DHS Takes Another Stab At License Plate Database, But This Time With More Privacy Protections And Transparency

from the it-can-be-taught dept

About a year ago, the DHS — seemingly completely oblivious to the fact that domestic surveillance programs were being collectively frowned upon in the wake of the Snowden leaks — began soliciting quotes on a nationwide license plate reader database. Within a week, DHS head Jeh Johnson had shut down the plan, claiming the rogue solicitation had somehow escaped into the wild without a proper official approval and had nothing to do with the backlash it had generated upon discovery.

Not that the disappearance of this solicitation changed anything. The DHS (and ICE) already have access to the many ALPR databases maintained by a variety of private companies. All this would have done was provide the DHS with estimates on subscription fees and perhaps some help on developing a DHS/ICE-specific front end for access.

Nearly a year past the mini-debacle and the DHS is back in the license plate database business. This solicitation, however, is far more specific than last year’s botched attempt. (via The Hill)

Immigration and Customs Enforcement (ICE) intends to issue a solicitation to obtain query-based access to a commercially available License Plate Reader (LPR) database.

ICE seems far more interested than usual in alleviating any concerns that this will be yet another domestic surveillance program.

ICE is neither seeking to build nor contribute to a national public or private LPR database. ICE will use LPR information obtained in response to queries of the commercial database to further its immigration enforcement missions. ICE law enforcement personnel will query the LPR database using known license plate numbers associated with the aliens who are immigration enforcement priorities, based on investigative leads, to determine where and when the vehicle has travelled within a specified period of time. The results of the queries can assist in identifying the location of aliens who are immigration enforcement priorities, to include aliens with certain criminal convictions, absconders, illegal re-entrants and those that pose a public safety or national security risk.

Rather than build new databases and grant open access to ICE agents, the agency is only looking to search known plate numbers. While this end will remain targeted, it doesn’t do anything limit the collection efforts. Vigilant — the largest ALPR provider — claims to be adding more nearly 100 million plate/location records every month. The only thing “limited” about this plan is DHS’s access. And even that may not be as limited as the previous paragraph implies.

ICE will also use LPR information obtained from the commercial database to further its criminal law enforcement mission, which includes investigations related to national security, illegal arms exports, financial crimes, commercial fraud, human trafficking, narcotics smuggling, child pornography, and immigration fraud.

So, it’s not just immigration and customs enforcement. It’s pretty much everything the ICE thinks it should have an active part in.

To its credit, it has at least compiled a Privacy Impact Assessment ahead of its ALPR database plans, rather than allow this to trail implementation by months or years. But within this assessment are hints that ICE’s access won’t be quite as limited as its earlier statement implies. For one, ICE already operates its own LPR cameras, so it won’t solely be making use of preexisting data. It also has no controls in place to limit access when working with outside law enforcement agencies and using their access to LPR databases.

There are indications that the DHS and ICE are attempting to keep this access from being exploited or abused. The assessment notes that agents will be informed (and reminded) that a license plate “hit’ cannot be the “sole basis” for law enforcement action. But the limits it’s imposing on itself are still a bit too flexible. Plate info will only be allowed to be accessed for a “limited” amount of time, but that “limited” time frame is partly tied to the statute of limitations for the underlying crime. In most cases, the assessment notes, ICE agents will be able to access five years of historical plate/location data — which it notes is approximately the average amount of time a person owns a particular vehicle.

The assessment also notes that the “Alert List” must be frequently updated to remove plates tied to closed investigations or when a person [but a license plate isn’t a person?] is no longer a suspect. While some agents will be more proactive than others, the assessment only suggests an update be performed “at least annually.”

The better news is that the DHS and ICE are making moves towards greater transparency, as well as demanding the winning vendor provide “robust audit trails” on any agency database use. Of course, a “robust audit trail” is only as good as the consequences for misuse, and the government in general has never been big on meaningful enforcement of its internal policies. Unfortunately, that’s really the only thing preventing this targeted access from becoming the “unwarranted surveillance” the agency’s Privacy Impact Assessment claims it’s trying to avoid.

That being said, getting out ahead of the program with an impact assessment is almost unheard of in the law enforcement/intelligence field, so the DHS deserves some credit for realizing its past effort in this area was badly mishandled.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DHS Takes Another Stab At License Plate Database, But This Time With More Privacy Protections And Transparency”

Subscribe: RSS Leave a comment
jimb (profile) says:

No No No No No. I’m not wearing ID on my forehead, and I don’t want the government tracking my license plate and my travels constantly either. With probable cause, with a duly authorized warrant, OK, track away, just that person. Scan and discard for everyone else. We’re going to end up all wearing masks because that’s the only way to preserve privacy in the age of face-recognition programs. I don’t feel safer knowing that the government is tracking my every move, and the travels of everyone else. No No No No No.

Trevorr says:

Re: Re:

License Plates themselves are the core problem. Abolish them!

License Plates are totally unnecessary. Their original purpose was merely to signify that the vehicle met basic safety standards, as certified by the government issued “plate”. There was absolutely no reason for license plates to contain a unique identifier (alphanumeric) prominently displayed on the vehicle exterior. A simple non-unique windshield decal or the glove-compartment registration slip would serve the same purpose.

Of course, government quickly converted simple ‘safety-certification’ plates to their now primary purpose — personal identification & tracking of all motorists everywhere.

Get rid of License Plates and the whole problem is easily fixed.

That One Guy (profile) says:

'We don't make the problem, we just encourage it to grow'

It doesn’t really matter whether they are the ones collecting the data, or if it’s a third party that does it, the end results is almost the either way. If a private company, which is already collecting license plate data, knows that a large government agency is in the market for just that sort of data, then they are going to step up their collection of it, likely on a massive scale.

Of course, no matter who is gathering the data, at this point it’s basically just a minor detail. I wouldn’t trust any government agency with the information found in a phone book at this point, so while some half-hearted lies about ‘transparency’ and ‘protecting privacy’ might be nice, ultimately I don’t think they should have the program at all, as they cannot be trusted not to abuse it.

Padpaw (profile) says:

I am going to trust an agency at their word when their head of office and many of their employees have been caught openly lying to the public, in court cases and all over the place.

Holder got away with perjury should prove they have nothing to fear from lying about what they are doing or what they say they are going to do. As who will hold them accountable for their lies?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...