The Washington Post reports on two privacy breaches concerning license-plate information at the Department of Homeland Security’s Immigration and Customs Enforcement agency:
After the Department of Homeland Security canceled a plan for broad law enforcement access to a national license-plate tracking system in February, officials established a policy that required similar plans be vetted by department privacy officers to ensure they do not violate Americans’ civil liberties.
Two months later, however, officials with DHS’s Immigration and Customs Enforcement agency bypassed the privacy office in purchasing a one-year subscription for a commercially run national database for its Newark field office, according to public contract data and department officials. In June, ICE breached the policy again by approving a similar subscription for its Houston field office. The database contains more than 2.5 billion records. […]
Officials at ICE say the field office use is limited, involves ongoing criminal investigations for which they had earlier access to the database, and is not related to civil immigration enforcement. They said the breach of the new policy was inadvertent and a result of a miscategorization of the contracts.
The commercial databases draw information from readers that scan the tags of every vehicle crossing their paths. Records, for instance, can be obtained from repossession companies, whose drivers mount cameras on their cars and capture images of license plates of passing or parked cars, along with the time and location of the photo.
For federal officials, the information has become a critical tool to help the agency locate suspects who could pose a threat to public safety. But they acknowledged that they have not imposed privacy safeguards on use of the database, such as rules limiting how long the data agents look at may be kept.