By Dave Maas and Hayley Tsukayama, Electronic Frontier Foundation
California police and sheriffs are failing to protect the privacy of drivers on city streets, the California State Auditor’s office determined after a seven-month investigation into the use of automated license plate readers (ALPRs) by the Los Angeles Police Department and three other local law enforcement agencies. California State Senator Scott Wiener sponsored the State Auditor’s report.
The auditor raised a long list of concerns, including fundamental problems with police ALPR policies, failure to conduct audits, and the risk of ALPR data being abused to surveil political rallies or target immigrant populations. In addition to Los Angeles, the auditor investigated the Fresno Police Department, Sacramento County Sheriff’s Office, and Marin County Sheriff’s Office. The auditor indicated that the problems are likely prevalent across 230 California law enforcement agencies using ALPRs.
The report is a damning assessment of how California law enforcement agencies use this mass-surveillance technology, which employs computer-controlled, high-speed cameras mounted on street lights, on top of police cars, or speed-monitoring trailers that automatically capture images of every vehicle that drives by, without drivers’ knowledge or permission. The cameras capture the exact time and place a license plate was seen, and often compares that data point to hot lists of “people of interest” to police. The cameras are capable of capturing millions of data points, which, taken in the aggregate, can paint an intimate portrait of a driver’s life and even chill First Amendment-protected activity.
Among the auditor’s key findings:
- The four agencies’ “[p]oorly developed and incomplete policies contributed to the agencies’ failure to implement ALPR programs that reflect the privacy principles” required by state law.
- “Instead of ensuring that only authorized users access their ALPR data for appropriate purposes, the agencies we reviewed have made abuse possible by neglecting to institute sufficient monitoring.”
- “A member of law enforcement could misuse ALPR images to stalk an individual or observe vehicles at particular locations and events, such as doctors’ offices or clinics and political rallies. Despite these risks, the agencies we reviewed conduct little to no auditing of users’ searches.”
“[A]gencies have not based their decisions regarding how long to retain their ALPR images on the documented usefulness of those images to investigators, and they may be retaining the images longer than necessary, increasing the risk to individuals’ privacy.”
- “We found that the three agencies storing ALPR data in Vigilant’s cloud—Fresno, Marin, and Sacramento—do not have sufficient data security safeguards in their contracts.”
- While the California Department of Justice has guidelines on protecting police data from federal immigration enforcement activities, “agencies were either unaware of these guidelines or had not implemented them for their ALPR systems.”
ALPRs allow police to upload our movements to massive databases.That enables them and others to analyze our travel patterns, identify visitors to specific locations, and receive real-time alerts on specific cars through “hot lists.” For more than eight years, EFF has raised concerns about the technology because it can reveal sensitive information about all drivers, regardless of whether they are suspected of connection to criminal activity. In 2015, EFF supported legislation—S.B. 34—to require agencies to implement policies that protect civil liberties and privacy, and to maintain a detailed log of every time someone accesses ALPR data.
Last summer, EFF worked with Sen. Wiener to request the California State Auditor to conduct an audit of ALPRs used by law enforcement agencies throughout the state and to assess whether agencies are complying with S.B. 34. Based on our own research, we demonstrated to legislators how police, sheriffs, and other agencies were routinely flouting a state law requiring transparency and accountability designed to protect the public’s privacy and civil liberties. This included failure to keep track of system searches and publish their usage policies online. We also drew attention to the fact that agencies are collecting far more information than they need and are sharing the data indiscriminately with hundreds other agencies across the country.
Over the last seven months, the state auditor’s staff spent 2,800 hours surveying every police and sheriff’s department in the state and conducting deep-dives of four agencies.
The auditor made many recommendations. The California legislature should amend state law to require the California Justice Department to draft and publish a template for ALPR policies that local law enforcement agencies can use as a model. The Justice Department should also issue guidelines about security requirements agencies should follow to protect ALPR data. The amended law must establish rules about how long ALPR data can be retained, including data that is used to link persons of interest with license plate images. Periodic evaluations of data retention policies should be conducted to ensure that police are keeping data for the shortest time as practical, the auditor said. The four law enforcement agencies investigated should review and revise their ALPR policies and do an assessment of their data security practices by August.
The auditor found that 230 agencies in California were deploying ALPRs, with the majority using Vigilant Solutions to collect, store, and analyze the data. An additional 36 agencies planned to deploy ALPRs in the near future. This is the first time that a comprehensive list of ALPR users in California has been compiled.
Of the agencies that use ALPR systems, 96 percent said that they had ALPR policies. But, as the audit reveals, many of the policies that agencies have in place are insufficient. The agencies audited in Fresno, Marin, and Sacramento did not cover who has access to the system, or how the agency monitors use of the system to comply with privacy laws. The Los Angeles Police Department, which has an ALPR database of 320 million images, had no policy specifically dealing with its ALPR systems at all. The department said that its existing information technology policies adequately covered the system—a belief that the auditor’s office did not share.
The audit also reveals that the four departments it examined closely are sharing data from ALPR systems broadly—between those agencies, ALPR data are shared with entities in 44 out of 50 states. The Sacramento County’s Sheriff’s Office alone shares with more than 1,000 entities.
Agencies also retain data for varying periods of time, some very long. The Los Angeles Police Department, for example, keeps information from ALPR systems for five years. Information contained in these systems, the audit found, include not only license plate information but also personal information such as name, address, date of birth, and even some criminal justice data such as arrest record.
All four agencies, the report found, lacked sufficient safeguards for managing which employees can see the data from their systems, such as a policy that requires supervisory approval for establishing an account to access an ALPR system.
Problems likely extend far beyond the four agencies profiled. “We are concerned that the policy deficiencies we found are not limited to the agencies we reviewed, and thus law enforcement agencies of all types may benefit from guidance to improve their policies,” the report said.
Based on the outcome of the audit, EFF asks the state legislature to enact new safeguards to limit how police use this technology.
- Agencies must create and define a clear process for adding and removing vehicles from hot lists, and limit hot lists to only the most serious of crimes.
- Agencies must not retain any data about vehicles that do match a vehicle included on such a hotlist.
- Agencies should not use ALPR data collected or stored by a private company.
- Agencies should follow the state of Maryland’s lead and disclose on an annual basis how many fixed and mobile license plate readers they have, how many license plates they scanned, how many of those scans matched a hot list, how many times agencies outside the state requested and received data, the results of all audits, and any breaches of the system that occurred.
- Forbid the use of predictive algorithms based on ALPR data.
- Place a statewide moratorium on government use of ALPRs, similar to the moratorium on mobile face recognition passed last session.
ALPR technology can be used to target drivers who visit sensitive places such as health centers, immigration clinics, gun shops, union halls, protests, or centers of religious worship—all without drivers’ permission or knowledge. This report clearly demonstrates the ways that these agencies are failing California drivers—and raises serious questions about how entities across the country use and access ALPR data.