Privacy

by Tim Cushing


Filed Under:
alpr, license plate reader, surveillance

Companies:
muckrock



MuckRock Release ALPR Dataset Covering 200 Gov't Agencies And 2.5 Billion License Plate Records

from the auto-panopticon dept

MuckRock has concluded its national automatic license plate reader survey. Or, at least, it's as close to completed as humanly possible, what with more than a handful of agencies still refusing to turn over data. But there's a ton of info in the dataset and more than a few concerning aspects about nationwide use of ALPRs.

Let's go ahead and start with the biggest number -- one that shows just how much tracking these devices that aren't technically tracking devices do.

Today we are releasing records obtained from 200 agencies, accounting for more than 2.5 -billion license plate scans in 2016 and 2017. This data is collected regardless of whether the vehicle or its owner or driver are suspected of being involved in a crime. In fact, the information shows that 99.5% of the license plates scanned were not under suspicion at the time the vehicles’ plates were collected.

Billions of plate/location data points, shared by hundreds of law enforcement agencies, creating a massive database of people's lives that agencies can dip into at will. This is already a problem, thanks to lax oversight of ALPR programs, most of which allow for extended retention of plate records. The problem becomes that much worse with sharing, because retention policies at one agency don't apply to others accessing the same data.

[L]egal requirements on the treatment of ALPR data differ state to state, and each agency crafts its own policies for controlling and overseeing that data. It’s unclear which policies and laws govern ALPR data when it crosses state boundaries. For example, a sheriff’s office in California may require officers to attach a case number to every search of ALPR data, whereas a police department in Georgia may not have any similar requirements. Meanwhile, Georgia law requires ALPR data to be destroyed after 30 months, whereas other states may allow agencies to hold onto the data indefinitely.

Agency policies and state-level data privacy protections become background noise when billions of records pour into a central database maintained by ALPR manufacturers. On average, law enforcement agencies are sharing data with 160 agencies. But there are outliers. MuckRock has compiled a list called the "800 Club:" agencies that share their captured plate data with at least 800 other government agencies, most of which are located in California or Texas.

The dataset [available to download here] appears to be as comprehensive as anyone can make it, given the reluctance to release this information and some lack of clarity in law enforcement agency responses. The good news is most law enforcement agencies were cooperative with requesters. The bad news is pretty much everything else. Billions of plate records are collected every year and stored indefinitely by ALPR manufacturer Vigilant. But if there's any inconsistencies or errors in the data received from the agencies polled, one entity in particular could clear up any and all misunderstandings.

To our knowledge, there is only one entity capable of disclosing a comprehensive dataset that would near perfect accuracy: Vigilant Solutions itself. We urge the company to publish this data, which would not only save our time, but also the time of every law enforcement agency staff member who must process our public records request.

Public records requests only go so far. Vigilant could clear this up, but won't, and there's nothing in the law that says a private company has to release this information to the public. But it should. It is definitely of public interest. And, given that its collected from citizens and handled by government agencies, it seems the public has more right to the complete dataset than a single company with a large number of law enforcement customers.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    stderric (profile), 21 Nov 2018 @ 12:01pm

    I've always been curious about how easily LEAs that actually have retention policies can/do work around them. Anyone know if there've been any discussions of this issue (readable by a layman, vs sweeping general policy surveys and analyses)?

    As an example, I read through the GA ALPR collection act (found via Muckrock from one of Tim's links). My pessimistic, perhaps slightly paranoid side worries about passages like

    • All such data collected shall be destroyed no later than 30 months after such data were originally collected unless such data are the subject matter of a toll violation or for a law enforcement purpose.

    • Nothing in this Code section shall be construed to preclude a law enforcement agency from contracting with a person to hold and maintain captured license plate data for such law enforcement agency; provided, however, that such person shall be subject to the policies of the law enforcement agency and paragraph (1) of this subsection.

    Given that the retention limit can be exceeded if data is "for a law enforcement purpose", how easy would it be to use the "all data is potentially evidence" end-run around having to destroy anything at all?

    Is it possible for a LEA to just keep extending the retention period by playing data custody hot-potato with a 3rd-party, tossing it back & forth every 29 months and resetting the clock, so to speak?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2018 @ 2:53pm

    Or "we the people" could crowdsource their own records of government and Vigilant vehicle movements.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Nov 2018 @ 5:47am

      Re:

      If we datamine Muckrock's for areas around government buildings we'd probably figure out who works for the government. Then see where else they go...

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Nov 2018 @ 5:27am

    both links to the data show missing file errors.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Nov 2018 @ 5:30am

    It would be best to just link to https://www.eff.org/pages/download-alpr-dataset
    for the datasets, as EFF updates the links when they add a fix to the data, so any file-based link may break in the future.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Close
Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.