DHS Expands License Plate Dragnet, Streams Collections To US Law Enforcement Agencies
from the let-the-government-know-your-travel-plans...-as-you-travel! dept
The DHS has provided the public with a Privacy Impact Assessment (PIA) on its use of license plate readers (LPRs). What the document shows is the DHS’s hasty abandonment of plans for a national license plate database had little impact on its ability to create a replacement national license plate database. The document deals with border areas primarily, but that shouldn’t lead inland drivers to believe they won’t be swept up in the collection.
The DHS has multiple partners in its license plate gathering efforts, with the foremost beneficiary being the DEA, as Papers, Please! Reports:
The latest so-called “Privacy Impact Assessment” (PIA) made public by the US Department of Homeland Security, “CBP License Plate Reader Technology“, provides unsurprising but disturbing details about how the US government’s phobias about foreigners and drugs are driving (pun intended) the convergence of border surveillance and dragnet surveillance of the movements of private vehicles within the USA.
The CBP defines the border as anything within 100 miles of the country’s physical borders, which also include international airports. Consequently, more than 2/3rds of the nation’s population reside in the CBP’s so-called “Constitution-free zone.” The plate readers discussed in the PIA aren’t just the ones drivers and visitors might expect. While the CBP operates many of these at static locations at entry points, other LPRs are mounted on CBP vehicles or hidden in areas the CBP patrols.
The addition of the DEA adds law enforcement to the mix. This means the DHS is intermingling its collection with existing law enforcement databases, allowing it to build an ad hoc national database without having to inform the public or hire a contractor to build one from the ground up.
[T]he DEA has compiled an aggregated database of geotagged and timestamped license plate records purchased from commercial sources, including records of vehicle locations far from what even the DHS considers the “border zone”.
CBP and DEA are already able to query and retrieve data from each other’s LPR databases. A DEA agent can also set a “TECS alert” flag in the DHS database for a specific license plate number, the same way they can for a specific passport number, so that they will be notified automatically whenever that plate is spotted by a DHS camera.
Vanishing from these multiple databases is any form of targeting. The DHS plans to pipe its LPR collection to DEA and other law enforcement agencies as a live feed, allowing agencies on the receiving end to browse the collection at will and/or add it to databases they control.
“CBP intends to provide DEA access to CBP LPR information… through a real-time streaming service.” Each agency will have a complete copy of the data collected by the other, so that they can merge and mine it and use it for “pre-crime” profiling.
The Impact Assessment notes privacy will, yes, be “impacted,” but that’s the way it goes. Many, many US citizens who have never crossed the border will have their license plate/location data added to multiple law enforcement databases. But what option does the DHS have? Not policing the “border?” Not helping the DEA out with the Drug War? From the PIA [PDF]:
Privacy Risk: There is a risk to individual participation in that individuals do not have an opportunity to consent to CBP’s retention and use of their license plate data.
Mitigation: This risk is not mitigated given the purpose of the collection. Many areas of both public and private property have signage that alerts individuals that the area is under surveillance; however, this signage does not consistently include a description of how and with whom such data may be shared. Moreover, the only way to opt out of such surveillance is to avoid the impacted area, which may pose significant hardships and be generally unrealistic.
As Papers, Please! notes, this PIA is a nice addition to the DHS’s collection, but it’s supposed to be released prior to roll out and the public is supposed to be notified via the Federal Register about additional collections of personally-identifiable info by government agencies. None of this has happened in a timely manner, making these collections illegal until the assessments are in place and notices properly published. The DHS — along with its component agencies — routinely ignore statutory requirements but, to date, not a single agency official has been punished for disobeying the law.
As for US citizens, they can expect this Kudzu-like growth of surveillance to continue, especially around airports or borders, even as the country remains only minimally threatened by terrorist activity or illegal entry into the country.