected by mainstream commentary. They are connected. Read together, they describe the methodical disassembly of the mugshot-extortion economy.
By the numbers — what the federal data shows
~10.3M
Arrests recorded annually by U.S. law enforcement, the vast majority for non-violent offenses, the majority of which do not result in conviction — yet each generates a booking photograph entered into the public-records stream [bjs.ojp.gov].
Anatomy of a Toll Booth
To understand the legal architecture being built against the mugshot industry, you first have to understand the industrial architecture of the industry itself. It is not, despite the common framing, a "search engine problem." It is a four-step harvesting pipeline, and each step has its own enforcement pressure point.
Step one is the public-records intake. When an individual is booked into a jail in most American counties, the arresting agency creates a record that, depending on the state, may include the arrestee's name, date of birth, charge code, arresting officer, jail facility, booking number, and photograph. Under the federal FOIA framework and most state public-records laws, that intake record is presumptively public — though, as the Department of Justice has emphasized in its long-standing guidance under Exemption 7(C) of FOIA, the privacy interest in arrest information is "substantial" and can defeat disclosure on the federal side [justice.gov]. The Supreme Court's 1989 decision in Reporters Committee, which the DOJ FOIA Guide treats as foundational, established that even a "rap sheet" compiled from publicly available constituent records carries a privacy interest sufficient to block disclosure [justice.gov]. That is a federal-level protection. The states have been markedly weaker.
Step two is the scrape. Commercial harvesters — without making them more famous by naming them — run automated agents against sheriff's-department websites, county jail rosters, and court-clerk dockets. They normalize the data, hash the photo, and dump it into a master index that can be queried by name. The technical exercise is trivial; the legal exercise is where everything sits, because most state sheriffs publish jail rosters under affirmative open-government statutes that say nothing about downstream commercial republication.
Step three is the republication-with-fee model. The harvested record is republished on a public-facing site, indexed for Google, and shown at the top of name searches. A "removal" or "reputation management" page is added with a fee — historically anywhere from $99 to over $1,000 per record, sometimes per-site, sometimes per-mirror. This is the toll booth.
Step four — and this is the step that the FTC has been quietly attacking since the TruthFinder action in 2023 — is the secondary monetization: selling the same records to employers, landlords, and lenders dressed up as a "background check," while the site itself disclaims being a consumer reporting agency. The FTC has been blunt that this disclaimer does not work. As the Commission noted in a 2013 staff post that remains the operative agency view, simply "saying you're not a consumer reporting agency isn't enough" [ftc.gov]. If the site behaves like a CRA, the FCRA applies.
"Saying you're not a consumer reporting agency isn't enough." That single line, sitting on an FTC business-guidance page since 2013, is the legal time bomb the mugshot industry never disarmed. — FTC Bureau of Consumer Protection guidance
The Documented Harm
The harm done by the mugshot economy is not theoretical, and it has been measured by two federal agencies whose work is, if anything, undersold in this conversation. The Bureau of Justice Statistics maintains the National Criminal History Improvement Program (NCHIP), which has spent more than three decades funding state efforts to make sure that criminal history records are "complete, accurate and immediately accessible" [bjs.ojp.gov]. The program's core mission, as documented in BJS solicitations, is to ensure "that records of all criminal events (starting with an arrest or indictment) are included in background check files" — and equally importantly, that disposition information catches up to those records [bjs.ojp.gov]. That last clause is the entire problem with mugshot republication: the arrest is uploaded in 24 hours; the dismissal, acquittal, or expungement, if it ever travels at all, travels at a fraction of that speed.
The Equal Employment Opportunity Commission has been even more direct about the downstream effect on employment. In its formal Enforcement Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions, the agency states unequivocally that "an arrest does not establish that criminal conduct has occurred" — and that, under Title VII of the Civil Rights Act, an employer's blanket use of arrest information as a basis for adverse action can produce a disparate impact on protected classes that the employer must justify under a job-relatedness test [eeoc.gov]. In plain English: a private employer who Googles an applicant, finds a mugshot from a dismissed case, and rejects the applicant has potentially just exposed themselves to a federal discrimination claim. The EEOC made that more concrete in 2024 when it sued a major retail chain over a hiring screen that allegedly produced exactly this kind of disparate impact [eeoc.gov].
EEOC's two-step disparate-impact framework
Step 1. Does the employer's criminal-records screening disproportionately exclude members of a protected class? If yes, the screen is presumptively unlawful under Title VII.
Step 2. The employer must prove the screen is job-related and consistent with business necessity, which requires consideration of (a) the nature of the offense, (b) the time elapsed, and (c) the nature of the job — known as the Green factors [eeoc.gov].
The mugshot trap. An employer who relies on a third-party site's mugshot result — typically an arrest record, sometimes years old, often without disposition — has no way to satisfy the Green analysis, because the underlying record never told them what (if anything) the applicant was convicted of.
The EEOC's brochure on arrest and conviction records puts the bottom line in the kind of language the rest of federal government rarely uses: arrest records, the brochure says, "are not proof of criminal conduct" and using them to deny employment can itself violate federal anti-discrimination law [eeoc.gov]. That principle was, in the mugshot economy's first decade, a piece of agency guidance most employers ignored. In 2026, it is starting to be treated as the operative compliance standard — partly because of the federal Fair Chance to Compete for Jobs Act, partly because state AGs have started to write the EEOC's framework into their own enforcement playbooks.
The FCRA Angle
The Fair Credit Reporting Act, 15 U.S.C. §1681 et seq., is one of the oldest consumer-protection statutes on the books. It was passed in 1970, predates the public internet by a generation, and was written for the credit-bureau industry. But the statute does not, in its core definitions, care about the technology. It cares about the function. If a business "assembles or evaluates" consumer information and furnishes it to third parties for purposes including employment, tenancy, or credit, the business is a consumer reporting agency, and the FCRA applies [ftc.gov].
That definitional bite is exactly what the FTC used against TruthFinder and Instant Checkmate in September 2023. The Commission alleged that the companies' marketing — language suggesting their reports could be used for employment and tenancy screening — meant they were operating as consumer reporting agencies regardless of their disclaimers, and that they had violated the FCRA by failing to ensure maximum possible accuracy of the information they sold. The settlement was $5.8 million in civil penalties and a permanent injunction [ftc.gov]. The complaint document itself makes the operative theory clear: the products contained "name, date of birth, home and cell phone numbers" combined with criminal record assertions of varying accuracy, marketed for screening uses, and that combination triggered FCRA obligations the sites had ignored [ftc.gov].
The TruthFinder action is not a one-off. The FTC's 50-year retrospective on FCRA enforcement, published in 2020, documents a long line of cases against data brokers who attempted to use disclaimers to escape CRA status — and the agency's view, restated again in 2024 and 2025 enforcement releases, is that the disclaimer dodge has been a dead letter for years [ftc.gov]. The structural problem for mugshot sites is that the very revenue model — pay to remove, or alternatively pay for a "report" — makes the FCRA analysis unavoidable. If the underlying database is searchable for employment-screening purposes, FCRA accuracy duties attach. If the site instead frames itself as pure publication, it loses the First Amendment fig leaf when paired with a removal-fee demand, because at that point it is operating an extortion-style mechanism that Florida and California have now codified as actionable conduct.
The toll booth is structurally allergic to the FCRA. Charge a fee to remove a record, and you become the publisher of an extortion mechanism. Sell the same record as a background report, and you become a consumer reporting agency. — Synthesis of FTC enforcement theory, 2023–2026
Turning Point One: The PADFAA Reminder
On February 9, 2026, the Federal Trade Commission did something that, on a surface reading, looks like a routine compliance bulletin. It sent letters to 13 data brokers reminding them of their obligations under the Protecting Americans' Data from Foreign Adversaries Act [ftc.gov]. The reminder was anything but routine. PADFAA, signed into law in 2024 as Division I of the same legislative package that included the TikTok divestiture provisions, is the first federal statute that prohibits data brokers from selling, releasing, disclosing, or providing access to "personally identifiable sensitive data" about Americans to entities controlled by foreign adversaries [congress.gov]. The statute is codified at 15 U.S.C. §9901 note, and the FTC's February 2026 letter is the first public agency action treating it as a live enforcement vehicle.
Why does this matter for the mugshot economy? Because PADFAA's definition of "personally identifiable sensitive data" is broad — and its definitional reach includes precise geolocation, biometric data, and other categories that map cleanly onto the kind of records the mugshot industry republishes. The statute does not directly prohibit the publication of arrest information to the general public. But it does prohibit the bulk transfer of that information to foreign-controlled entities, and it imposes FTC Act enforcement on noncompliance. The agency's own framing in the February reminder makes the architecture clear: PADFAA "prohibits data brokers from selling, releasing, disclosing, or providing access to personally identifiable sensitive data about Americans," and the FTC is the cop on the beat [ftc.gov].
For mugshot republishers in particular, the operative concern is whether their bulk data feeds — typically licensed onward to background-check resellers, ad-tech firms, and analytics shops — touch any entity that PADFAA's adversary list captures. The text of H.R. 7520, the standalone PADFAA bill that was rolled into the larger enacted package, makes the prohibition broader than most casual observers realize: it covers any transfer of "personally identifiable sensitive data" to a foreign adversary country or an entity controlled by one [congress.gov]. The mugshot industry runs on bulk data transfers. It does not run on careful counterparty diligence. That is the asymmetry the FTC's February letter is built to exploit.
What PADFAA actually prohibits
Prohibition: Data brokers may not sell, license, rent, trade, transfer, release, disclose, provide access to, or otherwise make available personally identifiable sensitive data of U.S. residents to (a) a foreign adversary country, or (b) any entity controlled by one [congress.gov].
Definitional reach: "Sensitive data" includes precise geolocation, biometric identifiers, health and genetic information, financial account data, certain government identifiers, and certain other categories — a list broad enough that bulk databases assembled from arrest records routinely touch it.
Enforcement: Violations are treated as unfair or deceptive acts under Section 5 of the FTC Act, opening data brokers to civil penalties and injunctive relief from the Commission [ftc.gov].
Turning Point Two: The Kochava Ban
If PADFAA is the statutory pillar, the Kochava case is the precedential one — the case that demonstrates how far the FTC is willing to push the unfair-practices theory under Section 5 of the FTC Act when a data broker behaves badly with categories of consumer data that the agency considers sensitive. On May 4, 2026, the Commission announced that it would prohibit Kochava and its subsidiary from selling, sharing, or disclosing sensitive location data without consumer consent — a settlement of charges first filed in 2022 that the company had sold geolocation feeds linked to millions of mobile devices and traceable to visits to reproductive-health clinics, places of worship, and other sensitive locations [ftc.gov].
The case timeline on the FTC's own site walks through the four-year arc: the 2022 complaint [ftc.gov], the procedural battles over what counts as "substantial injury" under Section 5, and the 2026 capitulation in which Kochava agreed to a permanent prohibition [ftc.gov]. The Kochava settlement matters for the mugshot conversation because of the legal theory the Commission rode all the way to the finish line: that selling a category of data the consumer never consented to share, in a way that creates substantial injury or risk of injury, is an unfair practice under the FTC Act regardless of whether the data was technically "public" at some point in its life.
That theory is portable. It traveled to Mobilewalla in December 2024, where the Commission imposed similar prohibitions and additionally banned the company from collecting consumer data through online advertising auctions for non-advertising purposes [ftc.gov]. It traveled to Gravy Analytics and its subsidiary Venntel, where the Commission finalized a January 2025 order prohibiting the unlawful tracking and sale of sensitive location data [ftc.gov]. And it traveled, earlier in January 2024, to X-Mode Social and Outlogic, where the agency issued the first order prohibiting a data broker from selling sensitive location data outright [ftc.gov].
Read sequentially, those eight actions describe a Commission that has built a complete enforcement toolkit against the data-broker economy — and a Commission that is now positioned, in the wake of PADFAA, to apply the same toolkit to categories of data well beyond geolocation. The mugshot industry is not formally on the FTC's named target list as of this writing, but the legal theory is portable in exactly the way that should make any general counsel at any harvest-and-republish operation lose sleep.
Turning Point Three: The States Move In
Federal enforcement is the slow-moving heavyweight. State enforcement is the fast-moving middleweight, and in the mugshot space, the state attorneys general are where the visible day-to-day damage to the industry has been done. Three jurisdictions, in particular, have built statutory and guidance regimes that the rest of the country is now copying.
California: AB 1475 and the Attorney General's 2024 Legal Alert
California's Assembly Bill 1475 — signed in 2021 and operative since — restricts when law-enforcement agencies in the state may share booking photographs of individuals arrested for nonviolent offenses on social media. The bill's operative text bars sharing such photographs unless one of a narrow list of exceptions applies, including a credible threat to public safety, a fugitive identification need, or judicial authorization [leginfo.legislature.ca.gov]. Three years later, the California Attorney General issued Legal Alert OAG-2024-05 to clarify that "booking photographs cannot be shared on social media at all unless: (1) the individual has been arrested for a violent crime, or [other listed exceptions apply]," a guidance posture that, for practical purposes, makes the California baseline among the most restrictive in the nation [oag.ca.gov].
The AB 1475 / OAG-2024-05 framework matters for mugshot republishers because it cuts off the supply chain at the source. If a sheriff's department or police agency cannot lawfully post the booking photograph on its own social media in the first place, the most common harvesting pipeline — automated scraping of agency social posts — dries up. California's approach is, in effect, supply-side reform: starve the harvesters of the raw material rather than chase them through the publication pipeline.
Florida: The Republication Statute
Florida went the other direction. Florida Statute §901.43, on the books since 2014 and amended in 2021, takes direct aim at the downstream republication-with-fee model. The statute prohibits any person or entity engaged in the business of publishing arrest booking photographs from soliciting or accepting a fee to remove, correct, or modify such a photograph [flsenate.gov]. The statute further authorizes an arrestee whose booking photograph has been published "to bring a civil action to enjoin" continued publication and to recover statutory damages and attorneys' fees [flsenate.gov].
The 2021 amendment, codified after CS/SB 1046 and CS/CS/HB 755, tightened the regime by prohibiting "the republishing or redissemination of certain arrest booking photographs" and authorizing courts to award injunctive relief in civil actions brought by affected individuals [flsenate.gov]. The Florida bill analysis frankly described the pre-statute landscape: "Currently, Florida law does not impose civil or criminal penalties on entities that publish mug shots of individuals" — language that, in retrospect, reads like a confession of how late the law was to the problem [flsenate.gov].
New York and Illinois: The Sealing-Side Approach
New York's approach to the booking-photograph problem runs through sealing law rather than direct republication restrictions. The New York State Attorney General's published guidance on sealing criminal records makes clear that for most categories of conditionally sealed convictions, "fingerprints and palmprint cards, booking photos, and DNA samples are not destroyed" — a procedural reality that has historically left a paper trail for downstream republishers even after a record was sealed [ag.ny.gov]. Senate Bill S1998, introduced in the 2019 session, addressed the publication-side question by proposing rules about when booking photographs may be made publicly available [nysenate.gov]. The legislative posture in Albany has been incremental, but the OAG's published guidance on sealing rights is, in practical terms, the most-used remedy for New Yorkers trying to clear an arrest from their digital record.
Illinois has built one of the country's most developed sealing-and-expungement regimes through the Criminal Identification Act, codified at 20 ILCS 2630. The statute's operative provision, 20 ILCS 2630/5.2, sets out detailed procedures by which an individual may petition to expunge or seal arrest and conviction records, with specific carve-outs and waiting periods depending on the offense category [ilga.gov]. The Act further provides, at 20 ILCS 2630/12, that "employers may not ask if an applicant has had records expunged or sealed" — a bar that, when combined with the FCRA's accuracy obligations on background-check resellers, creates a meaningful enforcement window [ilga.gov]. The Illinois Attorney General's longstanding guidance on expungement notes that, on a successful petition, "all records set out above may be ordered by the court to be expunged from the records of the arresting authority and impounded by the court" [illinoisattorneygeneral.gov].
EEOC, Title VII, and the Fair Chance Squeeze
The mugshot economy's customer base — the people who actually pay to remove records or who pay to access them — is dominated by two categories: arrestees who fear employment consequences, and employers who screen applicants. The federal government has spent the last several years making both ends of that market more legally hazardous.
On the employer side, the EEOC has been clear, consistent, and increasingly aggressive. The Commission's primary enforcement guidance on the subject, issued in 2012 and still operative, states that an employer's use of criminal history may violate Title VII either through disparate treatment (deliberately treating different protected classes differently) or, more commonly in the mugshot context, through disparate impact (a facially neutral policy that disproportionately excludes a protected group) [eeoc.gov]. The Commission's Q&A on that guidance puts the operational rule plainly: employers should not use blanket exclusions based on arrest or conviction records, and should perform an individualized assessment incorporating the Green factors [eeoc.gov].
The EEOC's brochure on background checks, written for general employer audiences, states the rule in even shorter form: it is illegal to base employment decisions on criminal-record information in ways that result in race, national origin, color, sex, religion, age, disability, or genetic-information discrimination [eeoc.gov]. The Sheetz suit — the EEOC's 2024 action against a major retail chain over alleged disparate impact in criminal-history screening — is the most visible signal that the agency intends to enforce that rule on its own initiative rather than waiting for individual charges [eeoc.gov].
On the federal-hiring side, the Fair Chance to Compete for Jobs Act of 2019 — implemented through OPM final regulations issued September 2023 — bars federal employers from asking applicants about criminal history until after a conditional offer of employment [opm.gov]. The Office of Personnel Management's implementation memo confirms that the Act applies to "all appointments in the Executive Branch (i.e., appointments in the competitive service, the excepted service)" and that exceptions are narrowly construed [opm.gov]. The EEOC's two-part federal-workforce report on workers with past arrests and convictions — "Second Chances Part I" and "Second Chances Part II" — provides the most thorough public agency analysis of how Fair Chance and Title VII intersect in federal employment, and documents the policy logic for treating arrests and convictions differently in hiring assessments [eeoc.gov][eeoc.gov].
The hiring-side squeeze in one paragraph
Federal employers can't ask about criminal history pre-offer (Fair Chance Act). Private employers who do can be sued under Title VII for disparate impact (EEOC). Background-check vendors who supply those reports owe FCRA accuracy duties (FTC). The mugshot site sits at the intersection of all three — without complying with any.
What You Can Do Today
This investigation would be incomplete without the practical remedies. The federal and state architecture described above creates real, exercisable rights — most of which are underused because the average person who has been mugshot-published does not know they exist. Here is the operational map.
If you are in California
You have three avenues. First, if the underlying offense was nonviolent and the agency that posted the booking photograph did so on social media without one of the AB 1475 exceptions applying, you have a complaint route through the California Attorney General's office, citing both AB 1475 and Legal Alert OAG-2024-05 [oag.ca.gov]. Second, if your case resulted in dismissal, acquittal, or a sealing-eligible disposition, the California Penal Code provides petition-based sealing processes that, when granted, support a takedown demand to downstream republishers. Third, if a third-party site is operating a removal-fee mechanism and selling reports that touch employment or tenancy screening, you have a complaint route to the FTC under FCRA accuracy theories — the same theories that produced the TruthFinder action [ftc.gov].
If you are in Florida
Florida Statute §901.43 gives you a direct civil cause of action against any person or entity engaged in the business of publishing arrest booking photographs that has solicited or accepted a fee in connection with removal [flsenate.gov]. The statute authorizes injunctive relief, statutory damages, and reasonable attorneys' fees. The civil-action mechanism is, structurally, the most powerful single tool in any state because it does not require waiting for a regulator to act.
If you are in Illinois
The Criminal Identification Act provides the petition-based sealing and expungement pathway, and the Illinois Attorney General's published expungement guidance walks through what records may be expunged and what the court order produces in practice [illinoisattorneygeneral.gov]. Once a record is expunged or sealed, the bar at 20 ILCS 2630/12 prohibiting employer inquiries about expunged or sealed records becomes operative — and, when combined with FCRA accuracy duties on resellers, creates a meaningful pressure point on the downstream republication chain [ilga.gov].
If you are in New York
The New York Attorney General's published guidance on sealing criminal records explains the eligibility pathways and notes the limits — including that, for conditionally sealed convictions, "fingerprints and palmprint cards, booking photos, and DNA samples are not destroyed" [ag.ny.gov]. The practical implication is that for individuals seeking to clear digital republication of arrests rather than the underlying physical records, the federal FCRA and Title VII levers are often more effective than New York sealing law standing alone.
Federally — Available to Everyone
The FTC's consumer-protection complaint mechanism is open to any U.S. resident and is the right address for both PADFAA-related concerns and FCRA accuracy concerns about background-check operators. The EEOC's intake process, available through its district offices, is the right address for any individual who believes they were denied employment based on arrest information in a way that produces a Title VII disparate-impact concern. The EEOC's own published guidance encourages individualized assessment as the affirmative defense, which means a properly documented EEOC charge against a non-compliant employer is a serious matter [eeoc.gov].
For federal applicants specifically, the OPM Fair Chance guidance is the operative document, and it confirms that asking about criminal history before a conditional offer is prohibited in nearly all federal hiring contexts [opm.gov]. Federal employees who believe they have been subject to suitability determinations that did not follow OPM's regulations have an administrative review pathway [opm.gov].
Case Records Connected to This Investigation
The legal architecture above does not operate in a vacuum. Across the country, individual case dockets capture the granular reality of how arrests, dispositions, and downstream public-records use intersect with employment, civil-rights, and corporate-disclosure controversies. The Open Public Records court archive maintains records of relevant proceedings; the four examples below illustrate the diversity of the legal terrain.
The Law Is Finally Catching Up
For most of its history, the mugshot-extortion economy operated on a single bet: that the harm it imposed would always be too diffuse, too local, and too embarrassing to organize into a coherent legal response. The bet was reasonable for a long time. Arrest records were public, the technology was new, the First Amendment was muscular, and no single regulator owned the problem. Each affected individual was alone with their search results.
That bet has now lost. The FTC has built, over four years and eight named enforcement actions, a portable theory of data-broker liability that treats the unfair sale of sensitive consumer data as a Section 5 violation regardless of the "publicness" of the underlying records. Congress has, through PADFAA, written into federal statute the principle that bulk transfers of sensitive personal data are not protected commercial speech when the counterparty is a foreign adversary [congress.gov]. The EEOC has, through fifteen years of enforcement guidance and the 2024 Sheetz litigation, made clear that employer reliance on arrest information is presumptively a Title VII problem [eeoc.gov]. The California Attorney General has closed off the largest upstream supply chain for booking-photograph harvesting. Florida has armed individual arrestees with a direct civil cause of action [flsenate.gov]. Illinois has built the most developed sealing regime in the country and protected it with anti-inquiry rules that employers ignore at their peril [ilga.gov].
The result is that the toll booth at the corner of public records and private dignity, the toll booth that for two decades collected fees from people who had done nothing more than be photographed by a county jail, is being dismantled — slowly, jurisdiction by jurisdiction, enforcement action by enforcement action. The dismantling is incomplete. The FTC has not yet brought a named PADFAA enforcement action against a mugshot site. Most states still lack a Florida-style civil-action statute. The EEOC's Sheetz suit is one suit, not a class of suits. The federal preemption questions surrounding state booking-photograph statutes will eventually reach the Supreme Court, and the outcome there is genuinely uncertain.
But the architecture exists now in a way it did not exist five years ago, and that architecture has begun, in 2026, to bite. The Subject in our opening — the woman standing on the yellow footprints in a county jail intake room — has more legal recourse today than she did at any point since the modern mugshot industry was born. The toll booth is not yet closed. But the law is finally catching up.
— END —