By Dave Maass and Beryl Lipton
EFF and MuckRock have filed hundreds of public records requests with law enforcement agencies around the country to reveal how data collected from automated license plate readers (ALPR) is used to track the travel patterns of drivers. We focused exclusively on departments that contract with surveillance vendor Vigilant Solutions to share data between their ALPR systems.
We have released records obtained from 200 agencies, accounting for more than 2.5 -billion license plate scans in 2016 and 2017. This data is collected regardless of whether the vehicle or its owner or driver are suspected of being involved in a crime. In fact, the information shows that 99.5% of the license plates scanned were not under suspicion at the time the vehicles’ plates were collected.
On average, agencies are sharing data with a minimum of 160 other agencies through Vigilant Solutions’ LEARN system, though many agencies are sharing data with over 800 separate entities.
Explore EFF and MuckRock’s dataset and learn how much data these agencies are collecting and how they are sharing it.
ALPR in America
Fewer symbols in America represent a sense of freedom more than an automobile on the open roadway. But in recent years, law enforcement and private companies have developed new technologies to automatically document our comings and goings and where we go in between. Today, police can access vast databases to search our travel patterns with just a few keyboard strokes.
The reason: automated license plate readers (ALPR).
At its core, ALPR is a simple technology. These systems are a combination of high-speed cameras and optical character recognition technology that can identify license plates and turn them into machine-readable text. What makes ALPR so powerful is that drivers are required by law to install license plates on their vehicles. In essence, our license plates have become tracking beacons.
ALPR systems can be affixed to stationary locations, such as highway overpasses and street lights, to capture the license plate of every vehicle that passes. The cameras can also be mounted on police cars (or other vehicles, such as tow trucks) to passively collect license plate scans during routine patrols or to surveil specific communities by driving systematically through targeted neighborhoods.
After the plate data is collected, the ALPR systems upload the information to a central a database along with the time, date, and GPS coordinates. Cops can search these databases to see where drivers have traveled or to identify vehicles that visited certain locations. Police can also add license plates under suspicion to “hot lists,” allowing for real-time alerts when a vehicle is spotted by an ALPR network.
It is crucial to remember that ALPR is a mass surveillance technology that spies on every driver on the road, and logs their location, regardless of whether they are suspected of being involved in a crime. In fact, as the California Supreme Court noted in a 2017 opinion, “The scans are conducted with an expectation that the vast majority of the data collected will prove irrelevant for law enforcement purposes.”
It is a basic cybersecurity principle that any entity that stores information should know how much data it collects and stores. That way if the system experiences a breach, the agency knows how much data may have been compromised, who it needs to notify, and what remediation is required. Agencies should also know who has access to that data in order to prevent or investigate unauthorized access to the data or to determine where a breach may have originated.
This spring EFF and MuckRock launched a large-scale transparency campaign to gather this information from as many agencies as we know that use an ALPR system called LEARN, which is offered by the surveillance vendor Vigilant Solutions. We chose this system because it is the most prevalent brand in circulation. We also believed that since hundreds of agencies around the country all use the same software, there was an opportunity to analyze information in a uniform format.
Now, EFF and MuckRock are releasing the first dataset and records compiled from the first 200 agencies to provide responsive documents.
This project was made possible with the help of Joey Del Ponte, Carolyn Komatsoulis, Christine Lytwynec, Eesha Pendharkar, Sarika Ram, Corlyn Voorhees, Catherine Sinow, Zoe Wheatcroft, and Liam Harton.