As the use of license-plate-recognition camera technology to gather and record drivers’ movements started becoming widespread in the United States, people asked a number of questions about the privacy, civil liberty and security implications about the surveillance technology. Last year, the Center for Investigative Reporting looked into privacy questions concerning the use of license-plate readers and found that “a leading maker of license-plate readers wants to merge the vehicle identification technology with other sources of identifying information.” A couple of years ago, the American Civil Liberties Union released a report (pdf) on license-plate readers and how they are used as surveillance devices.
And law enforcement is concerned about how such tech affects privacy rights, as well. In 2009, the International Association of Chiefs of Police issued a report on license-plate-recognition technology and said, “Recording driving habits could implicate First Amendment concerns. […] Mobile LPR units could read and collect the license plate numbers of vehicles parked at addiction counseling meetings, doctors’ offices, health clinics, or even staging areas for political protests.” The privacy and civil liberty questions have led to the cancellation of some license-plate-recognition surveillance programs, including ones in Boston and by the Department of Homeland Security.
One of the biggest questions is: What happens to all the data on innocent individuals? Often, we don’t know what the restrictions are on the collection and use of the data. We have learned some information about what some groups do with the data. Last year, the Washington Post reported that commercial databases gather such location data to sell. In 2013, the ACLU review of license-plate-reader camera technology found that “the approach in Pittsburg, Calif., is typical: a police policy document there says that license plate readers can be used for ‘any routine patrol operation or criminal investigation,’ adding, ‘reasonable suspicion or probable cause is not required.’ […] As New York’s Scarsdale Police Department put it in one document, the use of license plate readers ‘is only limited by the officer’s imagination.’” In 2011, the Washington Post reported that Virginia used the license-plate scanning technology for tax collection.
Now, as a result of the public records request, Ars Technica has received the entire license-plate-reader dataset of the Oakland Police Department, “including more than 4.6 million reads of over 1.1 million unique plates between December 23, 2010 and May 31, 2014.” And it’s interesting to see what personal information can be gleaned from the surveillance data.
As to data retention, Ars says, “Neither the Oakland City Council nor the OPD has ever imposed a formal data retention limit, though OPD has deleted older LPR data as needed to make room for newer data.” This means that, if Oakland chooses to expand its data-storage capabilities, there could be years of data such data kept, which could lead to lengthy, detailed files of individuals’ movements. Such location data can reveal much about a person.
“Anyone in possession of enough data can often—but not always—make educated guesses about a target’s home or workplace, particularly when someone’s movements are consistent (as with a regular commute),” Ars reports. “For instance, during a meeting with an Oakland city council member, Ars was able to accurately guess the block where the council member lives after less than a minute of research using his license plate data.”
In terms of access to the information, Ars notes, “Any OPD officer can search the department’s LPR database. While the individual officer’s name is logged, no reason for the search has to be entered.” And: “There’s no evidence that the OPD has abused its database. But absent any strict controls, auditing, or even basic guidelines, it’s hard to know what might or might not have been done.”
So although Oakland police might not have misused their access, they could have done and can do so. We’ve seen the problems that arise when insiders abuse or misuse their access privileges to individuals’ data and violate the individuals’ privacy rights. Such cases have occurred in: Minnesota, where 104 officers from 18 agencies in the state accessed one woman’s “driver’s license record 425 times in what could be one of the largest private data breaches by law enforcement in history”; New York City, where a police sergeant pleaded guilty “to illegally entering a federal database and giving information from a terrorist watch list to an acquaintance to use in a child-custody case in Canada”; and the U.S. government, where the State Department found that federal employees repeatedly snooped into the passport files of entertainers, athletes and other high-profile Americans.
Last year, the National Security Agency’s Inspector General revealed in a letter (pdf) to Sen. Chuck Grassley (R-Iowa) that there were cases “in which NSA personnel intentionally and willfully abused their surveillance authorities.” Here’s just one of at least six cases that were referred to the Justice Department for further action. It occurred on the insider’s “first day of access” to the signals intelligence (SIGINT) data. The person, a member of the military, “queried six e-mail addresses belonging to a former girlfriend, a U.S. person, without authorization.” The cases aren’t confined to the United States; for example, they’ve occurred in Canada, New Zealand and the UK.
License-plate-reader technology, like other surveillance systems, has the ability to create a profile of an individual using personal, possibly sensitive data. It is important to recognize the possibility that using the technology could violate individuals’ privacy rights and civil liberties. The Oakland Police Department said it values transparency, which is why it releases the data to the public, including Ars Technica, when asked. This is an important and useful practice. However, the Oakland case, with its vague rules on the data, still shows that surveillance programs need strong, publicly viewable regulations that follow the Fair Information Practices: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability.