The US Drug Enforcement Administration (DEA) has been building a massive national license plate reader (LPR) database over several years that it shares with federal and local authorities, with no clarity on whether the network is subject to court oversight.
The program relies on hundreds of cameras that snap images of each vehicle that passes, recording license plate numbers, direction of travel and time. Some cameras also snap a picture of the driver and passengers.
The American Civil Liberties Union (ACLU) has obtained documents about the program through the Freedom of Information Act, but few details have emerged from those heavily redacted pages.
The program was set up in 2008 and opened to other law enforcement agencies in May 2009.
According to the ACLU’s article this week, a 2010 email described the primary goal of the program as forfeiture: the controversial policing practice of seizing cash, cars and other valuables from motorists and others not yet charged with crimes.
From the email [sic]:
...DEA has designed this program to assist with locating, identifying, and seizing bulk currency, guns, and other illicit contraband moving along the southwest border and throughout the United States. With that said, we want to insure we can collect and manage all the data and IT responsibilities that will come with the work to insure the program meets its goals, of which asset forfeiture is primary.
This message also notes the “enormous support” the program’s received from several, non-specified government and law enforcement agencies, with multiple requests being made to link up with the LPR devices from state and local law enforcement.
The amount of cash the program has helped law enforcement to seize is considerable, but the program has aided in seizure of more than that.
According to one internal DEA document, the database has helped to track fugitives; solve a gang-related homicide; identify a car involved in a homicide and used to injure border checkpoint officers; and, in 2010, to seize 2,443 kilograms of cocaine, 87 kg of heroin, 66,941 kg of marijuana, 345 kg of methadone, 31 firearms, and $80,625,073 in cash.
Those familiar with the program told the Wall Street Journal that it’s also been connected to the Amber Alert system, which helps authorities find abducted children.
An undated slideshow cites 100 devices in the network, including those owned by the DEA, others by federal law enforcement, and still others by local and state law enforcement.
At the time the slideshow was put together, LPR devices were covering eight US states: California, Arizona, New Mexico, Texas, Nevada, Florida, Georgia and New Jersey.
While the program began in border states, the DEA has always planned to expand it, according to the documents as well as current and former officials who spoke with the WSJ.
Those officials wouldn’t say how many states are now feeding data into the system, telling the paper that disclosing information could help crooks avoid detection.
Another email, dated July 2012, notes that the data retention period for the LPR repository was at the time being decreased from 2 years down to 6 months.
The ACLU says that 6 months is still “far too long” to hold records on innocent people:
While this is an improvement from previous statements of DEA retention policy, it is still far too long. The government should not collect or retain information revealing the movements of millions of people accused of no crime.
The period of data retention has apparently shrunk further still: A Justice Department spokesman told the WSJ that the DEA has reduced the time it holds data to 3 months.
But beyond retention duration, more important is what’s being done with the data while the government’s got it, the ACLU said:
Even that long retention period is only meaningful if it comes with strict rules limiting data use, sharing, and access. Like its retention policy, the DEA should make these policies public.
The disclosed documents say that any federal, state or local law enforcement agent vetted by the DEA can conduct queries on the database.
The database is enormous.
The ACLU points to the Department of Homeland Security’s Northern border strategy document, which indicates that the Customs and Border Patrol (CBP) – one of the federal agencies that’s shared data with the DEA – collects “nearly 100 percent of land border traffic”.
That amounts to over 793.5 million license plates between May 2009 and May 2013, according to CBP’s response to the ACLU’s FOIA request.
According to the DEA, the program targets roadways it believes are used to transport contraband. It’s not clear what criteria the agency uses to classify a road as such.
With so much information redacted it’s hard to say we’ve got the full picture here, but it’s also easy to understand why this capability is useful for law enforcement.
Furthermore, identifying cars and users based on their license plates is nothing new – it’s what they’re for: license plates are public, unique identifiers.
And of course we have always had the ability to follow a person or a car by spotting the right number plate and watching where it goes.
So in some ways this is nothing new. But in other ways it’s very new indeed.
We could allow the police to follow criminals by asking everyone in the country to place a tracking beacon in their car, but who’d agree to that?
There are properties and capabilities that emerge from large collections of data that don’t exist in the same data at smaller scales (it’s why we had to invent a term – Big Data – to describe it.)
Collecting everything on the assurance that only criminal activity will receive any attention changes the relationship of trust between the public, law enforcement and government.
It’s a debate that’s happening on many fronts about data as different as DNA and phone call meta data.
And even if you’re happy with the premise that the innocent have nothing to fear, we still have to trust that these large, valuable collections of data being amassed are secure, properly disposed of, safe from leaks and safe from prying eyes.
License plates courtesy of 360b / Shutterstock.com
Anonymous
A few cities, El Paso, TX among them, have a license scanner on a ~40ft pole at the entrance and exit of each ramp, and vehicles are tracked as they travel through the city. Despite the constitutional question regarding freedom from unreasonable search (and it does seem quite unreasonable that the State should know ALL travel on the interstates of flagship cities like El Paso, despite the fact that such travel isn’t actually inter-state), the operators of this program still seem to understand freedom of speech. Living in a border state, I have traveled through these scanners multiple times, including the ones at border checkpoints that take a picture of the face, and I have made obscene gestures to the cameras through every_single_one, and while I’ve been given higher scrutiny more than once, including checks with more than one canine unit and BP agents deliberately searching my vehicle, I have never been detained for it. I am also aware of somebody that has “&*#$ Domestic Spying” on a blank insert for the front license plate (his state does not require a front plate) in IR reflective paint so that it’s not visible unless under infrared, and the last time we spoke he was never given any undue treatment either.
Mark Stockley
I think transparency is everything.
We need transparency about the rules – who can use this, when and why but we also need transparency about who did use it, when and why.
People behave differently when they know they’re being watched and we could probably prevent abuses before they happen with a little transparency.
Finally I’d really like to see transparency when it comes to the code itself.
There’s a case for saying that anything written for and by government should be open source. It’s not private enterprise, they aren’t putting up the capital at risk and they aren’t turning IP into profit. The code is paid for by tax payers to work on their behalf.
The data should remain secret but if the code were open we would be able to exercise oversight directly. We could examine its capabilities, purpose and security first hand and check that we got what we paid for.
I accept that there are situations where you wouldn’t want to make code public but we could at least start with a ‘presumption to open source’ with sunset clauses on how long things can be kept secret.
Don’t hold your breath though.
Chris
What will it take to convince the public that the old “You have nothing to fear if you have nothing to hide” just sin’t valid? Lisa, you hit the nail on the hard with that last paragraph about the security of such a database. This needs to have some sort of super-HIPAA protection around it.
Kyle
Like it or not this is the world we are in now. There is no way to keep yourself or even your home life private anymore. the argument that this is all in the public’s best interest is laughable. This is to make law enforcement officers life easier, at the expense of everyone’s privacy.
At the end of the day this will not protect, or help protect anyone; its just a crutch for law enforcement. The risk of abuse is just to high. I for one would be happy if they pulled this hole system down, but we all know there is no chance of that happening.
Anonymous
As I read this their stated goal is conspiracy to commit theft wrapped up in a bunch of bad law. For a while now it seems a lot of identity theft is from data in government servers why does government think this is a good idea and how do we liquidate the DEA’s assets to cover the likely $billions in losses this will cause.
Daniel
There’s nothing wrong with the ability to do it, but I don’t see how it’s legal to record all of them. Putting a license plate into a database and having all the cameras watch for it then trigger an alert when found is one thing, recording all plates and logging the location of every vehicle at any point in time is another. In 2-3 years time the database (in some areas) will show everywhere a car has been along with that persons usual schedule. “Just because we can” is not a good reason.
Jake
I’m disgusted. Sickened. Horrified. Did the DEA really use “insure” in the sense of “make certain”? I’m well aware that there are some odd archaic spellings in use in the US, but seriously. THIS HAS TO STOP.
Guy
Seriously, it’s how the Americans spell it. Always confuses me.
micchickenburger
I’m an American, and that stood out to me. The first thing I thought was, “the DEA spelled ‘ensure’ incorrectly.” We only use “insure” in the context of securing against lost. However, spelling isn’t a top priority for most Americans.
Joe
This reminds me of black-and-white movies of world war II Europe. Every time one crossed a street or passed through a door, someone in uniform said “Papers Please!” We are not at war nor are we under Marshal Law. It’s creepy to think that my movements are recorded everywhere on the planet except the toilet. I cannot even leave a comment here without leaving a real, identifying, traceable email (and IP) address!
Paul Ducklin
Actually, you don’t have to give an email address to post here…and if you were to use Tor, we’d not have a record of your real IP address anywhere.
Just to be clear…not that automatic number plate recognition doesn’t fill me with the rheorical question, “What could possibly go wrong?”
Anonymous
If Americans came to the UK, their heads would surely explode at the number of cameras we have.
Guy
As if roundabouts and driving on the left aren’t confusing enough.
micchickenburger
There are roundabouts everywhere here in Wisconsin. But I’ll second the driving on the left.
Anonymous
“We could allow the police to follow criminals by asking everyone in the country to place a tracking beacon in their car, but who’d agree to that?”
Well, we pretty much have done that already… the beacons are called “mobile phones”
Guy
If you ever saw the movie “Brazil”, back in the 80s, you’ll recall Terry Gilliam’s cynical comment on data held by governments, and the inevitability of it making mistakes with that data at the expense of innocent people. And you can’t say it hasn’t happened in real life.
Then again, the news today is filled with the inevitability of the bad guys doing evil things, also at the expense of innocent people.
This just get’s me thinking… Back in the old days, people were forced to live with poverty, disease, war, corruption (think of medieval, feudal monarchies, Czarist Russia / Communist Russia, Xenophon’s march across Mesopotamia, Ancient China, Ancient Rome etc). Lots of suffering of helpless, innocent people, and no self determination for 95% of humanity.
These days in the West, for the most part, people are well fed, healthy and affluent, The vast majority of people in the ancient, or the medieval world wouldn’t have even imagined being able to criticize the government. Here in the West, where our governments’ collective goal re Big Data collection, is at least on paper, to protect and safeguard us, we are genuinely fortunate.
There’s certainly still corruption and “bad actors” in Office, and there’s no moral justification for sitting on our laurels and putting up with things that aren’t right.
I do feel, though, that we should appreciate some of the benefits this technology brings us, too. It’s a double edged sword. My guess is most people go into work at GCHQ, MI5 or the NSA wanting to do some good, Does this make me naive? Maybe.
I’m not naturally a conspiracy theorist. There’s room for abuse all over the place as well as room for people to do the right thing. With more data comes more power and people’s choices can affect more people for good or for bad. Ultimately, I believe that now governments will be in possession of Big Data, and we can’t do much to halt the tide of history. Without a doubt, it requires our stewardship, but not our total censorship. There’s potential for good in the programme too.
My 2 cents.
Jim
I am not sure why anybody believes this is illegal or unconstitutional. Courts have long held that driver’s licenses and auto license plates are OK for governments to use. The reason is because driving is an optional privilege, not a right.
By the same token, though, license plates are not sufficient to prove one’s location in court. For example, traffic light cameras can only be used in court if there’s an identifiable human being in the picture.
Now, typically the owner of a license plate is going to be the driver as well. So, the DEA is basically hoping this will help them get the general area where a criminal travels. But, they have to have real evidence in court. Otherwise, the defendant can just say “my nephew borrowed my car”, and that’s the end of that.
Is it legal? Without much doubt, yes. Is it right? That’s a good question.
Paul Ducklin
Not all jurisdictions require a photo of the driver to proceed with prosecutions for traffic offences. Indeed, at least in the days of film cameras, law enforcement photos for speeding and traffic light offences in the UK were only ever taken from the rear (for the very simple reason that the cameras needed bright flashes, which are unsafe to pop into a driver’s eyes :-).
For many jurisdictions, the owner (more precisely, the registered keeper) of a vehicle is assumed to be the driver, is required to account for the vehicle’s use, and is duty-bound to dob in the person who was driving if it was someone else. Saying someone else was driving when you were not is a serious offence, very much more serious than speeding or running a red light.
OTOH, you’re right that, over time, a number plate database with times and places pretty much maps someone’s life out, whether admissible in court or not. For people not charged with offences, strict limits on how long the data is held should IMO be implemented. I can see why, in special cases (approved by a court) it might be reasonable to keep some data from some locations for longer, e.g. after a serious crime happened at location X, but the idea of “just keeping it in case” can surely, even in the most honest and well-meaning jurisdictions, only ever end in tears.
Jim
You’re right: I should have specified in the US. But, some states (including my own great state of Minnesota) have tried to do it by license plate, and had the whole law tossed in Federal Court. And, it didn’t take long, either. It wasn’t a summary judgment, but the time it took was pretty short.
I should also have specified that your lawyer has to be the one to propose that it was your nephew (or whatever). If YOU say it (in the US), you’ve now testified falsely under oath. But, since the standard is “beyond a reasonable doubt”, odds are a good lawyer can get the evidence removed. The prosecution has an uphill fight in most cases.
On your last paragraph, I’m thinking even less than 6 months, but with options for law enforcement to preserve the information for active cases. In other words, the police keep a running list of cars they’re legitimately tracking, and those don’t get removed. But, all the others do. Certainly software can handle such a task. It means they can’t go back in time very far, but that’s probably an acceptable compromise between enforcement and privacy.
Paul Ducklin
I was thinking of 48 hours as a default time to keep snapped plates that are not used for enforcement.
I haven’t lived in the UK for a while, but when I did, IIRC law enforcement only had two weeks to charge you using photographic evidence, after which it was inadmissible, at least for routine motoring offences. You didn’t get a copy of the photo (I am not saying how I know this :-) but for a modest fee you could acquire one. So once they’d charged you, they had a duty to keep the photo, obviously…but if two weeks is considered a sensible limit for using the photo to prosecute, you can argue that two days is a sensible limit for *not* using it!
Jim
I would be OK with that. Or, perhaps (based on jurisdiction), make the delay the same as it would be for other information gained without a warrant.
The key in my mind is to treat it as any other piece of information or object would be treated. Law enforcement is generally prohibited from holding information, but the times allowed differ based on the information.
For example, DNA samples taken from suspects and criminals has holding times that vary by state.
Paul Ducklin
I guess the real objection for ANPR (as we call it in Anglo countries, since the plates don’t confer a licence for anything, so they’re just “number plates,” even though they almost always have letters as well these days :-) is that a huge percentage of the data points are of people who not only aren’t suspects, but genuinely haven’t even thought of doing anything dodgy. They merely happened to be driving past.
So the vast repository of geolocation data in an ANPR database that has a long expiry time would seem to have little future value to any possible prosecution…yet to present enormous prospects, and to be a worthy challenge, for any cybercrook.
If so, then the less you keep, for a shorter time, the *better* it is for law and order overall, without keeping so little that the benefits to law enforcement (e.g. spotting stolen cars, prosecuting dodgy drivers) are entirely lost.
Jim
Stolen cars is an excellent example where an average citizen WANTS law enforcement to keep such info (or, at least the victim does).
It’s an interesting quandary. I’m not sure there is a “correct” answer. More likely, there are correct principles. Perhaps we (in the US) need the 50 states to each try their own solution, and see which ones work better*.
* Better = best tradeoff between security and privacy.