It’s that time of year when people don sinister masks, spray themselves with fake blood, and generally go all out for a good fright. But here at EFF, we think there are plenty of real-world ghouls to last all year-round. Fortunately, we won’t let them hide under your bed. Sometimes our work sounds like science fiction, but the surveillance techniques and technology we fight are all too real. Here are some of the beasts hiding in your backyard that we’ve been fighting to expose:
Automated License Plate Readers
Automated License Plate Readers (ALPRs) are cameras that can either be mounted on squad cars or stationary. They read license plates and record the time, date, and location a particular car was encountered. And they’re paving the way for wholesale tracking of every driver’s movements. ALPRs can scan up to 1,800 license plates per minute, and can collect data on vast numbers of vehicles. In Los Angeles, for example, the Los Angeles Police Department and Sheriff’s Department collect data on 3 million cars per week.
Much like metadata about phone calls, the information obtained from ALPRs reveals sensitive personal information. In fact, the International Association of Chiefs of Police issued a report in 2009 recognizing that “recording driving habits” could raise First Amendment concerns, because cameras could record “vehicles parked at addiction-counseling meetings, doctors' offices, health clinics, or even staging areas for political protests.”
Because of this potential for serious invasions of privacy, EFF and ACLU teamed up to ask the city and county of Los Angeles for a week’s worth of ALPR data. The lower court sided with the government after it denied our request, but we’re appealing the ruling.
Fusion centers are information clearinghouses that enable unprecedented levels of bi-directional information sharing between state, local, tribal, and territorial law enforcement agencies and federal agencies like the FBI and Department of Homeland Security. Bi-directional means that local law enforcement can share information with these agencies while also accessing federal information, through portals like the FBI’s eGuardian database.
Fusion centers are a serious threat to privacy. They magnify the impact of excessive spying by making sure that it gets shared through a vast network of agencies, with almost no oversight.
And oversight is clearly needed. Fusion centers coordinate the National Suspicious Activity Reporting Initiative (NSI), an effort to implement suspicious activity reporting (SAR) nationwide. SAR are intelligence reports that, according to the government, document “behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity.” And while they do lead to law enforcement contact with innocent people, they do not meet legally cognizable standards for search or seizure under the Fourth amendment. Instead, they lead to racial and religious profiling and political repression. Public records act requests have shown that people of color often end up being the target of SARs.
And that’s not the only way fusion centers threaten privacy and civil liberties. Public records requests have also shown that fusion centers are used to record and share information about First Amendment protected activities in a way that aids repressive police activity and chills freedom of association.
That’s why when the Privacy and Civil Liberties Oversight Board (PCLOB) announced that it was considering looking at the standards for SAR we submitted a comment. We urged PCLOB to review not only SAR standards, but to conduct a thorough assessment of fusion centers in general. We believe that such a review will show what every other review by the government has shown: that fusion centers produce "predominantly useless information," "a bunch of crap," while "running afoul of departmental guidelines meant to guard against civil liberties" and are "possibly in violation of the Privacy Act."
Last but not least, we’re keeping an eye on the spreading use of Stingrays.1 These are devices that are used by law enforcement to electronically search for a particular cell phone's signal by capturing the International Mobile Subscriber Identity of potentially thousands of people in a particular area. Small enough to fit in a van, they masquerade as a cell phone tower, and trick your phone into connecting with them every 7-15 seconds. As a result, the government can surreptitiously figure out who, when and to where you are calling, the precise location of every device within the range, and with some devices, even capture the content of your conversations.
Part of what’s so concerning about Stingrays is that we know very little about how they are being used. In the first case to consider the constitutional implications of stingrays, U.S. v. Rigmaiden (in which we filed an amicus brief along with the ACLU) the court denied a motion to throw out evidence obtained using a Stingray. In our brief, we pointed out that the application for a warrant neither made it clear that law enforcement would be using a Stingray nor explained how the device worked. It’s that lack of explanation that we find so concerning.
But what we do know about Stingrays is chilling. They capture data from anybody who happens to be in an area where one is being used, regardless of whether they are suspected of a crime. And some models can even capture contents of communications.
The constitutionality of Stingrays is almost certain to be challenged again, especially after the Supreme Court’s decision requiring a warrant to search arrestee’s cellphones in Riley v. California. We’ll continue to keep an eye out for any cases addressing this technology. In the meantime, we’re doing public records act requests to police departments to learn more about who is using these devices, and how.
We think this technology is scarier than any costume you’ll see on the streets this week. But don’t worry—we’re here to turn the lights on.
- 1. Stingray is the brand name for one model of International Mobile Subscriber Identity locator.