We predicted it would happen. A year after the Department of Homeland Security (DHS) scuttled plans to build its own nationwide database of vehicle license plate data, from private contractors to provide the agency access to the same information.
DHS canceled last year’s plan in the wake of TSA domestic spying revelations and subsequent outrage over increasingly intrusive government surveillance. At the time, DHS would find another way to track every single car on the road, likely by relying on the services of private companies like , one of the largest aggregators and purveyors of license-plate data.
Companies like Vigilant, as well as police agencies in all 50 states, use automated license plate readers (ALPRs) to capture an image of every license plate they encounter. Plate readers—essentially high-speed cameras mounted on patrol cars or at fixed locations—can scan up to 1,800 plates per minute.
The system marks the time and vehicle location and then checks the plate against a “hot list” of stolen vehicles, lapsed registrations, outstanding fines or warrants, etc. The system can also check for drivers with unpaid taxes or child support, lack of insurance or even to alert the repo man. Without legislative protections, private contractors will be free to sell license-plate data to the highest bidder.
With enough ALPRs, authorities can track the day-to-day movements of everyone who drives a car. By storing and mining that data, authorities can create a detailed profile of someone’s life: where they go and when, who they see, what they do. And this applies to everyone, whether they’re suspected of wrongdoing or not. This tracking of the public en masse .
One way to fix this is to limit the amount of time authorities can retain license plate data. The shorter, the better. The oos advocates that license plate information shouldn’t be stored at all and deleted immediately if it doesn’t result in a “hit.” Unfortunately, data retention polices vary widely by law enforcement agency, and some retain the information forever. DHS wants to access data going back five years (an outrageously long time), which raises the question of why keep data on a vehicle (and by extension a person) if they haven’t been implicated in wrongdoing? The answer should be obvious.
License plate readers should only be used for clearly defined purposes such as identifying vehicles of immediate interest or in missing persons cases. Using them for blanket, long-term surveillance violates a longstanding principle that government not monitor citizens unless it has individualized suspicion of wrongdoing.
The DHS scheme clearly goes too far and must not be implemented. We urge all oos members to their U.S. senators and representatives to stop this flagrant intrusion on our privacy.
Tell your elected officials we need robust, standardized privacy protections for license plate data at the federal level. Legislation must balance the legitimate needs of law enforcement with the need to protect individual privacy. A good model comes from North Carolina where lawmakers considered an ALPR privacy bill to accomplish the following:
- Restrict the use of ALPRs to municipal, county or state law enforcement agencies
- Prevent sharing of plate data for any reason
- Require deletion of data after 10 days unless flagged
- Limit the types of crimes and violations that data can be used to investigate
- Restrict data matching to specific databases such the State Criminal Justice Information Network, National Crime Information Center and missing/kidnapped persons lists
ALPR technology is here to stay. The key to limiting its impact on privacy is to enact strict controls on how the data can be used, who has access to it, how long it can be retained and how widely it can be shared. This needs to happen at the federal level and soon.