License-plate spy programs missing 1 important requirement

(U.S. Air Force photo/Trevor Cokley)

The license-plate spy programs that are used by police and other agencies across the state of California are missing – by far – the minimum privacy requirements that should be embedded, a new report said.

It is the Electronic Frontier Foundation that reported on the results of a seven-month investigation into the use of automated license-plate readers.

The state audit focused on the Los Angeles Police Department and three other agencies in the state, including police in Fresno, Sacramento and Marin County.

"The auditor raised a long list of concerns, including fundamental problems with police ALPR policies, failure to conduct audits, and the risk of ALPR data being abused to surveil political rallies or target immigrant populations," the EFF report said.

"The report is a damning assessment of how California law enforcement agencies use this mass-surveillance technology, which employs computer-controlled, high-speed cameras mounted on street lights, on top of police cars, or speed-monitoring trailers that automatically capture images of every vehicle that drives by, without drivers' knowledge or permission," the report said.

That tech captures the exact time and place a license plate was seen. The information can be used to hunt "people of interest" to police, but with the ability to capture literally millions of data points, the tech "can paint an intimate portrait of a driver’s life and even chill First Amendment protected activity," the EFF report said.

The audit also found police don't have adequate – or event complete – policies regarding the information, and they have failed to sufficiently monitor the results.

Further, "A member of law enforcement could misuse ALPR images to stalk an individual or observe vehicles at particular locations and events, such as doctors' offices or clinics and political rallies. Despite these risks, the agencies we reviewed conduct little to no auditing of users' searches," the report said.

And the databanks in which the information is stored don't have adequate security.

"For more than eight years, EFF has raised concerns about the technology because it can reveal sensitive information about all drivers, regardless of whether they are suspected of connection to criminal activity. In 2015, EFF supported legislation—S.B. 34—to require agencies to implement policies that protect civil liberties and privacy, and to maintain a detailed log of every time someone accesses ALPR data," the privacy organization explained.

The dangers include that by having those license-plate reports, authorities could determine to what political events a person goes, where they get prescriptions, where they shop, whether they visit an abortion business or a church, whether they visit the dentist or a gun shop – and much, much more.

EFF explained it has been seeking an audit since last year.

"Over the last seven months, the state auditor’s staff spent 2,800 hours surveying every police and sheriff’s department in the state and conducting deep-dives of four agencies," EFF reported.

The recommendations include changes to state law to require a state standard for ALPR policies, the report said.

"The amended law must establish rules about how long ALPR data can be retained, including data that is used to link persons of interest with license plate images. Periodic evaluations of data retention policies should be conducted to ensure that police are keeping data for the shortest time as practical, the auditor said. The four law enforcement agencies investigated should review and revise their ALPR policies and do an assessment of their data security practices by August," the report said.