License Plate Reader Company Sues Another State For 'Violating' Its First Amendment Right To Build A 1.8-Billion-Image Database
from the we're-really-just-like-some-dude-with-a-point-and-shoot dept
Now, these laws aren't saying law enforcement agencies can't use these readers. They can. What they do say (or did… Utah's law was amended after a lawsuit by license plate reader company Vigilant) is that private companies, like repossession firms and tow truck services, can't use these readers. But apparently they do, and those who manufacture and support the equipment would like to continue capturing this market.
Cyrus Farivar at Ars Technica reports that Vigilant has filed another lawsuit, this time against the state of Arkansas, arguing that a state law curbing the use of LPRs by private companies tampers with its free speech rights.
In this case, the two firms in question—Digital Recognition Network (DRN) and Vigilant Systems—generate, maintain, and share access to the license plate reader database with law enforcement.There's a bit of a disconnect in Viglant's/DRN's logic, but one that's a bit troublesome for the courts to address. By portraying the capture of license plates at a rate of nearly 1,000 per hour as little more than a digital version of someone taking individual photographs of publicly-displayed plates, the companies hope to make its technology look less intrusive than it is.
The new Arkansas state law took effect in 2014, and it bans the private collection of license plate reader data while still allowing the cops to use the devices, usually mounted on patrol cars. The two companies say that their First Amendment rights are being violated, as they are allowed to photograph—even under an automated, high-speed process that is then shared with law enforcement—any and all license plates, anywhere.
The troublesome part is that courts have held that privacy violations that don't exist in the singular can't magically be summoned by en masse collections. There are definitely privacy concerns, however, especially when this information is used (and misused) by law enforcement. But the companies argue that there's nothing personally identifiable about a license plate, at least without access to other databases like those held by states' departments of motor vehicles. (Oddly, law enforcement officials have made the same argument, despite having this access.) This is true, but it's of little comfort when the privately-held database contains 1.8 billion records and is growing at the rate of 70 million per month.
Here's the crux of Vigliant's First Amendment assertions.
Plaintiffs' dissemination of license-plate information collected by ALPR systems is speech protected by the First Amendment. Similarly, the use of ALPR systems to collect and create information by taking a photograph amounts to constitutionally protected speech.This is a tough hurdle for the state to leap and is likely what prompted Utah to heavily amend its state law in exchange for Vigilant dropping the lawsuit. Unfortunately, in Utah's case, the state seems to have overcompensated. The amendment strikes any prohibition of a private entity collecting license plate data and allows these same entities to sell collected data to other third parties, something it expressly forbids government agencies from doing. It also allows for these companies to hold onto the data for as long as nine months, something that was only 30 days in the original bill.
The Act is a content-based speech restriction. The illegality of speech under the statute turns on the content of what is being photographed and transmitted through ALPR systems-license-plate information is covered, but other content is not. The Legislature has singled out the collection and dissemination of "images of license plates" and the resulting "computer-readable data." Ark. Code§ 12-12-1802(2), 12-12-1803(a); see also § 12-121082(3). Moreover, the Act's extensive exceptions further demonstrate that it discriminates based on the content of the speech and the identity of the speaker.
So, Vigilant's point remains that what it does in terms of collection is not a violation of privacy because it does not have access to DMV databases holding personally-identifiable information. It glosses over the fact that it provides access to hundreds of law enforcement agencies around the US, all of which can acquire the connecting data. But that does seem to put the onus on law enforcement agencies to provide adequate privacy protections, including timely disposal of non-hit data. So far, very few agencies have attempted to so. In Utah's case, there are nine months of historic, non-hit data at law enforcement's fingertips, all with time and location info.
In the singular (as Vigilant's argument goes), this isn't a privacy violation -- no different that someone taking a picture of a vehicle in public. But several months of time and location data creates something that can only be achieved through dedicated surveillance, something that does raise privacy questions, especially in light of the recent court decision finding that law enforcement officers need warrants to track cell phone users' locations. This is the same principle. Law enforcement agencies shouldn't be accessing months of plate location/time data unless it's part of an investigation -- and if it is, someone neutral needs to be deciding whether or not every license plate hit is relevant to the situation.