MuckRock Release ALPR Dataset Covering 200 Gov't Agencies And 2.5 Billion License Plate Records
from the auto-panopticon dept
MuckRock has concluded its national automatic license plate reader survey. Or, at least, it’s as close to completed as humanly possible, what with more than a handful of agencies still refusing to turn over data. But there’s a ton of info in the dataset and more than a few concerning aspects about nationwide use of ALPRs.
Let’s go ahead and start with the biggest number — one that shows just how much tracking these devices that aren’t technically tracking devices do.
Today we are releasing records obtained from 200 agencies, accounting for more than 2.5 -billion license plate scans in 2016 and 2017. This data is collected regardless of whether the vehicle or its owner or driver are suspected of being involved in a crime. In fact, the information shows that 99.5% of the license plates scanned were not under suspicion at the time the vehicles’ plates were collected.
Billions of plate/location data points, shared by hundreds of law enforcement agencies, creating a massive database of people’s lives that agencies can dip into at will. This is already a problem, thanks to lax oversight of ALPR programs, most of which allow for extended retention of plate records. The problem becomes that much worse with sharing, because retention policies at one agency don’t apply to others accessing the same data.
[L]egal requirements on the treatment of ALPR data differ state to state, and each agency crafts its own policies for controlling and overseeing that data. It’s unclear which policies and laws govern ALPR data when it crosses state boundaries. For example, a sheriff’s office in California may require officers to attach a case number to every search of ALPR data, whereas a police department in Georgia may not have any similar requirements. Meanwhile, Georgia law requires ALPR data to be destroyed after 30 months, whereas other states may allow agencies to hold onto the data indefinitely.
Agency policies and state-level data privacy protections become background noise when billions of records pour into a central database maintained by ALPR manufacturers. On average, law enforcement agencies are sharing data with 160 agencies. But there are outliers. MuckRock has compiled a list called the “800 Club:” agencies that share their captured plate data with at least 800 other government agencies, most of which are located in California or Texas.
The dataset [available to download here] appears to be as comprehensive as anyone can make it, given the reluctance to release this information and some lack of clarity in law enforcement agency responses. The good news is most law enforcement agencies were cooperative with requesters. The bad news is pretty much everything else. Billions of plate records are collected every year and stored indefinitely by ALPR manufacturer Vigilant. But if there’s any inconsistencies or errors in the data received from the agencies polled, one entity in particular could clear up any and all misunderstandings.
To our knowledge, there is only one entity capable of disclosing a comprehensive dataset that would near perfect accuracy: Vigilant Solutions itself. We urge the company to publish this data, which would not only save our time, but also the time of every law enforcement agency staff member who must process our public records request.
Public records requests only go so far. Vigilant could clear this up, but won’t, and there’s nothing in the law that says a private company has to release this information to the public. But it should. It is definitely of public interest. And, given that its collected from citizens and handled by government agencies, it seems the public has more right to the complete dataset than a single company with a large number of law enforcement customers.
Filed Under: alpr, license plate reader, surveillance
Companies: muckrock
Comments on “MuckRock Release ALPR Dataset Covering 200 Gov't Agencies And 2.5 Billion License Plate Records”
I’ve always been curious about how easily LEAs that actually have retention policies can/do work around them. Anyone know if there’ve been any discussions of this issue (readable by a layman, vs sweeping general policy surveys and analyses)?
As an example, I read through the GA ALPR collection act (found via Muckrock from one of Tim’s links). My pessimistic, perhaps slightly paranoid side worries about passages like
All such data collected shall be destroyed no later than 30 months after such data were originally collected unless such data are the subject matter of a toll violation or for a law enforcement purpose.
Given that the retention limit can be exceeded if data is "for a law enforcement purpose", how easy would it be to use the "all data is potentially evidence" end-run around having to destroy anything at all?
Is it possible for a LEA to just keep extending the retention period by playing data custody hot-potato with a 3rd-party, tossing it back & forth every 29 months and resetting the clock, so to speak?
Re: Re:
The correct links are:
https://www.eff.org/files/2018/11/20/eff-muckrock_alpr_data_2016-2017.zip
and
https://www.eff.org/files/2018/11/20/eff-muckrock_2016-2017_alpr_data.xlsx
Re: Re:
Cool. But does that effect the digression I followed? The url I provided still applies, doesn’t it?
(Uncertainty has bound my ghost to this world until I clear up every damn little detail, to the most trivial picks of the nits. In other words, ‘Hi TD, I’m gonna be annoying you for a while again.’)
Or “we the people” could crowdsource their own records of government and Vigilant vehicle movements.
Re: Re:
If we datamine Muckrock’s for areas around government buildings we’d probably figure out who works for the government. Then see where else they go…
both links to the data show missing file errors.
It would be best to just link to https://www.eff.org/pages/download-alpr-dataset
for the datasets, as EFF updates the links when they add a fix to the data, so any file-based link may break in the future.